rahmiy · August 12, 2020 07:46
diff --git a/Automating scanning with fish shell b/Automating scanning with fish shell
 =======================HOST DISCOVERY===========================================
 Host discovery con PING:
 $ for octect in (seq 0 254)
  echo "Pinging [X.X.X.$octect]"
  ping -c 2 10.150.150.$octect | grep "bytes from" | awk '{print $4}' | uniq -d | cut -d ":" -f 1 | tee -a targets.list
 end

 Host discovery con NMAP IMCP o ARP

 $sudo nmap -vv -sn -PE 10.150.150.0/24 -oG HOSTDISCOVERY_ICMP.gnmap 
 ó
 $sudo nmap -vv -sn -PR 10.150.150.0/24 -oG HOSTDISCOVERY_ARP.gnmap

 $grep Up HOSTDISCOVERY_ARP.gnmap | awk '{print $2}' | tee -a targets.list
 ================================================================================

 Scan FULL TCP a list of IP addresses.
 $ for ip in (cat targets.list)
  mkdir $ip
  echo Scanning host: $ip 
  sudo nmap -vv -T4 -Pn -n -sSV --reason -p- $ip -oA $ip/{$ip}_FULL-TCP_(times)
  echo -e "================================================================================\n"
 end

 Get the grepeable files for further scans:
 # $ find . -name \*.gnmap | cut -d "/" -f 2 | tee -a full_TCP.list #FOR PWD
 $ find . -name \*.gnmap | tee -a full_TCP.list #FOR DIRECTORY PATHS

 Scan only open ports with NSE.

 $ for file in (cat full_TCP.list)
  echo Using file $file for scanning
  set ports (grep open $file | grep -Eo '[0-9]+/open' | cut -d "/" -f 1 | sed ':a;N;$!ba;s/\n/,/g')
  set ip (grep Up $file | awk '{print $2}')
  echo "Scanning [$ip] and ports [$ports]"
  sudo nmap -vv -T4 -Pn -n -sSV -A --reason --script="banner,exploit,vuln and not brute or dos" -p$ports $ip -oA $ip/{$ip}_TCP-SCRIPT_(times)
 end
	=======================HOST DISCOVERY===========================================
	Host discovery con PING:
	$ for octect in (seq 0 254)
	echo "Pinging [X.X.X.$octect]"
	ping -c 2 10.150.150.$octect \| grep "bytes from" \| awk '{print $4}' \| uniq -d \| cut -d ":" -f 1 \| tee -a targets.list
	end

	Host discovery con NMAP IMCP o ARP

	$sudo nmap -vv -sn -PE 10.150.150.0/24 -oG HOSTDISCOVERY_ICMP.gnmap
	ó
	$sudo nmap -vv -sn -PR 10.150.150.0/24 -oG HOSTDISCOVERY_ARP.gnmap

	$grep Up HOSTDISCOVERY_ARP.gnmap \| awk '{print $2}' \| tee -a targets.list
	================================================================================

	Scan FULL TCP a list of IP addresses.
	$ for ip in (cat targets.list)
	mkdir $ip
	echo Scanning host: $ip
	sudo nmap -vv -T4 -Pn -n -sSV --reason -p- $ip -oA $ip/{$ip}_FULL-TCP_(times)
	echo -e "================================================================================\n"
	end

	Get the grepeable files for further scans:
	# $ find . -name \*.gnmap \| cut -d "/" -f 2 \| tee -a full_TCP.list #FOR PWD
	$ find . -name \*.gnmap \| tee -a full_TCP.list #FOR DIRECTORY PATHS

	Scan only open ports with NSE.

	$ for file in (cat full_TCP.list)
	echo Using file $file for scanning
	set ports (grep open $file \| grep -Eo '[0-9]+/open' \| cut -d "/" -f 1 \| sed ':a;N;$!ba;s/\n/,/g')
	set ip (grep Up $file \| awk '{print $2}')
	echo "Scanning [$ip] and ports [$ports]"
	sudo nmap -vv -T4 -Pn -n -sSV -A --reason --script="banner,exploit,vuln and not brute or dos" -p$ports $ip -oA $ip/{$ip}_TCP-SCRIPT_(times)
	end