Last active
December 19, 2015 18:49
-
-
Save xaitax/6001588 to your computer and use it in GitHub Desktop.
bgrab is a bash-written script to scan single hosts or network ranges for webserver banners. Those banners will be highlighted with BEL or color if matches a pregiven array of strings. It just makes use of `netcat' and includes logging functionalities. It was designed to scan for CVE-2013-2028 (nginx stack-based buffer overflow) vulnerability.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# @author: Alexander 'xaitax' Hagenah <ah@primepage.de> | |
# http://primepage.de | |
# | |
# @desc: HTTP Banner Grabber + Highlighting | |
# | |
# @created: 05/14/2013 | |
# | |
# GLOBAL VARIABLES | |
ARGV0="`basename "$0"`" | |
OPTIONS="aehl:n:pr:s:t:" | |
USAGE="\ | |
usage: $ARGV0 [$OPTIONS] | |
grab server string from http banner. | |
$ARGV0 scans single hosts or defined network ranges. | |
options: | |
-a alert (BEL) if banner matches expression | |
to add/del expressions edit script | |
-e emphasize output if banner matches expression | |
to add/del expressions edit script | |
-h print this help | |
-l filename write to file | |
-n network three octet network addr like 192.168.0 | |
-p show defined emphrasize expressions | |
-r b:e host range to scan. default $BADDR:$EADDR | |
-s host single scan | |
-t secs timeout for connects and final net reads. default $NCTIMEOUT" | |
# VARIABLES | |
BADDR=1 # host range begin default value | |
EADDR=255 # host range end default value | |
NETCAT=/bin/nc # path to netcat | |
NCTIMEOUT=2 # default timeout for connects and final net reads | |
# put expressions to emphersize or alert if banner matches here... | |
# example below was used because of CVE-2013-2028 | |
HIGHLIGHT=" | |
nginx/1.3.9 | |
nginx/1.3.10 | |
nginx/1.3.11 | |
nginx/1.3.12 | |
nginx/1.3.13 | |
nginx/1.3.14 | |
nginx/1.3.15 | |
nginx/1.4.0 | |
" | |
# FUNCTIONS | |
usage_exit() | |
# args: 'int return' | |
{ | |
echo "$USAGE" >&2 | |
exit $1 | |
} | |
cleanup() | |
{ | |
# stdout | |
echo "| " | |
echo "\`-----[ "`date "+%Y-%m-%d %H:%M:%S"`"" | |
exit $? | |
} | |
highlight() | |
# args: 'string' | |
{ | |
for EXPRESSION in $HIGHLIGHT; do | |
echo $1 | grep -i $EXPRESSION 2>&1 >/dev/null | |
if [ $? -eq 0 ]; then | |
BANNER="\e[1;31m$BANNER\e[0m" | |
fi | |
done | |
} | |
alert() | |
# args: 'string' | |
{ | |
for EXPRESSION in $HIGHLIGHT; do | |
echo $1 | grep -i $EXPRESSION 2>&1 >/dev/null | |
if [ $? -eq 0 ]; then | |
tput bel | |
fi | |
done | |
} | |
single() | |
# args: 'host' | |
{ | |
# grab | |
BANNER="`echo -e "HEAD / HTTP/1.0\r\n\r\n" | | |
$NETCAT -w $NCTIMEOUT $HOST 80 2>/dev/null | | |
awk '/Server:/ || /X-Powered-By:/' | | |
awk '{sub(/\r$/,"");print}' | | |
awk '{printf("%s", $0 " " (NR==1 ? "" : "\n"))}' | |
`" | |
if [ "$BANNER" != "" ]; then | |
# logfile | |
if [ $LOG -eq 1 ]; then | |
echo ",----[ $1">>$LOGFILE | |
echo "|">>$LOGFILE | |
echo -en "| $1: $BANNER\n">>$LOGFILE | |
echo "|">>$LOGFILE | |
echo "\`-----[ "`date "+%Y-%m-%d %H:%M:%S"`"">>$LOGFILE | |
fi | |
# emphasize | |
if [ $EMPHASIZE -eq 1 ]; then | |
highlight "$BANNER" | |
fi | |
# alert | |
if [ $ALERT -eq 1 ]; then | |
alert "$BANNER" | |
fi | |
# stdout | |
echo ",----[ $1" | |
echo "|" | |
echo -en "| $1: $BANNER\n" | |
echo "|" | |
echo "\`-----[ "`date "+%Y-%m-%d %H:%M:%S"`"" | |
fi | |
} | |
multi() | |
{ | |
if [ $RANGE != "0" ]; then | |
BADDR="`echo $RANGE | cut -d\: -f1`" | |
EADDR="`echo $RANGE | cut -d\: -f2`" | |
fi | |
EMPTY=1 | |
# logfile | |
if [ $LOG -eq 1 ]; then | |
echo ",----[ $NETWORK.$BADDR-$NETWORK.$EADDR">>$LOGFILE | |
echo "|">>$LOGFILE | |
fi | |
# stdout | |
echo ",----[ $NETWORK.$BADDR-$NETWORK.$EADDR" | |
echo "|" | |
while [ $BADDR -le $EADDR ]; do | |
HOST=$NETWORK.$BADDR | |
BANNER="`echo -e "HEAD / HTTP/1.0\r\n\r\n" | | |
$NETCAT -w $NCTIMEOUT $HOST 80 2>/dev/null | | |
awk '/Server:/ || /X-Powered-By:/' | | |
awk '{sub(/\r$/,"");print}' | | |
awk '{printf("%s", $0 " " (NR==1 ? "" : "\n"))}' | |
`" | |
if [ "$BANNER" != "" ]; then | |
EMPTY=0 | |
# logfile | |
if [ $LOG -eq 1 ]; then | |
echo -en "| $HOST: $BANNER\n">>$LOGFILE | |
fi | |
# emphasize | |
if [ $EMPHASIZE -eq 1 ]; then | |
highlight "$BANNER" | |
fi | |
# alert | |
if [ $ALERT -eq 1 ]; then | |
alert "$BANNER" | |
fi | |
# stdout | |
echo -en "| $HOST: $BANNER\n" | |
fi | |
# display actual host | |
if [ $BADDR -eq $EADDR ]; then | |
echo -en "|\r" | |
else | |
echo -en "| $HOST\r" | |
fi | |
BADDR=`expr $BADDR + 1` | |
done | |
if [ $EMPTY -eq 1 ]; then | |
echo "| received 0 banner" | |
fi | |
# logfile | |
if [ $LOG -eq 1 ]; then | |
echo "|">>$LOGFILE | |
echo "\`----[ "`date "+%Y-%m-%d %H:%M:%S"`"">>$LOGFILE | |
fi | |
# stdout | |
echo "| " | |
echo "\`----[ "`date "+%Y-%m-%d %H:%M:%S"`"" | |
} | |
# START | |
if [ $# -lt 1 ]; then | |
usage_exit 1 | |
fi | |
# SIGNAL HANDLING | |
trap "cleanup" SIGINT SIGPIPE SIGTERM | |
# DEFAULT VALUES | |
ALERT=0 | |
EMPHASIZE=0 | |
LOG=0 | |
MULTI=0 | |
RANGE=0 | |
SINGLE=0 | |
# GETOPTS | |
while getopts "$OPTIONS" OPTION; do | |
case "$OPTION" in | |
a) | |
ALERT=1 | |
;; | |
e) | |
EMPHASIZE=1 | |
;; | |
h) usage_exit 0 | |
;; | |
l) | |
LOG=1 | |
LOGFILE="$OPTARG" | |
;; | |
n) | |
MULTI=1 | |
NETWORK="$OPTARG" | |
;; | |
p) | |
for LINE in $HIGHLIGHT; do echo "$LINE"; done | |
exit $? | |
;; | |
r) | |
RANGE="$OPTARG" | |
;; | |
s) | |
SINGLE=1 | |
HOST="$OPTARG" | |
;; | |
t) | |
NCTIMEOUT=$OPTARG | |
;; | |
esac | |
done | |
# PARSE | |
if [ $SINGLE -eq 1 ]; then single $HOST; fi | |
if [ $MULTI -eq 1 ]; then multi $NETWORK; fi | |
exit $? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment