Solved

need a little bash script

Posted on 2014-11-05
23
135 Views
Last Modified: 2014-11-18
I need a very simple bash script to help me determine when a new device is on the network using a range of IPs.

-set range of IPs in script or at command line when calling script
ire: 192.168.45.1-20 or 192.168.45.1-192.168.45.20 - Meaning the range would be 192.168.45.1 to 20
-nmap each IP and display ONLY those who respond
-show responding IP and show open ports with one space between each

Should be a pretty simple one to someone, but not to me :(
0
Comment
Question by:projects
  • 12
  • 7
  • 4
23 Comments
 
LVL 29

Expert Comment

by:MikeOM_DBA
ID: 40426831
Try something like this:
IP=192.168.45
> ip_resp.out
start=1
end=20
(( i = $start ))
while [ $i -le $end ]
do
  ip0="${IP}.$i"
  echo $ip0
  resp=`ping -c 1 -L $ip0`
  [ `echo $resp|grep 'Host Unreachable'|wc -l` -eq 0 ] && echo $resp >> ip_resp.out
  (( i += 1 ))
done
cat ip_resp.out

Open in new window

:p
0
 

Author Comment

by:projects
ID: 40426889
Thanks.

Here is the output;

# ./looky
192.168.2.1
192.168.2.2
192.168.2.3
192.168.2.4
192.168.2.5
192.168.2.6
192.168.2.7
192.168.2.8
192.168.2.9
192.168.2.10
0
 
LVL 29

Expert Comment

by:MikeOM_DBA
ID: 40426977
That is from the "echo" command, you need to cat the ip_resp.out file.
Or change the script to this:
IP=192.168.45
start=1
end=20
(( i = $start ))
while [ $i -le $end ]
do
  ip0="${IP}.$i"
  resp=`ping -c 1 -L $ip0`
  [ `echo $resp|grep 'Host Unreachable'|wc -l` -eq 0 ] && echo $resp 
  (( i += 1 ))
done

Open in new window

0
 

Author Comment

by:projects
ID: 40427012
Nothing in the file or on the screen, same as before.
0
 
LVL 29

Expert Comment

by:MikeOM_DBA
ID: 40427114
Works for me:
==> cat m3
#192.168.45.1-192.168.45.20
#IP=192.168.45
IP=192.168.10
start=41
end=50
(( i = $start ))
while [ $i -le $end ]
do
  ip0="${IP}.$i"
  resp=`ping -c 1 -L $ip0`
  if [ `echo $resp|grep 'Host Unreachable'|wc -l` -eq 0 ]
  then
    echo $resp
  else
    echo "$ip0 Host Unreachable"
  fi
  (( i += 1 ))
done

==> ./m3
192.168.10.41 Host Unreachable
192.168.10.42 Host Unreachable
PING 192.168.10.43 (192.168.10.43) 56(84) bytes of data. 64 bytes from 192.168.10.43: icmp_seq=1 ttl=64 time=0.043 ms --- 192.168.10.43 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms
192.168.10.44 Host Unreachable
192.168.10.45 Host Unreachable
192.168.10.46 Host Unreachable
192.168.10.47 Host Unreachable
192.168.10.48 Host Unreachable
192.168.10.49 Host Unreachable
192.168.10.50 Host Unreachable

Open in new window

0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40427115
Some minor changes, asker may not get Host Unreachable:

IP=192.168.45
start=1
end=20
(( i = $start ))
while [ $i -le $end ]
do
  ip0="${IP}.$i"
  echo "Pinging: $ip0"
  resp=`ping -c 1 -w 1 $ip0`
  [ `echo $resp|grep -v " 0% packet loss" | wc -l` -eq 0 ] && echo "Reachable: $ip0"
  (( i += 1 ))
done

Open in new window


Start like this: bash ./script

What do you get? Note the extra echo to see which host is being pinged.
0
 

Author Comment

by:projects
ID: 40427142
I actually don't want to see any output other than the ports and the IP if possible.
The point is to get a quick undistorted list of what is running on a certain IP range.
0
 

Author Comment

by:projects
ID: 40427145
Same output, IP's being looked at are listed, nothing in the file
0
 
LVL 29

Expert Comment

by:MikeOM_DBA
ID: 40427180
My latest scripts does not produce a file.
==> cat m3
#192.168.45.1-192.168.45.20
#IP=192.168.45
IP=10.1.15
start=10
end=20
(( i = $start ))
while [ $i -le $end ]
do
  ip0="${IP}.$i"
  resp=`ping -c 1 -L $ip0`
  [ `echo $resp|grep 'Host Unreachable'|wc -l` -eq 0 ] && echo "$ip0 ok."
  (( i += 1 ))
done

==> ./m3
10.1.15.10 ok.
10.1.15.11 ok.
10.1.15.12 ok.
10.1.15.13 ok.
10.1.15.14 ok.
10.1.15.15 ok.
10.1.15.16 ok.
10.1.15.17 ok.
10.1.15.18 ok.
10.1.15.19 ok.
10.1.15.20 ok.

Open in new window

Tested in RedHat Linux and AIX.
0
 

Author Comment

by:projects
ID: 40427248
Well, it knows which IPs have something on them but it doesn't show anything else.

# ./looky
192.168.2.100 ok.
192.168.2.101 ok.
192.168.2.102 ok.
192.168.2.104 ok.
192.168.2.105 ok.

What I need would be something like this;

# ./looky
192.168.2.100 ok.
Port 22 Enabled (what ever nmap says)
Port 80 Enabled

192.168.2.101 ok.
Port 80 Enabled

192.168.2.102 ok.
Port 21 Enabled

192.168.2.104 ok.
Port 22 Enabled

192.168.2.105 ok.
Port 22 Enabled
Port 80 Enabled

Just a nice clean output and is easy to see. The nmap range for ports could be a X to X variable I guess.
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40427813
I'll Just add the nmap command after the echo like this:

(echo "Reachable: $ip0" ; nmap $ip0)

if you need extra parameters, just put them in at the top of the script and add them to the nmap command line as needed.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:projects
ID: 40428457
The output is still too much for a long range of IPs.

It should be more like;

Get rid of this>  Starting Nmap 5.00 ( http://nmap.org ) at 2014-11-07 07:42 MST
Interesting ports on 192.168.2.100:
Get rid of this> Not shown: 999 closed ports
Get rid of this> PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 08:57:00:41:2E:6A (Unknown)

So the output would be;

Interesting ports on 192.168.2.100:
22/tcp open  ssh
MAC Address: 08:57:00:41:2E:6A (Unknown)


I need to get rid of all the other useless info to make the output nice and clean.

Don't need any of the following, when a host is down, don't want to know about it.

Starting Nmap 5.00 ( http://nmap.org ) at 2014-11-07 07:46 MST
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 0.33 seconds
Reachable: 192.168.2.110

This is what I have now;
#!/bin/bash

#192.168.45.1-192.168.45.20
#IP=192.168.45

IP=192.168.2
start=100
end=110
(( i = $start ))
while [ $i -le $end ]
do
  ip0="${IP}.$i"
    resp=`ping -c 1 -L $ip0`
      [ `echo $resp|grep 'Host Unreachable'|wc -l` -eq 0 ] && echo "$ip0 ok."
    echo "Reachable: $ip0" ; nmap -p 21,22,80 $ip0

        (( i += 1 ))
        done

Open in new window

0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40428593
You should just have to add a filter with grep to the nmap output. Can check this layer for you.
0
 

Author Comment

by:projects
ID: 40429218
I'm not a programmer, that's why I posted asking for the code.
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40429652
Try this:

IP=192.168.2
start=100
end=200
ports="21,22,80"
(( i = $start ))
while [ $i -le $end ]
do
  ip0="${IP}.$i"
  #echo "Pinging: $ip0"
  resp=`ping -c 1 -w 1 $ip0`
  [ `echo $resp|grep -v " 0% packet loss" | wc -l` -eq 0 ] && (echo "Reachable: $ip0" ; nmap -sV -p ${ports} $ip0 | grep -e " open " -e " closed " -e " done:")
  (( i += 1 ))
done

Open in new window


Sample output:
Reachable: 192.168.6.100
80/tcp open     http-proxy
Nmap done: 1 IP address (1 host up) scanned in 15.31 seconds
Reachable: 192.168.6.147
80/tcp open     tcpwrapped
Nmap done: 1 IP address (1 host up) scanned in 9.59 seconds
Reachable: 192.168.6.151
Nmap done: 1 IP address (1 host up) scanned in 9.27 seconds
Reachable: 192.168.6.160
22/tcp open     ssh     OpenSSH
Nmap done: 1 IP address (1 host up) scanned in 15.40 seconds

Open in new window

0
 

Author Comment

by:projects
ID: 40429680
Wow, my output is a mess compared to yours;

# ./looky
Reachable: 192.168.2.100
21/tcp closed ftp
22/tcp open   ssh     Dropbear sshd 2014.63 (protocol 2.0)
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds
Reachable: 192.168.2.101
21/tcp closed ftp
22/tcp open   ssh     OpenSSH 5.1p1 Debian 5ubuntu1 (protocol 2.0)
80/tcp open   http    Apache httpd 2.2.16 ((Debian))
Nmap done: 1 IP address (1 host up) scanned in 6.45 seconds
Reachable: 192.168.2.102
21/tcp closed ftp
22/tcp open   ssh     Dropbear sshd 2014.63 (protocol 2.0)
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds
Reachable: 192.168.2.103
21/tcp closed ftp
22/tcp open   ssh     Dropbear sshd 2014.63 (protocol 2.0)
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds
0
 

Author Comment

by:projects
ID: 40448292
Never did get this to work so what do I do with this question now?
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40448369
Your output is not a mess, it is showing what you want essentially.

You are getting every host that is alive and after that a list of each port that is available.

How is this not working for you?
0
 

Author Comment

by:projects
ID: 40448470
Hmm, you're right, it's pretty close. The output looks messy because there is no spacing and there is a completed message.
Any way of adding a space between each result and removing the ' Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds' message?
Also, I need the MAC address to show as well such as follows;

# ./looky
192.168.2.100 MAC 11:22:33:44:55:66
21/tcp closed ftp
22/tcp open   ssh     Dropbear sshd 2014.63 (protocol 2.0)
80/tcp closed http

This is what it looks like now;

Reachable: 192.168.2.101
21/tcp closed ftp
22/tcp open   ssh     OpenSSH 5.1p1 Debian 5ubuntu1 (protocol 2.0)
80/tcp open   http    Apache httpd 2.2.16 ((Debian))
Nmap done: 1 IP address (1 host up) scanned in 6.49 seconds
Reachable: 192.168.2.103
21/tcp closed ftp
22/tcp open   ssh     Dropbear sshd 2014.63 (protocol 2.0)
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds
0
 
LVL 37

Assisted Solution

by:Gerwin Jansen
Gerwin Jansen earned 500 total points
ID: 40448698
Read your request about adding open port numbers with spaces, try this:
IP=192.168.1
start=100
end=200
ports="21,22,80"
(( i = $start ))
while [ $i -le $end ]
do
  ip0="${IP}.$i"
  #echo "Pinging: $ip0"
  resp=`ping -c 1 -w 1 $ip0`
  [ `echo $resp|grep -v " 0% packet loss" | wc -l` -eq 0 ] && echo Reachable: $ip0 $(nmap -sV -p ${ports} $ip0 | grep -e " open " -e " closed " -e " done:" | grep " open" | cut -d"/" -f1 | tr "\n" " ")
  (( i += 1 ))
done

Open in new window


Output will look like this:

Reachable: 192.168.2.100 80
Reachable: 192.168.2.101 22 80
Reachable: 192.168.2.102 22

I don't get any mac addresses from nmap.
0
 

Author Comment

by:projects
ID: 40448704
That is really nice and clean.
Nmap does show the mac address, that's part of its usefulness. I really need that also however. It even gives the OS or hardware info if there is any. Very useful.

See below for example of using nmap;

# nmap -p 21,22,80 192.168.2.100-120

Starting Nmap 5.00 ( http://nmap.org ) at 2014-11-17 16:06 MST
Interesting ports on 192.168.2.100:
PORT   STATE  SERVICE
21/tcp closed ftp
22/tcp open   ssh
80/tcp closed http
MAC Address: 09:47:00:41:2E:6A (Unknown)

Interesting ports on 192.168.2.101:
PORT   STATE  SERVICE
21/tcp closed ftp
22/tcp open   ssh
80/tcp open   http
MAC Address: 80:2D:E1:10:51:23 (Unknown)

Interesting ports on 192.168.2.103:
PORT   STATE  SERVICE
21/tcp closed ftp
22/tcp open   ssh
80/tcp closed http
MAC Address: 09:47:00:46:99:2A (Unknown)

Interesting ports on 192.168.2.104:
PORT   STATE    SERVICE
21/tcp filtered ftp
22/tcp filtered ssh
80/tcp filtered http
MAC Address: B8:3E:59:23:1F:DC (Unknown)

Nmap done: 21 IP addresses (4 hosts up) scanned in 2.02 seconds
0
 
LVL 37

Accepted Solution

by:
Gerwin Jansen earned 500 total points
ID: 40449158
MAC was not in your original question, I checked again, nmap 6.45 does not show the MAC address with the parameters you specify. Could be a difference in nmap version, you have a very old one btw.
[root@localhost]# nmap -p 21,22,80 192.168.80.136

Starting Nmap 6.45 ( http://nmap.org ) at 2014-11-18 02:34 EST
Nmap scan report for 192.168.80.136
Host is up (0.000074s latency).
PORT   STATE  SERVICE
21/tcp closed ftp
22/tcp closed ssh
80/tcp open   http

Nmap done: 1 IP address (1 host up) scanned in 1.26 seconds
[root@localhost]#

Open in new window

0
 

Author Comment

by:projects
ID: 40450587
I definitely need to see the MAC address but you're right, I forgot to mention that in my question.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

This Windows batch file is useful for organizing image files from a digital camera or other source, but can have many other uses.  It simply renames the file(s) to match their create date.  For example, if you took a picture today at 1:40pm and the …
Background Still having to process all these year-end "csv" files received from all these sources (including Government entities), sometimes we have the need to examine the contents due to data error, etc... As a "Unix" shop, our only readily …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now