My nmap scriptPost Exploitation Hacking Course

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Courses Post Exploitation Hacking Course My nmap script

This topic contains 12 replies, has 11 voices, and was last updated by  lyk3nl33t 3 years, 5 months ago.

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #6466

    Steven
    Participant

    Hi everybody,

    I really want to thank the founders of this site because I learned a lot by watching the videos and practising the things.
    I made an nmap script in bash that you can run after you broke the wifi key.
    It’s not error proof but it works for me.
    I tested it against my own PC because some AV’s give a warning if you do a scan and the commands that are in this script didn’t trigger the warnings.
    So you need to give a folder where it can drop the results and a network range.
    Again it isn’t error proof so if you don’t do it, it will fail, hadn’t had the time to propperly learn bash.
    You are free to modify it yourself 🙂
    Just copy the text in a bash script and it should run.
    Update 10/09/2015
    As I had some time to spare I changed my script a bit, added some controls and some more options.
    If You run the script and no arguments where given you will get an example how to run it. It will also check if the IP-adres you antered is in the correct format and if it’s a number.
    You also have an option to choose a long nmap scan or a short one. the short will be nmap -sn the long will be nmap -Pn

    Just copy and past this code below in your favorite text editor, give yourself permissions to run it and it should work. I tested it as best if I could but there is only so mutch one can thin k about :).

    If you encounter any errors just post it below and I will look into them.

    
    #!/bin/bash
    # Control if the given input is valid
    if [[ $1 == "" || $2 == "" ]]
    then
    	echo "First input must be a folder name."
    	echo "Second input must be a network range."
    	echo "Example: ./ScanAdvanced mapname 192.168.2.0/24"
    
    else
    
    	echo "The following input was given:"
    	echo "Folder: $1"
    	echo "Network range: $2"
    	echo "-----------------------------------------------------------------"
    	echo "Making folder: $1"
    	if [ ! -d $1 ]
    	then
    		mkdir $1 && echo -e "Folder created.\n\n\n"
    	else
    		echo -e "Folder exists, continuing.\n\n\n"
    	fi
    	echo -e "Checking if the ip-adres has the correct format."
    	ip2="$(echo $2 | cut -f 1 -d '/')"
    	#Look if the given ip-adres is the correct format.
    #	echo First value is: $ip2
    	IFS='.' read -a ip <<< "$ip2"
    #	echo ${ip[0]}
    	#set a boolean to check if the IP-adres is in the correct format
    	ipcorrect=1
    	for i in "${ip[@]}"
    	do
    		if ! [[ "$i" =~ ^[0-9]+$ ]]
    		then
    			let "ipcorrect = 0"
    		else
    			if [ $i -ge "256" ]
    			then
    				echo -e "The ip-adres you entered is the wrong format."  "\nCorrect inputs are:\n \t192.168.1.0\n\t172.16.2.0/24\n\t196.157.52.2\n"
    				let "ipcorrect = 0"
    #		else
       			#echo $i
    			fi
    		fi
    	done
    #	echo Value of ipcorrect is: $ipcorrect
    	if [ $ipcorrect -eq "1" ]
    	then
    		echo -e "Do you want to do a quick or a long IP scan?\n\tChose 1 to do a quick scan\n\tChoose 2 to do a long scan."
    		read scantype
    		if [ $scantype == "1" ]
    		then
    			echo -e "You choose the quick scan.\nThe following command wil be executed:\n\tnmap -sn $2"
    			nmap -sn $2 > $1/nmap-sn.txt
    		elif [ $scantype == "2" ]
    		then
    			echo -e "You choose the long scan.\nThe following command will be executed:\n\tnmap -Pn $2"
    			nmap -Pn $2 > $1/nmap-sn.txt
    		else
    			echo -e "You gave an invalid input for the scantype.\nYou must enter 1 or 2."
    		fi
    		#The following scans may only be executed if the input given in the scantype is either 1 or 2
    		if [[ $scantype == "1" || $scantype == "2" ]]
    		then
    			# the following code will be executed
    			echo -e "Discovery scan completed.\nGetting Active IP-adresses"
    			cat $1/nmap-sn.txt | grep "Nmap scan report for" | cut -f 2 -d '(' | cut -f 1 -d ')' > $1/nmap-sn-ip.txt
    			echo -e "Active IP-adresses written to text file $1/nmap-sn-ip.txt \nThese are the active IP's:"
    			cat $1/nmap-sn-ip.txt
    			echo -e "\n""Starting detailed nmap scans.\nExecuting command: nmap --iflist"
    			if [ -e $1/nmap-iflist.txt ]
    			then
    				echo -e "\n" " \n\nExtra information added on: " "$(date)" >> $1/nmap-iflist.txt
    				nmap --iflist >> $1/nmap-iflist.txt
    			else
    				echo -e "nmap-iflist.txt does not exist.\nWriting new text file."
    				nmap --iflist >> $1/nmap-iflist.txt
    			fi
    			echo -e "Routing listing of interfaces completed and data writen to text file.\n\nNow executing the following command: nmap -A"
    			if [ -e $1/nmap-A.txt ]
    			then
    				echo -e "\n" " \n\nExtra information added on: " "$(date)" >> $1/nmap-A.txt
    				nmap -iL $1/nmap-sn-ip.txt -A >> $1/nmap-A.txt
    			else
    				echo -e "nmap-A.txt does not exist.\nWriting new text file."
    				nmap -iL $1/nmap-sn-ip.txt -A >> $1/nmap-A.txt
    			fi
    			echo -e "Nmap -A scan completed and data writen to text file.\n\nNow executing the following command: nmap -sS"
    			if [ -e $1/nmap-sS.txt ]
    			then
    				echo -e "\n" "\n\nExtra information added on: " "$(date)" >> $1/nmap-sS.txt
    				nmap -iL $1/nmap-sn-ip.txt -sS >> $1/nmap-sS.txt
    			else
    				echo -e "nmap-sP.txt does not exist.\nWriting new text file."
    				nmap -iL $1/nmap-sn-ip.txt -sS >> $1/nmap-sS.txt
    			fi
    			echo -e "Nmap -sS scan completed and data writen to text file.\n\nNow executing the following command: nmap -sO"
    			if [ -e $1/nmap-sO.txt ]
    			then
    				echo -e "\n" "\n\nExtra information added on: " "$(date)" >> $1/nmap-sO.txt
    				nmap -iL $1/nmap-sn-ip.txt -sO >> $1/nmap-sO.txt
    			else
    				echo -e "nmap-sO.txt does not exist.\nWriting new text file."
    				nmap -iL $1/nmap-sn-ip.txt -sO >> $1/nmap-sO.txt
    			fi
    			echo -e "nmap -sO scan completed and data writen to text file.\n\nNow executing the following command: nmap -sV"
    			if [ -e $1/nmap-sV.txt ]
    			then
    				echo -e "\n" "\n\nExtra information added on: " "$(date)" >> $1/nmap-sV.txt
    				nmap -iL $1/nmap-sn-ip.txt -sV >> $1/nmap-sV.txt
    			else
    				echo -e "nmap-sF.txt does not exist.\nWriting new text file."
    				nmap -iL $1/nmap-sn-ip.txt -sV >> $1/nmap-sV.txt
    			fi
    			echo -e "nmap -sF scan completed and data writen to text file.\n\nNow executing the following command: nmap --top-ports 100"
    			if [ -e $1/nmap-top100ports.txt ]
    			then
    				echo -e "\n" "\n\nExtra information added on: " "$(date)" >> $1/nmap-top100ports.txt
    				nmap -iL $1/nmap-sn-ip.txt --top-ports 100 >> $1/nmap-top100ports.txt
    			else
    				echo -e "nmap-top100ports.txt does not exist.\nWriting new text file."
    				nmap -iL $1/nmap-sn-ip.txt --top-ports 100 >> $1/nmap-top100ports.txt
    			fi
    			echo -e "nmap --top-ports 100 scan completed and data writen to text file.\n\nNow executing the following command: nmap -p 5800,5900,http,8080,23"
    			if [ -e $1/nmap-costumports.txt ]
    			then
    				echo -e "\n" "\n\nExtra information added on: " "$(date)" >> $1/nmap-costumports.txt
    				nmap -iL $1/nmap-sn-ip.txt -p 5800,5900,http,8080,23 >> $1/nmap-costumports.txt
    			else
    				echo -e "nmap-costumports.txt does not exist.\nWriting new text file."
    				nmap -iL $1/nmap-sn-ip.txt -p 5800,5900,http,8080,23 >> $1/nmap-costumports.txt
    			fi
    			echo -e "Costum port scan completed and data writen to text file.\n\nNow executing command: nmap --source-port 54 -A"
    			if [ -e $1/nmapsourceport.txt ]
    			then
    				echo -e "\n" "\n\nExtra information added on: " "$(date)" >> $1/nmapsourceport.txt
    				nmap -iL $1/nmap-sn-ip.txt --source-port 54 -A >> $1/nmapsourceport.txt
    			else
    				echo -e "nmapsourceport.txt does not exist.\nWriting new text file."
    				nmap -iL $1/nmap-sn-ip.txt --source-port 54 -A >> $1/nmapsourceport.txt
    			fi
    			echo -e "All nmap scans are completed.\nScript will terminate."
    		fi
    	else
    		echo -e "You have entered a wrong format of IP-adres.\nUsage:\n\t./Scan.sh foldername ip-adres/range\n\t./Scan.sh foldername 192.168.1.2\n\t./Scan.sh foldername 192.168.1.0/24"
    
    	fi
    fi
    
    • This topic was modified 3 years, 7 months ago by  Steven.
    #6469

    ryan
    Moderator

    Thanks for sharing and thanks for being a valuable part of Cybrary!

    #7008

    Anonymous

    Thanks for sharing !

    #7020

    Ξ B ☢ B Ξ
    Participant

    Thank you Steven!

    #9172

    Patrick
    Participant

    Thanks for the share.

    #12500

    Anonymous
    Participant

    Thanks for Giving

    #20387

    krux
    Participant

    Great script! I’ve shortened this a bit and added an if to make sure you won’t get a warning if the supplied folder already exists, in case anyone is interested:

    
    #!/bin/bash
    echo "The following input was given:"
    echo "Folder: $1"
    echo "Network range: $2"
    echo "-----------------------------------------------------------------"
    echo "Making folder: $1"
    if [ ! -d $1 ] 
    then
    	mkdir $1 && echo -e "Folder created.\n\n\n"
    else 
    	echo -e "Folder exists, continuing.\n\n\n"
    fi
    echo -e "Starting nmap ping scan.\nexecuting command: nmap -v -sn $2\n$(nmap -sn $2 > $1/nmap-sn.txt)"
    echo "Scan completed.\n\n
    Getting active IP-adresses."
    cat $1/nmap-sn.txt | grep "Nmap scan report for" | cut -f 5 -d ' ' > $1/nmap-sn-ip.txt
    echo "Active ip's writting to text file nmap-sn-ip.txt"
    echo -e "These are the active IP's:\n$(cat $1/nmap-sn-ip.txt)\n\n"
    echo -e "Starting detailed nmap scans.\n
    Executing command: nmap --iflist"
    nmap --iflist > $1/nmap-iflist.txt
    echo -e "Listing is done.\n
    -----------------------------------------------------------------\n\n\n"
    echo "Executing command: nmap -A $()nmap -iL $1/nmap-sn-ip.txt -A > $1/nmap-A.txt"
    echo -e "Scan is finished and written to text file.\n
    -----------------------------------------------------------------\n\n\n\n\n\n"
    echo "Executing command: nmap -sP $(nmap -iL $1/nmap-sn-ip.txt -sP > $1/nmap-sP.txt)"
    echo -e "Scan is finished and written to text file.\n
    -----------------------------------------------------------------\n\n\n
    Executing command: nmap -F $(nmap -iL $1/nmap-sn-ip.txt -F > $1/nmap-F.txt)"
    echo -e "Scan is finished and written to text file.\n
    -----------------------------------------------------------------\n\n\n"
    echo "Executing command: nmap -sS $(nmap -iL $1/nmap-sn-ip.txt -sS > $1/nmap-sS.txt)"
    echo -e "Scan is finished and written to text file.\n
    -----------------------------------------------------------------\n\n\n"
    echo "Executing nmap -sO $(nmap -iL $1/nmap-sn-ip.txt -sO > $1/nmap-sO.txt)"
    echo -e "Scan is finished and written to text file.\n
    -----------------------------------------------------------------\n\n\n"
    echo "Executing nmap -sF $(nmap -iL $1/nmap-sn-ip.txt -sF > $1/nmap-sF.txt)"
    echo -e"-----------------------------------------------------------------\n
    Scan is finished and written to text file.\n\n\n
    Executing command: nmap --top-ports 100 "
    nmap -iL $1/nmap-sn-ip.txt --top-ports 100 > $1/nmap-top100ports.txt)
    echo -e "Scan is finished and written to text file.\n\n\n
    Executing command: nmap -p 5800,5900,http,8080,23"
    nmap -iL $1/nmap-sn-ip.txt -p 5800,5900,http,8080,23 > $1/nmap-costumports.txt
    echo -e "Scan is finished and written to text file.\n\n\n
    Executing command: nmap --source-port 54 -A"
    nmap -iL $1/nmap-sn-ip.txt --source-port 54 -A > $1/nmapsourceport.txt
    echo -e "Scan is finished and writen to text file.\n
    -----------------------------------------------------------------\n\n\n
    nmap scans are done, script will terminate."
    
    • This reply was modified 3 years, 8 months ago by  krux.
    #21725

    Steven
    Participant

    Thanks :).

    #24813

    Steven
    Participant

    Sorry for the dubble post.
    Just to let everybody know I did a big change in the script and improved it a bid and added some new options.

    Just check it out :).

    #25847

    dxpy
    Participant

    awesome

    #27924

    ObsidiusB
    Participant

    Thanks for sharing this with us

    #33621

    romualds
    Participant

    Thanks for contributing!

    #36213

    lyk3nl33t
    Participant

    not bad man not bad at all nice use of bash script sysadmin much lol

Viewing 13 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel