Automatic Network Reconnaissance Tool

Posted on Nov 8, 2012 in Code, Main Menu0 comments

Automatic Network Reconnaissance Tool

This script was build with Bar Hofesh and it’s purpose it to be a first test you apply while conducting an infrastructure pentest.

Any ideas or comments – fell free to contact us and propose.

sadfasfdasdf

asfdasdfsadfsdf

#!/bin/bash
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#                    ..__...__.........._____.
#                    _/  |_|__|._______/  ___\
#                    \   __\  |/  ___/\   __\.
#                    .|  |.|  |\___ \..|  |...
#                    .|__|.|__/____  >.|__|...
#                    ..............\/.........
#
#              Automatic Network Reconnasaince Tool
#
#      Build by Yuval (tisf) Nativ and Bar (ba7a7chy) Hofesh
#                   of the See-Security Group
#
#                     yuval@see-security.com
#
#                  http://www.see-security.com
#                 http://www.hackingdefined.org
#
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

if [[ $EUID -ne 0 ]]; then
echo ''
echo 'Error:   This script must be run as root' 1>&2
echo ''
exit 1
fi

clear

PKG_OK=$(dpkg-query -W --showformat='${Status}\n' arp-scan|grep "install ok installed")
echo 'Checking for arp-scan: '$PKG_OK
if [ "" == "$PKG_OK" ]; then
echo "Resolving dependencies, please wait."
sudo apt-get --force-yes --yes install arp-scan
fi

PKG_OK=$(dpkg-query -W --showformat='${Status}\n' nmap|grep "install ok installed")
echo 'Checking for nmap: '$PKG_OK
if [ "" == "$PKG_OK" ]; then
echo "Resolving dependencies, please wait."
sudo apt-get --force-yes --yes install nmap
fi

PKG_OK=$(dpkg-query -W --showformat='${Status}\n' tcpdump|grep "install ok installed")
echo 'Checking for tcpdump: '$PKG_OK
if [ "" == "$PKG_OK" ]; then
echo "Resolving dependencies, please wait."
sudo apt-get --force-yes --yes install tcpdump
fi

PKG_OK=$(dpkg-query -W --showformat='${Status}\n' nbtscan|grep "install ok installed")
echo 'Checking for nbtscan: '$PKG_OK
if [ "" == "$PKG_OK" ]; then
echo "Resolving dependencies, please wait."
sudo apt-get --force-yes --yes install nbtscan
fi

clear

echo ""
echo ' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
echo ' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
echo ' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
echo ''
echo '    .__.................__......................_._.........'
echo '    / _\.___..___....../ _\.___..___._..._._.__(_) |_._..._.'
echo '    \ \./ _ \/ _ \_____\ \./ _ \/ __| |.| |  __| | __| |.| |'
echo '    _\ \  __/  __/_____|\ \  __/ (__| |_| | |..| | |_| |_| |'
echo '    \__/\___|\___|.....\__/\___|\___|\__,_|_|..|_|\__|\__, |'
echo '    ..................................................|___/.'
echo ''
echo '              Automatic Network Reconnasaince Tool'
echo ''
echo '      Build by Yuval (tisf) Nativ and Bar (ba7a7chy) Hofesh'
echo '                   of the See-Security Group'
echo ''
echo '                  http://www.see-security.com'
echo '                 http://www.hackingdefined.org'
echo ''
echo ' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
echo ' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
echo ' ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'
echo ""
echo "What is the project's name: "
read company
echo "Creating directory structure for $company..."
mkdir $company-`date +%Y-%m-%d`
cd $company-`date +%Y-%m-%d`
echo '' > EventLog.log
echo 'Project '$company' initiated at ' `date +%Y-%m-%d::%H:%S:%N` > EventLog.log
echo ""
interfaces=$(/sbin/ifconfig |grep -e ^[a-z] |  awk '{ printf $1 " "}')
echo "Your network adapters and their configuration:"
for i in $interfaces
do
addr=$(/sbin/ifconfig $i | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
echo "$i : $addr"
done
echo "Please choose network adapter (eth0/eth1/wlan0/wlan1): "
read netadpt
echo "    Network adapted choosen:" `/sbin/ifconfig $netadapt | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'` >> EventLog.log
echo ""
echo "Please choose scan type:"
echo "    [1]  I have plenty of time here, Give me the comprehensive one."
echo "    [2]  Make it a quick one. (arp+basic nmap)"
echo "    [3]  Just give me live hosts and solve their MAC address. "
echo "    [4]  Forget about the scanning and give me something fun!. "
read scantype
echo "    Scan type choosen: $scantype" >> EventLog.log
echo "" >> EventLog.log
echo ""
echo ""
echo "The project $company will start now. Please wait as information appears on screen."
echo ""
echo ""
echo ""
echo 'Scan on '$company' initiated at ' `date +%Y-%m-%d::%H:%S:%N` 2>&1 | tee -a EventLog.log
tcpdump -c 50000 -i $netadpt -w $company.cap &> /dev/null &
echo '' 2>&1 | tee -a EventLog.log
echo '     '`date +%Y-%m-%d::%H:%S:%N` ' - Started listener. Information logged to '$company'.cap' 2>&1 | tee -a EventLog.log
echo '     '`date +%Y-%m-%d::%H:%S:%N` ' - ARP scan initiated and saved to file.' 2>&1 | tee -a EventLog.log
arp-scan -I $netadpt -l > arp-scan.txt
echo '     '`date +%Y-%m-%d::%H:%S:%N` ' - ARP scan done. '`cat arp-scan.txt | grep responded | awk '{print $12}'` ' hosts found!' 2>&1 | tee -a EventLog.log
echo '     '`date +%Y-%m-%d::%H:%S:%N` ' - Now extracting IP addresses from file...' 2>&1 | tee -a EventLog.log
grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' arp-scan.txt > arp_ip_extracted.tmp
echo '     '`date +%Y-%m-%d::%H:%S:%N` ' - '`cat arp-scan.txt | grep responded | awk '{print $12}'` ' IPs extracted.' 2>&1 | tee -a EventLog.log
echo '     '`cat arp_ip_extracted.tmp` 2>&1 | tee -a EventLog.log

case "$scantype" in

1)  N=0
counter=`wc -l "arp_ip_extracted.tmp" | awk '{print $1'}`
cat arp_ip_extracted.tmp | while read IPADDR ; do
N=$((N+1))
echo '     '`date +%Y-%m-%d::%H:%S:%N` ' - Now proceeding to host '$N' out of '`cat arp-scan.txt | grep responded | awk '{print $12}'`'.' 2>&1 | tee -a EventLog.log
echo '     '`date +%Y-%m-%d::%H:%S:%N` ' - Starting scan for: '`echo $IPADDR` '...' 2>&1 | tee -a EventLog.log
nmap -Pn -T4 -PE -sV -PS22,25,80 -PA21,23,80,3389 $IPADDR >> $IPADDR.log
nbtscan -hv $IPADDR >> $IPADDR.log
echo '     '`date +%Y-%m-%d::%H:%S:%N` ' - Scan for '`echo $IPADDR` ' completed and documented in '$IPADDR'.log' 2>&1 | tee -a EventLog.log
done
;;
2)  N=0
counter=`wc -l "arp_ip_extracted.tmp" | awk '{print $1'}`
cat arp_ip_extracted.tmp | while read IPADDR ; do
N=$((N+1))
echo '     '`date +%Y-%m-%d::%H:%S:%N` ' - Now proceeding to host '$N' out of '`cat arp-scan.txt | grep responded | awk '{print $12}'`'.' 2>&1 | tee -a EventLog.log
echo '     '`date +%Y-%m-%d::%H:%S:%N` ' - Starting scan for: '`echo $IPADDR` '...' 2>&1 | tee -a EventLog.log
nmap -Pn $IPADDR >> $IPADDR.log
nbtscan -hv $IPADDR >> $IPADDR.log
echo '     '`date +%Y-%m-%d::%H:%S:%N` ' - Scan for '`echo $IPADDR` ' completed and documented at '$IPADDR'.log' 2>&1 | tee -a EventLog.log
done
;;
3)  echo  "Recon endded."
;;
4)  firefox 9gag.com
;;
*) echo "Exception. Will now Quit."
;;
esac

clear
echo ''
echo '     Killing tcpdump....'
pkill tcpdump
echo '     Scan completed at '`date +%Y-%m-%d::%H:%S:%N` ' .' 2>&1 | tee -a EventLog.log
echo '     A total of '`cat arp-scan.txt | grep responded | awk '{print $12}'`' hosts scanned.'
echo '     To view log see EventLog.log file.'
echo '     To view scan result of nmap go to nmap.log .'
echo '     Bee good :)  .'
echo ''

Leave a Reply

Your email address will not be published. Required fields are marked *

Please type the characters of this captcha image in the input box

Please type the characters of this captcha image in the input box

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>