Hello All,
I have a file of ip addresses called activeips.txt
What I'm trying to do is run a simple bash script that has a loop in it. The loop is a cat of the IP addresses in the file.
The goal is to run 2 nmap commands to give me outputs where each address in the list has an OS fingerprint and then a top 20 open ports scan.
The problem is that the script as written, not matter what I do, will run the nmap commands at the same time and they cycle through without waiting for each other. They literally run through the whole list of IPs independent of each other.
What I want to do is get the first address in the file, run the first nmap command, then the second nmap command and then go to the next address, run the first nmap, second nmap, next address....so on and so on.
All help is appreciated for a scripting NOOB
Thanks
DP
Here's the script:
#!/bin/bash
DISCOVERY (){
nmap -v -p 139,445 --script=smb-os-discovery $address |grep -v "smb-os-discovery" | grep -v "OS CPE" | grep -v "Computer name" | grep -v "NetBI$
}
PORTS (){
nmap -sT --top-ports 20 $address
}
for address in $(cat activeips.txt);do
DISCOVERY
PORTS
done
what you had should do what you want - 2 calls to nmap one after the other.
Here's a slightly modified version:
#!/bin/bash
DISCOVERY ()
{
addr="${1}"
nmap -v -p 139,445 --script=smb-os-discovery "${addr}" |grep -v 'smb-os-discovery' | grep -v 'OS CPE' | grep -v 'Computer name' | grep -v 'NetBI'
}
PORTS ()
{
addr="${1}"
nmap -sT --top-ports 20 "${addr}"
}
while read address junk
do
DISCOVERY "${address}"
PORTS "${address}"
done < activeips.txt
OK...I see where you're going.
The activeips.txt file already exists....from another script. It has the list of IPs for the nmaps to scan....so outputting to activeips.txt like you have as the last line is no quite correct
So using what you have above...would the loop look like this?
for address in $(cat activeips.txt);
do
DISCOVERY "${address}"
PORTS "${address}"
done
so outputting to activeips.txt like you have as the last line is no quite correct
I'm not outputting to - I'm reading from.
you don't need cat activeips.txt
- test I've provided
Ahhh ... I see what you're saying with the active ips file...I didn't pay attention to the < for input instead of output.
So I try it, and I get output of the discovery nmapping the first IP, then I get ports output of the first ip, and then it outputs the ports again for the next ip in the file, then it outputs the ports again for the next ip in the file, and then eventually the Discovery output comes out for the 2nd ip in the file. It's like the 2 functions are running independent of each other. The goal is Discovery for first IP, then Ports for First IP, then Discovery for 2nd, Ports for second...and so on.
The script you have is doing the same thing my original one is...where the 2 functions seem to run loops of their own without regard to each other
that's hard to believe...
could you post the content of activeips.txt
using code tags
.
it's a simple txt tile with these lines
10.0.0.13
10.0.0.16
10.0.0.22
10.0.0.17
10.0.0.19
10.0.0.20
10.0.0.12
10.0.0.11
10.0.0.15
10.0.0.24
10.0.0.63
10.0.0.62
10.0.0.80
10.0.0.101
10.0.0.103
10.0.0.109
10.0.0.112
10.0.0.117
10.0.0.110
Please start using code tags - refer to this
1 Like
Here's the output as it happens:
OS:Windows7Professional7601ServicePack1(Windows7Professional6.1)
FQDN:SD10.ssi.private
Starting Nmap 7.60 ( ) at 2018-04-04 16:39 CDT
Nmap scan report for sd10.ssi.private (10.0.0.13)
Host is up (0.86s latency).
PORT STATE SERVICE
21/tcp closed ftp
22/tcp closed ssh
23/tcp closed telnet
25/tcp closed smtp
53/tcp closed domain
80/tcp closed http
110/tcp open pop3
111/tcp closed rpcbind
135/tcp open msrpc
139/tcp closed netbios-ssn
143/tcp open imap
443/tcp closed https
445/tcp open microsoft-ds
993/tcp open imaps
995/tcp open pop3s
1723/tcp closed pptp
3306/tcp closed mysql
3389/tcp closed ms-wbt-server
5900/tcp closed vnc
8080/tcp closed http-proxy
Nmap done: 1 IP address (1 host up) scanned in 2.43 seconds
Starting Nmap 7.60 ( ) at 2018-04-04 16:39 CDT
Nmap scan report for 10.0.0.16
Host is up (0.0046s latency).
PORT STATE SERVICE
21/tcp filtered ftp
22/tcp open ssh
23/tcp filtered telnet
25/tcp filtered smtp
53/tcp filtered domain
80/tcp filtered http
110/tcp open pop3
111/tcp filtered rpcbind
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open imap
443/tcp filtered https
445/tcp filtered microsoft-ds
993/tcp open imaps
995/tcp open pop3s
1723/tcp filtered pptp
3306/tcp filtered mysql
3389/tcp filtered ms-wbt-server
5900/tcp filtered vnc
8080/tcp filtered http-proxy
Nmap done: 1 IP address (1 host up) scanned in 1.64 seconds
Starting Nmap 7.60 ( ) at 2018-04-04 16:39 CDT
Nmap scan report for sdl03.ssi.private (10.0.0.22)
Host is up (0.86s latency).
PORT STATE SERVICE
21/tcp closed ftp
22/tcp closed ssh
23/tcp closed telnet
25/tcp closed smtp
53/tcp closed domain
80/tcp closed http
110/tcp open pop3
111/tcp closed rpcbind
135/tcp open msrpc
139/tcp closed netbios-ssn
143/tcp open imap
443/tcp closed https
445/tcp open microsoft-ds
993/tcp open imaps
995/tcp open pop3s
1723/tcp closed pptp
3306/tcp closed mysql
3389/tcp closed ms-wbt-server
5900/tcp closed vnc
8080/tcp closed http-proxy
Nmap done: 1 IP address (1 host up) scanned in 2.43 seconds
---------- Post updated at 04:45 PM ---------- Previous update was at 04:44 PM ----------
Sorry about the code tags thing...will do....total noob to the board too!
could run the script below and provide output using code tags!
#!/bin/bash
DISCOVERY ()
{
addr="${1}"
echo "DISCOVERY [${addr}]"
}
PORTS ()
{
addr="${1}"
echo " PORTS [${addr}]"
}
while read address junk
do
DISCOVERY "${address}"
PORTS "${address}"
done < activeips.txt
---------- Post updated at 05:53 PM ---------- Previous update was at 05:46 PM ----------
dirk_pitt:
Here's the output as it happens:
OS:Windows7Professional7601ServicePack1(Windows7Professional6.1)
FQDN:SD10.ssi.private
Starting Nmap 7.60 ( ) at 2018-04-04 16:39 CDT
Nmap scan report for sd10.ssi.private (10.0.0.13)
Host is up (0.86s latency).
PORT STATE SERVICE
21/tcp closed ftp
22/tcp closed ssh
23/tcp closed telnet
25/tcp closed smtp
53/tcp closed domain
80/tcp closed http
110/tcp open pop3
111/tcp closed rpcbind
135/tcp open msrpc
139/tcp closed netbios-ssn
143/tcp open imap
443/tcp closed https
445/tcp open microsoft-ds
993/tcp open imaps
995/tcp open pop3s
1723/tcp closed pptp
3306/tcp closed mysql
3389/tcp closed ms-wbt-server
5900/tcp closed vnc
8080/tcp closed http-proxy
Nmap done: 1 IP address (1 host up) scanned in 2.43 seconds
Starting Nmap 7.60 ( ) at 2018-04-04 16:39 CDT
Nmap scan report for 10.0.0.16
Host is up (0.0046s latency).
PORT STATE SERVICE
21/tcp filtered ftp
22/tcp open ssh
23/tcp filtered telnet
25/tcp filtered smtp
53/tcp filtered domain
80/tcp filtered http
110/tcp open pop3
111/tcp filtered rpcbind
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open imap
443/tcp filtered https
445/tcp filtered microsoft-ds
993/tcp open imaps
995/tcp open pop3s
1723/tcp filtered pptp
3306/tcp filtered mysql
3389/tcp filtered ms-wbt-server
5900/tcp filtered vnc
8080/tcp filtered http-proxy
Nmap done: 1 IP address (1 host up) scanned in 1.64 seconds
Starting Nmap 7.60 ( ) at 2018-04-04 16:39 CDT
Nmap scan report for sdl03.ssi.private (10.0.0.22)
Host is up (0.86s latency).
PORT STATE SERVICE
21/tcp closed ftp
22/tcp closed ssh
23/tcp closed telnet
25/tcp closed smtp
53/tcp closed domain
80/tcp closed http
110/tcp open pop3
111/tcp closed rpcbind
135/tcp open msrpc
139/tcp closed netbios-ssn
143/tcp open imap
443/tcp closed https
445/tcp open microsoft-ds
993/tcp open imaps
995/tcp open pop3s
1723/tcp closed pptp
3306/tcp closed mysql
3389/tcp closed ms-wbt-server
5900/tcp closed vnc
8080/tcp closed http-proxy
Nmap done: 1 IP address (1 host up) scanned in 2.43 seconds
---------- Post updated at 04:45 PM ---------- Previous update was at 04:44 PM ----------
Sorry about the code tags thing...will do....total noob to the board too!
I don't see anything wrong with this output
your DISCOVERY for 1st address:
Starting Nmap 7.60 ( ) at 2018-04-04 16:39 CDT
Nmap scan report for sd10.ssi.private (10.0.0.13)
Host is up (0.86s latency).
your PORTS for 1st address:
PORT STATE SERVICE
21/tcp closed ftp
22/tcp closed ssh
23/tcp closed telnet
25/tcp closed smtp
53/tcp closed domain
80/tcp closed http
110/tcp open pop3
111/tcp closed rpcbind
135/tcp open msrpc
139/tcp closed netbios-ssn
143/tcp open imap
443/tcp closed https
445/tcp open microsoft-ds
993/tcp open imaps
995/tcp open pop3s
1723/tcp closed pptp
3306/tcp closed mysql
3389/tcp closed ms-wbt-server
5900/tcp closed vnc
8080/tcp closed http-proxy
and so on....
Here ya go....this is the part that doesn't make sense....
In this output...for your test script....it LOOKS like they run back and forth
DISCOVERY [10.0.0.13]
PORTS [10.0.0.13]
DISCOVERY [10.0.0.16]
PORTS [10.0.0.16]
DISCOVERY [10.0.0.22]
PORTS [10.0.0.22]
DISCOVERY [10.0.0.17]
PORTS [10.0.0.17]
DISCOVERY [10.0.0.19]
PORTS [10.0.0.19]
DISCOVERY [10.0.0.20]
PORTS [10.0.0.20]
DISCOVERY [10.0.0.12]
PORTS [10.0.0.12]
DISCOVERY [10.0.0.11]
PORTS [10.0.0.11]
DISCOVERY [10.0.0.15]
PORTS [10.0.0.15]
DISCOVERY [10.0.0.24]
PORTS [10.0.0.24]
DISCOVERY [10.0.0.63]
PORTS [10.0.0.63]
DISCOVERY [10.0.0.62]
PORTS [10.0.0.62]
DISCOVERY [10.0.0.80]
PORTS [10.0.0.80]
But...as we run the actual nmap commands, I'm thinking that since the first one doesn't finish it as quick as the second one does, the second one just jumps to the next address and the next and the next. Maybe the syntax is all right, but we need a way to tell PORTS to wait for DISCOVERY to finish before they continue on to the next ip?
everything makes sense.DISCOVERY runs first - then PORTS runs one address at a time.
Your real script is a bit noisy in the output, but it produces output in the expected order.
To illustrate, here's your script with steps:
#!/bin/bash
DISCOVERY ()
{
addr="${1}"
echo "DISCOVERY [${addr}]"
nmap -v -p 139,445 --script=smb-os-discovery "${addr}" |grep -v 'smb-os-discovery' | grep -v 'OS CPE' | grep -v 'Computer name' | grep -v 'NetBI'
}
PORTS ()
{
addr="${1}"
echo " PORTS [${addr}]"
nmap -sT --top-ports 20 "${addr}"
}
while read address junk
do
DISCOVERY "${address}"
PORTS "${address}"
done < activeips.txt