daniel/external_pentest
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-05-05. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
main
external_pentest/external_pentest.sh
daniel e86d3b9021 Update external_pentest.sh 
added dependency for python-tabulate
2025-01-14 14:19:57 +00:00

290 lines
7.8 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
# --- Sudo Check ---
if [[ $EUID -ne 0 ]]; then
echo -e "\e[1;31mERROR: This script must be run as root (sudo).\e[0m"
exit 1
fi
# --- Dependency Check ---
dependencies=("nmap" "python3" "awk" "pandoc" "texlive-xetex" "python3-tabulate")
for dependency in "${dependencies[@]}"; do
if ! command -v "$dependency" &> /dev/null; then
echo -e "\e[1;31mERROR: $dependency is not installed.\e[0m"
read -p "Do you want to install it now? [y/n] " install_choice
if [[ "$install_choice" =~ ^[Yy]$ ]]; then
# Install the dependency (replace with appropriate command for your system)
sudo apt-get update
sudo apt-get install "$dependency" # Example for Debian/Ubuntu
echo -e "\e[1;32m Finished installing dependencies, Starting Script \e[0m"
sleep 2.5
else
echo "Exiting script. Please install the missing dependencies and try again."
exit 1
fi
fi
done
# ... (Rest of your script) ...
if [ $# -eq 0 ]; then
echo "Usage: ./external_pentest.sh <IP list in NMAP friendly format>"
echo ""
exit 1;
fi
echo ""
echo ""
echo -e "\e[1;96m External Pentesting Start Script by Daniel Brown \e[0m"
echo ""
echo ""
# User Input of Information #
echo -n " Input the number of top TCP ports you would like to scan (recommended 1024) greater than 0 : "
read topports
if [ $topports -eq 0 ];
then
echo -e "\e[34m Number must be greater than zero! \e[0m";
exit 1
fi
#Folder where raw scan files are stored
mkdir raw_files
#Variable storage
f1='raw_files'
total_ips=$(wc -l < "$1")
## Pingable IP Check ##
echo ""
echo -e "\e[34m Checking for Ping on Hosts \e[0m"
echo ""
nmap -sP -iL $1 -PE -oG - | awk '/Up/{print $2}' > $f1/pingable_hosts.txt
echo ""
echo -e "\e[34m Finished Checking for Ping \e[0m"
echo ""
sleep 5
# Performs NMAP TCP Scans#
echo -e "\e[34m Starting NMAP TCP scans this can take a very long time \e[0m"
echo "";
nmap -sS -Pn -n -iL $1 --top-ports=$topports -T4 -oA $f1/nmap-sT-Pn-n-top-$topports &>/dev/null
echo ""
echo -e "\e[34m Finished NMAP TCP scans \e[0m"
echo ""
sleep 2.5
##python parser ##
python3 << EOF
import re,os
import tabulate
from sys import argv
def help():
print("\n " + "-" * 52)
print(" Nmap Parser v2.0, Daniel Brown (dbrow43@gmail.com) ")
print(" " + "-" * 52)
print("\n Usage: %s <gnmap file>" % argv[0])
print()
exit()
def start(argv):
if len(argv) < 1:
help()
if not os.path.exists('open-ports'):
os.makedirs('open-ports')
target_file = open(argv[-1])
targett_file = target_file.read().split('\n')
for line in targett_file:
ip_address = line[line.find(":")+2:line.find("(")-1]
pattern = '([0-9]+)/open/(tcp|udp)/'
find_pattern = re.findall(pattern, line)
tcpwrapped_pattern = '([0-9]+)/open/tcp//tcpwrapped'
find_tcpwrapped = re.findall(tcpwrapped_pattern, line)
if find_pattern:
for i in find_pattern:
if i in find_tcpwrapped:
continue
tcp_file = open('open-ports/%s.txt' % i[0],'a')
tcp_file.write("%s\n" % ip_address)
tcp_file.close()
target_file.close()
print("Done. Check the \"open-ports\" folder for results.")
if __name__ == "__main__":
try:
# Construct the filename and pass it as an argument
filename = "$f1/nmap-sT-Pn-n-top-$topports.gnmap"
start([filename])
except KeyboardInterrupt:
print("\nExiting. Closed by user (ctrl-c).")
except Exception as err:
print(err)
EOF
# Get the current date for archiving #
current_date=$(date +%Y-%m-%d) # Get the date here
results_dir="results_$current_date" # Define the results directory name
echo -e "\e[33mArchiving results...\e[0m"
# Move the open-ports and raw_files directories into the results directory
mkdir $results_dir
mv open-ports "$results_dir"
mv raw_files "$results_dir"
echo -e "\e[32mResults archived in: $results_dir\e[0m"
echo ""
# --- Check for specific open ports ---
echo -e "\e[33mChecking for unexpected open ports...\e[0m"
# List of allowed ports
allowed_ports=$(cat << EOF
80
443
EOF
)
# Get a list of all files (ports) in the open-ports directory
found_ports=$(ls $results_dir/open-ports)
# Loop through each found port
for port in $found_ports; do
# Remove the .txt extension from the filename
port_number=$(basename "$port" .txt)
# Check if the port is NOT in the allowed_ports list
if ! echo "$allowed_ports" | grep -qw "$port_number"; then
echo -e "\e[1;31mWARNING: Unexpected port $port_number is open on some hosts! See $results_dir/open-ports/$port for details.\e[0m"
fi
done
# --- Generate Markdown Report ---
echo -e "\e[33mGenerating Markdown report...\e[0m"
# Create the Markdown report file
report_file="security_report_$current_date.md"
# Create the Markdown template (using a here document)
cat << EOF > "$report_file"
# Security Scan Report - $current_date
## Target Information
**Input File:** $1 containing $total_ips ip addresses
**Total Ports Scanned:** $topports
## Open Ports Summary
**(Summary of open ports and affected hosts will be inserted here)**
## Suspicious Open Ports
## Ping Sweep Results
**(Host IPs from ping sweep will be inserted here)**
EOF
echo -e "\e[33mPopulating Open Ports Summary...\e[0m"
# Generate the Markdown table for open ports
open_ports_table=""
open_ports_table+="| Port | Count |\n" # Table header with newline
open_ports_table+="|---|---|\n" # Separator line with newline
for port_file in "$results_dir"/open-ports/*; do
port_number=$(basename "$port_file" .txt)
ip_count=$(wc -l < "$port_file")
open_ports_table+="| $port_number | $ip_count |\n"
done
# Insert the open ports table into the Markdown report
sed -i "/(Summary of open ports and affected hosts will be inserted here)/c\\
$open_ports_table" "$report_file" # Use 'c' instead of 'a'
# --- Populate Warning Open Ports ---
echo -e "\e[33mPopulating Warning Open Ports...\e[0m"
# Generate the Markdown list for warning open ports
warning_ports_list=""
for port in $found_ports; do
port_number="${port%.txt}" # Extract the port number (remove .txt)
# Check if the port is NOT in the allowed_ports list
if ! echo "$allowed_ports" | grep -qw "$port_number"; then
warning_ports_list+="* **$port_number:** See $results_dir/open-ports/$port for a list of IP's with the port open.\n"
fi
done
# Now, use awk to insert the warning_ports_list into the markdown report
awk -v warning_ports="$warning_ports_list" '
/## Suspicious Open Ports/ {
print;
print warning_ports;
next
}
1' "$report_file" > temp_report.md && mv temp_report.md "$report_file"
echo -e "\e[33mPopulating Ping Sweep Results...\e[0m"
# Count the number of pingable hosts
host_count=$(wc -l < "$results_dir/raw_files/pingable_hosts.txt")
# Determine the number of columns (adjust as needed)
columns=4
# Calculate the number of rows needed
rows=$(( (host_count + columns - 1) / columns ))
# Initialize the table
ping_table=""
ping_table+="| | | | |\n" # Adjust header based on 'columns'
ping_table+="|---|---|---|---|\n" # Adjust separator based on 'columns'
# Read the pingable hosts into an array
mapfile -t pingable_hosts < "$results_dir/raw_files/pingable_hosts.txt"
# Populate the table
i=0
for row in $(seq 1 $rows); do
for col in $(seq 1 $columns); do
if [[ $i -lt $host_count ]]; then
ping_table+="| ${pingable_hosts[$i]} "
else
ping_table+="| " # Empty cell if no more hosts
fi
((i++))
done
ping_table+="|\n"
done
# Insert the ping table into the Markdown report
sed -i "/(Host IPs from ping sweep will be inserted here)/c\\
$ping_table" "$report_file"
echo -e "\e[33mConverting Markdown report to PDF...\e[0m"
# Convert the Markdown report to PDF using Pandoc
pandoc "$report_file" -o "security_report_$current_date.pdf" --pdf-engine=xelatex
mv "$report_file" "$results_dir/raw_files"
echo -e "\e[32mPDF report generated: security_report_$current_date.pdf\e[0m"
echo ""
echo -e "\e[1;34m Finished Running Script \e[0m"
echo ""
Reference in New Issue View Git Blame Copy Permalink