I wrote a bash script for a simple scanner. It asks the user for the first and last IP addresses as well as the port number then stores them into variables. It then uses nmap to scan the range of ip addresses for open MySQL ports.
Here is my code
#!/bin/bash
echo "What is the first IP address?"
read firstIP
echo "What is the last IP address?"
read lastIP
echo "What port number do you want to scan?"
read port
nmap -sT $firstIP-$lastIP -p $port >/dev/null -oG MySQLscan
cat MySQLscan | grep open MySQLscan2
cat MySQlscan2
For the first prompt, I entered 192.168.181.0. For the second prompt, I entered 192.168.181.255. For the port number, I entered 3306. However, the result I got was:
Failed to resolve "192.168.181.0-192.168.181.255"
WARNING: No targets were specified, so 0 hosts scanned.
Why is it failing to resolve the IP addresses?
In nmap, you should specify that range of IP addrs in one the of following forms:
192.168.181.0/24
192.168.181.0-255
Thus, the correct way is either <start_ip_addr>/<subnet_mask> (will scan all the IPs under that subnet, starting from the provided one) or <start_ip_addr>-<last_term_in_subnet_range> (will scan up to the last given term, starting from the provided IP).
Related
I'm trying to write a Bash Script to change my IP Address. I'm able to change the IP Address manually from "ifconfig" command. I am also able to change the IP Address through my script when I declare a particular chosen address as a variable.
Such as:
IP="000.000.0.0"
But it is not changing the IP Address when I'm taking it as a user-defined variable.
Such as:
echo "ENTER THE NEW IP ADDRESS: " && read -p ""$NEW_IP
or
echo "ENTER THE NEW IP ADDRESS: "
read -p ""$NEW_IP
The full code, What I wrote was:
INTER_FACE="wlp9s0"
echo "ENTER THE NEW IP ADDRESS : "
read -p ""$NEW_IP
ifconfig $INTER_FACE down
ifconfig $INTER_FACE inet $NEW_IP
ifconfig $INTER_FACE up
the read command is wrong. You have to do
read NEW_IP
instead
I'm trying to make a script to connect to server via ssh but i'm a bash noob. I do not know the ip and have to use nmap to scan the range. What i want is a script to connect or try to connect to the ip's from nmap output. (with try i mean one of the ips would be my ip, so connecting to this one is useless)
All i got so far is scanning the range with namp -sP 192.168.42.1/24
I have found an nmap filter to only scan for port 22
Here is what I get.
$ nmap --open -p22 192.168.42.*
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-08 08:55 CEST
Nmap scan report for 192.168.42.113
Host is up (0.0057s latency).
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 256 IP addresses (2 hosts up) scanned in 59.63 seconds
You can simply use netcat which is fast.nmap takes too long to scan range.
for i in {1..254..1}
do
if nc -w 1 -zv 192.168.42.$i 22 &>> /dev/null
then
ssh 192.168.42.$i
fi
done
Is there a possible way to connect to any open port with bash ? i.e without calling any external command. :)
I wanted to connect to an open port with bash without using nc or telnet.
It depends on the shell; bash, for instance, uses I/O redirection to attach to arbitrary TCP and UDP sockets. From the man page:
Bash handles several filenames specially when they are used in redirections, as
described in the following table:
[...]
/dev/tcp/host/port
If host is a valid hostname or Internet address, and port is
an integer port number or service name, bash attempts to open a
TCP connection to the corresponding socket.
/dev/udp/host/port
If host is a valid hostname or Internet address, and port is
an integer port number or service name, bash attempts to open a
UDP connection to the corresponding socket.
For example, to get the current time:
cat < /dev/tcp/time-a.nist.gov/13
Note that it must be a redirection; cat /dev/tcp/time-a.nist.gov/13 would only work if your file system implemented some sort of sockets-on-demand.
A very basic HTTP client:
$ exec 3<>/dev/tcp/www.example.com/80
$ echo "GET /" >&3
$ cat <&3
I'm writing a BASH script. From the command line I can call nmap and I want to extract the ip for a specific port.
$ nmap [ip]/24
Starting Nmap 6.47 ( http://nmap.org ) at 2015-02-26 01:59 PST
Nmap scan report for 192.168.56.1
Host is up (0.0012s latency).
Not shown: 500 closed ports, 499 filtered ports
PORT STATE SERVICE
3689/tcp open rendezvous
Nmap scan report for 192.168.56.101
Host is up (0.00042s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
I want the IP address for the port 21. In this example that would be 192.168.56.101. How do I extract that from this return and save it to a variable? Thanks
You can use xml output and parse the output using xmllint:
nmap -p 21 -oX - "$IP"/24 | xmllint --xpath '//port[#portid="21"]/state[#state="open"]/../../../address/#addr' -
Nmap's normal output is human-readable, but can change from version to version. It is not designed to be machine-parseable. Nmap has 2 machine-parseable output formats that are a much better fit. First, XML output (using the -oX option) is the most complete format, containing as much or more information than the normal output. You can parse this with xmlstarlet or xmllint.
Another popular option for simple extraction of basic port scan information is the officially deprecated Grepable output format (-oG). This format is missing lots of the "more recent" features like NSE script output and traceroute info, but it is stable for port scan data. Here's how you could go about using this format:
nmap $target -oG - | awk '/ 21\/open\/tcp/{print $2}'
Loop over each line in the output, and look the string "Nmap scan report for <your ip address>", then continue to loop over each line of the output until you either find the line "21/tcp open ftp" or you find an empty line or the end of the output.
The looping can be done with the Bash builtin commands read and while.
I'm new to bash scripting and I'm trying to get this working:
Scanning an IP range for finding devices with the port 80 open...
I think it has to look like this:
#!/bin/bash
echo -----------------------------------
for ip in 192.168.0.{1,.255}; do
nmap -p80 192.168.0.1
if #open; then
echo "{ip} has the port 80 open"
else
#do nothing
fi
done
echo -----------------------------------
exit 0
I also just want to see the results like this:
-----------------------------------
192.168.0.1 has the port 80 open
192.168.0.10 has the port 80 open
192.168.0.13 has the port 80 open
192.168.0.15 has the port 80 open
-----------------------------------
(So without errors or nmap's normal outputs..)
Can someone help me for this?
nmap comes with a nice output parameter -oG (grepable output) which makes parsing more easy. Also it is not necessary to iterate through all IP addresses you want to scan. nmap is netmask aware.
Your example can be written as:
nmap -p80 192.168.0.0/24 -oG - | grep 80/open
The -oG enables the grepable output, and - specifies the file to output to (in this case stdout). The pipe symbol redirects the output of nmap (stdout) to grep, which only returns lines containing 80/open in this case.
Try this
nmap --open -p80 192.168.0.*
The --open will only list host with port 80 open. This way you save having to check in your shell script as filtering is already done by nmap itself.
https://nmap.org/book/man-briefoptions.html