Masscan & Nmap script - linux

I'm currently studying pen-testing and in the exercise book "Mastering kali linux for advanced penetration testing-second edition" and the script they give for Masscan & Nmap(combined) is this:
#!/bin/bash
function helptext {
echo "enter the massnmap with the file input with list of IP address ranges"
}
if [ "$#" -ne 1 ]; then
echo "Sorry cannot understand the command"
helptext>&2
exit 1
elif [ ! -s $1 ]; then
echo "ooops it is empty"
helptext>&2
exit 1
fi
if [ "$(id -u)" != "0" ]; then
echo "I assunme you are running as root"
helptext>&2
exit 1
fi
for range in $(cat $1); do
store=$(echo $range | sed -e 's/\//_g')
echo "I am trying to create a store to dump now hangon"
mkdir -p pwd/$store;
iptables -A INPUT -p tcp --dport 60000 -j DROP;
echo -e "\n alright lets fire masscan ****"
masscan --open --banners --source-port 60000 -p0-65535 --max-rate 15000 -oBpwd/$store/masscan.bin $range; masscan --read$
if [ ! -s ./results/$store/masscan-output.txt ]; then
echo "Thanks for wasting time"
else
awk'/open/ {print $4, $3, $2, $1}' ./results/$store/masscan-output.txt | awk'
/.+/{
if (! ($1 in Val)) { Key[++i] = $1; }
Val[$1] = Val[$1] $2 ",";
END{
for (j = 1; j <= i; j++) { printf("%s:%s\n%s", Key[j], Val[Key[j]], (j == i) ? "" : "\n"); }
}'>}./results/$store/hostsalive.csv
for ips found in $(cat ./results/$store/hostsalive.csv); do
IP=$(echo $TARGET | awk -F: '{print $1}');
PORT=$(echo $TARGET | awk -F: '{print$2}' | sed's/,$//');
FILENAME=$(echo $IP | awk'{print "nmap_"$1}');
nmap -vv -sV --version-intensity 5 -sT -O --max-rate 5000 -Pn -T3 -p $PORT -oA ./results/$store/$FILENAME $IP;
done
fi
done
I wrote it out by hand just to make sure it was done correctly and when i run after doing chmod +x (filename.sh) it i get:
(running ./filename.sh) i get "Sorry cannot understand the command
enter the massnmap with the file input with list of IP address ranges"
(running ./filename.sh ipran.txt) i get "./anyname.sh: line 37: syntax error near unexpected token found'
./anyname.sh: line 37:for ips found in $(cat ./results/$store/hostsalive.csv); do'"
i am meant to get "I am trying to create a store to dump now hangon" "alright lets fire masscan ****"
i have tried using different ips(in my ipran.txt file)
any help would be greatly appreciated
OS used -Kali linux

Related

Looping over read in bash until correct input is given

Hello I was wondering what would be the proper way to pass command as variable into prompt? For example, I have:
#!/bin/bash
clear ;
i=`ifconfig tap0 | awk '{print $2}' | egrep "([0-9]{1,3}[\.]){3}[0-9]{1,3}"`
read -p "Enter your IP: " prompt
if [[ $prompt == i ]]
then
echo "Correct IP, congrats"
else
read -p "Wrong IP, try again: " prompt
if [[ $prompt == i ]]
then
echo "Correct IP, congrats"
else
echo "Wrong IP for the second time, exiting."
exit 0
fi
I am sure this can be looped, but I don't know how,. I am starting with bash scripting, So I am learning the dirty way :)
Thank you
Simply put your condition in a while loop, i.e. as long as your condition isn't satisfied, read from stdin and ask for proper input.
#!/bin/bash
clear
i=$(ifconfig tap0 | awk '{print $2}' | egrep "([0-9]{1,3}[\.]){3}[0-9]{1,3}")
read -p "Enter IP address: " prompt
while [ "$i" != "$prompt" ] ; do
echo "Wrong IP address"
read -p "Enter IP address: " prompt
done
echo "Correct IP, congrats"
If you want to abort after a maximum amount of wrong inputs, add a counter
#!/bin/bash
MAX_TRIES="5"
clear
i="$(ifconfig tap0 | awk '{print $2}' | egrep "([0-9]{1,3}[\.]){3}[0-9]{1,3}")"
t="0"
read -p "Enter IP address: " prompt
while [ "$i" != "$prompt" -a "$t" -lt "$MAX_TRIES" ] ; do
echo "Wrong IP address"
t="$((t+1))"
read -p "Enter IP address: " prompt
done
if [ "$t" -eq "$MAX_TRIES" ] ; then
echo "Too many wrong inputs"
exit 1
fi
echo "Correct IP, congrats"
exit 0

shell script telnet skip the while loop at first point

I'm using following shell script to check through set of ip and port from csv file. But it always breaking the while loop and only show the first result. But any how without error the script reaches the last line also. How to fix the loop breaking issue in telnet?
echo "starts"
while read p; do
if [ ! -z "$p" -a "$p" != " " ]; then
IP=`echo $p | cut -d',' -f1`
PORT=`echo $p | cut -d',' -f2`
TELNET_STR=`telnet "$IP" "$PORT" | grep "Connected"`
if [ ! -z "$TELNET_STR" -a "$TELNET_STR" != " " ]; then
echo '[success]:'$IP':'$PORT
else
echo '[failed]:'$IP':'$PORT
fi
fi
done <telnet.csv
echo "ends"
telnet.csv
234.253.245.23,80,1
234.089.108.216,8080,1
234.23.23.216,21,1
The telnet command is exit the parent shell, If its success or failure.
You can use fork to run the commands in background.
() - To run the commands in sub shells.
& - Puts the function call in the background.
sleep - wait time for sub shell complete.
while read p; do
if [ ! -z "$p" -a "$p" != " " ]; then
IP=`echo $p | cut -d',' -f1`
PORT=`echo $p | cut -d',' -f2`
( sleep 2;
TELNET_STR=`telnet "$IP" "$PORT" | grep "Connected"`
if [ ! -z "$TELNET_STR" -a "$TELNET_STR" != " " ]; then
echo '[success]:'$IP':'$PORT
else
echo '[failed]:'$IP':'$PORT
fi
) &
fi
done <telnet.csv
Output
[success]:192.168.12.14:22
telnet: Unable to connect to remote host: Network is unreachable
[failed]:234.253.245.23:80
telnet: could not resolve 234.089.108.216/8080: Name or service not known
failed]:234.089.108.216:8080

List windows domain group content from linux

I'd like to list the contents of domain group containing users & computers, then resolve the computer names from dns and prepare list for squid.
What is the best way to do it? I was thinking about connect to ldap using bash or perl, but maybe there is better method.
thanks for help. I created this script, it seems it is working.
#!/bin/bash
oIFS=$IFS
IFS=$'\n'
# list group members
members=( $(ldapsearch -h server -D 'user' -w 'passw' -x -b "DC=domain,DC=net" "(cn=Groupname)" | grep member | awk -F '[=,]' '{print $2}') )
for (( i=0; i<${#members[#]}; i++ ));
do
member=( $(echo "${members[$i]}") )
AccountType=$(ldapsearch -h server -D 'user' -w 'passw' -x -b "DC=domain,DC=net" "(cn=$member)" | grep sAMAccountType | awk '{print $2}')
if [ "$AccountType" == "805306369" ]
then
# this member is PC, let's resolve its IP
host=$(host $member.domain.net)
if [ $? -eq 0 ]; then
ip=$(echo $host| awk '{print $4}')
echo "$member has ip $ip"
else
echo "WARNING: $member not found!"
fi
elif [ "$AccountType" == "805306368" ]
then
echo "$member is User"
else echo "$member is neither PC, nor User"
fi
done
IFS=$oIFS

Checking if domain is active on server

I am trying to check if a domain is active on the server. So far I get errors.
list=/root/domainlist.txt
for i in $(cat $list)
do
echo "checking " $i
$ip = host $i |grep -o -m 100 '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'
if [[ $ip == "xx.xx.xx.xx" ]]; then
$i >> /root/activedomains.txt
fi
done
Output:
activedomains: line 4: =: command not found
This is the current error I get.
No spaces before and after the =
No dollar sign in the assignment
You probably want the result of the command, so enclose it in $( )
ip=$(host $i |grep -o -m 100 '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
write to the file like this
echo "$i" >> /root/activedomains.txt
You have a syntax error with the line
$ip = host $i |grep -o -m 100 '...'
you shoud use instead :
ip=$(host $i |grep -o -m 100 '...')
A better way using boolean logic (no need grep there, if host $ip failed, it will return FALSE):
list=/root/domainlist.txt
while read ip; do
echo "checking $ip"
host "$ip" &>/dev/null && echo "$ip" >> /root/activedomains.txt
done < "$list"
It's the equivalent of
list=/root/domainlist.txt
while read ip; do
echo "checking $ip"
if host "$ip" &>/dev/null; then
echo "$ip" >> /root/activedomains.txt
fi
done < "$list"
For starters you shouldn't assign to $ip to ip ... but it's possible there are more errors.
My guess would be you wanted (line 4/5):
ip=$(host $i |grep -o -m 100 '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
Also read user000001's answer. The missing echo when getting the output is another issue.

get process name, pid and port mapping from netstat command in SunOS

I am trying to get the mapping of port number to application that is running/using the port in SunOS
$netstat -tlnp
netstat: illegal option -- t
It seems the -t option is illegal in SunOS.
how can i get this mapping?
I got his script from somewhere. Log into solaris system. Open vi editor. Go into insert mode. Copy and paste this script. Close the file. Give execute permission. Run this script with -p or -P swithc. It will give an output with the PID, PROCESS Name and Port.
PCP is a script that enables administrators to see what open TCP ports are in use on a Solaris system. It maps ports to PIDs and vice versa. It accepts wildcards and will also show at a glance all open ports and their corresponding
PIDs. It is nice script gives a very fine out put. Just try it.
Example:
#pcp -p PORT_NUMBER or #pcp -P PROCESS_ID
#!/usr/bin/ksh
#
# Wildcards are accepted for -p and -P options.
#
# for the help, much appreciated.
i=0
while getopts :p:P:a opt ; do
case "${opt}" in
p ) port="${OPTARG}";i=3;;
P ) pid="${OPTARG}";i=3;;
a ) all=all;i=2;;
esac
done
if [ $OPTIND != $i ]; then
echo >&2 "usage: $0 [-p PORT] [-P PID] [-a] (Wildcards OK) "
exit 1
fi
shift `expr $OPTIND - 1`
if [ "$port" ]; then
# Enter the port number, get the PID
#
port=${OPTARG}
echo "PID\tProcess Name and Port"
echo "_________________________________________________________"
for proc in `ptree -a | awk '/ptree/ {next} {print $1};'` ; do
result=`pfiles $proc 2> /dev/null| egrep "port: $port$"`
if [ ! -z "$result" ];then
program=`ps -fo comm= -p $proc`
echo "$proc\t$program\t$port\n$result"
echo "_________________________________________________________"
fi
done
elif [ "$pid" ]; then
# Enter the PID, get the port
#
pid=$OPTARG
# Print out the information
echo "PID\tProcess Name and Port"
echo "_________________________________________________________"
for proc in `ptree -a | awk '/ptree/ {next} $1 ~ /^'"$pid"'$/ {print $1};'`; do
result=`pfiles $proc 2> /dev/null| egrep port:`
if [ ! -z "$result" ];then
program=`ps -fo comm= -p $proc`
echo "$proc\t$program\n$result"
echo "_________________________________________________________"
fi
done
elif [ $all ]; then
# Show all PIDs, Ports and Peers
#
echo "PID\tProcess Name and Port"
echo "_________________________________________________________"
for proc in `ptree -a | sort -n | awk '/ptree/ {next} {print $1};'` ; do
out=`pfiles $proc 2>/dev/null| egrep "port:"`
if [ ! -z "$out" ];then
name=`ps -fo comm= -p $proc`
echo "$proc\t$name\n$out"
echo "_________________________________________________________"
fi
done
fi
exit 0
If you don't have lsof installed, here is one way using standard Solaris commands:
pfiles /proc/* 2>/dev/null | nawk -v port=$port '
/^[0-9]/ { cmd=$0; type="unknown"; continue }
$1 == "SOCK_STREAM" { type="tcp" }
$1 == "SOCK_DGRAM" { type="udp" }
$2 == "AF_INET" { if((port!="")&&($5!=port)) continue;
if(cmd!="") { printf("%s\n %s:%s/%s\n",cmd,$3,$5,type); cmd="" }
else { printf(" %s:%s/%s\n",cmd,$3,$5,type); }}'
Set the port variable to the port number you are looking for, if any, or leave it unset to see all IPV4 ports in use.

Resources