Designed this nmap bash script to be able to run multiple different scans to pull information that is relevant and save it to unique files. I also noticed that I was running similar nmap scans and thought I would combine them into a script that automates the process.
v0.2 - Fixed the smb-enum-shares nse by adding a smbdomain argument
- Fixed the nmapSwitches variable in the nmap command inside of the for loop
#!/bin/bash
location='tallBuilding'
subnet='127.0.0.1'
ipList='results/ipList.txt'
# Creates the output and the results directory if they need to be created
if [ ! -d "output" ]; then
mkdir output
mkdir results
fi
# Run a host discovery scan to see which devices are available in the subnet
typeOfScan='nmap-sP'
nmap -sP $subnet -oA output/$location-$typeOfScan
# From the host discovery put together a list of IP Addresses that can be used in future scans
if [ -f "output/$location-$typeOfScan.nmap" ]; then
cat output/$location-$typeOfScan.nmap | grep "Nmap scan report for" | awk '{print $5}' > $ipList
else
echo "Unable to find the nmap host discovery list."
exit
fi
################### Create a loop of the various nmap scans to perform ##############################
declare -a nmapSwitches=('-sV -p 20,21,22 --open --script ftp-anon.nse'
'-sV -p 5800,5801,5802,5803,5900,5901,5902,5903 --open --script vnc-info.nse'
'-sV -p 5800,5801,5802,5803,5900,5901,5902,5903 --open --script realvnc-auth-bypass.nse'
'-p 69 -sU --open --script tftp-enum.nse'
'-p T:53,U:53 --open'
'-p 161 -sU --script snmp-brute'
'--script smb-os-discovery.nse -p 445'
'--script smb-check-vulns -p 445'
'--script smb-enum-shares.nse --script-args smbdomain=domain,smbuser=user,smbpass=password -p 445');
declare -a typeOfScan=('nmap-sV-FTP'
'nmap-sV-VNC'
'nmap-sV-VNC-auth-bypass'
'nmap-sU-TFTP'
'nmap-DNS'
'nmap-SNMP'
'nmap-Samba-445'
'nmap-Samba-check-vulns'
'nmap-Samba-enum-shares');
for ((i=0; i<${#nmapSwitches[@]}; i++)); do
typeOfScanVar=${typeOfScan[$i]}
nmapSwitchesVar=${nmapSwitches[$i]}
nmap $nmapSwitchesVar -iL $ipList -oA output/$location-$typeOfScanVar
done
Subscribe to:
Post Comments (Atom)
-
Here is a quick walk through of GetBoo. The first item that I found was you can harvest the usernames of the existing users that are regist... -
As I was glancing through the logs of my honeypots I spent some time to look at the following logs. In the past I have just overlooked them... -
I thought I would work through a few of these web applications provided by OWASP on their broken web applications VM. The first one I th... -
Today looking at the logs of the honeypots, I became curious based on the whois of the IP Addresses attempting to login to SSH which country...
-
Recently I was doing some scanning with a tool that is available on github called masscan. The tool allows you to configure a configuration...
No comments:
Post a Comment