Advertisement
opexxx

lazymap.sh

May 6th, 2014
259
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 24.16 KB | None | 0 0
  1. #!/usr/bin/env bash
  2. # LazyMap
  3. # Daniel Compton
  4. # www.commonexploits.com
  5. # contact@commexploits.com
  6. # Twitter = @commonexploits
  7. # 19/12/2012
  8. # Tested on Bactrack 5 only.
  9.  
  10. # Import info - read first!
  11.  
  12. # Nmap Lazy Script - For Internal Inf Testing. tested only on BT5 gnome. Scans should launch 4x terminals at once, may only work on BT5!
  13. #
  14. # For the auto creation of a custom Nessus policy - export and place one policy file within the same directory as the script with any filename or extension - it will find it use this as a template.
  15. # For Nessus template use ensure the following options are set UDP SCAN=ON, SNMP SCAN=ON, SYN SCAN=ON,  PING HOST=OFF, TCP SCAN=OFF - the script will enable safe checks and consider unscanned ports as closed - double check before scanning.
  16.  
  17.  
  18. #####################################################################################
  19. # Released as open source by NCC Group Plc - http://www.nccgroup.com/
  20.  
  21. # Developed by Daniel Compton, daniel dot compton at nccgroup dot com
  22.  
  23. # https://github.com/nccgroup/vlan-hopping
  24.  
  25. #Released under AGPL see LICENSE for more information
  26.  
  27. ######################################################################################
  28.  
  29.  
  30.  
  31.  
  32. VERSION="1.8"
  33.  
  34. #####################################################################################################################
  35.  
  36. # User config options
  37.  
  38. # Turn on/off Nmap scan options
  39.  
  40. FULLTCP="on" # to disable/enable Full TCP Scan set to "off" / "on"
  41. SCRIPT="on" # to disable/enable safe script Scan set to "off" / "on"
  42. QUICKUDP="on" # to disable/enable quick UDP scan set to "off" / "on"
  43. COMMONTCP="on" # to disable/enabke commong TCP scan set to "off" / "on"
  44.  
  45. ######################################################################################################################
  46. # Script Starts
  47.  
  48. clear
  49. echo -e "\e[00;32m#############################################################\e[00m"
  50. echo ""
  51. echo "***   Lazymap - Internal Auto Nmap Script Version $VERSION  ***"
  52. echo ""
  53. echo -e "\e[00;32m#############################################################\e[00m"
  54. echo ""
  55. echo ""
  56. echo -e "\e[1;33mIf any of the scans are too slow, press Ctrl c to auto switch to a T5 scans\e[00m"
  57. echo ""
  58. echo -e "\e[1;33mIt can auto create you a custom Nessus policy based on only the unique open ports for faster scanning - see script header for details\e[00m"
  59. echo ""
  60. echo -e "\e[1;33mAll output including hosts up, down, unique ports and an audit of each scan start stop times can be found in the output directory.\e[00m"
  61. echo ""
  62. echo -e "\e[1;33mPress Enter to continue\e[00m"
  63. echo ""
  64. read ENTERKEY
  65. clear
  66. #Check for multiple Nessus policy files
  67. NESSUSPOLICYNO=$(grep -l --exclude=\*.sh -i "<NessusClientData_v2>" * |wc -l)
  68. if [ $NESSUSPOLICYNO -gt 1 ]
  69.     then
  70.         echo ""
  71.         echo -e "\e[1;31mI found more than 1 .nessus policy file template. Please correct this and run again!\e[00m"
  72.         echo ""
  73.         DOTNESSUS=$(grep -l --exclude=\*.sh -i "<NessusClientData_v2>" *)
  74.         echo -e "\e[00;31m$DOTNESSUS\e[00m"
  75.         echo ""
  76.         exit 1
  77.     else
  78.         echo ""
  79. fi
  80. echo -e "\e[1;33m----------------------------------------\e[00m"
  81. echo "The following Interfaces are available"
  82. echo -e "\e[1;33m----------------------------------------\e[00m"
  83.  
  84.     ifconfig | grep -o "eth.*" |cut -d " " -f1
  85. echo -e "\e[1;31m--------------------------------------------------\e[00m"
  86. echo "Enter the interface to scan from as the source"
  87. echo -e "\e[1;31m--------------------------------------------------\e[00m"
  88. read INT
  89.  
  90. ifconfig | grep -i -w $INT >/dev/null
  91.  
  92. if [ $? = 1 ]
  93.     then
  94.         echo ""
  95.         echo -e "\e[1;31mSorry the interface you entered does not exist! - check and try again.\e[00m"
  96.         echo ""
  97.         exit 1
  98. else
  99. echo ""
  100. fi
  101. LOCAL=$(ifconfig $INT |grep "inet addr:" |cut -d ":" -f 2 |awk '{ print $1 }')
  102. MASK=$(ifconfig |grep -i $LOCAL | grep -i mask: |cut -d ":" -f 4)
  103. clear
  104. echo ""
  105. echo -e "Your source IP address is set as follows \e[1;33m"$LOCAL"\e[00m with the mask of \e[1;33m"$MASK"\e[00m"
  106. echo ""
  107. ifconfig $INT |grep "inet addr:" |grep "192.168.186.*" >/dev/null 2>&1
  108. if [ $? = 0 ]
  109.     then
  110.         echo -e "\e[1;31mIt seems you are running in VMWARE with a NAT network connection.\e[00m"
  111.         echo ""
  112.         echo -e "\e[1;33mIf you intend to scan from a static IP you should set the NIC to BRIDGED mode, script will continue but CTRL C to quit and change if required.\e[00m"
  113.         echo ""
  114.         sleep 5
  115.     else
  116. echo ""
  117. fi
  118. echo -e "\e[1;31m---------------------------------------------------------------------------------------------------\e[00m"
  119. echo "Would you like to change your source IP address or gateway..? - Enter yes or no and press ENTER"
  120. echo -e "\e[1;31m---------------------------------------------------------------------------------------------------\e[00m"
  121. read IPANSWER
  122. if [ $IPANSWER = yes ]
  123.     then
  124.         echo ""
  125.         echo -e "\e[1;31m-----------------------------------------------------------------------------------------------------------\e[00m"
  126.         echo "Enter the IP address/subnet for the source interface you want to set. i.e 192.168.1.1/24 and press ENTER"
  127.         echo -e "\e[1;31m-----------------------------------------------------------------------------------------------------------\e[00m"
  128.         read SETIPINT
  129.         ifconfig $INT $SETIPINT up
  130.         SETLOCAL=`ifconfig $INT |grep "inet addr:" |cut -d ":" -f 2 |awk '{ print $1 }'`
  131.         SETMASK=`ifconfig |grep -i $SETLOCAL | grep -i mask: |cut -d ":" -f 4`
  132.         echo ""
  133.         echo -e "Your source IP address is set as follows \e[1;33m"$SETLOCAL"\e[00m with the mask of \e[1;33m"$SETMASK"\e[00m"
  134.         echo ""
  135.         echo -e "\e[1;31m----------------------------------------------------------------------------------------\e[00m"
  136.         echo "Would you like to change your default gateway..? - Enter yes or no and press ENTER"
  137.         echo -e "\e[1;31m----------------------------------------------------------------------------------------\e[00m"
  138.         read GATEWAYANSWER
  139.             if [ $GATEWAYANSWER = yes ]
  140.         then
  141.         echo ""
  142.         echo -e "\e[1;31m--------------------------------------------------------\e[00m"
  143.         echo "Enter the default gateway you want set and press ENTER"
  144.         echo -e "\e[1;31m--------------------------------------------------------\e[00m"
  145.         read SETGATEWAY
  146.         route add default gw $SETGATEWAY
  147.         echo ""
  148.         clear
  149.         echo ""
  150.         echo "The default gateway has been added below"
  151.         echo ""
  152.         ROUTEGW=`route |grep -i default`
  153.         echo -e "\e[1;33m$ROUTEGW\e[00m"
  154.         echo ""
  155.     else
  156. echo ""
  157.     fi
  158. fi
  159. echo -e "\e[1;31m--------------------------------------------------\e[00m"
  160. echo "Enter the reference or client name for the scan"
  161. echo -e "\e[1;31m--------------------------------------------------\e[00m"
  162. read REF
  163. echo ""
  164. echo -e "\e[1;31m-------------------------------------------------------------------\e[00m"
  165. echo "Enter the IP address/Range or the exact path to an input file"
  166. echo -e "\e[1;31m-------------------------------------------------------------------\e[00m"
  167. read RANGE
  168.  
  169. mkdir "$REF" >/dev/null 2>&1
  170. cd "$REF"
  171. echo "$REF" > REF
  172. echo "$INT" > INT
  173. echo ""
  174. echo -e "\e[1;31m-----------------------------------------------------------------------------------------------------------\e[00m"
  175. echo "Do you want to exclude any IPs from the scan i.e your Windows host? - Enter yes or no and press ENTER"
  176. echo -e "\e[1;31m-----------------------------------------------------------------------------------------------------------\e[00m"
  177. read EXCLUDEANS
  178.  
  179. if [ $EXCLUDEANS = yes ]
  180.         then
  181.             echo ""
  182.             echo -e "\e[1;31m------------------------------------------------------------------------------------------\e[00m"
  183.             echo "Enter the IP addresses to exclude i.e 192.168.1.1, 192.168.1.1-10 - normal nmap format"
  184.             echo -e "\e[1;31m------------------------------------------------------------------------------------------\e[00m"
  185.             read EXCLUDEDIPS
  186.             EXCLUDE="--exclude "$EXCLUDEDIPS""
  187.             echo "$EXCLUDE" > excludetmp
  188.             echo "This following IP addresses were asked to be excluded from the scan = "$EXCLUDEDIPS"" > "$REF"_nmap_hosts_excluded.txt
  189.         else
  190.             EXCLUDE=""
  191.             echo "$EXCLUDE" > excludetmp
  192.         fi
  193.  
  194.         echo $RANGE |grep "[0-9]" >/dev/null 2>&1
  195. if [ $? = 0 ]
  196.     then
  197.         echo ""
  198.         echo -e "\e[1;33mYou enterted a manual IP or range, scan will now start...\e[00m"
  199.         echo ""
  200.         echo -e "\e[1;33m$REF - Finding Live hosts via $INT, please wait...\e[00m"
  201.         nmap -e $INT -sP $EXCLUDE -PE -PM -PS21,22,23,25,26,53,80,81,110,111,113,135,139,143,179,199,443,445,465,514,548,554,587,993,995,1025,1026,1433,1720,1723,2000,2001,3306,3389,5060,5900,6001,8000,8080,8443,8888,10000,32768,49152 -PA21,80,443,13306 -vvv -oA "$REF"_nmap_PingScan $RANGE >/dev/null
  202.         cat "$REF"_nmap_PingScan.gnmap |grep "Up" |awk '{print $2}' > "$REF"_hosts_Up.txt
  203.         cat "$REF"_nmap_PingScan.gnmap | grep  "Down" |awk '{print $2}' > "$REF"_hosts_Down.txt
  204.     else
  205.         echo ""
  206.         echo -e "\e[1;33mYou entered a file as the input, I will just check I can read it ok...\e[00m"
  207.         cat $RANGE >/dev/null 2>&1
  208.             if [ $? = 1 ]
  209.             then
  210.                 echo ""
  211.                 echo -e "\e[1;31mSorry I can't read that file, check the path and try again!\e[00m"
  212.                 echo ""
  213.             exit 1
  214.         else
  215.             echo ""
  216.             echo -e "\e[1;33mI can read the input file ok, Scan will now start...\e[00m"
  217.             echo ""
  218.             echo -e "\e[1;33m$REF - Finding Live hosts via $INT, please wait...\e[00m"
  219.             nmap -e $INT -sP $EXCLUDE -PE -PM -PS21,22,23,25,26,53,80,81,110,111,113,135,139,143,179,199,443,445,465,514,548,554,587,993,995,1025,1026,1433,1720,1723,2000,2001,3306,3389,5060,5900,6001,8000,8080,8443,8888,10000,32768,49152 -PA21,80,443,13306 -vvv -oA "$REF"_nmap_PingScan -iL $RANGE >/dev/null
  220.             cat "$REF"_nmap_PingScan.gnmap |grep "Up" |awk '{print $2}' > "$REF"_hosts_Up.txt
  221.             cat "$REF"_nmap_PingScan.gnmap | grep  "Down" |awk '{print $2}' > "$REF"_hosts_Down.txt
  222.         fi
  223. fi
  224. clear
  225. HOSTSCOUNT=$(cat "$REF"_hosts_Up.txt |wc -l)
  226. HOSTSUPCHK=$(cat "$REF"_hosts_Up.txt)
  227. if [ -z "$HOSTSUPCHK" ]
  228.     then
  229.         echo ""
  230.         echo -e "\e[1;33mIt seems there are no live hosts present in the range specified..I will run a Arp-scan to double check...\e[00m"
  231.         echo ""
  232.         sleep 4
  233.         arp-scan --interface $INT --file "$REF"_hosts_Down.txt > "$REF"_arp_scan.txt 2>&1
  234.         arp-scan --interface $INT --file "$REF"_hosts_Down.txt |grep -i "0 responded" >/dev/null 2>&1
  235.             if [ $? = 0 ]
  236.                 then
  237.                     echo -e "\e[1;31mNo live hosts were found using arp-scan - check IP range/source address and try again. It may be there are no live hosts.\e[00m"
  238.                     echo ""
  239.                     rm "INT" 2>&1 >/dev/null
  240.                     rm "REF" 2>&1 >/dev/null
  241.                     rm "excludetmp" 2>&1 >/dev/null
  242.                     touch "$REF"_no_live_hosts.txt
  243.                     exit 1
  244.             else
  245.                     arp-scan --interface $INT --file "$REF"_hosts_Down.txt > "$REF"_arp_scan.txt 2>&1
  246.                     ARPUP=$(cat "$REF"_arp_scan.txt)
  247.                     echo ""
  248.                     echo -e "\e[1;33mNmap didn't find any live hosts, but apr-scan found the following hosts within the range...script will exit. Try adding these to the host list to scan.\e[00m"
  249.                     echo ""
  250.                     rm "INT" 2>&1 >/dev/null
  251.                     rm "REF" 2>&1 >/dev/null
  252.                     rm "excludetmp" 2>&1 >/dev/null
  253.                     echo -e "\e[00;32m$ARPUP\e[00m"
  254.                     echo ""
  255.                     exit 1
  256.     fi
  257. fi
  258. echo -e "\e[1;33m-----------------------------------------------------------------\e[00m"
  259. echo "The following $HOSTSCOUNT hosts were found up for $REF"
  260. echo -e "\e[1;33m-----------------------------------------------------------------\e[00m"
  261. HOSTSUP=$(cat "$REF"_hosts_Up.txt)
  262. echo -e "\e[00;32m$HOSTSUP\e[00m"
  263. echo ""
  264. echo -e "\e[1;33mPress Enter to scan the live hosts, or CTRL C to cancel\e[00m"
  265. read ENTER
  266.  
  267. if [ $COMMONTCP = "on" ]
  268. then
  269. # Scanning Common TCP Ports - CTRL - C if slow to switch to T5 fast
  270. gnome-terminal --title="$REF - Common TCP Port Scan - $INT" -x bash -c 'REF=$(cat REF);INT=$(cat INT);EXCLUDE=$(cat excludetmp);trap control_c SIGINT; control_c() { clear ; echo "" ; echo "" ; echo -e "\e[1;33mYou interupted the Common TCP Scan for "$REF" - it was probably too slow..? I will run it again with T5..please wait..\e[00m" ; echo "" ; sleep 3 ; echo -e "\e[1;33mCleaning up T4 Common TCP scan files..\e[00m" ; sleep 3 ; rm "$REF"_nmap_CommonPorts* >/dev/null ; clear ; echo "" ; echo -e "\e[1;33mNow Starting Common TCP scan with T5 option..."$REF"\e[00m" ; echo "" ; nmap -e $INT -sS $EXCLUDE -PN -T5 -sV --version-intensity 1 -vvv -oA "$REF"_nmap_CommonPorts -iL "$REF"_hosts_Up.txt -n ; echo "" ; echo -e "\e[00;32m$REF - Common TCP Port Scan Complete, Press ENTER to Exit" ; echo "" ; read ENTERKEY ; exit $? ; } ; echo "" ; echo -e "\e[1;33mStarting Common TCP scan for $REF\e[00m"; echo "" ;  echo -e "\e[1;33mIf the scan runs too slow, just press CTRL C to switch to a T5 speed scan\e[00m" ; echo "" ; sleep 3 ; nmap -e $INT -sS $EXCLUDE -PN -T4 -sV --version-intensity 1 -vvv -oA "$REF"_nmap_CommonPorts -iL "$REF"_hosts_Up.txt -n ; echo "" ; echo -e "\e[00;32m$REF - Common TCP Port Scan Complete, Press ENTER to Exit" ; echo "" ; read ENTERKEY ;'
  271. else
  272. echo "Skipping Common TCP scan as turned off in options"
  273. fi
  274.  
  275. if [ $SCRIPT = "on" ]
  276. then
  277. #Script Scan (not CTRL C option)
  278. gnome-terminal --title="$REF - Script Scan - $INT" -x bash -c 'REF=$(cat REF);INT=$(cat INT);EXCLUDE=$(cat excludetmp);nmap -e $INT -PN $EXCLUDE -A -vvv -oA "$REF"_nmap_ScriptScan -iL "$REF"_hosts_Up.txt -n; echo ""; echo -e "\e[00;32m$REF - Script Scan Complete, Press ENTER to Exit";echo "";read ENTERKEY;'
  279. else
  280. echo "Skipping Script Scan as turned off in options"
  281. fi
  282.  
  283. if [ $QUICKUDP = "on" ]
  284. then
  285. #Scanning Quick UDP (1,000) Ports - CTRL - C if slow to switch to T5 fast
  286. gnome-terminal --title="$REF - Quick UDP Port Scan - $INT" -x bash -c 'REF=$(cat REF);INT=$(cat INT);EXCLUDE=$(cat excludetmp);trap control_c SIGINT; control_c() { clear ; echo "" ; echo "" ; echo -e "\e[1;33mYou interupted the Quick UDP Scan for "$REF" - it was probably too slow..? I will run it again with T5..please wait..\e[00m" ; echo "" ; sleep 3 ; echo -e "\e[1;33mCleaning up T4 Quick UDP scan files..\e[00m" ; sleep 3 ; rm "$REF"_nmap_QuickUDP* >/dev/null ; clear ; echo "" ; echo -e "\e[1;33mNow Starting Quick UDP scan with T5 option..."$REF"\e[00m" ; echo "" ; nmap -e $INT -sU $EXCLUDE -Pn -T5 -vvv -oA "$REF"_nmap_QuickUDP -iL "$REF"_hosts_Up.txt -n ; echo "" ; echo -e "\e[00;32m$REF - Quick UDP Scan Complete, Press ENTER to Exit" ; echo "" ; read ENTERKEY ; exit $? ; } ; echo "" ; echo -e "\e[1;33mStarting Quick UDP scan for $REF\e[00m"; echo "" ;  echo -e "\e[1;33mIf the scan runs too slow, just press CTRL C to switch to a T5 speed scan\e[00m" ; echo "" ; sleep 3 ; nmap -e $INT -sU $EXCLUDE -Pn -T4 -vvv -oA "$REF"_nmap_QuickUDP -iL "$REF"_hosts_Up.txt -n ; echo "" ; echo -e "\e[00;32m$REF - Quick UDP Port Scan Complete, Press ENTER to Exit" ; echo "" ; read ENTERKEY ;'
  287. else
  288. echo "Skipping Quick UDP Scan as turned off in options"
  289. fi
  290.  
  291. if [ $FULLTCP = "on" ]
  292. then
  293. # Scanning Full TCP Ports - CTRL - C if slow to switch to T5 fast
  294. gnome-terminal --title="$REF - Full TCP Port Scan - $INT" -x bash -c 'REF=$(cat REF);INT=$(cat INT);EXCLUDE=$(cat excludetmp);trap control_c SIGINT; control_c() { clear ; echo "" ; echo "" ; echo -e "\e[1;33mYou interupted the Full TCP Scan for "$REF" - it was probably too slow..? I will run it again with T5..please wait..\e[00m" ; echo "" ; sleep 3 ; echo -e "\e[1;33mCleaning up T4 Full TCP scan files..\e[00m" ; sleep 3 ; rm "$REF"_nmap_FullPorts* >/dev/null ; clear ; echo "" ; echo -e "\e[1;33mNow Starting Full TCP scan with T5 option..."$REF"\e[00m" ; echo "" ; nmap -e $INT -sS $EXCLUDE -PN -T5 -p- -sV --version-intensity 1 -vvv -oA "$REF"_nmap_FullPorts -iL "$REF"_hosts_Up.txt -n ; echo "" ; echo -e "\e[00;32m$REF - Full TCP Port Scan Complete, Press ENTER to Exit" ; echo "" ; read ENTERKEY ; exit $? ; } ; echo "" ; echo -e "\e[1;33mStarting Full TCP scan for $REF\e[00m"; echo "" ;  echo -e "\e[1;33mIf the scan runs too slow, just press CTRL C to switch to a T5 speed scan\e[00m" ; echo "" ; sleep 3 ; nmap -e $INT -sS $EXCLUDE -PN -T4 -p- -sV --version-intensity 1 -vvv -oA "$REF"_nmap_FullPorts -iL "$REF"_hosts_Up.txt -n ; echo "" ; echo -e "\e[00;32m$REF - Full TCP Port Scan Complete, Press ENTER to Exit" ; echo "" ; read ENTERKEY ;'
  295. else
  296. echo "Skipping Full TCP as turned off in options"
  297. fi
  298.  
  299. #clear temp files
  300. sleep 5
  301. rm "INT" 2>&1 >/dev/null
  302. rm "REF" 2>&1 >/dev/null
  303. rm "excludetmp" 2>&1 >/dev/null
  304.  
  305. clear
  306. echo ""
  307. echo -e "\e[1;33mOnce all scans are complete, press ENTER to list all unique ports found - $REF\e[00m"
  308. read ENTERKEY
  309. clear
  310. echo ""
  311. echo -e "\e[1;33m----------------------------------------------------------------------------------\e[00m"
  312. echo "The following scan start/finish times were recorded for $REF"
  313. echo -e "\e[1;33m----------------------------------------------------------------------------------\e[00m"
  314. echo ""
  315. PINGTIMESTART=`cat "$REF"_nmap_PingScan.nmap |grep -i "scan initiated" | awk '{ print $6 ,$7 ,$8, $9, $10}'`
  316. PINGTIMESTOP=`cat "$REF"_nmap_PingScan.nmap |grep -i "nmap done" | awk '{ print $5, $6 ,$7 , $8, $9}'`
  317. COMMONTCPTIMESTART=`cat "$REF"_nmap_CommonPorts.nmap |grep -i "scan initiated" | awk '{ print $6 ,$7 ,$8, $9, $10}'`
  318. COMMONTCPTIMESTOP=`cat "$REF"_nmap_CommonPorts.nmap |grep -i "nmap done" | awk '{ print $5, $6 ,$7 , $8, $9}'`
  319. FULLTCPTIMESTART=`cat "$REF"_nmap_FullPorts.nmap |grep -i "scan initiated" | awk '{ print $6 ,$7 ,$8, $9, $10}'`
  320. FULLTCPTIMESTOP=`cat "$REF"_nmap_FullPorts.nmap |grep -i "nmap done" | awk '{ print $5, $6 ,$7 , $8, $9}'`
  321. QUICKUDPTIMESTART=`cat "$REF"_nmap_QuickUDP.nmap |grep -i "scan initiated" | awk '{ print $6 ,$7 ,$8, $9, $10}'`
  322. QUICKUDPTIMESTOP=`cat "$REF"_nmap_QuickUDP.nmap |grep -i "nmap done" | awk '{ print $5, $6 ,$7 , $8, $9}'`
  323. SCRIPTTIMESTART=`cat "$REF"_nmap_ScriptScan.nmap |grep -i "scan initiated" | awk '{ print $6 ,$7 ,$8, $9, $10}'`
  324. SCRIPTTIMESTOP=`cat "$REF"_nmap_ScriptScan.nmap |grep -i "nmap done" | awk '{ print $5, $6 ,$7 , $8, $9}'`
  325.  
  326. if [ -z "$PINGTIMESTOP" ]
  327.     then
  328.         echo ""
  329.         echo "" >> "$REF"_nmap_scan_times.txt
  330.         echo -e "\e[1;33mPing sweep started $PINGTIMESTART\e[00m - \e[1;31mscan did not complete or was interupted!\e[00m"
  331.         echo "Ping sweep started $PINGTIMESTART - scan did not complete or was interupted!" >> "$REF"_nmap_scan_times.txt
  332.     else
  333.         echo ""
  334.         echo "" >> "$REF"_nmap_scan_times.txt
  335.         echo -e "\e[1;33mPing sweep started $PINGTIMESTART\e[00m - \e[00;32mfinished successfully $PINGTIMESTOP\e[00m"
  336.         echo "Ping sweep started $PINGTIMESTART - finsihed successfully $PINGTIMESTOP" >> "$REF"_nmap_scan_times.txt
  337. fi
  338. if [ -z "$COMMONTCPTIMESTOP" ]
  339.     then
  340.         echo ""
  341.         echo "" >> "$REF"_nmap_scan_times.txt
  342.         echo -e "\e[1;33mCommon TCP scan started $COMMONTCPTIMESTART\e[00m - \e[1;31mscan did not complete or was interupted!\e[00m"
  343.         echo "Common TCP scan started $COMMONTCPTIMESTART - scan did not complete or was interupted!" >> "$REF"_nmap_scan_times.txt
  344.     else
  345.         echo ""
  346.         echo "" >> "$REF"_nmap_scan_times.txt
  347.         echo -e "\e[1;33mCommon TCP scan started $COMMONTCPTIMESTART\e[00m - \e[00;32mfinished successfully $COMMONTCPTIMESTOP\e[00m"
  348.         echo "Common TCP scan started $COMMONTCPTIMESTART - finished successfully $COMMONTCPTIMESTOP" >> "$REF"_nmap_scan_times.txt
  349. fi
  350. if [ -z "$FULLTCPTIMESTOP" ]
  351.     then
  352.         echo ""
  353.         echo "" >> "$REF"_nmap_scan_times.txt
  354.         echo -e "\e[1;33mFull TCP scan started $FULLTCPTIMESTART\e[00m - \e[1;31mscan did not complete or was interupted!\e[00m"
  355.         echo "Full TCP scan started $FULLTCPTIMESTART - scan did not complete or was interupted!" >> "$REF"_nmap_scan_times.txt
  356.     else
  357.         echo ""
  358.         echo "" >> "$REF"_nmap_scan_times.txt
  359.         echo -e "\e[1;33mFull TCP scan started $FULLTCPTIMESTART\e[00m - \e[00;32mfinished successfully $FULLTCPTIMESTOP\e[00m"
  360.         echo "Full TCP scan started $FULLTCPTIMESTART - finished successfully $FULLTCPTIMESTOP" >> "$REF"_nmap_scan_times.txt
  361. fi
  362. if [ -z "$QUICKUDPTIMESTOP" ]
  363.     then
  364.         echo ""
  365.         echo "" >> "$REF"_nmap_scan_times.txt
  366.         echo -e "\e[1;33mQuick UDP scan started $QUICKUDPTIMESTART\e[00m - \e[1;31mscan did not complete or was interupted!\e[00m"
  367.         echo "Quick UDP scan started $QUICKUDPTIMESTART - scan did not complete or was interupted!" >> "$REF"_nmap_scan_times.txt
  368.     else
  369.         echo ""
  370.         echo "" >> "$REF"_nmap_scan_times.txt
  371.         echo -e "\e[1;33mQuick UDP scan started $QUICKUDPTIMESTART\e[00m - \e[00;32mfinished successfully $QUICKUDPTIMESTOP\e[00m"
  372.         echo "Quick UDP scan started $QUICKUDPTIMESTART - finished successfully $QUICKUDPTIMESTOP" >> "$REF"_nmap_scan_times.txt
  373. fi
  374. if [ -z "$SCRIPTTIMESTOP" ]
  375.     then
  376.         echo ""
  377.         echo "" >> "$REF"_nmap_scan_times.txt
  378.         echo -e "\e[1;33mScript scan started $SCRIPTTIMESTART\e[00m - \e[1;31mscan did not complete or was interupted!\e[00m"
  379.         echo "Script scan started $SCRIPTTIMESTART - scan did not complete or was interupted!" >> "$REF"_nmap_scan_times.txt
  380.     else
  381.         echo ""
  382.         echo "" >> "$REF"_nmap_scan_times.txt
  383.         echo -e "\e[1;33mScript scan started $SCRIPTTIMESTART\e[00m - \e[00;32mfinished successfully $SCRIPTTIMESTOP\e[00m"
  384.         echo "Script scan started $SCRIPTTIMESTART - finished successfully $SCRIPTTIMESTOP" >> "$REF"_nmap_scan_times.txt
  385. fi
  386. echo ""
  387. echo -e "\e[1;33m------------------------------------------------------------------\e[00m"
  388. echo "Unique TCP and UDP Port Summary - $REF"
  389. echo -e "\e[1;33m------------------------------------------------------------------\e[00m"
  390. UNIQUE=$(cat *.xml |grep -i 'open"' |grep -i "portid=" |cut -d '"' -f 4,5,6| grep -o '[0-9]*' |sort --unique |paste -s -d,)
  391. echo $UNIQUE >"$REF"_nmap_unique_ports.txt
  392. echo -e "\e[00;32m$UNIQUE\e[00m"
  393. echo ""
  394. echo -e "\e[1;33m-----------------------------------------------------------------------\e[00m"
  395. echo "The following $HOSTSCOUNT hosts were up and scanned for $REF"
  396. echo -e "\e[1;33m-----------------------------------------------------------------------\e[00m"
  397. HOSTSUP=$(cat "$REF"_hosts_Up.txt)
  398. echo -e "\e[00;32m$HOSTSUP\e[00m"
  399. echo ""
  400. echo ""
  401. #Check for excluded IPs
  402. ls "$REF"_nmap_hosts_excluded.txt >/dev/null 2>&1
  403. if [ $? = 0 ]
  404.     then
  405.         echo -e "\e[1;33m--------------------------------------------------------------------------------\e[00m"
  406.         echo "The following hosts were requested to be excluded from scans for $REF"
  407.         echo -e "\e[1;33m---------------------------------------------------------------------------------\e[00m"
  408.         echo -e "\e[00;32m$EXCLUDEDIPS\e[00m"
  409.         echo ""
  410.     else
  411.     echo ""
  412. fi
  413. echo -e "\e[1;33mOutput files have all been saved to the\e[00m \e[00;32m"$REF"\e[00m \e[1;33mdirectory\e[00m"
  414. echo ""
  415.  
  416. # check for Nessus template
  417. POLICYNAME=$(grep -l --exclude=\*.sh -i "<NessusClientData_v2>" ../*) #default Nessus template - save just one template with any extenstion - must be within script directory
  418. ls "$POLICYNAME" >/dev/null 2>&1
  419. if [ $? = 0 ]
  420.     then
  421.     FINDPOLICY=$(cat $POLICYNAME |grep policyName) #find Nessus policy name
  422.     NEWPOLICY="<Policy><policyName>$REF</policyName>" #set Nessus policy name
  423.     NEWPORTS="<value>$UNIQUE</value>" #set Nessus policy unique tcp/udp ports
  424.     FINDCOMMENTS=$(cat $POLICYNAME |grep policyComments) #find nessus comment value
  425.     NEWCOMMENTS="<policyComments>"$REF" Custom Scan of the following unique ports "$UNIQUE"</policyComments>" #Add Nessus policy comments
  426.     ENABLESAFE="<value>yes</value>" #enable Nessus safe checks only - wont run DoS plugins
  427.     ENABLECLOSED="<value>yes</value>" #set Nessus consider unscanned ports closed - scans only unqiue ports
  428.     OFFSTOP="<value>no</value>" #set Nessus to disable stop scan on disconnect
  429.     # Create custom Nessus Policy
  430.     cat $POLICYNAME | sed "s#$FINDPOLICY#$NEWPOLICY#" |sed "s#$FINDCOMMENTS#$NEWCOMMENTS#"  >"$REF"_nessus.policy
  431.     FINDPORTS=$(cat $POLICYNAME |awk '/port_range/{getline; print NR}') #find ports
  432.     FINDSAFE=$(cat $POLICYNAME | awk '/safe_checks/{getline; print NR}') #find Nessus safe check value
  433.     FINDCLOSED=$(cat $POLICYNAME |awk '/unscanned_closed/{getline; print NR}') # find consider unclosed ports closed
  434.     FINDSTOP=$(cat $POLICYNAME |awk '/stop_scan_on_disconnect/{getline; print NR}') #find stop scan on disconnect
  435.     sed -i "$FINDPORTS"i"$NEWPORTS" "$REF"_nessus.policy
  436.     sed -i "$FINDSAFE"i"$ENABLESAFE" "$REF"_nessus.policy
  437.     sed -i "$FINDCLOSED"i"$ENABLECLOSED" "$REF"_nessus.policy
  438.     sed -i "$FINDSTOP"i"$OFFSTOP" "$REF"_nessus.policy
  439.         echo ""
  440.         echo -e "\e[00;32mI have created a custom policy Nessus policy file named ""$REF"_nessus.policy" - Import this into Nessus for a faster custom scan just on the above live hosts\e[00m"
  441.         echo ""
  442.         echo -e "\e[1;33mRemember to export and update the Nessus template file regularly after updating Nessus to ensure the latest modules are included - ensure the correct options are enabled\e[00m"
  443.         echo ""
  444.     else
  445.     echo ""
  446. fi
  447. exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement