PageRenderTime 60ms CodeModel.GetById 21ms RepoModel.GetById 0ms app.codeStats 1ms

/examples/sweep.pl

https://github.com/gitpan/Nmap-Parser-XML
Perl | 313 lines | 102 code | 37 blank | 174 comment | 30 complexity | d87fafd1b11612b9aa5ece15d7825f8e MD5 | raw file
Possible License(s): GPL-2.0 
    

  1. #!/usr/bin/perl

    2. 

  2. #Anthony G. Persaud

    3. 

  3. #sweep.pl

    4. 

  4. #Description:

    5. 

  5. #	It takes in a nmap xml file and prints a list of active and inactive

    6. 

  6. #	hosts.

    7. 

  7. 

    8. 

  8. #This program is free  software; you can redistribute  it and/or modify it under

    9. 

  9. #the terms of the  GNU General Public License  as published by the Free Software

    10. 

  10. #Foundation; either  version 2  of the  License, or  (at your  option) any later

    11. 

  11. #version.

    12. 

  12. #

    13. 

  13. #This program is distributed in the hope that it will be useful, but WITHOUT ANY

    14. 

  14. #WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A

    15. 

  15. #PARTICULAR PURPOSE.  See the GNU General Public License for more details.

    16. 

  16. #

    17. 

  17. # Changelog:

    18. 

  18. # APS 01/29/2004: Changed run_nmap_scan to use parsescan().

    19. 

  19. #		  $nmap_exe is set to default 'nmap' if find_exe returns empty

    20. 

  20. # APS 02/03/2004: Added ability to read IPs from a file

    21. 

  21. # APS 02/05/2004: Added ability output active IP (up state) to a file

    22. 

  22. #

    23. 

  23. #

    24. 

  24. #

    25. 

  25. #

    26. 

  26. #

    27. 

  27. #

    28. 

  28. 

    29. 

  29. 

    30. 

  30. 

    31. 

  31. use strict;

    32. 

  32. use Nmap::Parser::XML;

    33. 

  33. use constant TEST_FILE => 'example.xml';

    34. 

  34. use constant CMD1 => '-sP --randomize_hosts';

    35. 

  35. use File::Spec;

    36. 

  36. use Getopt::Long;

    37. 

  37. use Pod::Usage;

    38. 

  38. use vars qw(%G);

    39. 

  39. Getopt::Long::Configure('bundling');

    40. 

  40. 

    41. 

  41. my $p = new Nmap::Parser::XML;

    42. 

  42. 

    43. 

  43. print "\nsweep.pl - ( http://npx.sourceforge.net )\n",

    44. 

  44. 	('-'x50),"\n\n";

    45. 

  45. 

    46. 

  46. GetOptions(

    47. 

  47. 		'help|h|?'	=> \$G{helpme},

    48. 

  48. 		'v+'		=> \$G{verbose},

    49. 

  49. 		'i=s'		=> \$G{usefile},

    50. 

  50. 		'L=s'		=> \$G{ipfile},

    51. 

  51. 		'o=s'		=> \$G{output_active}

    52. 

  52. ) or (pod2usage(-exitstatus => 0, -verbose => 2));

    53. 

  53. 

    54. 

  54. if($G{helpme} || (!$G{usefile} && scalar @ARGV == 0 && !$G{ipfile}))

    55. 

  55. 	{pod2usage(-exitstatus => 0, -verbose => 2)}

    56. 

  56. 

    57. 

  57. if($G{usefile} eq ''){$p = run_nmap_scan(@ARGV);}

    58. 

  58. else {

    59. 

  59. 	#use the input file

    60. 

  60. 	print 'Using InputFile: '.$G{usefile}."\n" if($G{verbose} > 0);

    61. 

  61. 	if(not -e $G{usefile})

    62. 

  62. 	{print STDERR "ERROR: File $G{usefile} does not exists!\n"; exit;}

    63. 

  63. 	$p->parsefile($G{usefile});

    64. 

  64. 	}

    65. 

  65. 

    66. 

  66. if($G{output_active}){

    67. 

  67. 	open OUTPUT ,">$G{output_active}" ||

    68. 

  68. 	die "ERROR: Could open $G{output_active} for writing!\n$!\n";

    69. 

  69. }

    70. 

  70. 

    71. 

  71. 

    72. 

  72. print "Active Hosts Scanned:\n";

    73. 

  73. my (@ipa,@ipb);

    74. 

  74. for my $ip ( $p->get_host_list('up')){

    75. 

  75. 

    76. 

  76. 	print "\t$ip\n";

    77. 

  77. 	if($G{output_active}){

    78. 

  78. 	print OUTPUT "$ip\n";

    79. 

  79. 		}

    80. 

  80. 	}

    81. 

  81. 

    82. 

  82. if($G{output_active}){close OUTPUT;}

    83. 

  83. 

    84. 

  84. print "\n";

    85. 

  85. #printing inactive hosts

    86. 

  86. print "Inactive Hosts Scanned:\n";

    87. 

  87. for my $ip ( $p->get_host_list('down')){print "\t$ip\n";}

    88. 

  88. 

    89. 

  89. if($G{output_active}){print "\nSaved output file: $G{output_active}\n";}

    90. 

  90. 

    91. 

  91. ################################################################################

    92. 

  92. ##				Utility Functions			      ##

    93. 

  93. ################################################################################

    94. 

  94. sub find_exe {

    95. 

  95. 

    96. 

  96.     my $exe_to_find = shift;

    97. 

  97.     $exe_to_find =~ s/\.exe//;

    98. 

  98.     local($_);

    99. 

  99.     local(*DIR);

    100. 

  100. 

    101. 

  101.     for my $dir (File::Spec->path()) {

    102. 

  102.         opendir(DIR,$dir) || next;

    103. 

  103.         my @files = (readdir(DIR));

    104. 

  104.         closedir(DIR);

    105. 

  105. 

    106. 

  106.         my $path;

    107. 

  107.         for my $file (@files) {

    108. 

  108.             $file =~ s/\.exe$//;

    109. 

  109.             next unless($file eq $exe_to_find);

    110. 

  110. 

    111. 

  111.             $path = File::Spec->catfile($dir,$file);

    112. 

  112.             #  Should symbolic link be considered?  Helps me on cygwin but ...

    113. 

  113.             next unless -r $path && (-x _ || -l _);

    114. 

  114. 

    115. 

  115.             return $path;

    116. 

  116.            last DIR;

    117. 

  117.         }

    118. 

  118.     }

    119. 

  119. 

    120. 

  120. }

    121. 

  121. 

    122. 

  122. 

    123. 

  123. sub run_nmap_scan {

    124. 

  124. my @ips = @_;

    125. 

  125. my($NMAP,$cmd);

    126. 

  126. 

    127. 

  127. 	if($G{ipfile} && -e $G{ipfile})

    128. 

  128. 		{push @ips ,read_ips_from_file($G{ipfile});

    129. 

  129. 		if($G{verbose} > 0){

    130. 

  130. 		print STDERR "\nIP file contains:\n";

    131. 

  131. 		for(@ips){print STDERR "\t$_\n";}

    132. 

  132. 		print "\n";}

    133. 

  133. 		}

    134. 

  134. 	elsif($G{ipfile} && !-e $G{ipfile})

    135. 

  135. 		{warn "WARNING: IP file $G{ipfile} does not exist!\n";}

    136. 

  136. 

    137. 

  137. 

    138. 

  138. 	$cmd = join ' ', (CMD1, @ips);

    139. 

  139. 

    140. 

  140. 	my $nmap_exe = find_exe('nmap');

    141. 

  141. 	if($nmap_exe eq '')

    142. 

  142. 	{warn "ERROR: nmap executable not found in \$PATH\n";

    143. 

  143. 	$nmap_exe = 'nmap';}

    144. 

  144. 

    145. 

  145. 	print 'Running: '.$nmap_exe.' '.$cmd."\n" if($G{verbose} > 0);

    146. 

  146. 

    147. 

  147. 	$p->parsescan($nmap_exe,$cmd);

    148. 

  148. return $p;

    149. 

  149. }

    150. 

  150. 

    151. 

  151. 

    152. 

  152. sub read_ips_from_file {

    153. 

  153. my $filename = shift;

    154. 

  154. my @ips;

    155. 

  155. open FILE, "$filename" || die "ERROR: Could not open $filename! \nERROR: $!";

    156. 

  156. for(<FILE>){

    157. 

  157. chomp; # no newline

    158. 

  158. s/#.*//; # no comments

    159. 

  159. s/^\s+//; # no leading white

    160. 

  160. s/\s+$//; # no trailing white

    161. 

  161. next unless length; # anything left?

    162. 

  162. push @ips , $_; #it might be a host name too, so don't expect only numbers

    163. 

  163. 	}

    164. 

  164. close FILE;

    165. 

  165. 

    166. 

  166. return @ips;

    167. 

  167. 

    168. 

  168. }

    169. 

  169. 

    170. 

  170. __END__

    171. 

  171. 

    172. 

  172. =pod

    173. 

  173. 

    174. 

  174. =head1 NAME

    175. 

  175. 

    176. 

  176. status_check - scans multiple hosts to determine their network status

    177. 

  177. 

    178. 

  178. =head1 SYNOPSIS

    179. 

  179. 

    180. 

  180.  status_check.pl [OPTS] <IP_ADDR> [<IP.ADDR> ...]

    181. 

  181. 

    182. 

  182. =head1 DESCRIPTION

    183. 

  183. 

    184. 

  184. This script uses the nmap security scanner with the Nmap::Parser::XML module

    185. 

  185. in order to run a quick PING sweep against specific hosts. It will then inform

    186. 

  186. of which hosts were active (up) and inactive (down).

    187. 

  187. 

    188. 

  188. =head1 OPTIONS

    189. 

  189. 

    190. 

  190. These options are passed as command line parameters.

    191. 

  191. 

    192. 

  192. =over 4

    193. 

  193. 

    194. 

  194. =item B<-i nmapscan.xml>

    195. 

  195. 

    196. 

  196. Runs the script using the given xml file (which is nmap xml scan data) instead

    197. 

  197. of actually running a scan against the given set of hosts. This is useful if

    198. 

  198. you only have the xml data on a given machine, and not nmap.

    199. 

  199. 

    200. 

  200. =item B<-h,--help,-?>

    201. 

  201. 

    202. 

  202. Shows this help information.

    203. 

  203. 

    204. 

  204. =item B<-L ips.txt>

    205. 

  205. 

    206. 

  206. Reads IP addresses from filename.txt to run a scan against. The IP addresses

    207. 

  207. should be in the target specification format explained below.

    208. 

  208. 

    209. 

  209. =item B<-o output.txt>

    210. 

  210. 

    211. 

  211. Saves the IP addresses found to be active (in state 'up') to a given file. This

    212. 

  212. file contains each of the active IP addresses found, one on each line. This is

    213. 

  213. useful if you wish to use the file with other programs or scripts.

    214. 

  214. 

    215. 

  215. =item B<-v>

    216. 

  216. 

    217. 

  217. This runs the script in verbose mode. The more times used, the more verbose

    218. 

  218. the script will be.

    219. 

  219. 

    220. 

  220. =back 4

    221. 

  221. 

    222. 

  222. =head1 TARGET SPECIFICATION

    223. 

  223. 

    224. 

  224. This documentation was taken from the nmap man page. The IP address inputs

    225. 

  225. to this scripts should be in the nmap target specification format.

    226. 

  226. 

    227. 

  227. The  simplest  case is listing single hostnames or IP addresses onthe command

    228. 

  228. line. If you want to scan a subnet of  IP addresses, you can append '/mask' to

    229. 

  229. the hostname or IP address. mask must be between 0 (scan the whole internet) and

    230. 

  230.  32 (scan the single host specified). Use /24 to scan a class 'C' address and

    231. 

  231.  /16 for a class 'B'.

    232. 

  232. 

    233. 

  233. You can use a more powerful notation which lets you specify an IP address

    234. 

  234. using lists/ranges for each element. Thus you can scan the whole class 'B'

    235. 

  235. network 128.210.*.* by specifying '128.210.*.*' or '128.210.0-255.0-255' or

    236. 

  236. even use the mask notation: '128.210.0.0/16'. These are all equivalent.

    237. 

  237. If you use asterisks ('*'), remember that most shells require you to escape

    238. 

  238. them with  back  slashes or protect them with quotes.

    239. 

  239. 

    240. 

  240. Another interesting thing to do is slice the Internet the other way.

    241. 

  241. 

    242. 

  242. Examples:

    243. 

  243. 

    244. 

  244.  status_check.pl 127.0.0.1

    245. 

  245.  status_check.pl target.example.com

    246. 

  246.  status_check.pl target.example.com/24

    247. 

  247.  status_check.pl 10.210.*.1-127

    248. 

  248.  status_check.pl *.*.2.3-5

    249. 

  249.  status_check.pl 10.[10-15].10.[2-254]

    250. 

  250. 

    251. 

  251. 

    252. 

  252. =head1 OUTPUT EXAMPLE

    253. 

  253. 

    254. 

  254. These are ONLY examples of how the output would look like.

    255. 

  255. 

    256. 

  256.   Status Check

    257. 

  257.   -------------------------------------------

    258. 

  258. 

    259. 

  259.   Active Hosts Scanned:

    260. 

  260.           127.0.0.5

    261. 

  261.           127.0.0.6

    262. 

  262.           127.0.0.2

    263. 

  263.           127.0.0.1

    264. 

  264.           127.0.0.4

    265. 

  265. 

    266. 

  266.   Inactive Hosts Scanned:

    267. 

  267.           127.0.0.3

    268. 

  268.           192.168.0.1

    269. 

  269.           192.168.0.2

    270. 

  270.           192.168.2.4

    271. 

  271. 

    272. 

  272. 

    273. 

  273. The output of the file if using the '-o file.txt' option will look like (using

    274. 

  274. the IPs from the previous example):

    275. 

  275. 

    276. 

  276.  127.0.0.5

    277. 

  277.  127.0.0.6

    278. 

  278.  127.0.0.2

    279. 

  279.  127.0.0.1

    280. 

  280.  127.0.0.4

    281. 

  281. 

    282. 

  282. 

    283. 

  283. =head1 BUG REPORTS

    284. 

  284. 

    285. 

  285. Please submit any bugs to:

    286. 

  286. L<http://sourceforge.net/tracker/?group_id=97509&atid=618345>

    287. 

  287. 

    288. 

  288. =head1 SEE ALSO

    289. 

  289. 

    290. 

  290. L<Nmap::Parser::XML>

    291. 

  291. 

    292. 

  292. The Nmap::Parser::XML page can be found at: L<http://npx.sourceforge.net/>.

    293. 

  293. It contains the latest developments on the module. The nmap security scanner

    294. 

  294. homepage can be found at: L<http://www.insecure.org/nmap/>.

    295. 

  295. 

    296. 

  296. =head1 AUTHOR

    297. 

  297. 

    298. 

  298.  Anthony G Persaud <ironstar@iastate.edu>

    299. 

  299. 

    300. 

  300. =head1 COPYRIGHT

    301. 

  301. 

    302. 

  302. This program is free software; you can redistribute it and/or modify it under

    303. 

  303. the terms of the GNU General Public License as published by the Free Software

    304. 

  304. Foundation; either version 2 of the License, or (at your option) any later

    305. 

  305. version.

    306. 

  306. 

    307. 

  307. This program is distributed in the hope that it will be useful, but WITHOUT ANY

    308. 

  308. WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR

    309. 

  309. A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

    310. 

  310. 

    311. 

  311. L<http://www.opensource.org/licenses/gpl-license.php>

    312. 

  312. 

    313. 

  313. =cut

    314. 

  314.