scripter.sh

#!/bin/bash


if [ $# -ne 2 ]; then
        echo "[*] The scripter needs a name and a target IP.."
        echo "[*] Usage: $0 <name>  and <target-IP ADDRESS>"
        exit 0
fi

SCAN_NAME=$1
IP_ADDR=$2

##########	>>>HOUSEKEEPING<<<   ##########

if [ -e ./${SCAN_NAME}/nmap/UNIQUE__SERVICES ];then
	echo "Removing the previous temp files.."
	rm -f ./${SCAN_NAME}/nmap/UNIQUE_PORT* 
	rm -f ./${SCAN_NAME}/nmap/UNIQUE_SERVICES 
	rm -f ./${SCAN_NAME}/nmap/SCRIPT*
	rm -f ./${SCAN_NAME}/nmap/NSE*
fi


if [[ -e "./${SCAN_NAME}/nmap/TCPscan_full" && -e "./${SCAN_NAME}/nmap/UDPscan" ]]
then
	echo ""
	echo "--------------------------------------------------------------------------------"
	echo "Checking the services for >>> ALL 65535 TCP and TOP 100 UDP <<< scanned ports.."
	echo "--------------------------------------------------------------------------------"
	echo ""

	cat ./${SCAN_NAME}/nmap/UNIQUE__SERVICES

	echo ""
	echo "--------------------------------------"
        echo ">>> Consider to scan all UDP ports <<<"
	echo "--------------------------------------"
        echo ""


else
	echo ""
	echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
	echo "+								+"
	echo "+   There is NO FULL TCP PORT SCAN file in the directory  +"
	echo "+								+"
	echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"

fi


cat ./${SCAN_NAME}/nmap/UNIQUE__SERVICES | awk -F " " '{print $3}' | cut -d "/" -f1 | cut -d "-" -f 1 | sed 's/[!@#$%^&*()_+"?]//g' > ./${SCAN_NAME}/nmap/UNIQUE__SERVICES_temp
cat ./${SCAN_NAME}/nmap/UNIQUE__SERVICES | cut -d "/" -f 1 > ./${SCAN_NAME}/nmap/UNIQUE__PORT_NUMS_temp	
paste ./${SCAN_NAME}/nmap/UNIQUE__SERVICES_temp ./${SCAN_NAME}/nmap/UNIQUE__PORT_NUMS_temp > ./${SCAN_NAME}/nmap/SCRIPT_ARGS

sed -e 's/netbios/smb/g' ./${SCAN_NAME}/nmap/SCRIPT_ARGS > ./${SCAN_NAME}/nmap/SCRIPT_ARGS_TMP 
mv ./${SCAN_NAME}/nmap/SCRIPT_ARGS_TMP ./${SCAN_NAME}/nmap/SCRIPT_ARGS


sleep 3

for services in $(cat ./${SCAN_NAME}/nmap/UNIQUE__SERVICES);do
	ls /usr/share/nmap/scripts | grep -w $services >> ./${SCAN_NAME}/nmap/NSE_SCRIPTS
done

#echo ""
#echo "****************************************"
#echo "The following scripts were find: "
#echo "****************************************"
#echo ""
#cat ./${SCAN_NAME}/nmap/NSE_SCRIPTS
#echo "----------------------------------------"
#sleep 3

#read -p "Do you want to delete some of the scripts?[y/n]" -n 1 -r
#echo
#if [ "$DEC" =~^(yes|y| ) ]; then
#	read -p "Which lines do you want to delete? [1,2,3 or 1-3]"
#	
#	echo


echo "****************************************"
echo "The below scripts *could* be run, cros-check"
echo "them with running services, the parser "
echo "could missed smth "
echo "****************************************"

NUM_LINES=`wc -l ./${SCAN_NAME}/nmap/SCRIPT_ARGS | cut -d " " -f1`
for ((a=1; a <= NUM_LINES ; a++));do
	echo "nmap -p$(cat ./${SCAN_NAME}/nmap/SCRIPT_ARGS | cut -f2 | sed -n ''$a''p) $IP_ADDR --script=banner,\"(not default) and $(cat ./${SCAN_NAME}/nmap/SCRIPT_ARGS | cut -f1 | sed -n ''$a''p)-*\"" | tee -a ./${SCAN_NAME}/nmap/SCRIPTS_NMAP
	echo ""
done

if [[ "$(grep -cim1 "smb" ./${SCAN_NAME}/nmap/SCRIPT_ARGS)" -ge 1 ]];then
	echo "****************************************"
	echo "NOTE that in the scripts for the netbios service"
	echo "the SAMBA sripts were launched "
	echo "****************************************"
fi

echo ""
echo "****************************************"
echo "Launching the scripts..."	
echo "****************************************"
echo ""


tabber () {
WID=$(xprop -root | grep "_NET_ACTIVE_WINDOW(WINDOW)"| awk '{print $5}')
xdotool windowfocus $WID
xdotool key ctrl+shift+t
wmctrl -i -a $WID
sleep 1;
xdotool type --delay 1 --clearmodifiers "$1 $2 $3";
xdotool key Return;
}

getports(){
ports=$(cat ./${SCAN_NAME}/nmap/SCRIPT_ARGS | grep -i "$1" | cut -f2 | tr '\n' ','| sed 's/.$//')
echo $ports
}


mkdir -p ./${SCAN_NAME}/nmap/nse
#touch ./${SCAN_NAME}/nmap/SCRIPT_RESULTS
#gnome-terminal --tab -- /bin/bash -c "ls; exec bash"
# OLD style
#tabber "echo FTP__CHECK; nmap -v -p$(cat ./${SCAN_NAME}/nmap/SCRIPT_ARGS | grep "ftp" | cut -f2) ${IP_ADDR} --script=banner,\"ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum,ftp-brute\" | tee -a  ./${SCAN_NAME}/nmap/SCRIPT_RESULTS"


###################################### FTP check ####################################################

if [[ "$(grep -cim1 "ftp" ./${SCAN_NAME}/nmap/SCRIPT_ARGS)" -ge 1 ]];then

gnome-terminal --tab --title="FTP" -- /bin/bash -c "nmap -v -sS -p'$(getports "ftp")' '${IP_ADDR}' --script \"ftp-*\" -oN ./'${SCAN_NAME}'/nmap/nse/FTP_out; exec bash"

fi
 
###################################### SAMBA check ####################################################

if [[ "$(grep -cim1 "smb\|445" ./${SCAN_NAME}/nmap/SCRIPT_ARGS)" -ge 1 ]];then


#gnome-terminal --tab --title="SMB" -- /bin/bash -c "nmap -v -sS -p139,445,'$(getports "smb")' '${IP_ADDR}' --script \"smb-*\" -oN ./'${SCAN_NAME}'/nmap/nse/SMB_out; exec bash"
gnome-terminal --tab --title="SMB" -- /bin/bash -c "nmap -v -sS -p139,445,'$(getports "smb")' '${IP_ADDR}' --script \"(enum or vuln) and smb-*\" --script-args=unsafe=1 -oN ./'${SCAN_NAME}'/nmap/nse/SMB_out; exec bash"

gnome-terminal --tab --title="ENUM4LINUX" -- /bin/bash -c "enum4linux -a '${IP_ADDR}' | tee -a  ./'${SCAN_NAME}'/nmap/ENUM4LINUX; exec bash" 

fi

###################################### SMTP check #####################################################

if [[ "$(grep -cim1 "smtp" ./${SCAN_NAME}/nmap/SCRIPT_ARGS)" -ge 1 ]];then

gnome-terminal --tab --title="SMTP" -- /bin/bash -c "nmap -v -sS -p'$(getports "smtp")' '${IP_ADDR}' --script \"smtp-*\" -oN ./'${SCAN_NAME}'/nmap/nse/SMTP_out; exec bash"

fi

###################################### TELNET check ####################################################

if [[ "$(grep -cim1 "telnet" ./${SCAN_NAME}/nmap/SCRIPT_ARGS)" -ge 1 ]];then

gnome-terminal --tab --title="TELNET" -- /bin/bash -c "nmap -v -sS -p'$(getports "telnet")' '${IP_ADDR}' --script \"telnet-*\" -oN ./'${SCAN_NAME}'/nmap/nse/TELNET_out; exec bash"


fi

###################################### HTTP check #####################################################

if [[ "$(grep -cim1 "http" ./${SCAN_NAME}/nmap/SCRIPT_ARGS)" -ge 1 ]];then

gnome-terminal --tab --title="HTTP_CHECK" -- /bin/bash -c "nmap -v -sS -p'$(getports "http")' '${IP_ADDR}' --script \"(discovery or version or exploit or vuln) and http-*\" -oN ./'${SCAN_NAME}'/nmap/HTTP_CHECK_out; exec bash"


gnome-terminal --tab --title="NIKTO" -- /bin/bash -c "nikto -h '${IP_ADDR}' -C all -o ./'${SCAN_NAME}'/nikto.txt; exec bash"
  
#gnome-terminal --tab --title="Gobuster-common" -- /bin/bash -c "gobuster -u http://'${IP_ADDR}' -w usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -s '200,204,301,302,307,403,500' -e -o ./'${SCAN_NAME}'/nmap/COMMON_GOBUSTER; exec bash"
gnome-terminal --tab --title="Gobuster-common" -- /bin/bash -c "gobuster -u http://'${IP_ADDR}' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -s '200,204,301,302,307,403,500' -e -x php -t 20 -o ./'${SCAN_NAME}'/nmap/gobuster_root_medium; exec bash"

fi

###################################### SSL check #######################################################

if [[ "$(grep -cim1 "ssl" ./${SCAN_NAME}/nmap/SCRIPT_ARGS)" -ge 1 ]];then

gnome-terminal --tab --title="SSL_CHECK" -- /bin/bash -c "nmap -v -sS -p443 '${IP_ADDR}' --script \"ssl-*\" -oN ./'${SCAN_NAME}'/nmap/SSL_out; exec bash"

fi

###################################### MS-SQL check #######################################################

if [[ "$(grep -cim1 "ms-sql" ./${SCAN_NAME}/nmap/UNIQUE__SERVICES_temp)" -ge 1 ]];then

gnome-terminal --tab --title="MS_SQL" -- /bin/bash -c "nmap -v -sS -p'$(getports "mssql")' '${IP_ADDR}' --script \"mssql-*\" -oN ./'${SCAN_NAME}'/nmap/MS_SQL_out; exec bash"

fi

###################################### MYSQL check #######################################################

if [[ "$(grep -cim1 "mysql" ./${SCAN_NAME}/nmap/UNIQUE__SERVICES_temp)" -ge 1 ]];then

gnome-terminal --tab --title="MY_SQL" -- /bin/bash -c "nmap -v -sS -p'$(getports "mysql")' '${IP_ADDR}' --script \"mysql-*\" -oN ./'${SCAN_NAME}'/nmap/MY_SQL_out; exec bash"

fi

###################################### SSH check #######################################################

if [[ "$(grep -cim1 "ssh" ./${SCAN_NAME}/nmap/UNIQUE__SERVICES_temp)" -ge 1 ]];then

gnome-terminal --tab --title="SSH" -- /bin/bash -c "nmap -v -sS -p'$(getports "ssh")' '${IP_ADDR}' --script \"ssh-*\" -oN ./'${SCAN_NAME}'/nmap/SSH_out; exec bash"

fi

###################################### MSRPC check #######################################################

if [[ "$(grep -cim1 "msrpc" ./${SCAN_NAME}/nmap/UNIQUE__SERVICES_temp)" -ge 1 ]];then

gnome-terminal --tab --title="MSRPC" -- /bin/bash -c "nmap -v -sS -p'$(getports "msrpc")' '${IP_ADDR}' --script \"msrpc-*\" -oN ./'${SCAN_NAME}'/nmap/MSRPC_out; exec bash"

fi

###################################### SNMP check ######################################################

if [[ "$(grep -cim1 "snmp" ./${SCAN_NAME}/nmap/SCRIPT_ARGS)" -ge 1 ]];then

gnome-terminal --tab --title="SNMP" -- /bin/bash -c "nmap -v -sU -p'$(getports "snmp")' '${IP_ADDR}' --script \"snmp-*\" -oN ./'${SCAN_NAME}'/nmap/SNMP_out; exec bash"

tabber "snmp-check ${IP_ADDR} | tee -a  ./${SCAN_NAME}/nmap/SNMP_CHECK"


###  MODIFY IT LATER ###
gnome-terminal -x sh -c "echo USER ACCOUNTS;snmpwalk -c public -v1 ${IP_ADDR} 1.3.6.1.4.1.77.1.2.25;
			 echo Software Name;snmpwalk -c public -v1 ${IP_ADDR} 1.3.6.1.2.1.25.6.3.1.2; 
			 echo Storage Units;snmpwalk -c public -v1 ${IP_ADDR} 1.3.6.1.2.1.25.2.3.1.4; 
			 echo Process Path;snmpwalk -c public -v1 ${IP_ADDR} 1.3.6.1.2.1.25.4.2.1.4; 
			 echo Running Programs;snmpwalk -c public -v1 ${IP_ADDR} 1.3.6.1.2.1.25.4.2.1.2; 
			 echo System Processes;snmpwalk -c public -v1 ${IP_ADDR} 1.3.6.1.2.1.25.1.6.0; 
			 echo TCP Local Portss;snmpwalk -c public -v1 ${IP_ADDR} 1.3.6.1.2.1.13.1.3;bash" 2>/dev/null

fi
###	###	###	###

sleep 5

echo ""
echo "[+]"
echo "[+] The results from the nmap scripts will be stored ./${SCAN_NAME}/nmap folder"
echo "[+]"
echo ""

#if [[ "$(grep -cim1 "http" ./${SCAN_NAME}/nmap/SCRIPT_ARGS)" -ge 1 ]];then
#	echo ""
#        echo "[+]"
#        echo "[+] HTTP is present run DIRBUSTER!"
#	echo "[+] and do not forget about MEDUSA"
#        echo "[+]"
#        echo "[+] medusa -h <IPADDRESS> -u <USERNAME> -P /usr/share/wordlists/rockyou.txt -M http -m DIR:/<SUBFOLDER> -f -b -t <NUMofLOGINS>"
#        echo "[+] hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.11.1.24 http-post-form \"/admin.php:user_login=^USER^&password=^PASS^&Login=Login:F=incorrect:H=Location: http://10.11.1.24/admin.php?target=auth\" "
#	echo "[+] hydra -l ralph -P /usr/share/wordlists/rockyou.txt 10.11.1.31 http-post-form \"/base-login.asp:txtLoginID=^USER^&txtPassword=^PASS^&cmdSubmit=Login:ACCESS DENIED\" -V -f -t 8 "
#	echo ""
#fi
#
#if [[ "$(grep -cim1 "rdp" ./${SCAN_NAME}/nmap/SCRIPT_ARGS)" -ge 1 ]];then
#	echo ""
#        echo "[+]"
#        echo "[+] RDP is present, you could run NCRACK!"
#        echo "[+]"
#        echo "[+] ncrack -u \<USER\> -P /usr/share/wordlists/rockyou.txt -p \<PORT\> \<IPADDRESS\>"
#        echo "[+]"
#	echo ""
#fi
#
#if [[ "$(grep -cim1 "snmp" ./${SCAN_NAME}/nmap/SCRIPT_ARGS)" -ge 1 ]];then
#	echo ""
#        echo "[+]"
#        echo "[+] SNMP is present run HYDRA!"
#        echo "[+]"
#	echo ""
#fi
#
#if [[ "$(grep -cim1 "ssh" ./${SCAN_NAME}/nmap/SCRIPT_ARGS)" -ge 1 ]];then
#	echo ""
#        echo "[+]"
#        echo "[+] SSH is present run HYDRA or NCRACK!"
#        echo "[+]"
#        echo "[+] ncrack -u root/\<USERNAME\> \<IPADDRESS\>:22"
#        echo "[+]"
#	echo "[+] hydra -l root/\<USERNAME\> -P /usr/share/wordlists/rockyou.txt ${IP_ADDR}  ssh"
#	echo ""
#fi
#