I'm writing a BASH script. From the command line I can call nmap and I want to extract the ip for a specific port.
$ nmap [ip]/24
Starting Nmap 6.47 ( http://nmap.org ) at 2015-02-26 01:59 PST
Nmap scan report for 192.168.56.1
Host is up (0.0012s latency).
Not shown: 500 closed ports, 499 filtered ports
PORT STATE SERVICE
3689/tcp open rendezvous
Nmap scan report for 192.168.56.101
Host is up (0.00042s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
I want the IP address for the port 21. In this example that would be 192.168.56.101. How do I extract that from this return and save it to a variable? Thanks
You can use xml output and parse the output using xmllint:
nmap -p 21 -oX - "$IP"/24 | xmllint --xpath '//port[#portid="21"]/state[#state="open"]/../../../address/#addr' -
Nmap's normal output is human-readable, but can change from version to version. It is not designed to be machine-parseable. Nmap has 2 machine-parseable output formats that are a much better fit. First, XML output (using the -oX option) is the most complete format, containing as much or more information than the normal output. You can parse this with xmlstarlet or xmllint.
Another popular option for simple extraction of basic port scan information is the officially deprecated Grepable output format (-oG). This format is missing lots of the "more recent" features like NSE script output and traceroute info, but it is stable for port scan data. Here's how you could go about using this format:
nmap $target -oG - | awk '/ 21\/open\/tcp/{print $2}'
Loop over each line in the output, and look the string "Nmap scan report for <your ip address>", then continue to loop over each line of the output until you either find the line "21/tcp open ftp" or you find an empty line or the end of the output.
The looping can be done with the Bash builtin commands read and while.
Related
I am trying to make a program that automatically lists all of the connections to my computer from outside of the router. The end goal of this script is that I would like to be able to have a clean list of the external IP addresses of every server/website I am connecting to. I am also trying to use this as a way to learn more about how networks, websites, and servers work so I am sorry for any mistakes I make with terminology and general knowledge!
My tcpdump bash script:
while :
do
# get myip and assign it to a variable
myip="$(ifconfig wlp2s0 | grep -E -o -m 1 "inet................" | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)")"
# tcpdump on my ip for all packets going to or from my ip address. the ipaddress of the packets is placed in IP Address.txt
sudo tcpdump -c 1 -nn host "$myip" | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" >> IPaddress.txt
done
I thought that tcpdump would be the tool for this however I confess that I do not know how tcpdump works. This script is a bash file that I am running through ubuntu. How would I use tcpdump to collect the IP address of every website that I am connecting to? I read the tcpdump documentation and believe it can help me achieve my goal however if there are better tools out there I would love to hear it! Currently, this code only displays internal IP addresses. ;(
I'd lean more towards using ss or netstat.
ss --all --ipv4
Would show all IPv4 connections.
The same works for IPv6 of course; and you could add one of many arguments to get more detailed information if you want, such as --processes, --extended, or --info.
There's also a few more arguments to control the output format, making it more suitable for parsing:
ss --all --ipv4 --processes --no-header --oneline
Suggest to follow ss command .
Learn about ss command here.
I wrote a bash script for a simple scanner. It asks the user for the first and last IP addresses as well as the port number then stores them into variables. It then uses nmap to scan the range of ip addresses for open MySQL ports.
Here is my code
#!/bin/bash
echo "What is the first IP address?"
read firstIP
echo "What is the last IP address?"
read lastIP
echo "What port number do you want to scan?"
read port
nmap -sT $firstIP-$lastIP -p $port >/dev/null -oG MySQLscan
cat MySQLscan | grep open MySQLscan2
cat MySQlscan2
For the first prompt, I entered 192.168.181.0. For the second prompt, I entered 192.168.181.255. For the port number, I entered 3306. However, the result I got was:
Failed to resolve "192.168.181.0-192.168.181.255"
WARNING: No targets were specified, so 0 hosts scanned.
Why is it failing to resolve the IP addresses?
In nmap, you should specify that range of IP addrs in one the of following forms:
192.168.181.0/24
192.168.181.0-255
Thus, the correct way is either <start_ip_addr>/<subnet_mask> (will scan all the IPs under that subnet, starting from the provided one) or <start_ip_addr>-<last_term_in_subnet_range> (will scan up to the last given term, starting from the provided IP).
I'm trying to make a script to connect to server via ssh but i'm a bash noob. I do not know the ip and have to use nmap to scan the range. What i want is a script to connect or try to connect to the ip's from nmap output. (with try i mean one of the ips would be my ip, so connecting to this one is useless)
All i got so far is scanning the range with namp -sP 192.168.42.1/24
I have found an nmap filter to only scan for port 22
Here is what I get.
$ nmap --open -p22 192.168.42.*
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-08 08:55 CEST
Nmap scan report for 192.168.42.113
Host is up (0.0057s latency).
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 256 IP addresses (2 hosts up) scanned in 59.63 seconds
You can simply use netcat which is fast.nmap takes too long to scan range.
for i in {1..254..1}
do
if nc -w 1 -zv 192.168.42.$i 22 &>> /dev/null
then
ssh 192.168.42.$i
fi
done
I have downloaded nmap. As far as I know, it supports the 'whois' tool. When I try to type the following: whois yahoo.com (as example). I got the following error:
'whois' is not recognized as an internal or external command, operable program or batch file. Can anyone tell me what I'm missing? Do I need to install something other than nmap itself?
Nmap can perform queries with the whois protocol using the whois script like so:
nmap --script whois -sn yahoo.com
Note that the whois script was renamed to whois-ip in Nmap 6.45 (revision 31527) and whois-domain was added. So you can do:
nmap --script whois-ip,whois-domain -sn yahoo.com
or simply:
nmap --script whois* -sn yahoo.com
In addition to the --script argument, the -sn argument tells Nmap not to perform a port scan (since that's probably not what you want).
Based on your error description, it sounds like you are on Windows. Microsoft has a whois utility available as part of the SysInternals suite. You can get it here.
For me, this tool isn't part of nmap
blender ~ $ pacman -Qo `which whois`
/usr/bin/whois is owned by whois 5.0.16-1
And in fact, nmap doesn't supply much more than nmap and some its own binaries:
blender ~ $ pacman -Ql nmap | grep "bin"
nmap /usr/bin/
nmap /usr/bin/ncat
nmap /usr/bin/ndiff
nmap /usr/bin/nmap
nmap /usr/bin/nmapfe
nmap /usr/bin/nping
nmap /usr/bin/xnmap
nmap /usr/bin/zenmap
Check if there is a whois package for your distro.
I'm new to bash scripting and I'm trying to get this working:
Scanning an IP range for finding devices with the port 80 open...
I think it has to look like this:
#!/bin/bash
echo -----------------------------------
for ip in 192.168.0.{1,.255}; do
nmap -p80 192.168.0.1
if #open; then
echo "{ip} has the port 80 open"
else
#do nothing
fi
done
echo -----------------------------------
exit 0
I also just want to see the results like this:
-----------------------------------
192.168.0.1 has the port 80 open
192.168.0.10 has the port 80 open
192.168.0.13 has the port 80 open
192.168.0.15 has the port 80 open
-----------------------------------
(So without errors or nmap's normal outputs..)
Can someone help me for this?
nmap comes with a nice output parameter -oG (grepable output) which makes parsing more easy. Also it is not necessary to iterate through all IP addresses you want to scan. nmap is netmask aware.
Your example can be written as:
nmap -p80 192.168.0.0/24 -oG - | grep 80/open
The -oG enables the grepable output, and - specifies the file to output to (in this case stdout). The pipe symbol redirects the output of nmap (stdout) to grep, which only returns lines containing 80/open in this case.
Try this
nmap --open -p80 192.168.0.*
The --open will only list host with port 80 open. This way you save having to check in your shell script as filtering is already done by nmap itself.
https://nmap.org/book/man-briefoptions.html