Last active
April 8, 2024 08:13
-
-
Save dreizehnutters/c235ffeb2b4b8e915908e335738381de to your computer and use it in GitHub Desktop.
staggered nmap scan
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| NET=$1 | |
| bold=$(tput bold) | |
| normal=$(tput sgr0) | |
| error="${bold}[!]${normal}" | |
| if [ -z "${1}" ]; then | |
| echo "${0} <NET_IN_CIDR>|<FILE> [--check]" | |
| exit 1 | |
| fi | |
| XMLS=/usr/bin/xmlstarlet | |
| NMAP_BIN=/usr/bin/nmap | |
| uID=1000 | |
| NMAP_MIN_RATE=500 # CHANGE ME | |
| MIN_HOSTGROUP=16 # MIN_HOSTGROUP*16 ~= #scan targets | |
| DEFALUT_OPTIONS="--privileged \ | |
| -v \ | |
| -d1 \ | |
| -Pn \ | |
| -T5 \ | |
| --min-rate=${NMAP_MIN_RATE} \ | |
| --min-hostgroup=${MIN_HOSTGROUP} \ | |
| --stats-every=10 \ | |
| --open" | |
| get_ports_from_XML() { | |
| local nmap_path="${1}" | |
| $XMLS sel -t -m '//port/state[@state="open"]/parent::port' \ | |
| -v 'ancestor::host/address[@addrtype="ipv4"]/@addr' \ | |
| -o : -v './@portid' -n "${nmap_path}"/*.xml | sort -u -V | | |
| cut -d ':' -f2- | sort -u -V | sed ':a;N;$!ba;s/\n/,/g' | |
| } | |
| is_valid_cidr() { | |
| local cidr="${1}" | |
| local cidr_pattern='^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$' | |
| if ! [[ $cidr =~ $cidr_pattern ]]; then | |
| echo "${error} Invalid CIDR notation: ${cidr}" | |
| exit 1 | |
| fi | |
| } | |
| exit_fun() { | |
| sudo /usr/bin/chown ${uID}:${uID} -hR "${NET_PATH}" | |
| echo "$1" && exit 0 | |
| } | |
| if [[ -f "${NET}" || -d "${NET}" ]]; then | |
| INPUT="-iL ${NET}" | |
| VERBOSE="$(cat ${NET} 2>/dev/null | tr '\n' ',')" | |
| else | |
| is_valid_cidr $NET | |
| INPUT="${NET}" | |
| VERBOSE="${NET}" | |
| fi | |
| if [ "$2" == "--ports" ]; then | |
| echo "${bold}[[[[ grepping open ports ]]]]${normal}" | |
| get_ports_from_XML $1 | |
| exit 0 | |
| fi | |
| if [ "$EUID" -ne 0 ]; then | |
| echo "${error} Please run as root (or set capabilities)" | |
| echo "sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which nmap)" | |
| exit 1 | |
| fi | |
| NET_PATH="${PWD}/nmap-$(echo ${NET} | tr '.' '_' | tr '\/' '-')-$(date +%s)" | |
| mkdir -p "${NET_PATH}" | |
| if [ "$2" == "--check" ]; then | |
| echo "${bold}[[[[ subnet scan of ${VERBOSE} to generate hosts.xml ]]]]${normal}" | |
| $NMAP_BIN \ | |
| -v \ | |
| -d1 \ | |
| --stats-every=10 \ | |
| -sn \ | |
| -PE \ | |
| -oA "${NET_PATH}/hosts" \ | |
| $INPUT | |
| echo "${bold}[[[[ the following hosts are reachable ]]]]${normal}" | |
| $XMLS sel -t -m "//host[status/@state='up']" -v "concat(address[@addrtype='ipv4']/@addr, ' ', hostnames/hostname/@name)" -n "${NET_PATH}"/hosts.xml | tee "${NET_PATH}"/up_hosts.txt | |
| echo "${bold}[[[[ the following hosts are NOT reachable ]]]]${normal}" | |
| $XMLS sel -t -m "//host[status/@state='down']" -v "concat(address[@addrtype='ipv4']/@addr, ' ', hostnames/hostname/@name)" -n "${NET_PATH}"/hosts.xml | tee "${NET_PATH}"/down_hosts.txt | |
| exit_fun | |
| fi | |
| echo "${bold}[[[[ min tcp scan for ${VERBOSE} ]]]]${normal}" | |
| $NMAP_BIN \ | |
| $DEFALUT_OPTIONS \ | |
| -p- \ | |
| -sS \ | |
| -oA "${NET_PATH}/init" \ | |
| $INPUT | |
| [ $? -eq 1 ] && exit_fun "${error} min tcp scan FAILED" | |
| echo "${bold}[[[ checking version on ports: $(get_ports_from_XML "${NET_PATH}") on ${VERBOSE} ]]]${normal}" | |
| $NMAP_BIN \ | |
| $DEFALUT_OPTIONS \ | |
| -p$(get_ports_from_XML "${NET_PATH}") \ | |
| -sCV \ | |
| -O \ | |
| --script='discovery' \ | |
| --version-all \ | |
| -oA "${NET_PATH}/version" \ | |
| $INPUT | |
| [ $? -eq 1 ] && exit_fun "${error} version scan FAILED" | |
| echo "${bold}[[[[ nmap min udp for ${VERBOSE} ]]]]${normal}" | |
| $NMAP_BIN \ | |
| $DEFALUT_OPTIONS \ | |
| --top-ports=100 \ | |
| -sUV \ | |
| --version-intensity 1 \ | |
| --open \ | |
| -oA "${NET_PATH}/uinit" \ | |
| $INPUT | |
| [ $? -eq 1 ] && exit_fun "${error} UDP scan FAILED" | |
| exit_fun "${bold}[[[[ finished ${NET_PATH} ]]]]${normal}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Automates network scanning tasks using Nmap, extracting information such as open ports and host statuses. Supports scanning a specified CIDR range or input file. Provides options for TCP, UDP, and version detection scans with configurable parameters. Outputs scan results to organized directories for further analysis.
Features
CIDR Range or File Input: The script supports scanning either a specified CIDR range or an input file containing a list of hosts.
Staggered Approach to Scanning: The script employs a staggered approach to scanning, minimizing overhead by setting appropriate options for scanning speed and host group size.
Optional Host Scan: Includes an option to perform a subnet scan to check the reachability of hosts within a specified CIDR range. This generates hosts.xml and provides insights into the status of hosts.
Grepping of Open Ports: Provides an option to extract and list all open ports from existing Nmap XML files, allowing for targeted analysis and exploration of network services.
Automated Directory Organization: Scan results are automatically organized into directories based on the provided input, facilitating easy access and analysis.
Usage
Input Specification:
./network_scan.sh <CIDR>./network_scan.sh <file>Options:
--check: Performs a subnet scan to generatehosts.xmland checks the reachability of hosts.--ports: Extracts and lists open ports from existing Nmap XML files.Prerequisites:
sudo apt install nmap xmlstarlet).Execution:
Example Usage