Last active
April 25, 2022 17:37
-
-
Save taco-shellcode/cc8dc4ced72ae4f2122609340d2d6f64 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#https://nmap.org/nsedoc/scripts/smb-vuln-ms17-010.html | |
https://gallery.technet.microsoft.com/scriptcenter/List-the-IP-addresses-in-a-60c5bb6b | |
function Get-IPrange { | |
<# | |
.SYNOPSIS | |
Get the IP addresses in a range | |
.EXAMPLE | |
Get-IPrange -start 192.168.8.2 -end 192.168.8.20 | |
.EXAMPLE | |
Get-IPrange -ip 192.168.8.2 -mask 255.255.255.0 | |
.EXAMPLE | |
Get-IPrange -ip 192.168.8.3 -cidr 24 | |
#> | |
param | |
( | |
[string]$start, | |
[string]$end, | |
[string]$ip, | |
[string]$mask, | |
[int]$cidr | |
) | |
function IP-toINT64 () { | |
param ($ip) | |
$octets = $ip.split(".") | |
return [int64]([int64]$octets[0]*16777216 +[int64]$octets[1]*65536 +[int64]$octets[2]*256 +[int64]$octets[3]) | |
} | |
function INT64-toIP() { | |
param ([int64]$int) | |
return (([math]::truncate($int/16777216)).tostring()+"."+([math]::truncate(($int%16777216)/65536)).tostring()+"."+([math]::truncate(($int%65536)/256)).tostring()+"."+([math]::truncate($int%256)).tostring() ) | |
} | |
if ($ip) {$ipaddr = [Net.IPAddress]::Parse($ip)} | |
if ($cidr) {$maskaddr = [Net.IPAddress]::Parse((INT64-toIP -int ([convert]::ToInt64(("1"*$cidr+"0"*(32-$cidr)),2)))) } | |
if ($mask) {$maskaddr = [Net.IPAddress]::Parse($mask)} | |
if ($ip) {$networkaddr = new-object net.ipaddress ($maskaddr.address -band $ipaddr.address)} | |
if ($ip) {$broadcastaddr = new-object net.ipaddress (([system.net.ipaddress]::parse("255.255.255.255").address -bxor $maskaddr.address -bor $networkaddr.address))} | |
if ($ip) { | |
$startaddr = IP-toINT64 -ip $networkaddr.ipaddresstostring | |
$endaddr = IP-toINT64 -ip $broadcastaddr.ipaddresstostring | |
} else { | |
$startaddr = IP-toINT64 -ip $start | |
$endaddr = IP-toINT64 -ip $end | |
} | |
for ($i = $startaddr; $i -le $endaddr; $i++) { | |
INT64-toIP -int $i | |
} | |
} | |
$scanResults = @() | |
$ipAddresses = Get-IPrange -ip 192.168.1.1 -cidr 24 | |
$outputPath = "C:\tools\scripts\nmap\192.168.1.1-24.csv" | |
Write-Host "`n`nTotal Number of IP Space is : $($ipAddresses.Length)" | |
$ipAddresses | ForEach-Object { | |
$currentScanResults = @{ | |
HostIP = $_ | |
Status = '' | |
} | |
$scanIP = $_ | |
Write-Host "`n`nScanning $scanIP" | |
$scanData = Invoke-Expression "nmap -p445 --script smb-vuln-ms17-010 $($scanIP)" | |
if ([String]::IsNullOrEmpty($scanData[10]) -eq $false) { | |
if ($scanData[10].Contains("VULNERABLE")) { | |
Write-Host "$($currentScanResults.HostIP) : VULNERABLE" | |
$currentScanResults.Status = 'VULNERABLE' | |
} else { | |
Write-Host "$($currentScanResults.HostIP) : NOT VULNERABLE" | |
$currentScanResults.Status = 'NOT VULNERABLE' | |
} | |
} elseif ($scanData[2].Contains('down')) { | |
Write-Host "$($currentScanResults.HostIP) : DOWN" | |
$currentScanResults.Status = 'DOWN' | |
} else { | |
Write-Host "$($currentScanResults.HostIP) : UNKNOWN (IPC MIGHT BE DISABLED)" | |
$currentScanResults.Status = 'UNKNOWN' | |
} | |
$scanResults += $currentScanResults | |
} | |
$formattedEvents = $scanResults | ForEach-Object { | |
$_ | ForEach-Object { | |
New-Object PSObject -Property ([ordered]@{HostIP = $_.HostIP; Status = $_.Status;}) | |
} | |
} | |
$formattedEvents | Export-Csv $outputPath -NoTypeInformation |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment