Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 12:29 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 
Author Message
 Post subject: enhanced nmap_linux.sh
PostPosted: Wed Dec 05, 2007 6:23 pm 
Offline
Newbie

Joined: Thu Nov 29, 2007 2:51 am
Posts: 10
Location: Germany
hey all,

on my network i tooks a lot of time to portscan all ipaddresses, so i simply modified the script in that way: :-)

nmap_linux.sh:

#!/bin/bash

# Script origin written by ???
#
# Strongly enhanced by Flo M.

. linux.config

# Check if any nmap is running....
ps aux | grep -v grep | grep 'nmap -v -O -oN nmap.txt' > /dev/zero
if [ "$?" == "0" ]; then
echo
echo "Some other nmap processes of openaudit running..."
echo "Use 'ps aux | grep nmap' to find out!"
echo "Quitting now...!"
echo
exit 1
fi

function portscan {

# A directory of each ip is needed to prevent overlapping...
mkdir "$NMAP_NET.$a"
cd "$NMAP_NET.$a"

# Starting the portscan...
nmap_file="nmap.txt"
nmap_input=`nmap -v -O -oN $nmap_file $NMAP_NET.$a`
nmap_output=`cat $nmap_file`

# Transfer to openaudit...
wget -q --post-data="submit=submit&add=$nmap_output" http://"$OASERVER"/oa/admin_nmap_input.php

# Cleaning up...
cd ..
rm -rf "$NMAP_NET.$a"

}

for ((a=$NMAP_START; a <= $NMAP_END ; a++)); do
portscan $a &
done


...in addition to nmap_linux.sh you need the linux.config file:

linux.config

OASERVER="openaudit.your.net"
SUBNET="192.168.xxx.xxx"
NETMASK="255.255.xxx.xxx"
NMAP_NET="192.168.xxx"
NMAP_START="1"
NMAP_END="254"



what do you think?


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 05, 2007 6:43 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
So much easier in bash than vbs, only comment I have. Does this script limit the number of processes it spawns, or could I crash my linux box by telling it to nmap a class B or class A network, simply because it would spawn way too many processes for the box? :?

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 05, 2007 6:46 pm 
Offline
Newbie

Joined: Thu Nov 29, 2007 2:51 am
Posts: 10
Location: Germany
hmmm, an important consideration.... :-) i'll think about that!


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 05, 2007 6:57 pm 
Offline
Newbie

Joined: Thu Nov 29, 2007 2:51 am
Posts: 10
Location: Germany
...so for now, i modified the script with a counter in the loop - it is set up to 50 simultaneous nmap's then break for 20 seconds... but actual i am not as happy with that :?

[code]#!/bin/bash

# Script origin written by ???
#
# Strongly enhanced by Flo M.

. linux.config

# Check if any nmap is running....
ps aux | grep -v grep | grep 'nmap -v -O -oN nmap.txt' > /dev/zero
if [ "$?" == "0" ]; then
echo
echo "Some other nmap processes of openaudit running..."
echo "Use 'ps aux | grep nmap' to find out!"
echo "Quitting now...!"
echo
exit 1
fi

function portscan {

# A directory of each ip is needed to prevent overlapping...
mkdir "$NMAP_NET.$a"
cd "$NMAP_NET.$a"

# Starting the portscan...
nmap_file="nmap.txt"
nmap_input=`nmap -v -O -oN $nmap_file $NMAP_NET.$a`
nmap_output=`cat $nmap_file`

# Transfer to openaudit...
wget -q --post-data="submit=submit&add=$nmap_output" http://"$OASERVER"/oa/admin_nmap_input.php

# Cleaning up...
cd ..
rm -rf "$NMAP_NET.$a"

}

i=0
for ((a=$NMAP_START; a <= $NMAP_END ; a++)); do
portscan $a &
let i++
if [ $i -ge 50 ]; then
sleep 20
i=0
fi
done
[/code]


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 05, 2007 10:59 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Why not do a ps -ef |grep nmap |wc -l or whatever to find out how many nmaps are running, and do the next IP when we are back below the limit.
(Also include the limit in the config file as per the audit.config )

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Tue Mar 23, 2010 8:57 am 
Offline
Newbie

Joined: Tue Mar 23, 2010 8:15 am
Posts: 2
Thanks xiam, I like the enhancements.

I did a slight hack to decrement the counter whenever an nmap process is complete.
[code]#!/bin/bash

# Script origin written by ???
#
# Strongly enhanced by Flo M.
# Hacked further by jhowell

. nmap_linux.config

# Check if any nmap is running....
ps aux | grep -v grep | grep 'nmap -v -O -oN nmap.txt' > /dev/zero
if [ "$?" == "0" ]; then
echo
echo "Some other nmap processes of openaudit running..."
echo "Use 'ps aux | grep nmap' to find out!"
echo "Quitting now...!"
echo
exit 1
fi

function portscan {

# A directory of each ip is needed to prevent overlapping...
mkdir "$NMAP_NET.$a"
cd "$NMAP_NET.$a"

# Starting the portscan...
nmap_file="nmap.txt"
nmap_input=`nmap -v -O -oN $nmap_file $NMAP_NET.$a`
nmap_output=`cat $nmap_file`
echo "Now scanning " $NMAP_NET.$a " ..."

# Transfer to openaudit...
wget -q --post-data="submit=submit&add=$nmap_output" http://"$OASERVER"/openaudit/admin_nmap_input.php

# Cleaning up...
cd ..
rm -rf "$NMAP_NET.$a"
let i--

}

i=0
for ((a=$NMAP_START; a <= $NMAP_END ; a++)); do
portscan $a &
let i++
if [ $i -ge 10 ]; then
sleep 20
fi
done
[/code]

Hope you like.
Jonathan


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group