├── README.md
└── nmapAutomator.sh


/README.md:
--------------------------------------------------------------------------------
 1 | # nmapAutomator
 2 | A script that you can run in the background!
 3 |   
 4 |   
 5 | # Summary
 6 | I have created this script as I was preparing for my OSCP exam.  
 7 | The main goal for this script is to automate all of the process of recon/enumeration that is run every time, and instead focus our attention on real pen testing.  
 8 |   
 9 | This will ensure two things:  
10 | 	1) Automate nmap scans. 
11 | 	2) Always have some recon running in the background. 
12 | 
13 | Once you find the inital ports in around 10 seconds, you then can start manually looking into those ports, and let the rest run in the background with no interaction from your side whatsoever.  
14 |   
15 |   
16 | # Features:
17 | 1. **Quick:**	Shows all open ports quickly (~15 seconds)  
18 | 1. **Basic:**	Runs Quick Scan, then runs a more thorough scan on found ports (~5 minutes)  
19 | 1. **UDP:**	  Runs "Basic" on UDP ports (~5 minutes)  
20 | 1. **Full:** 	Runs a full range port scan, then runs a thorough scan on new ports (~5-10 minutes)  
21 | 1. **Vulns:**	Runs CVE scan and nmap Vulns scan on all found ports (~5-15 minutes)  
22 | 1. **Recon:**	Runs "Basic" scan "if not yet run", then suggests recon commands "i.e. gobuster, nikto, smbmap" based on the found ports, then prompts to automatically run them  
23 | 1. **All:**  	Runs all the scans consecutively (~20-30 minutes)  
24 |   
25 | I tried to make the script as efficient as possible, so that you would get the results as fast as possible, without duplicating any work.  
26 | 
27 | Feel free to send your pull requests and contributions :)
28 |   
29 |   
30 | # Requirements:
31 | **Required:** Gobuster v3.0 or higher, as it is not backward compatible.  
32 | You can update gobuster on kali using:  
33 | ```bash
34 | apt-get update
35 | apt-get install gobuster --only-upgrade  
36 | ```
37 | 
38 | Other Recon tools used within the script include:
39 | * [nmap Vulners](https://github.com/vulnersCom/nmap-vulners)
40 | * [sslscan](https://github.com/rbsec/sslscan)
41 | * [nikto](https://github.com/sullo/nikto)
42 | * [joomscan](https://github.com/rezasp/joomscan)
43 | * [wpscan](https://github.com/wpscanteam/wpscan)
44 | * [droopescan](https://github.com/droope/droopescan)
45 | * [smbmap](https://github.com/ShawnDEvans/smbmap)
46 | * [enum4linux](https://github.com/portcullislabs/enum4linux)
47 | * [dnsrecon](https://github.com/darkoperator/dnsrecon)
48 | * [odat](https://github.com/quentinhardy/odat)
49 |   
50 |   
51 | # Examples of use:
52 | ```bash
53 | ./nmapAutomator.sh <TARGET-IP> <TYPE>  
54 | ./nmapAutomator.sh 10.1.1.1 All  
55 | ./nmapAutomator.sh 10.1.1.1 Basic  
56 | ./nmapAutomator.sh 10.1.1.1 Recon  
57 | ```
58 | 
59 | **If you want to use it anywhere on the system, create a shortcut using:**  
60 | `ln -s /PATH-TO-FOLDER/nmapAutomator.sh /usr/local/bin/`
61 | 
62 | 
63 | # TODO features list
64 | _**pull requests are more than welcome :)**_
65 | * Support DNS resolution "use of urls/domains instead of IPs"
66 | * Properly identify url extensions "testing index extensions for code 200"
67 | * Add more port-based automatic recon options
68 | * Add an nmap progress bar
69 | 


--------------------------------------------------------------------------------
/nmapAutomator.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | #by 21y4d
  3 | 
  4 | RED='\033[0;31m'
  5 | YELLOW='\033[0;33m'
  6 | GREEN='\033[0;32m'
  7 | NC='\033[0m'
  8 | 
  9 | SECONDS=0
 10 | 
 11 | usage(){
 12 | echo -e ""
 13 | echo -e "${RED}Usage: $0 <TARGET-IP> <TYPE>"
 14 | echo -e "${YELLOW}"
 15 | echo -e "Scan Types:"
 16 | echo -e "\tQuick:	Shows all open ports quickly (~15 seconds)"
 17 | echo -e "\tBasic:	Runs Quick Scan, then runs a more thorough scan on found ports (~5 minutes)"
 18 | echo -e "\tUDP:	Runs \"Basic\" on UDP ports (~5 minutes)"
 19 | echo -e "\tFull:	Runs a full range port scan, then runs a thorough scan on new ports (~5-10 minutes)"
 20 | echo -e "\tVulns:	Runs CVE scan and nmap Vulns scan on all found ports (~5-15 minutes)"
 21 | echo -e "\tRecon:	Suggests recon commands, then prompts to automatically run them"
 22 | echo -e "\tAll:	Runs all the scans (~20-30 minutes)"
 23 | echo -e "${NC}"
 24 | exit 1
 25 | }
 26 | 
 27 | header(){
 28 | echo -e ""
 29 | 
 30 | if [ "$2" == "All" ]; then
 31 | 	echo -e "${YELLOW}Running all scans on $1"
 32 | else
 33 | 	echo -e "${YELLOW}Running a $2 scan on $1"
 34 | fi
 35 | 
 36 | subnet=$(echo "$1" | cut -d "." -f 1,2,3)".0"
 37 | 
 38 | checkPing=$(checkPing "$1")
 39 | nmapType="nmap -Pn"
 40 | 
 41 | : '
 42 | #nmapType=`echo "${checkPing}" | head -n 1`
 43 | 
 44 | if [ "$nmapType" != "nmap" ]; then 
 45 | 	echo -e "${NC}"
 46 | 	echo -e "${YELLOW}No ping detected.. Running with -Pn option!"
 47 | 	echo -e "${NC}"
 48 | fi
 49 | '
 50 | 
 51 | ttl=$(echo "${checkPing}" | tail -n 1)
 52 | if [[  $(echo "${ttl}") != "nmap -Pn" ]]; then
 53 | 	osType="$(checkOS "$ttl")"	
 54 | 	echo -e "${NC}"
 55 | 	echo -e "${GREEN}Host is likely running $osType"
 56 | 	echo -e "${NC}"
 57 | fi
 58 | 
 59 | echo -e ""
 60 | echo -e ""
 61 | }
 62 | 
 63 | assignPorts(){
 64 | if [ -f nmap/Quick_"$1".nmap ]; then
 65 | 	basicPorts=$(cat nmap/Quick_"$1".nmap | grep open | cut -d " " -f 1 | cut -d "/" -f 1 | tr "\n" "," | cut -c3- | head -c-2)
 66 | fi
 67 | 
 68 | if [ -f nmap/Full_"$1".nmap ]; then
 69 | 	if [ -f nmap/Quick_"$1".nmap ]; then
 70 | 		allPorts=$(cat nmap/Quick_"$1".nmap nmap/Full_"$1".nmap | grep open | cut -d " " -f 1 | cut -d "/" -f 1 | tr "\n" "," | cut -c3- | head -c-1)
 71 | 	else
 72 | 		allPorts=$(cat nmap/Full_"$1".nmap | grep open | cut -d " " -f 1 | cut -d "/" -f 1 | tr "\n" "," | head -c-1)
 73 | 	fi
 74 | fi
 75 | 
 76 | if [ -f nmap/UDP_"$1".nmap ]; then
 77 | 	udpPorts=$(cat nmap/UDP_"$1".nmap | grep -w "open " | cut -d " " -f 1 | cut -d "/" -f 1 | tr "\n" "," | cut -c3- | head -c-2)
 78 | 	if [[ "$udpPorts" == "Al" ]]; then
 79 | 		udpPorts=""
 80 | 	fi
 81 | fi
 82 | }
 83 | 
 84 | checkPing(){
 85 | pingTest=$(ping -c 1 -W 3 "$1" | grep ttl)
 86 | if [[ -z $pingTest ]]; then
 87 | 	echo "nmap -Pn"
 88 | else
 89 | 	echo "nmap"
 90 | 	ttl=$(echo "${pingTest}" | cut -d " " -f 6 | cut -d "=" -f 2)
 91 | 	echo "${ttl}"
 92 | fi
 93 | }
 94 | 
 95 | checkOS(){
 96 | if [ "$1" == 256 ] || [ "$1" == 255 ] || [ "$1" == 254 ]; then
 97 |         echo "OpenBSD/Cisco/Oracle"
 98 | elif [ "$1" == 128 ] || [ "$1" == 127 ]; then
 99 |         echo "Windows"
100 | elif [ "$1" == 64 ] || [ "$1" == 63 ]; then
101 |         echo "Linux"
102 | else
103 |         echo "Unknown OS!"
104 | fi
105 | }
106 | 
107 | cmpPorts(){
108 | oldIFS=$IFS
109 | IFS=','
110 | touch nmap/cmpPorts_"$1".txt
111 | 
112 | for i in $(echo "${allPorts}")
113 | do
114 | 	if [[ "$i" =~ ^($(echo "${basicPorts}" | sed 's/,/\|/g'))$ ]]; then
115 |        	       :
116 |        	else
117 |        	        echo -n "$i," >> nmap/cmpPorts_"$1".txt
118 |        	fi
119 | done
120 | 
121 | extraPorts=$(cat nmap/cmpPorts_"$1".txt | tr "\n" "," | head -c-1)
122 | rm nmap/cmpPorts_"$1".txt
123 | IFS=$oldIFS
124 | }
125 | 
126 | quickScan(){
127 | echo -e "${GREEN}---------------------Starting Nmap Quick Scan---------------------"
128 | echo -e "${NC}"
129 | 
130 | $nmapType -T4 --max-retries 1 --max-scan-delay 20 --defeat-rst-ratelimit --open -oN nmap/Quick_"$1".nmap "$1"
131 | assignPorts "$1"
132 | 
133 | echo -e ""
134 | echo -e ""
135 | echo -e ""
136 | }
137 | 
138 | basicScan(){
139 | echo -e "${GREEN}---------------------Starting Nmap Basic Scan---------------------"
140 | echo -e "${NC}"
141 | 
142 | if [ -z $(echo "${basicPorts}") ]; then
143 |         echo -e "${YELLOW}No ports in quick scan.. Skipping!"
144 | else
145 | 	$nmapType -sCV -p$(echo "${basicPorts}") -oN nmap/Basic_"$1".nmap "$1" 
146 | fi
147 | 
148 | if [ -f nmap/Basic_"$1".nmap ] && [[ ! -z $(cat nmap/Basic_"$1".nmap | grep -w "Service Info: OS:") ]]; then
149 | 	serviceOS=$(cat nmap/Basic_"$1".nmap | grep -w "Service Info: OS:" | cut -d ":" -f 3 | cut -c2- | cut -d ";" -f 1 | head -c-1)
150 | 	if [[ "$osType" != "$serviceOS"  ]]; then
151 | 		osType=$(echo "${serviceOS}")
152 | 		echo -e "${NC}"
153 | 		echo -e "${NC}"
154 | 		echo -e "${GREEN}OS Detection modified to: $osType"
155 | 		echo -e "${NC}"
156 | 	fi
157 | fi
158 | 
159 | echo -e ""
160 | echo -e ""
161 | echo -e ""
162 | }
163 | 
164 | UDPScan(){
165 | echo -e "${GREEN}----------------------Starting Nmap UDP Scan----------------------"
166 | echo -e "${NC}"
167 | 
168 | $nmapType -sU --max-retries 1 --open -oN nmap/UDP_"$1".nmap "$1"
169 | assignPorts "$1"
170 | 
171 | if [ ! -z $(echo "${udpPorts}") ]; then
172 |         echo ""
173 |         echo ""
174 |         echo -e "${YELLOW}Making a script scan on UDP ports: $(echo "${udpPorts}" | sed 's/,/, /g')"
175 |         echo -e "${NC}"
176 | 	if [ -f /usr/share/nmap/scripts/vulners.nse ]; then
177 |         	$nmapType -sCVU --script vulners --script-args mincvss=7.0 -p$(echo "${udpPorts}") -oN nmap/UDP_"$1".nmap "$1"
178 | 	else
179 |         	$nmapType -sCVU -p$(echo "${udpPorts}") -oN nmap/UDP_"$1".nmap "$1"
180 | 	fi
181 | fi
182 | 
183 | echo -e ""
184 | echo -e ""
185 | echo -e ""
186 | }
187 | 
188 | fullScan(){
189 | echo -e "${GREEN}---------------------Starting Nmap Full Scan----------------------"
190 | echo -e "${NC}"
191 | 
192 | $nmapType -p- --max-retries 1 --max-rate 500 --max-scan-delay 20 -T4 -v -oN nmap/Full_"$1".nmap "$1"
193 | assignPorts "$1"
194 | 
195 | if [ -z $(echo "${basicPorts}") ]; then
196 | 	echo ""
197 |         echo ""
198 |         echo -e "${YELLOW}Making a script scan on all ports"
199 |         echo -e "${NC}"
200 |         $nmapType -sCV -p$(echo "${allPorts}") -oN nmap/Full_"$1".nmap "$1"
201 | 	assignPorts "$1"
202 | else
203 | 	cmpPorts "$1"
204 | 	if [ -z $(echo "${extraPorts}") ]; then
205 |         	echo ""
206 |         	echo ""
207 | 		allPorts=""
208 |         	echo -e "${YELLOW}No new ports"
209 | 		rm nmap/Full_"$1".nmap
210 |         	echo -e "${NC}"
211 | 	else
212 | 		echo ""
213 |         	echo ""
214 |         	echo -e "${YELLOW}Making a script scan on extra ports: $(echo "${extraPorts}" | sed 's/,/, /g')"
215 |         	echo -e "${NC}"
216 |         	$nmapType -sCV -p$(echo "${extraPorts}") -oN nmap/Full_"$1".nmap "$1"
217 | 		assignPorts "$1"
218 | 	fi
219 | fi
220 | 
221 | echo -e ""
222 | echo -e ""
223 | echo -e ""
224 | }
225 | 
226 | vulnsScan(){
227 | echo -e "${GREEN}---------------------Starting Nmap Vulns Scan---------------------"
228 | echo -e "${NC}"
229 | 
230 | if [ -z $(echo "${allPorts}") ]; then
231 | 	portType="basic"
232 | 	ports=$(echo "${basicPorts}")
233 | else
234 | 	portType="all"
235 | 	ports=$(echo "${allPorts}")
236 | fi
237 | 
238 | 
239 | if [ ! -f /usr/share/nmap/scripts/vulners.nse ]; then
240 | 	echo -e "${RED}Please install 'vulners.nse' nmap script:"
241 | 	echo -e "${RED}https://github.com/vulnersCom/nmap-vulners"
242 |         echo -e "${RED}"
243 |         echo -e "${RED}Skipping CVE scan!"
244 | 	echo -e "${NC}"
245 | else    
246 | 	echo -e "${YELLOW}Running CVE scan on $portType ports"
247 | 	echo -e "${NC}"
248 | 	$nmapType -sV --script vulners --script-args mincvss=7.0 -p$(echo "${ports}") -oN nmap/CVEs_"$1".nmap "$1"
249 | 	echo ""
250 | fi
251 | 
252 | echo ""
253 | echo -e "${YELLOW}Running Vuln scan on $portType ports"
254 | echo -e "${NC}"
255 | $nmapType -sV --script vuln -p$(echo "${ports}") -oN nmap/Vulns_"$1".nmap "$1"
256 | echo -e ""
257 | echo -e ""
258 | echo -e ""
259 | }
260 | 
261 | recon(){
262 | 
263 | reconRecommend "$1" | tee nmap/Recon_"$1".nmap
264 | 
265 | availableRecon=$(cat nmap/Recon_"$1".nmap | grep "$1" | cut -d " " -f 1 | sed 's/.\///g; s/.py//g; s/cd/odat/g;' | sort -u | tr "\n" "," | sed 's/,/,\ /g' | head -c-2)
266 | 
267 | secs=30
268 | count=0
269 | 
270 | reconCommand=""
271 | 
272 | if [ ! -z "$availableRecon"  ]; then
273 | 	while [ ! $(echo "${reconCommand}") == "!" ]; do
274 | 		echo -e "${YELLOW}"
275 | 		echo -e "Which commands would you like to run?${NC}\nAll (Default), $availableRecon, Skip <!>\n"
276 | 		while [[ ${count} -lt ${secs} ]]; do
277 | 			tlimit=$(( $secs - $count ))
278 | 			echo -e "\rRunning Default in (${tlimit}) s: \c"
279 | 			read -t 1 reconCommand
280 | 			[ ! -z "$reconCommand" ] && { break ;  }
281 | 			count=$((count+1))
282 | 		done
283 | 		if [ "$reconCommand" == "All" ] || [ -z $(echo "${reconCommand}") ]; then
284 | 			runRecon "$1" "All"
285 | 			reconCommand="!"
286 | 		elif [[ "$reconCommand" =~ ^($(echo "${availableRecon}" | tr ", " "|"))$ ]]; then
287 | 			runRecon "$1" $reconCommand
288 | 			reconCommand="!"
289 | 		elif [ "$reconCommand" == "Skip" ] || [ "$reconCommand" == "!" ]; then
290 | 			reconCommand="!"
291 | 			echo -e ""
292 | 			echo -e ""
293 | 			echo -e ""
294 | 		else
295 | 			echo -e "${NC}"
296 | 			echo -e "${RED}Incorrect choice!"
297 | 			echo -e "${NC}"
298 | 		fi
299 | 	done
300 | fi
301 | 
302 | }
303 | 
304 | reconRecommend(){
305 | echo -e "${GREEN}---------------------Recon Recommendations----------------------"
306 | echo -e "${NC}"
307 | 
308 | oldIFS=$IFS
309 | IFS=$'\n'
310 | 
311 | if [ -f nmap/Full_"$1".nmap ] && [ -f nmap/Basic_"$1".nmap ]; then
312 | 	ports=$(echo "${allPorts}")
313 | 	file=$(cat nmap/Basic_"$1".nmap nmap/Full_"$1".nmap | grep -w "open")
314 | elif [ -f nmap/Full_"$1".nmap ]; then
315 | 	ports=$(echo "${allPorts}")
316 | 	file=$(cat nmap/Quick_"$1".nmap nmap/Full_"$1".nmap | grep -w "open")
317 | elif [ -f nmap/Basic_"$1".nmap ]; then
318 | 	ports=$(echo "${basicPorts}")
319 | 	file=$(cat nmap/Basic_"$1".nmap | grep -w "open")
320 | else
321 | 	ports=$(echo "${basicPorts}")
322 | 	file=$(cat nmap/Quick_"$1".nmap | grep -w "open")
323 | 
324 | fi
325 | 
326 | if [[ ! -z $(echo "${file}" | grep -i http) ]]; then
327 | 	echo -e "${NC}"
328 | 	echo -e "${YELLOW}Web Servers Recon:"
329 | 	echo -e "${NC}"
330 | fi
331 | 
332 | for line in $file; do
333 | 	if [[ ! -z $(echo "${line}" | grep -i http) ]]; then
334 | 		port=$(echo "${line}" | cut -d "/" -f 1)
335 | 		if [[ ! -z $(echo "${line}" | grep -w "IIS") ]]; then
336 | 			pages=".html,.asp,.aspx,.php"
337 | 		else
338 | 			pages=".html,.php"
339 | 		fi
340 | 		if [[ ! -z $(echo "${line}" | grep ssl/http) ]]; then
341 | 			#echo "sslyze --regular $1 | tee recon/sslyze_$1_$port.txt"
342 | 			echo "sslscan $1 | tee recon/sslscan_$1_$port.txt"
343 | 			echo "gobuster dir -w /usr/share/wordlists/dirb/common.txt -l -t 30 -e -k -x $pages -u https://$1:$port -o recon/gobuster_$1_$port.txt"
344 | 			echo "nikto -host https://$1:$port -ssl | tee recon/nikto_$1_$port.txt"
345 | 		else
346 | 			echo "gobuster dir -w /usr/share/wordlists/dirb/common.txt -l -t 30 -e -k -x $pages -u http://$1:$port -o recon/gobuster_$1_$port.txt"
347 | 			echo "nikto -host $1:$port | tee recon/nikto_$1_$port.txt"
348 | 		fi
349 | 		echo ""
350 | 	fi
351 | done
352 | 
353 | if [ -f nmap/Basic_"$1".nmap ]; then
354 | 	cms=$(cat nmap/Basic_"$1".nmap | grep http-generator | cut -d " " -f 2)
355 | 	if [ ! -z $(echo "${cms}") ]; then
356 | 		for line in $cms; do
357 | 			port=$(cat nmap/Basic_"$1".nmap | grep "$line" -B1 | grep -w "open" | cut -d "/" -f 1)
358 | 			if [[ "$cms" =~ ^(Joomla|WordPress|Drupal)$ ]]; then
359 | 				echo -e "${NC}"
360 | 				echo -e "${YELLOW}CMS Recon:"
361 | 				echo -e "${NC}"
362 | 			fi
363 | 			case "$cms" in
364 | 				Joomla!) echo "joomscan --url $1:$port | tee recon/joomscan_$1_$port.txt";;
365 | 				WordPress) echo "wpscan --url $1:$port --enumerate p | tee recon/wpscan_$1_$port.txt";;
366 | 				Drupal) echo "droopescan scan drupal -u $1:$port | tee recon/droopescan_$1_$port.txt";;
367 | 			esac
368 | 		done
369 | 	fi
370 | fi
371 | 
372 | if [[ ! -z $(echo "${file}" | grep -w "445/tcp") ]]; then
373 | 	echo -e "${NC}"
374 | 	echo -e "${YELLOW}SMB Recon:"
375 | 	echo -e "${NC}"
376 | 	echo "smbmap -H $1 | tee recon/smbmap_$1.txt"
377 | 	echo "smbclient -L \"//$1/\" -U \"guest\"% | tee recon/smbclient_$1.txt"
378 | 	if [[ $osType == "Windows" ]]; then
379 | 		echo "nmap -Pn -p445 --script vuln -oN recon/SMB_vulns_$1.txt $1"
380 | 	fi
381 | 	if [[ $osType == "Linux" ]]; then
382 | 		echo "enum4linux -a $1 | tee recon/enum4linux_$1.txt"
383 | 	fi
384 | 	echo ""
385 | elif [[ ! -z $(echo "${file}" | grep -w "139/tcp") ]] && [[ $osType == "Linux" ]]; then
386 | 	echo -e "${NC}"
387 | 	echo -e "${YELLOW}SMB Recon:"
388 | 	echo -e "${NC}"
389 | 	echo "enum4linux -a $1 | tee recon/enum4linux_$1.txt"
390 | 	echo ""
391 | fi
392 | 
393 | 
394 | if [ -f nmap/UDP_"$1".nmap ] && [[ ! -z $(cat nmap/UDP_"$1".nmap | grep open | grep -w "161/udp") ]]; then
395 | 	echo -e "${NC}"
396 | 	echo -e "${YELLOW}SNMP Recon:"
397 | 	echo -e "${NC}"
398 | 	echo "snmp-check $1 -c public | tee recon/snmpcheck_$1.txt"
399 | 	echo "snmpwalk -Os -c public -v1 $1 | tee recon/snmpwalk_$1.txt"
400 | 	echo ""
401 | fi
402 | 
403 | if [[ ! -z $(echo "${file}" | grep -w "53/tcp") ]]; then
404 | 	echo -e "${NC}"
405 | 	echo -e "${YELLOW}DNS Recon:"
406 | 	echo -e "${NC}"
407 | 	echo "host -l $1 $1 | tee recon/hostname_$1.txt"
408 | 	echo "dnsrecon -r $subnet/24 -n $1 | tee recon/dnsrecon_$1.txt"
409 | 	echo "dnsrecon -r 127.0.0.0/24 -n $1 | tee recon/dnsrecon-local_$1.txt"
410 | 	echo "dig -x $1 @$1 | tee recon/dig_$1.txt"
411 | 	echo ""
412 | fi
413 | 
414 | if [[ ! -z $(echo "${file}" | grep -w "389/tcp") ]]; then
415 |         echo -e "${NC}"
416 |         echo -e "${YELLOW}ldap Recon:"
417 |         echo -e "${NC}"
418 |         echo "ldapsearch -x -h $1 -s base | tee recon/ldapsearch_$1.txt"
419 |         echo "ldapsearch -x -h $1 -b \$(cat recon/ldapsearch_$1.txt | grep rootDomainNamingContext | cut -d ' ' -f2) | tee recon/ldapsearch_DC_$1.txt"
420 |         echo "nmap -Pn -p 389 --script ldap-search --script-args 'ldap.username=\"\$(cat recon/ldapsearch_$1.txt | grep rootDomainNamingContext | cut -d \\" \\" -f2)\"' $1 -oN recon/nmap_ldap_$1.txt"
421 | 	echo ""
422 | fi
423 | 
424 | if [[ ! -z $(echo "${file}" | grep -w "1521/tcp") ]]; then
425 | 	echo -e "${NC}"
426 | 	echo -e "${YELLOW}Oracle Recon \"Exc. from Default\":"
427 | 	echo -e "${NC}"
428 | 	echo "cd /opt/odat/;#$1;"
429 | 	echo "./odat.py sidguesser -s $1 -p 1521"
430 | 	echo "./odat.py passwordguesser -s $1 -p 1521 -d XE --accounts-file accounts/accounts-multiple.txt"
431 | 	echo "cd -;#$1;"
432 | 	echo ""
433 | fi
434 | 
435 | IFS=$oldIFS
436 | 
437 | echo -e ""
438 | echo -e ""
439 | echo -e ""
440 | }
441 | 
442 | runRecon(){
443 | echo -e ""
444 | echo -e ""
445 | echo -e ""
446 | echo -e "${GREEN}---------------------Running Recon Commands----------------------"
447 | echo -e "${NC}"
448 | 
449 | oldIFS=$IFS
450 | IFS=$'\n'
451 | 
452 | if [[ ! -d recon/ ]]; then
453 |         mkdir recon/
454 | fi
455 | 
456 | if [ "$2" == "All" ]; then
457 | 	reconCommands=$(cat nmap/Recon_"$1".nmap | grep "$1" | grep -v odat)
458 | else
459 | 	reconCommands=$(cat nmap/Recon_"$1".nmap | grep "$1" | grep "$2")
460 | fi
461 | 
462 | for line in $(echo "${reconCommands}"); do
463 | 	currentScan=$(echo "$line" | cut -d " " -f 1 | sed 's/.\///g; s/.py//g; s/cd/odat/g;' | sort -u | tr "\n" "," | sed 's/,/,\ /g' | head -c-2)
464 | 	fileName=$(echo "${line}" | awk -F "recon/" '{print $2}' | head -c-1)
465 | 	if [ ! -z recon/$(echo "${fileName}") ] && [ ! -f recon/$(echo "${fileName}") ]; then
466 | 		echo -e "${NC}"
467 | 		echo -e "${YELLOW}Starting $currentScan scan"
468 | 		echo -e "${NC}"
469 | 		echo "$line" | /bin/bash
470 | 		echo -e "${NC}"
471 | 		echo -e "${YELLOW}Finished $currentScan scan"
472 | 		echo -e "${NC}"
473 | 		echo -e "${YELLOW}========================="
474 | 	fi
475 | done
476 | 
477 | IFS=$oldIFS
478 | 
479 | echo -e ""
480 | echo -e ""
481 | echo -e ""
482 | }
483 | 
484 | footer(){
485 | 
486 | echo -e "${GREEN}---------------------Finished all Nmap scans---------------------"
487 | echo -e "${NC}"
488 | echo -e ""
489 | 
490 | if (( $SECONDS > 3600 )) ; then
491 |     let "hours=SECONDS/3600"
492 |     let "minutes=(SECONDS%3600)/60"
493 |     let "seconds=(SECONDS%3600)%60"
494 |     echo -e "${YELLOW}Completed in $hours hour(s), $minutes minute(s) and $seconds second(s)" 
495 | elif (( $SECONDS > 60 )) ; then
496 |     let "minutes=(SECONDS%3600)/60"
497 |     let "seconds=(SECONDS%3600)%60"
498 |     echo -e "${YELLOW}Completed in $minutes minute(s) and $seconds second(s)"
499 | else
500 |     echo -e "${YELLOW}Completed in $SECONDS seconds"
501 | fi
502 | echo -e ""
503 | }
504 | 
505 | if (( "$#" != 2 )); then
506 | 	usage
507 | fi
508 | 
509 | if [[ $1 =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
510 | 	:
511 | else
512 | 	echo -e "${RED}"
513 | 	echo -e "${RED}Invalid IP!"
514 | 	echo -e "${RED}"
515 | 	usage
516 | fi
517 | 
518 | if [[ "$2" =~ ^(Quick|Basic|UDP|Full|Vulns|Recon|All|quick|basic|udp|full|vulns|recon|all)$ ]]; then
519 | 	if [[ ! -d $1 ]]; then
520 | 	        mkdir "$1"
521 | 	fi
522 | 
523 | 	cd "$1" || exit
524 | 	
525 | 	if [[ ! -d nmap/ ]]; then
526 | 	        mkdir nmap/
527 | 	fi
528 | 	
529 | 	assignPorts "$1"
530 | 
531 | 	header "$1" "$2"
532 | 	
533 | 	case "$2" in
534 | 		Quick | quick) 	quickScan "$1";;
535 | 		Basic | basic)	if [ ! -f nmap/Quick_"$1".nmap ]; then quickScan "$1"; fi
536 | 				basicScan "$1";;
537 | 		UDP | udp) 	UDPScan "$1";;
538 | 		Full | full) 	fullScan "$1";;
539 | 		Vulns | vulns) 	if [ ! -f nmap/Quick_"$1".nmap ]; then quickScan "$1"; fi
540 | 				vulnsScan "$1";;
541 | 		Recon | recon) 	if [ ! -f nmap/Quick_"$1".nmap ]; then quickScan "$1"; fi
542 | 				if [ ! -f nmap/Basic_"$1".nmap ]; then basicScan "$1"; fi
543 | 				recon "$1";;
544 | 		All | all)	quickScan "$1"
545 | 				basicScan "$1"
546 | 				UDPScan "$1"
547 | 				fullScan "$1"
548 | 				vulnsScan "$1"
549 | 				recon "$1";;
550 | 	esac
551 | 	
552 | 	footer
553 | else
554 | 	echo -e "${RED}"
555 | 	echo -e "${RED}Invalid Type!"
556 | 	echo -e "${RED}"
557 | 	usage
558 | fi
559 | 


--------------------------------------------------------------------------------