API tools faq
paste
Advertisement
DarkProgrammer000

darkNmap

DarkProgrammer000
Jan 20th, 2023
1,020
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 13.40 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. #############
  4. # Controles #
  5. #############
  6.  
  7. # Controle da criacao de pastas + instalacao do programa
  8. control()
  9. {
  10.     # Estrutura de decisao: Verificacao de existencia de pastas
  11.     if [[ ! -e "Nmap_IP" && "Nmap_Rede" ]]
  12.     then
  13.         # Comando
  14.         #echo -e "\033[01;32m Diretorios existentes \033[00;00m"
  15.         clear
  16.         mkdir Nmap_IP && mkdir Nmap_Rede
  17.    
  18.     fi
  19.    
  20.     # Verificador de instalacao
  21.     dpkg -l "nmap"
  22.    
  23.     if [[ $? -ne 0 ]]
  24.     then
  25.         apt-get install -y nmap
  26.     fi
  27.    
  28.     clear
  29.  
  30. }
  31.  
  32. # Controle de relatorio
  33. relatorio()
  34. {
  35.     if [[ $? -eq 0 ]]
  36.     then
  37.         # Mensagem
  38.         echo -e "\033[01;36m\n *** Relatorio Concluido [Press Enter] *** \033[00;00m"
  39.         read
  40.     else
  41.         # Mensagem
  42.         echo -e "\033[01;31m\n *** Relatorio Nao concluido [Press Enter] *** \033[00;00m"
  43.         read
  44.     fi
  45. }
  46.  
  47. loading()
  48. {
  49.     clear
  50.     for i in 1 2 3 4 5
  51.     do
  52.         echo -e "\033[01;3"$i"m Loading .... $i\033[00;00m"
  53.         sleep 1
  54.         clear
  55.     done
  56.     echo -e "# Processing..."
  57. }
  58.  
  59. ######################
  60. # Metodos de Scanner #
  61. ######################
  62.  
  63. #--------------------------------------------------------------------#
  64. #------------------------------- HOST -------------------------------#
  65. #--------------------------------------------------------------------#
  66.  
  67. # Analise completa: Comando intenso (risco de paralisia)
  68. fullAnalysis()
  69. {
  70.     # Apresentacao
  71.     clear
  72.     echo -e "\033[01;36m ----------------------- \033[00;00m"
  73.     echo -e "\033[01;32m      Full Analysis      \033[00;00m"
  74.     echo -e "\033[01;36m ----------------------- \033[00;00m"
  75.     echo ""
  76.     echo -n -e "\033[01;35m # Host: \033[00;00m"
  77.     read IP
  78.  
  79.     # Comandos
  80.     cmd1="-f -A -O -sV -g 53 --open --privileged --randomize-hosts"
  81.     cmd2="--data-length 200 --dns-server 8.8.8.8,4.4.4.4"# --version-intensity 9
  82.     cmd3="-D $IP,8.8.8.7,8.8.8.6,8.8.8.5,6.8.8.4,8.8.8.3,8.8.8.2,8.8.8.1,177.53.142.217,200.123.45.34,182.45.23.45,192.168.0.1,172.16.0.1 $IP"
  83.  
  84.     # Concatenacao
  85.     cmd="$cmd1 $cmd2 $cmd3"
  86.  
  87.     # Scanner
  88.     loading
  89.     nmap $cmd > Nmap_IP/fullAnalysis_$IP.txt
  90.  
  91.     # Leitura de relatorio + verificacao
  92.     cat Nmap_IP/fullAnalysis_$IP.txt | less
  93.     relatorio
  94. }
  95.  
  96. # Analise: Vulnerabilidades
  97. vulnerabilities()
  98. {
  99.     clear
  100.     echo -e "\033[01;36m --------------------------- \033[00;00m"
  101.     echo -e "\033[01;36m *     Vulnerabilities     * \033[00;00m"
  102.     echo -e "\033[01;36m --------------------------- \033[00;00m"
  103.     echo ""
  104.     echo -e -n "\033[01;32m # Domain [ex: testphp.vulnweb.com || ex: 127.0.0.1]: \033[00;00m"  
  105.    
  106.     # Entrada de dados
  107.     read IP
  108.  
  109.     while [[ 1 ]]
  110.     do
  111.         clear
  112.         echo -e "\033[01;36m --------------------------- \033[00;00m"
  113.         echo -e "\033[01;36m *     Vulnerabilities     * \033[00;00m"
  114.         echo -e "\033[01;36m --------------------------- \033[00;00m"
  115.         echo ""
  116.         echo -e "\033[01;31m + Types of Vulnerabilities + \033[01;37m"
  117.         echo -e "\033[01;32m [1] Enumeration          \033[01;37m"
  118.         echo -e "\033[01;33m [2] File Upload              \033[01;37m"
  119.         echo -e "\033[01;34m [3] Front Page Login         \033[01;37m"
  120.         echo -e "\033[01;35m [4] HTTP Passwd          \033[01;37m"
  121.         echo -e "\033[01;36m [5] Directory Traversal      \033[01;37m"
  122.         echo -e "\033[01;37m [6] Sql Injection        \033[01;37m"
  123.         echo -e "\033[01;31m [7] Mysql            \033[01;37m"
  124.         echo -e "\033[01;31m [8] Denial of Service    \033[01;37m"
  125.         echo -e "\033[01;31m [9] All              \033[01;37m"
  126.         echo ""
  127.         echo -e "\033[01;31m [Enter] Back \n\033[00;00m"
  128.         echo -e -n "\033[01;37m # Opc: \033[00;00m"
  129.         read esc
  130.  
  131.         # Estrutura de decisao: Protecao -> 1 <= esc <= 9 para execucao da funcao 'loading'
  132.         if [[ $esc -ge 1 && $esc -le 9 ]]
  133.         then
  134.             loading
  135.         fi
  136.  
  137.         # Comandos
  138.         cmd1="-g53 -O -sS -sV"
  139.         cmd2="-D $IP,8.8.8.7,8.8.8.6,8.8.8.5,6.8.8.4,8.8.8.3,8.8.8.2,8.8.8.1,177.53.142.217,200.123.45.34,182.45.23.45,192.168.0.1,172.16.0.1 $IP"
  140.         cmd="$cmd1 $cmd2"
  141.        
  142.         # Estrutura em escolha
  143.         case $esc in
  144.  
  145.         1) nmap --script="http-enum" $cmd > Nmap_IP/enumeration_$IP.txt && cat Nmap_IP/enumeration_$IP.txt | less;;
  146.         2) nmap --script="http-fileupload-exploiter.nse" $cmd > Nmap_IP/fileUpload_$IP.txt && cat Nmap_IP/fileUpload_$IP.txt | less;;
  147.         3) nmap --script="http-frontpage-login" $cmd > Nmap_IP/frontPage_$IP.txt && cat Nmap_IP/frontPage_$IP.txt | less;;
  148.         4) nmap --script="http-passwd" $cmd > Nmap_IP/httpPasswd_$IP.txt && cat Nmap_IP/httpPasswd_$IP.txt | less;;
  149.         5) nmap --script="http-phpmyadmin-dir-traversal" $cmd > Nmap_IP/directoryTraversal_$IP.txt && cat Nmap_IP/directoryTraversal_$IP.txt | less;;
  150.         6) nmap --script="http-sql-injection" $cmd > Nmap_IP/sqlInjection_$IP.txt && cat Nmap_IP/sqlInjection_$IP.txt | less;;
  151.         7) nmap --script="mysql-brute" $cmd > Nmap_IP/mysqlBrute_$IP.txt && cat Nmap_IP/mysqlBrute_$IP.txt | less;;
  152.         8) nmap --script="ntp-monlist,dns-recursion,snmp-sysdescr" $cmd > Nmap_IP/dos_$IP.txt && cat Nmap_IP/dos_$IP.txt | less;;
  153.         9) nmap --script="vuln" $cmd > Nmap_IP/AllVulns_$IP.txt && cat Nmap_IP/AllVulns_$IP.txt | less;;
  154.         *) break;;
  155.  
  156.         esac
  157.     done
  158. }
  159.  
  160. # Analise: Sistema Operacional
  161. operationalSystem()
  162. {
  163.     # Apresentacao
  164.     clear
  165.     echo -e "\033[01;36m ------------------------------ \033[00;00m"
  166.     echo -e "\033[01;32m *     Operational System     * \033[00;00m"
  167.     echo -e "\033[01;36m ------------------------------ \033[00;00m"
  168.     echo ""
  169.     echo -e -n "\033[01;35m # Host: \033[01;37m"
  170.     read IP
  171.  
  172.     # Comandos
  173.     cmd1="-O -sS -sV --data-length 200 -g 53"
  174.     cmd2="-D $IP,8.8.8.7,8.8.8.6,8.8.8.5,6.8.8.4,8.8.8.3,8.8.8.2,8.8.8.1,177.53.142.217,200.123.45.34,182.45.23.45,192.168.0.1,172.16.0.1 $IP"
  175.  
  176.     # Concatenacao
  177.     cmd="$cmd1 $cmd2"
  178.  
  179.     # Scanner
  180.     loading
  181.     nmap $cmd > Nmap_IP/operationalSystem_$IP.txt
  182.  
  183.     # Relatorio
  184.     cat Nmap_IP/operationalSystem_$IP.txt | less
  185.     relatorio
  186. }
  187.  
  188. #--------------------------------------------------------------------#
  189. #------------------------------- REDE -------------------------------#
  190. #--------------------------------------------------------------------#
  191.  
  192. # Pesquisando: Sistema operacionais dentro da rede
  193. searchOperationalSystem()
  194. {
  195.     # Apresentacao
  196.     clear
  197.     echo -e "\033[01;36m ------------------------------------- \033[00;00m"
  198.     echo -e "\033[01;32m *     Search Operational System     * \033[00;00m"
  199.     echo -e "\033[01;36m ------------------------------------- \033[00;00m"
  200.     echo ""
  201.     echo -e -n "\033[01;35m # Host [ex: 192.168.0.1]: \033[01;37m"
  202.     read IP
  203.  
  204.     # Comandos
  205.     cmd="-f -sV -O -D $IP,8.8.8.7,8.8.8.6,8.8.8.5,6.8.8.4,8.8.8.3,8.8.8.2,8.8.8.1,177.53.142.217,200.123.45.34,182.45.23.45,192.168.0.1,172.16.0.1 $IP/24"
  206.    
  207.     # Comando
  208.     loading
  209.     nmap $cmd > Nmap_Rede/searchOperationalSystem_$IP.txt
  210.  
  211.     # Descricoes
  212.     clear
  213.     cat Nmap_Rede/searchOperationalSystem_$IP.txt | grep -i "Nmap scan report for" | cut -d " " -f 5
  214.     hosts=$(cat Nmap_Rede/searchOperationalSystem_$IP.txt | grep -i "Nmap scan report for" | cut -d " " -f 5 | wc -l)
  215.     echo -e "\033[01;36m# Hosts: $hosts \033[00;00m"
  216.  
  217.     echo -e "\n------------------------------------------------------------------------------------"
  218.     cat Nmap_Rede/searchOperationalSystem_$IP.txt
  219.     #cat Nmap_Rede/searchOperationalSystem_$IP.txt | grep -i -E "Nmap scan report for|Os details:"
  220.    
  221.     # Relatorio
  222.     echo -e "------------------------------------------------------------------------------------"
  223.     relatorio
  224.  
  225.     # Deteccao de sistemas operacionais Windows
  226.     #windows=$(cat Nmap_Rede/searchOperationalSystem_$IP.txt | grep -i "OS: Windows* | wc -l")
  227.     #echo -e "\n ----- Operational System Microsoft -----"
  228.     #echo -e "* Windows: $windows"
  229.  
  230.     # Deteccao de sistemas operacionais Linux
  231.     #linux=$(cat Nmap_Rede/searchOperationalSystem_$IP.txt | grep -i "Running: Linux* | wc -l")
  232.     #echo -e "\n ----- Operational System Microsoft -----"
  233.     #echo -e "* Linux: $linux"
  234. }
  235.  
  236. # Pesquisando: Sistema operacional dentro da rede e suas respectivas portas selecionadas
  237. searchOperationalSystemPorts()
  238. {
  239.     # Apresentacao
  240.     clear
  241.     echo -e "\033[01;36m ------------------------------------------ \033[00;00m"
  242.     echo -e "\033[01;32m *     Search Operational System Ports    * \033[00;00m"
  243.     echo -e "\033[01;36m ------------------------------------------ \033[00;00m"
  244.     echo ""
  245.     echo -e -n "\033[01;35m # Host [ex: 192.168.0.1]: \033[01;37m"
  246.     read IP
  247.     echo ""
  248.     echo -e -n "\033[01;34m # Ports [ex: 21,22,23,80,135,445,3306,1234,666,443,53]: "
  249.     read ports
  250.  
  251.     # Comandos
  252.     cmd1="-p $ports"
  253.     cmd2="-f -sV -O -D $IP,8.8.8.7,8.8.8.6,8.8.8.5,6.8.8.4,8.8.8.3,8.8.8.2,8.8.8.1,177.53.142.217,200.123.45.34,182.45.23.45,192.168.0.1,172.16.0.1 $IP/24"
  254.     cmd="$cmd1 $cmd2"
  255.  
  256.     # Comando
  257.     loading
  258.     nmap $cmd > Nmap_Rede/searchOperationalSystemPorts_$IP.txt
  259.  
  260.     # Descricoes
  261.     clear
  262.     cat Nmap_Rede/searchOperationalSystemPorts_$IP.txt | grep -i "Nmap scan report for" | cut -d " " -f 5
  263.     hosts=$(cat Nmap_Rede/searchOperationalSystemPorts_$IP.txt | grep -i "Nmap scan report for" | cut -d " " -f 5 | wc -l)
  264.     echo -e "\033[01;36m# Hosts: $hosts \033[00;00m"
  265.  
  266.     echo -e "\n------------------------------------------------------------------------------------"
  267.     cat Nmap_Rede/searchOperationalSystemPorts_$IP.txt
  268.     #cat Nmap_Rede/searchOperationalSystemPorts_$IP.txt | grep -i -E "Nmap scan report for|Os details:"
  269.    
  270.     # Relatorio
  271.     echo -e "------------------------------------------------------------------------------------"
  272.     relatorio
  273.  
  274.     # Deteccao de sistemas operacionais Windows
  275.     #windows=$(cat Nmap_Rede/searchOperationalSystemPorts_$IP.txt | grep -i "OS: Windows* | wc -l")
  276.     #echo -e "\n ----- Operational System Microsoft -----"
  277.     #echo -e "* Windows: $windows"
  278.  
  279.     # Deteccao de sistemas operacionais Linux
  280.     #linux=$(cat Nmap_Rede/searchOperationalSystemPorts_$IP.txt | grep -i "Running: Linux* | wc -l")
  281.     #echo -e "\n ----- Operational System Microsoft -----"
  282.     #echo -e "* Linux: $linux"
  283. }
  284.  
  285. # Pesquisando: Analise Avancada
  286. advancedAnalytics()
  287. {
  288.     # Apresentacao
  289.     clear
  290.     echo -e "\033[01;36m ------------------------------ \033[00;00m"
  291.     echo -e "\033[01;32m *     Advanced Analytivs     * \033[00;00m"
  292.     echo -e "\033[01;36m ------------------------------ \033[00;00m"
  293.     echo ""
  294.     echo -e -n "\033[01;35m # Host [ex: 192.168.0.1]: \033[01;37m"
  295.     read IP
  296.  
  297.     # Comandos
  298.     cmd1="-f -sV -O -A"
  299.     cmd2="-D $IP,8.8.8.7,8.8.8.6,8.8.8.5,6.8.8.4,8.8.8.3,8.8.8.2,8.8.8.1,177.53.142.217,200.123.45.34,182.45.23.45,192.168.0.1,172.16.0.1 $IP/24"
  300.         cmd="$cmd1 $cmd2"
  301.  
  302.     # Comando
  303.     loading
  304.     nmap $cmd > Nmap_Rede/advancedAnalytics_$IP.txt
  305.  
  306.     # Descricoes
  307.     clear
  308.     cat Nmap_Rede/advancedAnalytics_$IP.txt | grep -i "Nmap scan report for" | cut -d " " -f 5
  309.     hosts=$(cat Nmap_Rede/advancedAnalytics_$IP.txt | grep -i "Nmap scan report for" | cut -d " " -f 5 | wc -l)
  310.     echo -e "\033[01;36m# Hosts: $hosts \033[00;00m"
  311.  
  312.     echo -e "\n------------------------------------------------------------------------------------"
  313.     cat Nmap_Rede/advancedAnalytics_$IP.txt
  314.     #cat Nmap_Rede/advancedAnalytics_$IP.txt | grep -i -E "Nmap scan report for|Os details:"
  315.  
  316.     # Relatorio
  317.     echo -e "------------------------------------------------------------------------------------"
  318.     relatorio
  319.  
  320.     # Deteccao de sistemas operacionais Windows
  321.     #windows=$(cat Nmap_Rede/advancedAnalytics_$IP.txt | grep -i "OS: Windows* | wc -l")
  322.     #echo -e "\n ----- Operational System Microsoft -----"
  323.     #echo -e "* Windows: $windows"
  324.  
  325.     # Deteccao de sistemas operacionais Linux
  326.     #linux=$(cat NNmap_Rede/advancedAnalytics_$IP.tx | grep -i "Running: Linux* | wc -l")
  327.     #echo -e "\n ----- Operational System Microsoft -----"
  328.     #echo -e "* Linux: $linux"
  329. }
  330.  
  331. #--------------------------------------#
  332. #          Estrutura de MENU           #
  333. #--------------------------------------#
  334.  
  335. # Sub Menu: Host
  336. hostMenu()
  337. {
  338.     clear
  339.     echo -e "\033[01;31m ---------------- \033[00;00m"
  340.     echo -e "\033[01;32m +     HOST     + \033[00;00m"
  341.     echo -e "\033[01;31m ---------------- \033[00;00m "
  342.     echo ""
  343.     echo -e "\033[01;33m [1] Full Analysis      \033[00;00m"
  344.     echo -e "\033[01;34m [2] Vulnerabilites     \033[00;00m"
  345.     echo -e "\033[01;35m [3] Operational System \033[00;00m"
  346.     echo -e "\033[01;36m\n [enter] Back         \033[00;00m"
  347.     echo ""
  348.     echo -e -n "\033[01;37m # Opc: \033[00;00m"
  349.     read resp
  350.    
  351.     # Estrutura de escolha
  352.     case $resp in
  353.  
  354.     1)  fullAnalysis;;
  355.     2)  vulnerabilities;;
  356.     3)  operationalSystem;;
  357.     0)  ;;
  358.  
  359.     esac
  360. }
  361.  
  362. # Sub Menu: Rede
  363. netMenu()
  364. {
  365.     clear
  366.     echo -e "\033[01;31m ---------------- \033[00;00m"
  367.     echo -e "\033[01;32m +     REDE     + \033[00;00m"
  368.     echo -e "\033[01;31m ---------------- \033[00;00m "
  369.     echo ""
  370.     echo -e "\033[01;33m [1] Search Operational System   \033[00;00m"
  371.     echo -e "\033[01;34m [2] Search Operational System Ports \033[00;00m"
  372.     echo -e "\033[01;35m [3] Advanced Analytics      \033[00;00m"
  373.     echo -e "\033[01;36m\n [enter] Back          \033[00;00m"
  374.     echo ""
  375.     echo -e -n "\033[01;37m # Opc: \033[00;00m"
  376.     read resp
  377.    
  378.     # Estrutura de escolha
  379.     case $resp in
  380.  
  381.     1)  searchOperationalSystem;;
  382.     2)  searchOperationalSystemPorts;;
  383.     3)  advancedAnalytics;;
  384.     0)  ;;
  385.  
  386.     esac
  387. }
  388.  
  389. # Menu: Principal
  390. mainMenu()
  391. {
  392.     # Chamada de metodo
  393.     control
  394.    
  395.     # Estrutura em loop
  396.     while [[ 1 ]]
  397.     do
  398.         clear
  399.         echo -e "\033[01;31m ======================== \033[00;00m"
  400.         echo -e "\033[01;32m +         NMAP         + \033[00;00m"
  401.         echo -e "\033[01;31m ======================== \033[00;00m"
  402.         echo ""
  403.         echo -e "\033[01;33m [1] HOST \033[00;00m"
  404.         echo -e "\033[01;34m [2] REDE \033[00;00m"
  405.         echo -e "\033[01;35m [0] Exit \033[00;00m"
  406.         echo ""
  407.         echo -e -n "\033[01;36m # Opc: \033[00;00m"
  408.         read esc
  409.  
  410.         # Estrutura em loop
  411.         case $esc in
  412.  
  413.         1)  hostMenu;;
  414.         2)  netMenu;;
  415.         0)  exit 1;;
  416.         *)  ;;
  417.    
  418.         esac
  419.     done
  420. }
  421.  
  422. ################################
  423. #     Execucao do programa     #
  424. ################################
  425. mainMenu
  426.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!