240 lines
6.3 KiB
Bash
240 lines
6.3 KiB
Bash
#!/bin/bash
|
|
|
|
# --- Dependency Check ---
|
|
|
|
dependencies=("nmap" "python3" "awk" "amap")
|
|
|
|
for dependency in "${dependencies[@]}"; do
|
|
if ! command -v "$dependency" &> /dev/null; then
|
|
echo -e "\e[1;31mERROR: $dependency is not installed.\e[0m"
|
|
read -p "Do you want to install it now? [y/n] " install_choice
|
|
if [[ "$install_choice" =~ ^[Yy]$ ]]; then
|
|
# Install the dependency (replace with appropriate command for your system)
|
|
sudo apt-get install "$dependency" # Example for Debian/Ubuntu
|
|
echo -e "\e[1;32m Finished installing dependencies, Starting Script \e[0m"
|
|
sleep 2.5
|
|
else
|
|
echo "Exiting script. Please install the missing dependencies and try again."
|
|
exit 1
|
|
fi
|
|
fi
|
|
done
|
|
|
|
# ... (Rest of your script) ...
|
|
if [ $# -eq 0 ]; then
|
|
echo "Usage: ./external_pentest.sh <IP list in NMAP friendly format>"
|
|
echo ""
|
|
exit 1;
|
|
fi
|
|
echo ""
|
|
echo ""
|
|
echo -e "\e[1;96m External Pentesting Start Script by Daniel Brown \e[0m"
|
|
echo ""
|
|
echo ""
|
|
|
|
# User Input of Information #
|
|
echo -n " Input the number of top TCP ports you would like to scan (recommended 1024) greater than 0 : "
|
|
read topports
|
|
|
|
if [ $topports -eq 0 ];
|
|
then
|
|
echo -e "\e[34m Number must be greater than zero! \e[0m";
|
|
exit 1
|
|
fi
|
|
|
|
#Folder where raw scan files are stored
|
|
mkdir raw_files
|
|
|
|
#Variable storage
|
|
f1='raw_files'
|
|
|
|
## Pingable IP Check ##
|
|
|
|
echo ""
|
|
echo -e "\e[34m Checking for Ping on Hosts \e[0m"
|
|
echo ""
|
|
nmap -sP -iL $1 -PE -oG - | awk '/Up/{print $2}' > $f1/pingable_hosts.txt
|
|
echo ""
|
|
echo -e "\e[34m Finished Checking for Ping \e[0m"
|
|
echo ""
|
|
sleep 5
|
|
|
|
# Performs NMAP TCP Scans#
|
|
echo -e "\e[34m Starting NMAP TCP scans this can take a very long time \e[0m"
|
|
echo "";
|
|
nmap -sS -Pn -n -iL $1 --top-ports=$topports -T4 -oA $f1/nmap-sT-Pn-n-top-$topports &>/dev/null
|
|
echo ""
|
|
echo -e "\e[34m Finished NMAP TCP scans \e[0m"
|
|
echo ""
|
|
sleep 2.5
|
|
|
|
##python parser ##
|
|
|
|
python3 << EOF
|
|
import re,os
|
|
import tabulate
|
|
from sys import argv
|
|
|
|
def help():
|
|
print("\n " + "-" * 52)
|
|
print(" Nmap Parser v2.0, Daniel Brown (dbrow43@gmail.com) ")
|
|
print(" " + "-" * 52)
|
|
print("\n Usage: %s <gnmap file>" % argv[0])
|
|
print()
|
|
exit()
|
|
|
|
def start(argv):
|
|
if len(argv) < 1:
|
|
help()
|
|
if not os.path.exists('open-ports'):
|
|
os.makedirs('open-ports')
|
|
|
|
target_file = open(argv[-1])
|
|
targett_file = target_file.read().split('\n')
|
|
|
|
for line in targett_file:
|
|
ip_address = line[line.find(":")+2:line.find("(")-1]
|
|
pattern = '([0-9]+)/open/(tcp|udp)/'
|
|
find_pattern = re.findall(pattern, line)
|
|
|
|
tcpwrapped_pattern = '([0-9]+)/open/tcp//tcpwrapped'
|
|
find_tcpwrapped = re.findall(tcpwrapped_pattern, line)
|
|
|
|
if find_pattern:
|
|
for i in find_pattern:
|
|
if i in find_tcpwrapped:
|
|
continue
|
|
tcp_file = open('open-ports/%s.txt' % i[0],'a')
|
|
tcp_file.write("%s\n" % ip_address)
|
|
tcp_file.close()
|
|
target_file.close()
|
|
print("Done. Check the \"open-ports\" folder for results.")
|
|
|
|
if __name__ == "__main__":
|
|
try:
|
|
# Construct the filename and pass it as an argument
|
|
filename = "$f1/nmap-sT-Pn-n-top-$topports.gnmap"
|
|
start([filename])
|
|
except KeyboardInterrupt:
|
|
print("\nExiting. Closed by user (ctrl-c).")
|
|
except Exception as err:
|
|
print(err)
|
|
EOF
|
|
|
|
# Get the current date for archiving #
|
|
|
|
current_date=$(date +%Y-%m-%d) # Get the date here
|
|
results_dir="results_$current_date" # Define the results directory name
|
|
|
|
echo -e "\e[33mArchiving results...\e[0m"
|
|
|
|
# Move the open-ports and raw_files directories into the results directory
|
|
mkdir $results_dir
|
|
mv open-ports "$results_dir"
|
|
mv raw_files "$results_dir"
|
|
|
|
echo -e "\e[32mResults archived in: $results_dir\e[0m"
|
|
echo ""
|
|
|
|
# --- Check for specific open ports ---
|
|
|
|
echo -e "\e[33mChecking for unexpected open ports...\e[0m"
|
|
|
|
# List of allowed ports
|
|
allowed_ports=$(cat << EOF
|
|
80
|
|
443
|
|
EOF
|
|
)
|
|
|
|
# Get a list of all files (ports) in the open-ports directory
|
|
found_ports=$(ls $results_dir/open-ports)
|
|
|
|
# Loop through each found port
|
|
for port in $found_ports; do
|
|
# Remove the .txt extension from the filename
|
|
port_number=$(basename "$port" .txt)
|
|
|
|
# Check if the port is NOT in the allowed_ports list
|
|
if ! echo "$allowed_ports" | grep -qw "$port_number"; then
|
|
echo -e "\e[1;31mWARNING: Unexpected port $port_number is open on some hosts! See $results_dir/open-ports/$port for details.\e[0m"
|
|
fi
|
|
done
|
|
|
|
# --- Generate Markdown Report ---
|
|
|
|
echo -e "\e[33mGenerating Markdown report...\e[0m"
|
|
|
|
# Create the Markdown report file
|
|
report_file="security_report_$current_date.md"
|
|
|
|
# Create the Markdown template (using a here document)
|
|
cat << EOF > "$report_file"
|
|
# Security Scan Report - $current_date
|
|
|
|
## Target Information
|
|
|
|
**Input File:** $1
|
|
|
|
## Ping Sweep Results
|
|
|
|
**(Host IPs from ping sweep will be inserted here)**
|
|
|
|
## Open Ports Summary
|
|
|
|
**(Summary of open ports and affected hosts will be inserted here)**
|
|
|
|
## Suspicious Open Ports
|
|
|
|
|
|
EOF
|
|
echo -e "\e[33mPopulating Open Ports Summary...\e[0m"
|
|
|
|
# Generate the Markdown table for open ports
|
|
open_ports_table=""
|
|
open_ports_table+="| Port | Count |\n" # Table header with newline
|
|
open_ports_table+="|---|---|\n" # Separator line with newline
|
|
|
|
for port_file in "$results_dir"/open-ports/*; do
|
|
port_number=$(basename "$port_file" .txt)
|
|
ip_count=$(wc -l < "$port_file")
|
|
open_ports_table+="| $port_number | $ip_count |\n"
|
|
done
|
|
|
|
# Insert the open ports table into the Markdown report
|
|
sed -i "/(Summary of open ports and affected hosts will be inserted here)/c\\
|
|
$open_ports_table" "$report_file" # Use 'c' instead of 'a'
|
|
|
|
# --- Populate Warning Open Ports ---
|
|
|
|
echo -e "\e[33mPopulating Warning Open Ports...\e[0m"
|
|
|
|
# Generate the Markdown list for warning open ports
|
|
warning_ports_list=""
|
|
|
|
for port in $found_ports; do
|
|
port_number="${port%.txt}" # Extract the port number (remove .txt)
|
|
|
|
# Check if the port is NOT in the allowed_ports list
|
|
if ! echo "$allowed_ports" | grep -qw "$port_number"; then
|
|
warning_ports_list+="* **$port_number:** See $results_dir/open-ports/$port for a list of IP's with the port open.\n"
|
|
fi
|
|
done
|
|
|
|
# Now, use awk to insert the warning_ports_list into the markdown report
|
|
awk -v warning_ports="$warning_ports_list" '
|
|
/## Suspicious Open Ports/ {
|
|
print;
|
|
print warning_ports;
|
|
next
|
|
}
|
|
1' "$report_file" > temp_report.md && mv temp_report.md "$report_file"
|
|
|
|
echo ""
|
|
echo -e "\e[1;34m Finished Running Script \e[0m"
|
|
echo ""
|
|
|
|
|
|
echo ""
|
|
echo -e "\e[1;34m Finished Running Script \e[0m"
|
|
echo "" |