Afin de faciliter l'énumération sur le réseau depusi les rapports Nmap, j'ai fait ce petit script, qui permet de lister et de faciliter la lecture des informations retournées par Nmap.
0x01. CONCEPT
L'idée est d'exécuter nmap et d'exploiter ses rapports afin de récupérer les informations qui nous intéresses.
Le synopsis :
___ ___ _ _ _ _ _ __ _/ __|/ __| /_\ | \| | | || / _` \__ \ (__ / _ \| .` | \_, \__,_|___/\___/_/ \_\_|\_| |__/ # Yet Another Scanner (using nmap) Usage: yascan <interface> <network> <action> [report] action : ip, mac, hw, port, os, noport, all ip : list IP mac : list MAC hw : list hardware, show: IP, MAC, Hardware port : list open ports, show: IP, open ports os : list OS, show: IP, OS fw : list firewall state, show: IP, firewall (use ACK nmap) noport : show: IP, MAC, hardware, OS all : show: IP, MAC, hardware, OS, firewall?, open ports Note: report is in CSV format Ex.: yascan eth0 192.168.0.0/24 hw hardware.csv
0x02. DEMO


Le rapport.csv :
172.42.208.1;00:50:56:C0:00:08;VMware;VMware Player virtual NAT device; 172.42.208.2;00:50:56:F1:7E:E5;VMware;VMware Player virtual NAT device; 172.42.208.135;00:0C:29:D6:A6:5D;VMware;FreeBSD 6.2-RELEASE;5357 172.42.208.142;00:0C:29:AD:60:BD;VMware;Linux 3.2 - 4.9;22,80 172.42.208.143;00:0C:29:16:BA:DE;VMware;Linux 3.10 - 4.11;22 172.42.208.152;00:0C:29:53:5C:F7;VMware;Oracle Solaris 11;22,111,515 172.42.208.162;00:0C:29:27:EB:50;VMware;FreeBSD 11.0-RELEASE - 12.0-CURRENT;22 172.42.208.172;00:0C:29:D1:8A:FA;VMware;Microsoft Windows Server 2016 build 10586 - 14393;135,139,445 172.42.208.254;00:50:56:E4:0B:26;VMware;;
0x03. SCRIPT
#!/bin/bash APP="$(basename "$0")" ####################################################################################################################### # # Usage # ## usage() { printf "[1;34m" echo echo ' ___ ___ _ _ _' echo ' _ _ __ _/ __|/ __| /_\ | \| |' echo '| || / _` \__ \ (__ / _ \| .` |' echo ' \_, \__,_|___/\___/_/ \_\_|\_|' echo ' |__/' echo printf "# Yet Another Scanner ([1;36musing nmap[1;34m)" echo printf "[0m" echo echo "Usage: $APP <interface> <network> <action> [report]" echo echo " action : ip, mac, hw, port, os, noport, all" echo echo " ip : list IP" echo " mac : list MAC" echo " hw : list hardware, show: IP, MAC, Hardware" echo " port : list open ports, show: IP, open ports" echo " os : list OS, show: IP, OS" echo " fw : list firewall state, show: IP, firewall (use ACK nmap)" echo " noport : show: IP, MAC, hardware, OS" echo " all : show: IP, MAC, hardware, OS, firewall?, open ports" echo echo "Ex.: $APP eth0 192.168.0.0/24 hw" } [ $# -eq 0 ] && usage [ "$*" = "-h" ] && usage ####################################################################################################################### # # Args # ## ifce="$1" target="$2" act="$3" log="/tmp/nmap-out" report="/dev/null" ; [ $# -eq 4 ] && report="$4" rm -f "$log"* ####################################################################################################################### # # Scan # ## ## List ############################################################################################################### if [ "$act" = "ip" ]; then nmap -e "$ifce" -sn -n -oN "$log.txt" -oG "$log.grep" -oX "$log.xml" "$target" >/dev/null 2>&1 #List #grepme printf -- "\n%-15s" "IP" printf -- "\n%-15s" "--------------" echo grep '"ipv4"' "$log.xml"|awk -F'"' '{ print $2 }' echo fi #---------------------------------------------------------------------------------------------------------------------- if [ "$act" = "mac" ]; then nmap -e "$ifce" -sn -n -oN "$log.txt" -oG "$log.grep" -oX "$log.xml" "$target" >/dev/null 2>&1 #List #grepme printf -- "\n%-17s" "MAC" printf -- "\n%-17s" "-----------------" echo grep '"mac"' "$log.xml"|awk -F'"' '{ print $2 }' echo fi #---------------------------------------------------------------------------------------------------------------------- if [ "$act" = "hw" ]; then nmap -e "$ifce" -sn -n -oN "$log.txt" -oG "$log.grep" -oX "$log.xml" "$target" >/dev/null 2>&1 #IP:MAC:HW:OS #grepme printf -- "\n%-15s | %-18s | %s" "IP" "MAC" "Hardware" printf -- "\n%-15s | %-18s | %s" "--------------" "-----------------" "------------------------------" grep '"ipv4"' "$log.xml"|awk -F'"' '{ print $2 }' | while read ip ; do mac="$( grep -A1 '"'$ip'"' $log.xml|grep '"mac"'|awk -F'"' '{ print $2 }' )" hw="$( grep -A1 '"'$ip'"' $log.xml|grep '"mac"'|awk -F'"' '{ print $6 }' )" printf -- "\n%-15s | %-18s | %s" "$ip" "$mac" "$hw" echo "$ip;$mac;$hw" >> "$report" done printf "\n\n" fi #---------------------------------------------------------------------------------------------------------------------- if [ "$act" = "os" ]; then nmap -O -e "$ifce" -sT -p1,22,23,111,135,445 --osscan-guess -n -oN "$log.txt" -oG "$log.grep" -oX "$log.xml" "$target" >/dev/null 2>&1 #OS #grepme echo printf "%-15s | %s\n" "IP" "Operating System" printf "%-15s | %s\n" "--------------" "--------------------------------------------------" grep 'OS:' "$log.grep"|sed -r 's/Host: //g;s/ \(.+OS/ /g;s/Seq.+//g;s/\s+$//g;s/:\s+/:/g'|awk -F':' '{ printf("%-15s | %s\n",$1,$2) }' printf "\n" fi ## Port scan ########################################################################################################## if [ "$act" = "port" ]; then nmap -e "$ifce" -F -n -oN "$log.txt" -oG "$log.grep" -oX "$log.xml" "$target" >/dev/null 2>&1 #IP:Port #grepme echo printf "%-15s | %s\n" "IP" "Open ports" printf "%-15s | %s\n" "--------------" "----------------------------------------" cat "$log.grep"|grep -Po "\d+\.\d+\.\d+\.\d+ .+\d+/open"|sed -r 's/\s+Ports: / \| /g;s/ \(\)//g;s:/...?p/::g;s:/open::g;s:/[a-z0-9_\-]+/::g;s:/::g' grep " $ip " $log.grep|awk -F'OS: ' '{ print $2 }'|awk -F'Seq ' '{ print $1 }'|grep .|sed -r 's/\s+$//g;s/^\s//g;' echo fi #---------------------------------------------------------------------------------------------------------------------- if [ "$act" = "fw" ]; then nmap -e "$ifce" -sA -p 1 -n -oG "$log.grep" "$target" >/dev/null 2>&1 #IP:Port #grepme echo printf "%-15s | %s\n" "IP" "Firewall ?" printf "%-15s | %s\n" "--------------" "----------" awk -F'/' '{ print $1" : "$2 }' "$log.grep"|grep 'filter'|awk '{ printf("%-15s | %s\n",$2,$7) }' printf "\n" fi #---------------------------------------------------------------------------------------------------------------------- if [ "$act" = "noport" ]; then # Minimal ports for OS guessing nmap -O --osscan-guess -e "$ifce" -p 1,22,23,111,135 -n -oN "$log.txt" -oG "$log.grep" -oX "$log.xml" "$target" >/dev/null 2>&1 #IP:MAC:HW:OS #grepme printf -- "\n%-15s | %-18s | %-30s | %s" "IP" "MAC" "Hardware" \ "OS" printf -- "\n%-15s | %-18s | %-30s | %s" "--------------" "-----------------" "------------------------------" \ "-------------------------------------------------" grep '"ipv4"' "$log.xml"|awk -F'"' '{ print $2 }' | while read ip ; do mac="$( grep -A1 '"'$ip'"' $log.xml|grep '"mac"'|awk -F'"' '{ print $2 }' )" hw="$( grep -A1 '"'$ip'"' $log.xml|grep '"mac"'|awk -F'"' '{ print $6 }' )" os="$( cat "$log.xml"|tr "\n" ";"|grep -Po '"'$ip'".+?/osmatch>;'|tr ";" "\n"|grep '<osmatch'|awk -F'"' '{ print $4":"$2 }'|sort -rn|head -n1|cut -d':' -f2 )" [ ${#hw} -gt 24 ] && hw="$(echo "$hw"|head -c 24 ) [...]" [ ${#os} -gt 49 ] && os="$(echo "$os"|head -c 24 ) [...]" printf -- "\n%-15s | %-18s | %-30s | %s" "$ip" "$mac" "$hw" "$os" echo "$ip;$mac;$hw;$os" >> "$report" done printf "\n\n" fi #---------------------------------------------------------------------------------------------------------------------- if [ "$act" = "all" ]; then nmap -O --osscan-guess -e "$ifce" -F -n -oN "$log.txt" -oG "$log.grep" -oX "$log.xml" "$target" >/dev/null 2>&1 #IP:MAC:HW:OS:Ports #grepme printf -- "\n%-15s | %-18s | %-20s | %-51s | %-9s | %s" "IP" "MAC" "Hardware" \ "OS" "Firewall?" "Ports" printf -- "\n%-15s | %-18s | %-20s | %-51s | %-9s | %s" "--------------" "-----------------" "--------------------" \ "---------------------------------------------------" "---------" "---------------------------" grep '"ipv4"' "$log.xml"|awk -F'"' '{ print $2 }' | while read ip ; do mac="$( grep -A1 '"'$ip'"' $log.xml|grep '"mac"'|awk -F'"' '{ print $2 }' )" hw="$( grep -A1 '"'$ip'"' $log.xml|grep '"mac"'|awk -F'"' '{ print $6 }' )" os="$( cat "$log.xml"|tr "\n" ";"|grep -Po '"'$ip'".+?/osmatch>;'|tr ";" "\n"|grep '<osmatch'|awk -F'"' '{ print $4":"$2 }'|sort -rn|head -n1|cut -d':' -f2 )" ports="$( grep -A1 " $ip " $log.grep|awk -F'Ports:' '{ print $2 }'|tr "," "\n"|cut -d'/' -f1|grep .|sed -r 's/\s+//g'|tr "\n" ","|sed 's/,$//1' )" fw="$( nmap -p 1 -sA -n -Pn "$ip"|awk '/^1\/tcp/ { print $2 }'|sed 's/unfiltered/no/g;s/filtered/yes/g' )" echo "$ip;$mac;$hw;$os;$ports" >> "$report" [ ${#hw} -gt 14 ] && hw="$(echo "$hw"|head -c 24 ) [...]" [ ${#os} -gt 45 ] && os="$(echo "$os"|head -c 24 ) [...]" printf -- "\n%-15s | %-18s | %-20s | %-51s | %-9s | %s" "$ip" "$mac" "$hw" "$os" "$fw" "$ports" done printf "\n\n" fi rm -f "$log"*
=> Écrit par : Nicolas, le 17 juillet 2019