Afin de faciliter l'énumération sur le réseau depusi les rapports Nmap, j'ai fait ce petit script, qui permet de lister et de faciliter la lecture des informations retournées par Nmap.





0x01. CONCEPT



L'idée est d'exécuter nmap et d'exploiter ses rapports afin de récupérer les informations qui nous intéresses.
Le synopsis :


           ___  ___   _   _  _
 _  _ __ _/ __|/ __| /_\ | \| |
| || / _` \__ \ (__ / _ \| .` |
 \_, \__,_|___/\___/_/ \_\_|\_|
 |__/

# Yet Another Scanner (using nmap)

Usage: yascan <interface> <network> <action> [report]

 action : ip, mac, hw, port, os, noport, all

  ip     : list IP
  mac    : list MAC
  hw     : list hardware, show: IP, MAC, Hardware
  port   : list open ports, show: IP, open ports
  os     : list OS, show: IP, OS
  fw     : list firewall state, show: IP, firewall (use ACK nmap)
  noport : show: IP, MAC, hardware, OS
  all    : show: IP, MAC, hardware, OS, firewall?, open ports

Note: report is in CSV format

Ex.: yascan eth0 192.168.0.0/24 hw hardware.csv




0x02. DEMO


./files/yascan/exemples.png

./files/yascan/all.png


Le rapport.csv :


172.42.208.1;00:50:56:C0:00:08;VMware;VMware Player virtual NAT device;
172.42.208.2;00:50:56:F1:7E:E5;VMware;VMware Player virtual NAT device;
172.42.208.135;00:0C:29:D6:A6:5D;VMware;FreeBSD 6.2-RELEASE;5357
172.42.208.142;00:0C:29:AD:60:BD;VMware;Linux 3.2 - 4.9;22,80
172.42.208.143;00:0C:29:16:BA:DE;VMware;Linux 3.10 - 4.11;22
172.42.208.152;00:0C:29:53:5C:F7;VMware;Oracle Solaris 11;22,111,515
172.42.208.162;00:0C:29:27:EB:50;VMware;FreeBSD 11.0-RELEASE - 12.0-CURRENT;22
172.42.208.172;00:0C:29:D1:8A:FA;VMware;Microsoft Windows Server 2016 build 10586 - 14393;135,139,445
172.42.208.254;00:50:56:E4:0B:26;VMware;;



0x03. SCRIPT


#!/bin/bash
 
APP=&quot;$(basename &quot;$0&quot;)&quot;
 
#######################################################################################################################
#
# Usage
#
##
 
usage() {
 
  printf &quot;&quot;
  echo
  echo &#039;           ___  ___   _   _  _&#039;
  echo &#039; _  _ __ _/ __|/ __| /_\ | \| |&#039;
  echo &#039;| || / _` \__ \ (__ / _ \| .` |&#039;
  echo &#039; \_, \__,_|___/\___/_/ \_\_|\_|&#039;
  echo &#039; |__/&#039;
  echo
  printf &quot;# Yet Another Scanner (using nmap)&quot;
  echo
  printf &quot;&quot;  
  echo
  echo &quot;Usage: $APP <interface> <network> <action> [report]&quot;
  echo
  echo &quot; action : ip, mac, hw, port, os, noport, all&quot;
  echo
  echo &quot;  ip     : list IP&quot;
  echo &quot;  mac    : list MAC&quot;
  echo &quot;  hw     : list hardware, show: IP, MAC, Hardware&quot;
  echo &quot;  port   : list open ports, show: IP, open ports&quot;
  echo &quot;  os     : list OS, show: IP, OS&quot;
  echo &quot;  fw     : list firewall state, show: IP, firewall (use ACK nmap)&quot;
  echo &quot;  noport : show: IP, MAC, hardware, OS&quot;
  echo &quot;  all    : show: IP, MAC, hardware, OS, firewall?, open ports&quot;
  echo
  echo &quot;Ex.: $APP eth0 192.168.0.0/24 hw&quot;
}
 
[ $# -eq 0 ] && usage
[ &quot;$*&quot; = &quot;-h&quot; ] && usage
 
 
 
#######################################################################################################################
#
# Args
#
##
 
ifce=&quot;$1&quot;
target=&quot;$2&quot;
act=&quot;$3&quot;
log=&quot;/tmp/nmap-out&quot;
report=&quot;/dev/null&quot; ; [ $# -eq 4 ] && report=&quot;$4&quot;
 
rm -f &quot;$log&quot;*
 
 
 
#######################################################################################################################
#
# Scan
#
##
 
## List ###############################################################################################################
 
if [ &quot;$act&quot; = &quot;ip&quot; ]; then
  nmap -e &quot;$ifce&quot; -sn -n -oN &quot;$log.txt&quot; -oG &quot;$log.grep&quot; -oX &quot;$log.xml&quot; &quot;$target&quot; >/dev/null 2>&1 #List #grepme
  printf -- &quot;\n%-15s&quot; &quot;IP&quot;
  printf -- &quot;\n%-15s&quot; &quot;--------------&quot;
  echo
  grep &#039;&quot;ipv4&quot;&#039; &quot;$log.xml&quot;|awk -F&#039;&quot;&#039; &#039;{ print $2 }&#039;
  echo
fi
 
#----------------------------------------------------------------------------------------------------------------------
 
if [ &quot;$act&quot; = &quot;mac&quot; ]; then
  nmap -e &quot;$ifce&quot; -sn -n -oN &quot;$log.txt&quot; -oG &quot;$log.grep&quot; -oX &quot;$log.xml&quot; &quot;$target&quot; >/dev/null 2>&1 #List #grepme
  printf -- &quot;\n%-17s&quot; &quot;MAC&quot;
  printf -- &quot;\n%-17s&quot; &quot;-----------------&quot;
  echo
  grep &#039;&quot;mac&quot;&#039; &quot;$log.xml&quot;|awk -F&#039;&quot;&#039; &#039;{ print $2 }&#039;
  echo
fi
 
#----------------------------------------------------------------------------------------------------------------------
 
if [ &quot;$act&quot; = &quot;hw&quot; ]; then
 
  nmap -e &quot;$ifce&quot; -sn -n -oN &quot;$log.txt&quot; -oG &quot;$log.grep&quot; -oX &quot;$log.xml&quot; &quot;$target&quot; >/dev/null 2>&1 #IP:MAC:HW:OS #grepme
 
  printf -- &quot;\n%-15s | %-18s | %s&quot; &quot;IP&quot;             &quot;MAC&quot;               &quot;Hardware&quot;
  printf -- &quot;\n%-15s | %-18s | %s&quot; &quot;--------------&quot; &quot;-----------------&quot; &quot;------------------------------&quot;
 
  grep &#039;&quot;ipv4&quot;&#039; &quot;$log.xml&quot;|awk -F&#039;&quot;&#039; &#039;{ print $2 }&#039; | while read ip ; do
 
    mac=&quot;$( grep -A1 &#039;&quot;&#039;$ip&#039;&quot;&#039; $log.xml|grep &#039;&quot;mac&quot;&#039;|awk -F&#039;&quot;&#039; &#039;{ print $2 }&#039; )&quot;
    hw=&quot;$( grep -A1 &#039;&quot;&#039;$ip&#039;&quot;&#039; $log.xml|grep &#039;&quot;mac&quot;&#039;|awk -F&#039;&quot;&#039; &#039;{ print $6 }&#039; )&quot;
 
    printf -- &quot;\n%-15s | %-18s | %s&quot; &quot;$ip&quot; &quot;$mac&quot; &quot;$hw&quot;
    echo &quot;$ip;$mac;$hw&quot; >> &quot;$report&quot;
  done
  printf &quot;\n\n&quot;
fi
 
#----------------------------------------------------------------------------------------------------------------------
 
if [ &quot;$act&quot; = &quot;os&quot; ]; then
  nmap -O -e &quot;$ifce&quot; -sT -p1,22,23,111,135,445 --osscan-guess -n -oN &quot;$log.txt&quot; -oG &quot;$log.grep&quot; -oX &quot;$log.xml&quot; &quot;$target&quot; >/dev/null 2>&1 #OS #grepme
  echo
  printf &quot;%-15s | %s\n&quot; &quot;IP&quot; &quot;Operating System&quot;
  printf &quot;%-15s | %s\n&quot; &quot;--------------&quot; &quot;--------------------------------------------------&quot;
  grep &#039;OS:&#039; &quot;$log.grep&quot;|sed -r &#039;s/Host: //g;s/ \(.+OS/ /g;s/Seq.+//g;s/\s+$//g;s/:\s+/:/g&#039;|awk -F&#039;:&#039; &#039;{ printf(&quot;%-15s | %s\n&quot;,$1,$2) }&#039;
  printf &quot;\n&quot;
fi
 
## Port scan ##########################################################################################################
 
if [ &quot;$act&quot; = &quot;port&quot; ]; then
  nmap -e &quot;$ifce&quot; -F -n -oN &quot;$log.txt&quot; -oG &quot;$log.grep&quot; -oX &quot;$log.xml&quot; &quot;$target&quot; >/dev/null 2>&1 #IP:Port #grepme
  echo
  printf &quot;%-15s | %s\n&quot; &quot;IP&quot; &quot;Open ports&quot;
  printf &quot;%-15s | %s\n&quot; &quot;--------------&quot; &quot;----------------------------------------&quot;
  cat &quot;$log.grep&quot;|grep -Po &quot;\d+\.\d+\.\d+\.\d+ .+\d+/open&quot;|sed -r &#039;s/\s+Ports: /  \| /g;s/ \(\)//g;s:/...?p/::g;s:/open::g;s:/[a-z0-9_\-]+/::g;s:/::g&#039;
  grep &quot; $ip &quot; $log.grep|awk -F&#039;OS: &#039; &#039;{ print $2 }&#039;|awk -F&#039;Seq &#039; &#039;{ print $1 }&#039;|grep .|sed -r &#039;s/\s+$//g;s/^\s//g;&#039;
  echo
fi
 
#----------------------------------------------------------------------------------------------------------------------
 
if [ &quot;$act&quot; = &quot;fw&quot; ]; then
  nmap -e &quot;$ifce&quot; -sA -p 1 -n -oG &quot;$log.grep&quot; &quot;$target&quot; >/dev/null 2>&1 #IP:Port #grepme
  echo
  printf &quot;%-15s | %s\n&quot; &quot;IP&quot; &quot;Firewall ?&quot;
  printf &quot;%-15s | %s\n&quot; &quot;--------------&quot; &quot;----------&quot;
  awk -F&#039;/&#039; &#039;{ print $1&quot; : &quot;$2 }&#039; &quot;$log.grep&quot;|grep &#039;filter&#039;|awk &#039;{ printf(&quot;%-15s | %s\n&quot;,$2,$7) }&#039;
  printf &quot;\n&quot;
fi
 
#----------------------------------------------------------------------------------------------------------------------
 
if [ &quot;$act&quot; = &quot;noport&quot; ]; then
 
  # Minimal ports for OS guessing
 
  nmap -O --osscan-guess  -e &quot;$ifce&quot; -p 1,22,23,111,135 -n -oN &quot;$log.txt&quot; -oG &quot;$log.grep&quot; -oX &quot;$log.xml&quot; &quot;$target&quot; >/dev/null 2>&1 #IP:MAC:HW:OS #grepme
 
  printf -- &quot;\n%-15s | %-18s | %-30s | %s&quot; &quot;IP&quot;             &quot;MAC&quot;               &quot;Hardware&quot; \
    &quot;OS&quot;
 
  printf -- &quot;\n%-15s | %-18s | %-30s | %s&quot; &quot;--------------&quot; &quot;-----------------&quot; &quot;------------------------------&quot; \
    &quot;-------------------------------------------------&quot;
 
  grep &#039;&quot;ipv4&quot;&#039; &quot;$log.xml&quot;|awk -F&#039;&quot;&#039; &#039;{ print $2 }&#039; | while read ip ; do
 
    mac=&quot;$( grep -A1 &#039;&quot;&#039;$ip&#039;&quot;&#039; $log.xml|grep &#039;&quot;mac&quot;&#039;|awk -F&#039;&quot;&#039; &#039;{ print $2 }&#039; )&quot;
    hw=&quot;$( grep -A1 &#039;&quot;&#039;$ip&#039;&quot;&#039; $log.xml|grep &#039;&quot;mac&quot;&#039;|awk -F&#039;&quot;&#039; &#039;{ print $6 }&#039; )&quot;
    os=&quot;$( cat &quot;$log.xml&quot;|tr &quot;\n&quot; &quot;;&quot;|grep -Po &#039;&quot;&#039;$ip&#039;&quot;.+?/osmatch>;&#039;|tr &quot;;&quot; &quot;\n&quot;|grep &#039;<osmatch&#039;|awk -F&#039;&quot;&#039; &#039;{ print $4&quot;:&quot;$2 }&#039;|sort -rn|head -n1|cut -d&#039;:&#039; -f2 )&quot;
    [ ${#hw} -gt 24 ] && hw=&quot;$(echo &quot;$hw&quot;|head -c 24 ) [...]&quot;
    [ ${#os} -gt 49 ] && os=&quot;$(echo &quot;$os&quot;|head -c 24 ) [...]&quot;
 
    printf -- &quot;\n%-15s | %-18s | %-30s | %s&quot; &quot;$ip&quot; &quot;$mac&quot; &quot;$hw&quot; &quot;$os&quot; 
    echo &quot;$ip;$mac;$hw;$os&quot; >> &quot;$report&quot;
  done
 
  printf &quot;\n\n&quot;
 
fi
 
#----------------------------------------------------------------------------------------------------------------------
 
if [ &quot;$act&quot; = &quot;all&quot; ]; then
 
  nmap -O --osscan-guess  -e &quot;$ifce&quot; -F -n -oN &quot;$log.txt&quot; -oG &quot;$log.grep&quot; -oX &quot;$log.xml&quot; &quot;$target&quot; >/dev/null 2>&1 #IP:MAC:HW:OS:Ports #grepme
 
  printf -- &quot;\n%-15s | %-18s | %-20s | %-51s | %-9s | %s&quot; &quot;IP&quot;             &quot;MAC&quot;               &quot;Hardware&quot; \
    &quot;OS&quot; &quot;Firewall?&quot; &quot;Ports&quot;
 
  printf -- &quot;\n%-15s | %-18s | %-20s | %-51s | %-9s | %s&quot; &quot;--------------&quot; &quot;-----------------&quot; &quot;--------------------&quot; \
    &quot;---------------------------------------------------&quot; &quot;---------&quot; &quot;---------------------------&quot;
 
  grep &#039;&quot;ipv4&quot;&#039; &quot;$log.xml&quot;|awk -F&#039;&quot;&#039; &#039;{ print $2 }&#039; | while read ip ; do
 
    mac=&quot;$( grep -A1 &#039;&quot;&#039;$ip&#039;&quot;&#039; $log.xml|grep &#039;&quot;mac&quot;&#039;|awk -F&#039;&quot;&#039; &#039;{ print $2 }&#039; )&quot;
    hw=&quot;$( grep -A1 &#039;&quot;&#039;$ip&#039;&quot;&#039; $log.xml|grep &#039;&quot;mac&quot;&#039;|awk -F&#039;&quot;&#039; &#039;{ print $6 }&#039; )&quot;
    os=&quot;$( cat &quot;$log.xml&quot;|tr &quot;\n&quot; &quot;;&quot;|grep -Po &#039;&quot;&#039;$ip&#039;&quot;.+?/osmatch>;&#039;|tr &quot;;&quot; &quot;\n&quot;|grep &#039;<osmatch&#039;|awk -F&#039;&quot;&#039; &#039;{ print $4&quot;:&quot;$2 }&#039;|sort -rn|head -n1|cut -d&#039;:&#039; -f2 )&quot;
    ports=&quot;$( grep -A1 &quot; $ip &quot; $log.grep|awk -F&#039;Ports:&#039; &#039;{ print $2 }&#039;|tr &quot;,&quot; &quot;\n&quot;|cut -d&#039;/&#039; -f1|grep .|sed -r &#039;s/\s+//g&#039;|tr &quot;\n&quot; &quot;,&quot;|sed &#039;s/,$//1&#039; )&quot;
    fw=&quot;$( nmap -p 1 -sA -n -Pn &quot;$ip&quot;|awk &#039;/^1\/tcp/ { print $2 }&#039;|sed &#039;s/unfiltered/no/g;s/filtered/yes/g&#039; )&quot;
 
    echo &quot;$ip;$mac;$hw;$os;$ports&quot; >> &quot;$report&quot;
 
    [ ${#hw} -gt 14 ] && hw=&quot;$(echo &quot;$hw&quot;|head -c 24 ) [...]&quot;
    [ ${#os} -gt 45 ] && os=&quot;$(echo &quot;$os&quot;|head -c 24 ) [...]&quot;
 
    printf -- &quot;\n%-15s | %-18s | %-20s | %-51s | %-9s | %s&quot; &quot;$ip&quot; &quot;$mac&quot; &quot;$hw&quot; &quot;$os&quot; &quot;$fw&quot; &quot;$ports&quot;
  done
 
  printf &quot;\n\n&quot;
 
fi
 
rm -f &quot;$log&quot;*
 



   =>   Écrit par : Nicolas, le 17 juillet 2019


 
Mots clés :  
  network 
  
  bash 
  
  linux 
  
  macos 
    >   Articles connexes :

GitVuln



HTTP Server, tell me who you are ?


Discuter avec un serveur web *apparement* muet ? Voici comment faire...

Chiffrement multicouche



HTTP Download



Cheat SHeet OpenSSL



Comment gagner du temps sur Internet



/tmp et /var/log en noexec sur macOS



7162220