#!/usr/bin/env python
# -*- coding: UTF-8 -*-
import sys
from popen2 import Popen4
from time import sleep
if len(sys.argv) < 2:
print "\nUsage: ssh_discover <subnet> [<port>]\n\tIt support subnets: *.*.*.0 and *.*.0.0\n\tExample:\tssh_discover 192.168.2.0\n\t\t\tssh_discover 172.169.0.0\n"
sys.exit(0)
puerto = " 22"
if len(sys.argv) > 2:
puerto = " "+sys.argv[2]
initrange = 1;
endrange = 254
if sys.argv[1].split(".")[2] != '0':
initrange = endrange = int(sys.argv[1].split(".")[2] )
ip_base = sys.argv[1].split(".")[0]+"."+sys.argv[1].split(".")[1]+"."
commando = "telnet -e a "+ip_base
for a in range(initrange,endrange+1):
for b in range(1,254):
process = Popen4(commando+str(a)+"."+str(b)+puerto)
sleep(1)
process.tochild.close()
sleep(2)
if (process.poll() != -1):
cadena = process.fromchild.read()
if cadena.find("SSH") != -1:
print "ssh server FOUND: "+ip_base+str(a)+"."+str(b)
else:
print "no ssh server: "+ip_base+str(a)+"."+str(b)
else:
print "address not valid: "+ip_base+str(a)+"."+str(b)
