首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>网络安全>文章内容
Auto pentesting. Nmap, SSLscans, screenshots, amap!
来源:forum.gnacktrack.co.uk 作者:phillips321 发布时间:2012-03-21  

Here’s my automated scanning script. It’s got a few dependencies but will run with a number of threads and will output to a defined folder.

#!/bin/bash

#__________________________________________________________
# Author:     phillips321 forum.gnacktrack.co.uk
# License:    CC BY-SA 3.0
# Use:        Update several applications
# Released:   www.gnacktrack.co.uk
  version=1.0
# Dependencies:
#                       nmap
#                       sslscan
#                       gnome-web-photo
#                       arp-scan
# debian users can apt-get install nmap sslscan gnome-web-photo arp-scan
#
# ToDo:
#                       Delete WeakCiphers if it doesnt contain any weak ciphers
#                       Use watch instead of looping a #process left message
#                       Use a nice output to show status of scans and what has been complete
#                       Allow changing of THREADS on fly by reading THREADS from file
#___________________________________________________________

f_uservariables(){
        CUSTOMPORTS="21,22,23,80,443,445,3389"  #seperate with a comma e.g. CUSTOMPORTS="21,22,23,80,443,445,3389"
        NMAPSTRING="nmap -sS -vv -d -A -P0 -n -r -oA"
}
f_usage(){              #outputs usage information
                echo"MESSAGE: matts-nmap.sh ${version}"
                echo"MESSAGE: Usage: `basename ${0}` [threads max = 99] [big/small/both/custom] [directory]"
                echo"MESSAGE: # `basename ${0}` 5 small VLANxyz"
                echo"MESSAGE: if scan size not given i will scan all ports"
                echo"MESSAGE: if directory is not given then I will write to ./devices/"
                echo"MESSAGE:"
}
f_yesorno(){    #returns 1 if yes is selected
        read-e CONFIRM
        case$CONFIRMin
                y|Y|YES|yes|Yes)
                        return 1 ;;
                *)
                        return 0 ;;
        esac
}
f_rootcheck(){  #checks for root and exits if not
        if[`echo-n$USER`!= "root"]
        then
                echo"MESSAGE: matts-nmap.sh ${VERSION}"
                echo"MESSAGE: ERROR: Please run as root!"
                echo"MESSAGE:"
                exit 1
        fi
}
f_threadcheck(){        #checks input for num of threads
        if[-z${1}]
        then
                f_usage
                exit 1
        fi
        THREADS="`echo "${1}" | tr -cd ‘[:digit:]‘ | cut -c 1-2`"
}
f_scansizecheck(){      #checks input for type of scan
        if[${1} = "big"  ]||[${1} = "small"]||[${1} = "both"]||[${1} = "custom"]
        then
                SIZETYPE="`echo "${1}" | tr -cd ‘[:alnum:]‘ | cut -c 1-6`"
                echo"MESSAGE: performing a ${SIZETYPE} scan"
        else
                SIZETYPE="both"
                echo"MESSAGE: no scan size given or its invalid so scan size will be both(small and big)."
        fi     
}
f_directorycheck(){     #checks input for directory name to save to
        if[-z${1}]
        then
                DIRECTORY="devices"
                echo"MESSAGE: no dir given so outputting to ${DIRECTORY}"
        else
                DIRECTORY="`echo "${1}" | tr -cd ‘[:graph:]‘`"
                echo"MESSAGE: output dir = ${DIRECTORY}"
        fi
}
f_outputtargets(){      #cats targets.txt to screen
        echo"MESSAGE: targets.txt contents:"
        cat targets.txt
        echo"MESSAGE: end of IPs/Hosts"
}
f_arpscansubnet(){      #arpscans local subnet
        arp-scan -l-g|grep . |cut-f1|grep-v packets |grep-v Interface |grep-v Ending |grep-v Starting > targets.txt
}
f_findtargetstxt(){     #checks for targets.txt and offer to create
        if[-f ./targets.txt ]
        then
                echo"MESSAGE: targets.txt file located"
                f_outputtargets
        else
                echo-n"MESSAGE: there is no targets.txt file so do you want me to create one? yes/no : "
                f_yesorno &&exit 0
                echo"MESSAGE: Now arp-scanning current subnet"
                f_arpscansubnet
                echo"MESSAGE: We found `cat targets.txt | wc -l` targets and have output them to targets.txt"
                f_outputtargets
                echo-n"MESSAGE: Do you wish to edit this list? (DELETE YOURSELF!)yes/no : "
                f_yesorno &&echo"MESSAGE: Chose not to edit…..continue with scan"||nano targets.txt ; f_outputtargets
        fi
}
f_numberoftargets(){#counts number of targets in targets.txt
        NUMBER=`wc-l targets.txt`
        COUNT=0
        echo"MESSAGE: Found ${NUMBER} targets to scan"
}
f_createdirectory(){#makes the directory
        STARTDIR=`pwd`
        mkdir"${STARTDIR}/${1}"
        cp targets.txt ${STARTDIR}/${1}/.
}
f_nmapscans(){  #performs loops of nmap scans
        echo"MESSAGE: Starting Scan with ${THREADS} threads"
        for i in`cat targets.txt`
        do
                TARGET=${i}
                LOC=${DIRECTORY}/${TARGET}
                ((COUNT++))
                echo"MESSAGE: now scanning ${TARGET}${COUNT} of ${NUMBER}"
                case${SIZETYPE}in
                        small) xterm -title"${TARGET} small TCP"-e"${NMAPSTRING}${LOC}.small.tcp ${TARGET}"&;;
                        both) xterm -title"${TARGET} small TCP"-e"${NMAPSTRING}${LOC}.small.tcp ${TARGET}"&
                                xterm -title"${TARGET} big TCP"-e"${NMAPSTRING}${LOC}.big.tcp -p1-65535 ${TARGET}"&;;
                        big) xterm -title"${TARGET} big TCP"-e"${NMAPSTRING}${LOC}.big.tcp -p1-65535 ${TARGET}"&;;
                        custom) xterm -title"${TARGET} custom TCP"-e"${NMAPSTRING}${LOC}.custom -p${CUSTOMPORTS}${TARGET}"&;;
                esac
                xterm -title"${TARGET} UDP"-e"nmap -sU -vv -d -P0 -n -r -oA ${LOC}.small.udp ${TARGET}"&
                while[`ps-Aef–cols 200 |grep${DIRECTORY}|grep xterm |wc -l`-ge${THREADS}]
                        do
                        sleep 5
                done
                sleep 5
        done
        while[`ps-Aef–cols 200 |grep${DIRECTORY}|grep xterm |wc -l`-gt 0 ]
        do
                echo MESSAGE: `ps-Aef–cols 200 |grep${DIRECTORY}|grep xterm |wc -l`nmaps still running
                sleep 10
        done
        echo"MESSAGE: NMap Scanning Complete"
}
f_amapscans(){
        cd"${STARTDIR}/${DIRECTORY}"
        for i in`ls*.gnmap |sed-e"s/.gnmap//"`
        do
                xterm -title"${i} AMAP"-e"amap -i ${i}.gnmap -o ${i}.amap | tee -a amap_full.txt"&
                echo"MESSAGE: now amaping ${i}"
                while[`ps-Aef–cols 200 |grep AMAP |grep xterm |wc -l`-ge${THREADS}]
                do
                        sleep 1
                done
                sleep 5
        done
        while[`ps-Aef–cols 200 |grep AMAP |grep xterm |wc -l`-gt 0 ]
        do
                echo MESSAGE: `ps-Aef–cols 200 |grep AMAP |grep xterm |wc -l`amaps still running
                sleep 10
        done
        cat amap_full.txt |cut-d" " -f3,4,5 |grep matches |sort-n|uniq> amap.txt
        cat amap.txt |grep http |cut-d"/"-f 1 |sort|uniq> amap.http.txt
        cat amap.txt |grep ssl |cut-d"/"-f 1 |sort|uniq> amap.ssl.txt
        cd"${STARTDIR}/.."
        echo"MESSAGE: Amaping Complete"
        sleep 5
}
f_sslscans(){
        cd"${STARTDIR}/${DIRECTORY}"
        if[-s amap.ssl.txt ]
        then
                cat amap.ssl.txt
                for i in`cat amap.ssl.txt`
                do
                        SSLOUT="`echo "${i}" | sed -e s/:/_/g`"
                        echo"MESSAGE: now sslscanning ${i} and outputting as ${SSLOUT}.sslscan.txt"
                        xterm -title"${i} SSLSCAN"-e"sslscan –no-failed ${i} | tee ${SSLOUT}.sslscan.txt ; sleep 5"&
                        while[`ps-Aef–cols 200 |grep SSLSCAN |grep xterm |wc -l`-ge${THREADS}]
                                do
                                                sleep 2
                                done
                sleep 5
                done
                while[`ps-Aef–cols 200 |grep SSLSCAN |grep xterm |wc -l`-gt 0 ]
                do
                        echo MESSAGE: `ps-Aef–cols 200 |grep SSLSCAN |grep xterm |wc -l`sslscans still running
                        sleep 10
                done
                cat*.sslscan.txt |grep"Testing\ SSL\|Accepted\|ERROR"|grep"SSLv2\|Testing\|\ 40\|\ 56"|grep-v"ERROR"> WeakCiphers.txt
                echo"MESSAGE: Auto SSLSCAN Complete"
        else
                echo"MESSAGE: sslscan will not run – no ssl ports found using amap"
        fi     
        sleep 5
        cd"${STARTDIR}/.."
       

}
f_gwp(){
        cd"${STARTDIR}/${DIRECTORY}"
        if[-s amap.ssl.txt ]
        then
                cat amap.ssl.txt
                for i in`cat amap.ssl.txt`
                do
                        HTTPOUT="`echo "${i}" | sed -e s/:/_/g`"
                        echo"MESSAGE: now taking photo of https://${i} and outputting as ${HTTPOUT}.png"
                        xterm -title"${i} GNOME-WEB-PHOTO"-e"gnome-web-photo -m photo -f –format=png https://${i}${HTTPOUT}.png"&
                        while[`ps-Aef–cols 200 |grep GNOME |grep xterm |wc -l`-ge${THREADS}]
                        do
                                sleep 5
                        done
                        sleep 5
                done
        else
                echo"MESSAGE: gnome-web-photo will not run – no https ports found using amap"
        fi
        if[-s amap.http.txt ]
        then
                cat amap.http.txt
                for i in`cat amap.http.txt`
                do
                        HTTPOUT="`echo "${i}" | sed -e s/:/_/g`"
                        echo"MESSAGE: now taking photo of http://${i} and outputting as ${HTTPOUT}.png"
                        xterm -title"${i} GNOME-WEB-PHOTO"-e"gnome-web-photo -m photo -f –format=png ${i}${HTTPOUT}.png"&
                        while[`ps-Aef–cols 200 |grep GNOME |grep xterm |wc -l`-ge${THREADS}]
                        do
                                sleep 5
                        done
                        sleep 5
                done
        else
                echo"MESSAGE: gnome-web-photo will not run – no http ports found using amap"
        fi
        while[`ps-Aef–cols 200 |grep GNOME |grep xterm |wc -l`-gt 0 ]
        do
                echo MESSAGE: `ps-Aef–cols 200 |grep GNOME |grep xterm |wc -l`screenshots still running
                sleep 10
        done
        sleep 5
        cd"${STARTDIR}/.."
}
f_cleanup(){
        cd"${STARTDIR}/${DIRECTORY}"
        for i in`ls*.png`
        do
                iSIZE=`stat-c%s ${i}`
                if[${iSIZE}-eq"469"]
                then
                        echo"MESSAGE: Deleting file: ${i} as it is ${iSIZE} bytes"
                        rm${i}
                fi
        done
}
f_displayresults(){
        cd"${STARTDIR}/${DIRECTORY}"
        cat*p.nmap |grep"scan\ report\ for\|Interesting\|open\|———————————————"|grep-v"OSScan"|grep-v"filtered"> open_ports.txt
        xterm -title"OpenPorts from ${DIRECTORY}"-e"grep -E –color=always ‘.*(ssh|rdp|ssl|http|telnet|https|sslv2|mail|smtp|snmp|oracle|sql|tnls|ftp|sftp).*|’ open_ports.txt | less -R"&
        if[-s WeakCiphers.txt ]
        then
                xterm -title"WeakCiphers from ${DIRECTORY}"-e"less -R WeakCiphers.txt"&
        else
                echo"No weak ciphers found"> WeakCiphers.txt
                echo"MESSAGE: no weak ciphers found"
        fi
        cd"${STARTDIR}/.."
}

f_uservariables
f_threadcheck ${1}
f_scansizecheck ${2}
f_directorycheck ${3}
f_findtargetstxt
f_numberoftargets
f_createdirectory ${DIRECTORY}
f_nmapscans             #comment me out to skip nmap scans
f_amapscans             #comment me out to skip amap scans
f_sslscans              #comment me out to skip ssl scans
f_gwp                   #comment me out to skip web screenshots
f_cleanup
f_displayresults
exit0


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·一句话木马
·samcrypt.lib简介
·教你轻松查看QQ空间加密后的好友
·web sniffer 在线嗅探/online ht
·Cisco PIX525 配置备忘
·用Iptables+Fedora做ADSL 路由器
·检查 Web 应用安全的几款开源免
·SPIKE与Peach Fuzzer相关知识
·Md5(base64)加密与解密实战
·asp,php,aspx一句话集合
·NT下动态切换进程分析笔记
·风险评估中的渗透测试
  相关文章
·浅谈新型的sql注入测试
·浅谈Ddos攻击攻击与防御
·常见 Webshell 的检测方法及检测
·asp,php,aspx一句话集合
·Content-Type 防范 XSS 绕过
·PHP中的密码学算法及其应用2-对
·网络游戏安全小议(端游/页游/手
·web sniffer 在线嗅探/online ht
·利用PHP编程防范XSS跨站脚本攻击
·Web开发框架安全杂谈
·记录一次网站被黑抓马记
·从真实故事说起 读黑客战术社会
  推荐广告
CopyRight © 2002-2018 VFocuS.Net All Rights Reserved