Skip to content

Instantly share code, notes, and snippets.

@xaitax xaitax/bgrab.sh
Last active Dec 19, 2015

Embed
What would you like to do?
bgrab is a bash-written script to scan single hosts or network ranges for webserver banners. Those banners will be highlighted with BEL or color if matches a pregiven array of strings. It just makes use of `netcat' and includes logging functionalities. It was designed to scan for CVE-2013-2028 (nginx stack-based buffer overflow) vulnerability.
#!/bin/bash
#
# @author: Alexander 'xaitax' Hagenah <ah@primepage.de>
# http://primepage.de
#
# @desc: HTTP Banner Grabber + Highlighting
#
# @created: 05/14/2013
#
# GLOBAL VARIABLES
ARGV0="`basename "$0"`"
OPTIONS="aehl:n:pr:s:t:"
USAGE="\
usage: $ARGV0 [$OPTIONS]
grab server string from http banner.
$ARGV0 scans single hosts or defined network ranges.
options:
-a alert (BEL) if banner matches expression
to add/del expressions edit script
-e emphasize output if banner matches expression
to add/del expressions edit script
-h print this help
-l filename write to file
-n network three octet network addr like 192.168.0
-p show defined emphrasize expressions
-r b:e host range to scan. default $BADDR:$EADDR
-s host single scan
-t secs timeout for connects and final net reads. default $NCTIMEOUT"
# VARIABLES
BADDR=1 # host range begin default value
EADDR=255 # host range end default value
NETCAT=/bin/nc # path to netcat
NCTIMEOUT=2 # default timeout for connects and final net reads
# put expressions to emphersize or alert if banner matches here...
# example below was used because of CVE-2013-2028
HIGHLIGHT="
nginx/1.3.9
nginx/1.3.10
nginx/1.3.11
nginx/1.3.12
nginx/1.3.13
nginx/1.3.14
nginx/1.3.15
nginx/1.4.0
"
# FUNCTIONS
usage_exit()
# args: 'int return'
{
echo "$USAGE" >&2
exit $1
}
cleanup()
{
# stdout
echo "| "
echo "\`-----[ "`date "+%Y-%m-%d %H:%M:%S"`""
exit $?
}
highlight()
# args: 'string'
{
for EXPRESSION in $HIGHLIGHT; do
echo $1 | grep -i $EXPRESSION 2>&1 >/dev/null
if [ $? -eq 0 ]; then
BANNER="\e[1;31m$BANNER\e[0m"
fi
done
}
alert()
# args: 'string'
{
for EXPRESSION in $HIGHLIGHT; do
echo $1 | grep -i $EXPRESSION 2>&1 >/dev/null
if [ $? -eq 0 ]; then
tput bel
fi
done
}
single()
# args: 'host'
{
# grab
BANNER="`echo -e "HEAD / HTTP/1.0\r\n\r\n" |
$NETCAT -w $NCTIMEOUT $HOST 80 2>/dev/null |
awk '/Server:/ || /X-Powered-By:/' |
awk '{sub(/\r$/,"");print}' |
awk '{printf("%s", $0 " " (NR==1 ? "" : "\n"))}'
`"
if [ "$BANNER" != "" ]; then
# logfile
if [ $LOG -eq 1 ]; then
echo ",----[ $1">>$LOGFILE
echo "|">>$LOGFILE
echo -en "| $1: $BANNER\n">>$LOGFILE
echo "|">>$LOGFILE
echo "\`-----[ "`date "+%Y-%m-%d %H:%M:%S"`"">>$LOGFILE
fi
# emphasize
if [ $EMPHASIZE -eq 1 ]; then
highlight "$BANNER"
fi
# alert
if [ $ALERT -eq 1 ]; then
alert "$BANNER"
fi
# stdout
echo ",----[ $1"
echo "|"
echo -en "| $1: $BANNER\n"
echo "|"
echo "\`-----[ "`date "+%Y-%m-%d %H:%M:%S"`""
fi
}
multi()
{
if [ $RANGE != "0" ]; then
BADDR="`echo $RANGE | cut -d\: -f1`"
EADDR="`echo $RANGE | cut -d\: -f2`"
fi
EMPTY=1
# logfile
if [ $LOG -eq 1 ]; then
echo ",----[ $NETWORK.$BADDR-$NETWORK.$EADDR">>$LOGFILE
echo "|">>$LOGFILE
fi
# stdout
echo ",----[ $NETWORK.$BADDR-$NETWORK.$EADDR"
echo "|"
while [ $BADDR -le $EADDR ]; do
HOST=$NETWORK.$BADDR
BANNER="`echo -e "HEAD / HTTP/1.0\r\n\r\n" |
$NETCAT -w $NCTIMEOUT $HOST 80 2>/dev/null |
awk '/Server:/ || /X-Powered-By:/' |
awk '{sub(/\r$/,"");print}' |
awk '{printf("%s", $0 " " (NR==1 ? "" : "\n"))}'
`"
if [ "$BANNER" != "" ]; then
EMPTY=0
# logfile
if [ $LOG -eq 1 ]; then
echo -en "| $HOST: $BANNER\n">>$LOGFILE
fi
# emphasize
if [ $EMPHASIZE -eq 1 ]; then
highlight "$BANNER"
fi
# alert
if [ $ALERT -eq 1 ]; then
alert "$BANNER"
fi
# stdout
echo -en "| $HOST: $BANNER\n"
fi
# display actual host
if [ $BADDR -eq $EADDR ]; then
echo -en "|\r"
else
echo -en "| $HOST\r"
fi
BADDR=`expr $BADDR + 1`
done
if [ $EMPTY -eq 1 ]; then
echo "| received 0 banner"
fi
# logfile
if [ $LOG -eq 1 ]; then
echo "|">>$LOGFILE
echo "\`----[ "`date "+%Y-%m-%d %H:%M:%S"`"">>$LOGFILE
fi
# stdout
echo "| "
echo "\`----[ "`date "+%Y-%m-%d %H:%M:%S"`""
}
# START
if [ $# -lt 1 ]; then
usage_exit 1
fi
# SIGNAL HANDLING
trap "cleanup" SIGINT SIGPIPE SIGTERM
# DEFAULT VALUES
ALERT=0
EMPHASIZE=0
LOG=0
MULTI=0
RANGE=0
SINGLE=0
# GETOPTS
while getopts "$OPTIONS" OPTION; do
case "$OPTION" in
a)
ALERT=1
;;
e)
EMPHASIZE=1
;;
h) usage_exit 0
;;
l)
LOG=1
LOGFILE="$OPTARG"
;;
n)
MULTI=1
NETWORK="$OPTARG"
;;
p)
for LINE in $HIGHLIGHT; do echo "$LINE"; done
exit $?
;;
r)
RANGE="$OPTARG"
;;
s)
SINGLE=1
HOST="$OPTARG"
;;
t)
NCTIMEOUT=$OPTARG
;;
esac
done
# PARSE
if [ $SINGLE -eq 1 ]; then single $HOST; fi
if [ $MULTI -eq 1 ]; then multi $NETWORK; fi
exit $?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.