I'm trying to make a script to connect to server via ssh but i'm a bash noob. I do not know the ip and have to use nmap to scan the range. What i want is a script to connect or try to connect to the ip's from nmap output. (with try i mean one of the ips would be my ip, so connecting to this one is useless)
All i got so far is scanning the range with namp -sP 192.168.42.1/24
I have found an nmap filter to only scan for port 22
Here is what I get.
$ nmap --open -p22 192.168.42.*
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-08 08:55 CEST
Nmap scan report for 192.168.42.113
Host is up (0.0057s latency).
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 256 IP addresses (2 hosts up) scanned in 59.63 seconds
You can simply use netcat which is fast.nmap takes too long to scan range.
for i in {1..254..1}
do
if nc -w 1 -zv 192.168.42.$i 22 &>> /dev/null
then
ssh 192.168.42.$i
fi
done
Related
I have two machines
ssh Machine1-IPv4
ssh -R 15:localhost:15 Machine2-IPv4
On the Machine2-IPv4, I can run
telnet ::1 15
netstat -ptln | grep 15 shows
tcp6 ... ::1:53 ...
However, I need an IPv4. What causes the IP to be IPv6?
I have a task in a lab for my cyber-security class where I have to verify that the port 5555 is open and not in use via Command Prompt. I have tried the following command with these flags:
command used to check port 5555
You can do a nmap scan on that port to see if its open or close; also you can get more information about the port if its open this way.
nmap -vvv <ip> -p 5555
if you are looking for a fast way you can try to connect to that port and see using netcat or telnet
nc localhost 5555
telnet localhost 5555
if the port is close your connection will drop if its open the connection wont close if the application running on port 5555 has a header you can also see that.
in case you looking for open ports in your own computer you can do ss -lnpt which will show all open ports. then you can grep for port 5555
You can either use netstat or sudo lsof -i tcp:5555.
If you don't get a response on your terminal, it means that there's nothing running on port 5555.
I wrote a bash script for a simple scanner. It asks the user for the first and last IP addresses as well as the port number then stores them into variables. It then uses nmap to scan the range of ip addresses for open MySQL ports.
Here is my code
#!/bin/bash
echo "What is the first IP address?"
read firstIP
echo "What is the last IP address?"
read lastIP
echo "What port number do you want to scan?"
read port
nmap -sT $firstIP-$lastIP -p $port >/dev/null -oG MySQLscan
cat MySQLscan | grep open MySQLscan2
cat MySQlscan2
For the first prompt, I entered 192.168.181.0. For the second prompt, I entered 192.168.181.255. For the port number, I entered 3306. However, the result I got was:
Failed to resolve "192.168.181.0-192.168.181.255"
WARNING: No targets were specified, so 0 hosts scanned.
Why is it failing to resolve the IP addresses?
In nmap, you should specify that range of IP addrs in one the of following forms:
192.168.181.0/24
192.168.181.0-255
Thus, the correct way is either <start_ip_addr>/<subnet_mask> (will scan all the IPs under that subnet, starting from the provided one) or <start_ip_addr>-<last_term_in_subnet_range> (will scan up to the last given term, starting from the provided IP).
I'm writing a BASH script. From the command line I can call nmap and I want to extract the ip for a specific port.
$ nmap [ip]/24
Starting Nmap 6.47 ( http://nmap.org ) at 2015-02-26 01:59 PST
Nmap scan report for 192.168.56.1
Host is up (0.0012s latency).
Not shown: 500 closed ports, 499 filtered ports
PORT STATE SERVICE
3689/tcp open rendezvous
Nmap scan report for 192.168.56.101
Host is up (0.00042s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
I want the IP address for the port 21. In this example that would be 192.168.56.101. How do I extract that from this return and save it to a variable? Thanks
You can use xml output and parse the output using xmllint:
nmap -p 21 -oX - "$IP"/24 | xmllint --xpath '//port[#portid="21"]/state[#state="open"]/../../../address/#addr' -
Nmap's normal output is human-readable, but can change from version to version. It is not designed to be machine-parseable. Nmap has 2 machine-parseable output formats that are a much better fit. First, XML output (using the -oX option) is the most complete format, containing as much or more information than the normal output. You can parse this with xmlstarlet or xmllint.
Another popular option for simple extraction of basic port scan information is the officially deprecated Grepable output format (-oG). This format is missing lots of the "more recent" features like NSE script output and traceroute info, but it is stable for port scan data. Here's how you could go about using this format:
nmap $target -oG - | awk '/ 21\/open\/tcp/{print $2}'
Loop over each line in the output, and look the string "Nmap scan report for <your ip address>", then continue to loop over each line of the output until you either find the line "21/tcp open ftp" or you find an empty line or the end of the output.
The looping can be done with the Bash builtin commands read and while.
I'm new to bash scripting and I'm trying to get this working:
Scanning an IP range for finding devices with the port 80 open...
I think it has to look like this:
#!/bin/bash
echo -----------------------------------
for ip in 192.168.0.{1,.255}; do
nmap -p80 192.168.0.1
if #open; then
echo "{ip} has the port 80 open"
else
#do nothing
fi
done
echo -----------------------------------
exit 0
I also just want to see the results like this:
-----------------------------------
192.168.0.1 has the port 80 open
192.168.0.10 has the port 80 open
192.168.0.13 has the port 80 open
192.168.0.15 has the port 80 open
-----------------------------------
(So without errors or nmap's normal outputs..)
Can someone help me for this?
nmap comes with a nice output parameter -oG (grepable output) which makes parsing more easy. Also it is not necessary to iterate through all IP addresses you want to scan. nmap is netmask aware.
Your example can be written as:
nmap -p80 192.168.0.0/24 -oG - | grep 80/open
The -oG enables the grepable output, and - specifies the file to output to (in this case stdout). The pipe symbol redirects the output of nmap (stdout) to grep, which only returns lines containing 80/open in this case.
Try this
nmap --open -p80 192.168.0.*
The --open will only list host with port 80 open. This way you save having to check in your shell script as filtering is already done by nmap itself.
https://nmap.org/book/man-briefoptions.html