#!/bin/bash # Author = "Abhijit Maity" # Last Update Date = "19-Sep-2016" user=`whoami` config=`ls | grep "commands.config" | wc -l` if [ "$user" != "root" ] then echo "Error - Please run the tool with 'root' user or 'sudo' rights" elif [ "$config" == "0" ] then echo "Error - Missing configuration file !!!" echo "1. Please download 'commands.config' file" echo "2. Copy it in the same directory as this script" echo "3. Re-run the script" else echo "Enter IP List filename with path" read file l=`wc -l $file | cut -d " " -f1` if [ "$l" != "0" ] then date=`date +%d"-"%m"-"%Y` mkdir -p "$date" for (( i=1 ; i <= $l ; i++ )) do ip=`sed -n ''$i'p' $file` check=`cd $date; ls | grep $ip | wc -l; cd ..` if [ "$check" == "0" ] then mkdir "$date"/$ip mkdir "$date"/$ip/nmap_result time=`date` echo "$time: TCP Scan Started for IP: $ip" >> "$date"/superenum.log echo echo "TCP Scan Started for IP: $ip" nmap -T5 -Pn -p1-65535 $ip --system-dns -oA "$date"/$ip/nmap_result/TCP_Scan >> "$date"/$ip/nmap_result/nmap_logs time=`date` echo "$time: UDP Scan Started for IP: $ip" >> "$date"/superenum.log echo echo "UDP Scan Started for IP: $ip" nmap -T5 -Pn -sU -p49,53,67,68,69,88,113,118,123,135,137,138,143,156,161,162,194,213,220,264,389,444,500,514,520,530,563,1194,1293,1434,1512,1645,1646,1812,2206,3389,5060,5061,5432 $ip --system-dns -oA "$date"/$ip/nmap_result/UDP_Scan >> "$date"/$ip/nmap_result/nmap_logs wc=`cat "$date"/$ip/nmap_result/nmap_logs | grep "\sopen\s" | wc -l` if [ "$wc" == "0" ] then time=`date` echo "$time: No open ports were found for IP: $ip" >> "$date"/superenum.log echo echo "No open ports were found for IP: $ip" else mkdir "$date"/$ip/open_ports for (( j=1 ; j <= $wc ; j++ )) do port=`cat "$date"/$ip/nmap_result/nmap_logs | grep "\sopen\s" | sed -n "$j"p | cut -d "/" -f1` echo $port >> "$date"/$ip/open_ports/ports done sort -u "$date"/$ip/open_ports/ports > "$date"/$ip/open_ports/port_list rm "$date"/$ip/open_ports/ports port_list="port_list" pwc=`wc -l "$date"/$ip/open_ports/$port_list | cut -d " " -f1` for (( j=1 ; j <= $pwc ; j++ )) do port=`sed -n ''$j'p' "$date"/$ip/open_ports/$port_list` line=`cat commands.config | grep "^$port@" | wc -l` time=`date` echo "$time: Testing for $ip: $port" >> "$date"/superenum.log echo echo "Testing for $ip: $port" if [ "$line" != "0" ] then line=`cat commands.config | grep "^$port@"` at=`echo "$line" | grep -o "@" | wc -l` at=`expr "$at" + "1"` mkdir "$date"/$ip/open_ports/$port for (( r=2 ; r <= $at ; r++ )) do comm=`echo $line | cut -d "@" -f$r` tool=`echo $line | cut -d "@" -f$r | cut -d " " -f1` filename=`echo $tool` if [ "$tool" == "nmap" ] then scr=`echo $line | cut -d "@" -f$r | cut -d "=" -f2 | cut -d " " -f1` filename=`echo "$filename"_"$scr"` fi ntp=`echo $tool | grep ntp | wc -l` if [ "$ntp" != "0" ] then scr=`echo $line | cut -d "@" -f$r | cut -d " " -f3 | grep -Po "[a-zA-Z]+"` filename=`echo "$filename"_"$scr"` fi time=`date` echo "$time: Testing for $ip: $port, Tool: $filename" >> "$date"/superenum.log echo "Testing for $ip: $port, Tool: $filename" eval $comm > "$date"/$ip/open_ports/$port/result size=`cat "$date"/$ip/open_ports/$port/result | wc -l` if [ "$size" -gt "30" ] then k=30 end=30 c=1 t=1 for (( m=1 ; m <= $size ; )) do cat "$date"/$ip/open_ports/$port/result | sed -n $m,''$end'p' | convert -background black -fill white -size 1080x720 label:@- "$date"/$ip/open_ports/$port/"$filename"_"$c".jpg 2>/dev/null m=`echo $end` end=`expr "$end" + "$k"` c=`expr "$c" + "$t"` done rm "$date"/$ip/open_ports/$port/result else if [ "$size" -gt "0" ] then cat "$date"/$ip/open_ports/$port/result | convert -background black -fill white -size 1080x720 label:@- "$date"/$ip/open_ports/$port/$filename.jpg 2>/dev/null rm "$date"/$ip/open_ports/$port/result fi fi done fi mkdir -p "$date"/$ip/open_ports/$port prot=`echo ",49,53,67,68,69,88,113,118,123,135,137,138,143,156,161,162,194,213,220,264,389,444,500,514,520,530,563,1194,1293,1434,1512,1645,1646,1812,2206,3389,5060,5061,5432," | grep -Po ",$port," | wc -l` if [ "$prot" != "0" ] then nmap -A -p$port -Pn -sU $ip --system-dns | grep "\sopen\s" | sed -n 1p > "$date"/$ip/open_ports/$port/result size=`cat "$date"/$ip/open_ports/$port/result | wc -l` if [ "$size" -gt "0" ] then cat "$date"/$ip/open_ports/$port/result | convert -background black -fill white -size 1080x720 label:@- "$date"/$ip/open_ports/$port/running_service_udp.jpg 2>/dev/null rm "$date"/$ip/open_ports/$port/result fi fi nmap -A -p$port -Pn $ip --system-dns | grep "\sopen\s" | sed -n 1p > "$date"/$ip/open_ports/$port/result size=`cat "$date"/$ip/open_ports/$port/result | wc -l` if [ "$size" -gt "0" ] then cat "$date"/$ip/open_ports/$port/result | convert -background black -fill white -size 1080x720 label:@- "$date"/$ip/open_ports/$port/running_service_tcp.jpg 2>/dev/null rm "$date"/$ip/open_ports/$port/result fi echo "#!/bin/bash" >> "$date"/$ip/open_ports/$port/telnet echo >> "$date"/$ip/open_ports/$port/telnet echo "expect<> "$date"/$ip/open_ports/$port/telnet echo "spawn telnet" >> "$date"/$ip/open_ports/$port/telnet echo "expect \"telnet>\"" >> "$date"/$ip/open_ports/$port/telnet echo "send \"open $ip $port\n\"" >> "$date"/$ip/open_ports/$port/telnet echo "expect -re \"(\\w+)\"" >> "$date"/$ip/open_ports/$port/telnet echo "EOF" >> "$date"/$ip/open_ports/$port/telnet chmod 777 "$date"/$ip/open_ports/$port/telnet "$date"/$ip/open_ports/$port/telnet | sed 1d | convert -background black -fill white -size 1080x720 label:@- "$date"/$ip/open_ports/$port/telnet_banner.jpg 2>/dev/null rm "$date"/$ip/open_ports/$port/telnet if [ "$port" == "135" -o "$port" == "137" -o "$port" == "138" -o "$port" == "139" -o "$port" == "445" ] then echo "#!/bin/bash" >> "$date"/$ip/open_ports/$port/null_session echo >> "$date"/$ip/open_ports/$port/null_session echo "expect<> "$date"/$ip/open_ports/$port/null_session echo "spawn smbclient //$ip/ipc$ -N" >> "$date"/$ip/open_ports/$port/null_session echo "expect -re \"(\\w+)\"" >> "$date"/$ip/open_ports/$port/null_session echo "exit" >> "$date"/$ip/open_ports/$port/null_session echo "EOF" >> "$date"/$ip/open_ports/$port/null_session chmod 777 "$date"/$ip/open_ports/$port/null_session "$date"/$ip/open_ports/$port/null_session | sed 1d | convert -background black -fill white -size 1080x720 label:@- "$date"/$ip/open_ports/$port/null_session_status.jpg 2>/dev/null rm "$date"/$ip/open_ports/$port/null_session fi done fi else echo time=`date` echo "Scanning of the IP --> $ip is already complete. Hence, skipping this IP" echo "$time: Scanning of the IP --> $ip is already complete. Hence, skipping this IP" >> "$date"/superenum.log pwd=`pwd` echo "To rescan this IP, please manually delete the folder : '$pwd/$date/$ip' and start the scan again !!!" time=`date` echo "$time: To rescan this IP, please manually delete the folder : '$pwd/$date/$ip' and start the scan again !!!" >> "$date"/superenum.log echo fi stat=`expr "$l" - "$i"` echo time=`date` echo "$time: $stat IP/IPs left..." >> "$date"/superenum.log echo $stat "IP/IPs left..." echo done else echo time=`date` echo "$time: Sorry !! No IPs were found !!!" >> "$date"/superenum.log echo "Sorry !! No IPs were found !!!" echo fi echo echo "Scanning Complete!!!" pwd=`pwd` echo "Please check the folder : '$pwd/$date'" echo fi