Closed ifrane closed 8 years ago
Thanks for the idea, PRs are welcome if you want to do that? otherwise will see about getting the task assigned.
ok perhaps the PR route makes the most sense. I'm completely new to posting on GitHub so forgive my mistakes.
I'll make the request
On Wed, Jul 27, 2016 at 3:26 PM, J.Townsend notifications@github.com wrote:
Thanks for the idea, PRs are welcome if you want to do that? otherwise will see about getting the task assigned.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/leebaird/discover/issues/75#issuecomment-235726406, or mute the thread https://github.com/notifications/unsubscribe-auth/ATu2fglwQrvouXtrzvcMKC1bIuU61Yhgks5qZ80UgaJpZM4JWoUr .
In the notes section there is a git.txt I would recommend you read that as that would be useful for you.
The -Pn switch is already in use. This is also the default behavior the Nexpose uses.
`f_scan(){ custom='1-1040,1050,1080,1099,1125,1158,1194,1214,1220,1344,1352,1433,1500,1503,1521,1524,1526,1720,1723,1731,1812,1813,1953,1959,2000,2002,2030,2049,2100,2121,2200,2202,2222,2301,2375,2381,2401,2433,2456,2500,2556,2628,2745,2780-2783,2947,3000,3001,3031,3121,3127,3128,3200,3201,3230-3235,3260,3268,3269,3306,3310, 3339,3389,3460,3500,3527,3632,3689,4000,4045,4100,4242,4369,4430,4443,4445,4661,4662,4711,4848,5000,5001,5009,5010,5019,5038,5040,5059,5060,5061,5101,5180,5190,5191,5192,5193,5250,5432,5554,5555,5560,5566,5631,5666,5672,5678,5800,5801,5802,5803,5804,5850,5900-6009,6101,6106,6112,6161,6346,6379,6588,6666,6667,6697,6777,7000,7001,7002,7070,7100,7210,7510,7634,7777,7778,8000,8001,8004,8005,8008,8009,8080,8081,8082,8083,8091,8098,8099,8100,8180,8181,8222,8332,8333,8383,8384,8400,8443,8444,8470-8480,8500,8787,8834,8866,8888,9090,9100,9101,9102,9160,9343,9470-9476,9480,9495,9996,9999,10000,10025,10168,11211,12000,12345,12346,13659,15000,16080,18181-18185,18207,18208,18231,18232,19150,19190,19191,20034,22226,27017,27374,27665,28784,30718,31337,32764,32768,32771,33333,35871,37172,38903,39991,39992,40096,46144,46824,49400,50000,50030,50060,50070,50075,50090,51080,51443,53050,54320,58847,60000,60010,60030,60148,60365,62078,63148' full='1-65535' udp='53,67,123,137,161,500,523,1434,1604,2302,3478,3671,4070,5353,6481,17185,31337,44818,47808' yesping='-sP -PE -PS21-23,25,53,80,110-111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080 -PU53,67-69,123,135,137-139,161-162,445,500,514,520,631,1434,1900,4500,49152' noping='-Pn'
echo echo -n "Perform ping scan? (y/N) " read discping
if [ "$discping" == "y" ]; then pingscans=$yesping else pingscans=$noping fi
echo echo -n "Perform full TCP port scan? (y/N) " read scan
if [ "$scan" == "y" ]; then tcp=$full else tcp=$custom fi
echo echo -n "Perform version detection? (y/N) " read vdetection
if [ "$vdetection" == "y" ]; then S='sSV' U='sUV' else S='sS' U='sU' fi
echo echo -n "Set scan delay. (0-5, enter for normal) " read delay
Check for no answer
if [[ -z $delay ]]; then delay='0' fi
if [ $delay -lt 0 ] || [ $delay -gt 5 ]; then f_error fi
echo echo $medium
nmap -iL $location --excludefile $excludefile -n -$S -$U $pingscans -p T:$tcp,U:$udp --max-retries 3 --min-rtt-timeout 100ms --max-rtt-timeout $maxrtt --initial-rtt-timeout 500ms --defeat-rst-ratelimit --min-rate 450 --max-rate 15000 --open --stats-every 10s -g $sourceport --scan-delay $delay -oA $name/nmap
x=$(grep '(0 hosts up)' $name/nmap.nmap)
if [[ -n $x ]]; then rm -rf "$name" tmp echo echo $medium echo echo "_Scan complete._" echo echo echo -e "\x1B[1;33m[*] No live hosts were found.\x1B[0m" echo echo exit fi
Clean up
egrep -v '(0000:|0010:|0020:|0030:|0040:|0050:|0060:|0070:|0080:|0090:|00a0:|00b0:|00c0:|00d0:|1 hop|closed|guesses|GUESSING|filtered|fingerprint|FINGERPRINT|general purpose|initiated|latency|Network Distance|No exact OS|No OS matches|OS:|OS CPE|Please report|RTTVAR|scanned in|SF|unreachable|Warning|WARNING)' $name/nmap.nmap | sed 's/Nmap scan report for //' | sed '/^$/! b end; n; /^$/d; : end' > $name/nmap.txt
grep -o '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' $name/nmap.nmap | $sip > $name/hosts.txt hosts=$(wc -l $name/hosts.txt | cut -d ' ' -f1)
grep 'open' $name/nmap.txt | grep -v 'WARNING' | awk '{print $1}' | sort -un > $name/ports.txt grep 'tcp' $name/ports.txt | cut -d '/' -f1 > $name/ports-tcp.txt grep 'udp' $name/ports.txt | cut -d '/' -f1 > $name/ports-udp.txt
grep 'open' $name/nmap.txt | grep -v 'really open' | awk '{for (i=4;i<=NF;i++) {printf "%s%s",sep, $i;sep=" "}; printf "\n"}' | sed 's/^ //' | sort -u | sed '/^$/d' > $name/banners.txt
for i in $(cat $name/ports-tcp.txt); do TCPPORT=$i cat $name/nmap.gnmap | grep " $i/open/tcp//http/| $i/open/tcp//http-alt/| $i/open/tcp//http-proxy/| $i/open/tcp//appserv-http/" | sed -e 's/Host: //g' -e 's/ (.//g' -e 's.^.http://.g' -e "s/$/:$i/g" | $sip >> tmp cat $name/nmap.gnmap | grep " $i/open/tcp//https/| $i/open/tcp//https-alt/| $i/open/tcp//ssl|giop/| $i/open/tcp//ssl|http/| $i/open/tcp//ssl|unknown/" | sed -e 's/Host: //g' -e 's/ (.//g' -e 's.^.https://.g' -e "s/$/:$i/g" | $sip >> tmp2 done
sed 's/http:\/\///g' tmp > $name/http.txt sed 's/https:\/\///g' tmp2 > $name/https.txt
Remove all empty files
find $name/ -type f -empty -exec rm {} + }`