只是一个小的shell脚本来找到的主机上运行的特殊服务（Web服务器、SSH、Telnet）在局域网中使用Nmap。.zip

#! /bin/bash # # findmyserver # # v0.2 (c) by joern franz # pls send feedback and bugs to joern(dot)franz(at)gmail.com # # findmyserver is just a small script that automates searching for hosts # on a network and identifying running services that might be of interest, # which are at this state: # # -- Webserver # -- Secure Shell Server # -- Telnet Server # # For this purpose, it uses the NMAP tool, which works best with root privileges. # findmyserver will show some live results on tty and create a small logfile for # further analysis. # # findmyserver was designed to be used for fast analysis on a local area network, # for an unexperienced user, even if it works on a wan. # # findmyserver is nothing more than an automated NMAP scan including the creation # of a small logfile. The average experienced NMAP user could do this all in one # single step! Also make sure that findmyserver uses only one of a few methods to # detect hosts and ports. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/> # # history: # Jan. 2012: script created # # todo: # - create a dynamic script to better fit different needs # - detect services running on non-standard iana ports # - and a lot more... # # bugs: # - ip address detection is pretty lame so far clear echo echo "************************************" echo "* *" echo "* findmyserver *" echo "* v0.2 *" echo "* *" echo "************************************" echo # setting up some variables TMPFMS=/tmp/fms # needed for temporary fms files LOGDIR=$HOME # directory where fms will store the logfiles HSTDSC=$TMPFMS/hostdscv # dummy file for the NMAP host discovery phase HSTDSX=$TMPFMS/hostdscx # NMAP xml output HSTLST=$TMPFMS/hostlst # dummy file for a list of hosts found by NMAP HSTSCN=$TMPFMS/hostscan # dummy file for the list of scanned hosts from NMAP HSTSCX=$TMPFMS/hostscax # NMAP xml output IPADDS=$(ifconfig | egrep -i "inet addr" | awk '{print $2}' | sed 's/addr://g' | sed '$d') #ip address of the system running fms # some help if no network was given case "$1" in "") echo -e "***Usage: ${0##*/} <network>"; echo -e "***Where <network> can be any NMAP input format like 10.17.0.1 or 10.17.0.0/24 or 10.17.0.1-10 ...\n"; exit 1; esac # checking userid; creating temp files echo -e "***Checking if findmyserver runs as user root." if [ $(id -u) -eq 0 ] then echo -e "***Running as $(id -un). Ok.\n" else echo -e "***ERROR: Looks like your running findmyserver as user $(id -un). Stopping.\n" exit 1 fi echo -e "***Creating temporary files." if [ -d $TMPFMS ] then echo -e "***ERROR: $TMPFMS already exists - maybe from a broken findmyserver run? The folder must be deleted before you can start. Stopping.\n" exit 1 else mkdir $TMPFMS echo -e "***Folder $TMPFMS created. Ok.\n" fi # host discovery echo -e "***Searching for active hosts on the network $1.\n***Not looking for $IPADDS since this is you." nmap -v -n -T4 -sP -PP -PE -PA21,22,80,8080,443,55123 $1 -oG $HSTDSC -oX $HSTDSX --exclude $IPADDS > /dev/null # converting $HSTDSC to $HSTLST cat $HSTDSC | egrep -i up | sed '$d' | awk '{print $2}' > $HSTLST if [ -s $HSTLST ] then echo -e "***Found online hosts, $(cat $HSTDSC | egrep -i seconds | awk '{print $17 " " $18 " " $19 " " $20}')." cat $HSTLST else echo -e "***ERROR: Looks like findmyserver found no hosts that appear to be online. Stopping.\n" exit 1 rm -rf $TMPFMS fi # searching for open ports echo -e "\n***Searching for open ports on the discovered hosts. This can take some time. Be patient." nmap -v -n -T4 -PN -sS -p22,23,80,8080,443,44123 -sV -iL $HSTLST -oG $HSTSCN -oX $HSTSCX > /dev/null echo -e "***All hosts $(cat $HSTSCN | egrep -i seconds | awk '{print $17 " " $18 " " $19 " " $20}')." echo -e "***Hosts found that answer on port 80, probably running a webserver:" cat $HSTSCN | egrep -i "[^09]80/open" | awk '{print $2}' echo -e "\n***Hosts found that answer on port 22, probably running a secure shell server:" cat $HSTSCN | egrep -i "[^09]22/open" | awk '{print $2}' echo -e "\n***Hosts found that answer on port 23, probably running a telnet server:" cat $HSTSCN | egrep -i "[^09]23/open" | awk '{print $2}' # creating log files echo -e "\n***Creating logfile." cd $TMPFMS md5sum * > md5checksum.txt tar -cf logfile.tar * gzip -f logfile.tar mv logfile.tar.gz $LOGDIR/findmyserver-logfile-$(date +%Y-%m-%d-%H-%M).tgz echo -e "***Logfile created successfully in $LOGDIR.\n" # cleaning up temporary files rm -rf $TMPFMS echo -e "***Cleaning up. $TMPFMS removed. All done. Thx for using findmyserver.\n" # EOF