我是靠谱客的博主 朴实过客,最近开发中收集的这篇文章主要介绍黑客零基础第二章--信息收集第四章-自动化综合信息收集工具1.场景2.自动化信息收集工具3.修改后脚本,觉得挺不错的,现在分享给大家,希望可以做个参考。
概述
本章讲述自动化信息收集工具nmapAutomator。该工具将很多信息收集工具进行集成,自动全面的帮助attacker收集目标信息。
1.场景
虚拟机:vmware
攻击主机:kali
IP:192.168.239.142
靶机:Windows10
IP:192.168.239.1
服务:xampp启动的apache
2.自动化信息收集工具
nmapAutomator的主要目标是将每次运行的枚举和重建过程自动化,而将我们的注意力放在真正的测试上。
这将确保两件事。
-
自动进行nmap扫描。
-
总是有一些侦察在后台运行。
一旦在 "5-10秒 "内找到初始端口,我们就可以开始手动查看这些端口,并让其余的端口在后台运行,我们这边不需要任何交互。
用法:
./nmapAutomator.sh -h
Usage: nmapAutomator.sh -H/--host <TARGET-IP> -t/--type <TYPE>
Optional: [-r/--remote <REMOTE MODE>] [-d/--dns <DNS SERVER>] [-o/--output <OUTPUT DIRECTORY>] [-s/--static-nmap <STATIC NMAP PATH>]
Scan Types:
Network : 显示主机网络中的所有实时主机 (~15 seconds)
Port : 显示所有开放的端口 (~15 seconds)
Script : 对发现的端口运行脚本扫描 (~5 minutes)
Full : 运行全范围的端口扫描,然后对新端口进行彻底扫描 (~5-10 minutes)
UDP : 运行一个UDP扫描,"需要sudo" (~5 minutes)
Vulns : 在所有发现的端口上运行CVE扫描和nmap漏洞扫描 (~5-15 minutes)
Recon : 建议重建命令,然后提示自动运行它们
All : 运行所有的扫描 (~20-30 minutes)
举例
./nmapAutomator.sh --host 10.1.1.1 --type All
./nmapAutomator.sh -H 10.1.1.1 -t Basic
./nmapAutomator.sh -H academy.htb -t Recon -d 1.1.1.1
./nmapAutomator.sh -H 10.10.10.10 -t network -s ./nmap
脚本中使用的其他侦察工具包括:
-
nmap Vulners:nmap的NES脚本扫描,主要是相关协议的漏洞。
-
sslscan:SSLScan查询SSL服务,如HTTPS,以确定所支持的密码。SSLScan被设计为简单、精简和快速。它的输出包括SSL服务的首选密码、证书以及文本和XML格式。
-
nikto:Nikto是一个开源的WEB扫描评估软件,可以对Web服务器进行多项安全测试,能在230多种服务器上扫描出 2600多种有潜在危险的文件、CGI及其他问题。Nikto可以扫描指定主机的WEB类型、主机名、指定目录、特定CGI漏洞、返回主机允许的 http模式等。
-
joomscan:漏洞扫描程序(JoomScan)是一个开源项目,旨在自动执行Joomla CMS部署中的漏洞检测和可靠性保证任务。该工具在Perl中实现,可以无缝轻松地扫描Joomla安装,同时通过其轻量级和模块化架构留下最小的占地面积。它不仅可以检测已知的攻击性漏洞,还能够检测到许多错误配置和管理员级别的缺陷,这些缺陷可被攻击者利用来破坏系统。
-
wpscan:WPScan介绍 WPScan是Kali Linux默认自带的一款漏洞扫描工具,它采用Ruby编写,能够扫描WordPress网站中的多种安全漏洞,其中包括WordPress本身的漏洞、插件漏洞和主题漏洞。
-
droopescan:Droopescan是一款基于插件的扫描器,可帮助安全研究人员发现Drupal,SilverStripe,Wordpress,Joomla(枚举版本信息和可利用URL地址)和Moodle的问题。
-
smbmap:SMBMap允许用户列举整个域的samba共享驱动器。列出共享驱动器、驱动器权限、共享内容、上传/下载功能、文件名自动下载模式匹配,甚至执行远程命令。这个工具的设计考虑到了笔测试,目的是简化在大型网络中搜索潜在的敏感数据。
-
enum4linux:上篇介绍
-
dnsrecon:上篇介绍
-
odat:ODAT(Oracle Database Attacking Tool)是一款开源的渗透测试工具,主要用于测试远端oracle数据库的安全性。
-
smtp-user-enum:smtp-user-enum是kali自带的,使用Perl编写的工具,其原理就是通过上述的三种命令枚举用户账户。
-
snmp-check:snmp-check允许你列举SNMP设备,并将输出放在一个非常人可读的友好格式中。它对渗透测试或系统监控很有用。
-
snmpwalk:上篇介绍
-
ldapsearch:它将帮助你在LDAP目录树中搜索条目。
注:以上软件需要自行安装,笔者已经试过,每个软件的安装都可以通过apt进行。经过笔者测试,此脚本如果直接使用,扫描速度非常慢。所以笔者对脚本进行修改,在提升速度的基础上保证了信息收集的正确性。
3.修改后脚本
修改了以下几个地方:
1. 提升gobuster 线程数到50。
2. 屏蔽nikto扫描,实际网络中速度非常慢。
3. nmap加上参数–min-rate用于提升扫描速度。
4. 屏蔽nmap脚本漏洞扫描,实际网络中速度非常慢。
5. 屏蔽fullScan()函数。
笔者用这个脚本进行OSCP考试。在做BOF时,同时开启四个脚本扫4个IP。做完BOF直接获得扫描结果。
#!/bin/bash
RED='�33[0;31m'
YELLOW='�33[0;33m'
GREEN='�33[0;32m'
NC='�33[0m'
SECONDS=0
usage(){
echo -e ""
echo -e "${RED}Usage: $0 <TARGET-IP> <TYPE>"
echo -e "${YELLOW}"
echo -e "Scan Types:"
echo -e "tQuick: Shows all open ports quickly (~15 seconds)"
echo -e "tBasic: Runs Quick Scan, then runs a more thorough scan on found ports (~5 minutes)"
echo -e "tUDP: Runs "Basic" on UDP ports (~5 minutes)"
echo -e "tFull: Runs a full range port scan, then runs a thorough scan on new ports (~5-10 minutes)"
echo -e "tVulns: Runs CVE scan and nmap Vulns scan on all found ports (~5-15 minutes)"
echo -e "tRecon: Suggests recon commands, then prompts to automatically run them"
echo -e "tAll: Runs all the scans (~20-30 minutes)"
echo -e "${NC}"
exit 1
}
header(){
echo -e ""
if [ "$2" == "All" ]; then
echo -e "${YELLOW}Running all scans on $1"
else
echo -e "${YELLOW}Running a $2 scan on $1"
fi
subnet=$(echo "$1" | cut -d "." -f 1,2,3)".0"
checkPing=$(checkPing "$1")
nmapType="nmap -Pn"
: '
#nmapType=`echo "${checkPing}" | head -n 1`
if [ "$nmapType" != "nmap" ]; then
echo -e "${NC}"
echo -e "${YELLOW}No ping detected.. Running with -Pn option!"
echo -e "${NC}"
fi
'
ttl=$(echo "${checkPing}" | tail -n 1)
if [[ $(echo "${ttl}") != "nmap -Pn" ]]; then
osType="$(checkOS "$ttl")"
echo -e "${NC}"
echo -e "${GREEN}Host is likely running $osType"
echo -e "${NC}"
fi
echo -e ""
echo -e ""
}
assignPorts(){
if [ -f nmap/Quick_"$1".nmap ]; then
basicPorts=$(cat nmap/Quick_"$1".nmap | grep open | cut -d " " -f 1 | cut -d "/" -f 1 | tr "n" "," | cut -c3- | head -c-2)
fi
if [ -f nmap/Full_"$1".nmap ]; then
if [ -f nmap/Quick_"$1".nmap ]; then
allPorts=$(cat nmap/Quick_"$1".nmap nmap/Full_"$1".nmap | grep open | cut -d " " -f 1 | cut -d "/" -f 1 | tr "n" "," | cut -c3- | head -c-1)
else
allPorts=$(cat nmap/Full_"$1".nmap | grep open | cut -d " " -f 1 | cut -d "/" -f 1 | tr "n" "," | head -c-1)
fi
fi
if [ -f nmap/UDP_"$1".nmap ]; then
udpPorts=$(cat nmap/UDP_"$1".nmap | grep -w "open " | cut -d " " -f 1 | cut -d "/" -f 1 | tr "n" "," | cut -c3- | head -c-2)
if [[ "$udpPorts" == "Al" ]]; then
udpPorts=""
fi
fi
}
checkPing(){
pingTest=$(ping -c 1 -W 3 "$1" | grep ttl)
if [[ -z $pingTest ]]; then
echo "nmap -Pn"
else
echo "nmap"
ttl=$(echo "${pingTest}" | cut -d " " -f 6 | cut -d "=" -f 2)
echo "${ttl}"
fi
}
checkOS(){
if [ "$1" == 256 ] || [ "$1" == 255 ] || [ "$1" == 254 ]; then
echo "OpenBSD/Cisco/Oracle"
elif [ "$1" == 128 ] || [ "$1" == 127 ]; then
echo "Windows"
elif [ "$1" == 64 ] || [ "$1" == 63 ]; then
echo "Linux"
else
echo "Unknown OS!"
fi
}
cmpPorts(){
oldIFS=$IFS
IFS=','
touch nmap/cmpPorts_"$1".txt
for i in $(echo "${allPorts}")
do
if [[ "$i" =~ ^($(echo "${basicPorts}" | sed 's/,/|/g'))$ ]]; then
:
else
echo -n "$i," >> nmap/cmpPorts_"$1".txt
fi
done
extraPorts=$(cat nmap/cmpPorts_"$1".txt | tr "n" "," | head -c-1)
rm nmap/cmpPorts_"$1".txt
IFS=$oldIFS
}
quickScan(){
echo -e "${GREEN}---------------------Starting Nmap Quick Scan---------------------"
echo -e "${NC}"
#$nmapType -T4 -p1-65535 --min-rate 1000 --max-retries 1 --max-scan-delay 20 --defeat-rst-ratelimit --open -oN nmap/Quick_"$1".nmap "$1"
$nmapType -T4 -p1-65535 --min-rate 2000 --max-retries 1 --max-scan-delay 20 --defeat-rst-ratelimit --open -oN nmap/Quick_"$1".nmap "$1"
assignPorts "$1"
echo -e ""
echo -e ""
echo -e ""
}
basicScan(){
echo -e "${GREEN}---------------------Starting Nmap Basic Scan---------------------"
echo -e "${NC}"
if [ -z $(echo "${basicPorts}") ]; then
echo -e "${YELLOW}No ports in quick scan.. Skipping!"
else
$nmapType -sCV --min-rate 1000 -p$(echo "${basicPorts}") -oN nmap/Basic_"$1".nmap "$1"
fi
if [ -f nmap/Basic_"$1".nmap ] && [[ ! -z $(cat nmap/Basic_"$1".nmap | grep -w "Service Info: OS:") ]]; then
serviceOS=$(cat nmap/Basic_"$1".nmap | grep -w "Service Info: OS:" | cut -d ":" -f 3 | cut -c2- | cut -d ";" -f 1 | head -c-1)
if [[ "$osType" != "$serviceOS" ]]; then
osType=$(echo "${serviceOS}")
echo -e "${NC}"
echo -e "${NC}"
echo -e "${GREEN}OS Detection modified to: $osType"
echo -e "${NC}"
fi
fi
echo -e ""
echo -e ""
echo -e ""
}
UDPScan(){
echo -e "${GREEN}----------------------Starting Nmap UDP Scan----------------------"
echo -e "${NC}"
$nmapType -sU --min-rate 1000 -sC --top-ports 20 --max-retries 1 --open -oN nmap/UDP_"$1".nmap "$1"
assignPorts "$1"
if [ ! -z $(echo "${udpPorts}") ]; then
echo ""
echo ""
echo -e "${YELLOW}Making a script scan on UDP ports: $(echo "${udpPorts}" | sed 's/,/, /g')"
echo -e "${NC}"
if [ -f /usr/share/nmap/scripts/vulners.nse ]; then
$nmapType -sCVU --script vulners --script-args mincvss=7.0 -p$(echo "${udpPorts}") -oN nmap/UDP_"$1".nmap "$1"
else
$nmapType -sCVU -p$(echo "${udpPorts}") -oN nmap/UDP_"$1".nmap "$1"
fi
fi
echo -e ""
echo -e ""
echo -e ""
}
fullScan(){
echo -e "${GREEN}---------------------Starting Nmap Full Scan----------------------"
echo -e "${NC}"
$nmapType -p- --max-retries 1 --max-rate 500 --max-scan-delay 20 -T4 -v -oN nmap/Full_"$1".nmap "$1"
assignPorts "$1"
if [ -z $(echo "${basicPorts}") ]; then
echo ""
echo ""
echo -e "${YELLOW}Making a script scan on all ports"
echo -e "${NC}"
$nmapType -sCV -p$(echo "${allPorts}") -oN nmap/Full_"$1".nmap "$1"
assignPorts "$1"
else
cmpPorts "$1"
if [ -z $(echo "${extraPorts}") ]; then
echo ""
echo ""
allPorts=""
echo -e "${YELLOW}No new ports"
rm nmap/Full_"$1".nmap
echo -e "${NC}"
else
echo ""
echo ""
echo -e "${YELLOW}Making a script scan on extra ports: $(echo "${extraPorts}" | sed 's/,/, /g')"
echo -e "${NC}"
$nmapType -sCV -p$(echo "${extraPorts}") -oN nmap/Full_"$1".nmap "$1"
assignPorts "$1"
fi
fi
echo -e ""
echo -e ""
echo -e ""
}
vulnsScan(){
echo -e "${GREEN}---------------------Starting Nmap Vulns Scan---------------------"
echo -e "${NC}"
if [ -z $(echo "${allPorts}") ]; then
portType="basic"
ports=$(echo "${basicPorts}")
else
portType="all"
ports=$(echo "${allPorts}")
fi
if [ ! -f /usr/share/nmap/scripts/vulners.nse ]; then
echo -e "${RED}Please install 'vulners.nse' nmap script:"
echo -e "${RED}https://github.com/vulnersCom/nmap-vulners"
echo -e "${RED}"
echo -e "${RED}Skipping CVE scan!"
echo -e "${NC}"
else
echo -e "${YELLOW}Running CVE scan on $portType ports"
echo -e "${NC}"
$nmapType -sV --script vulners --script-args mincvss=7.0 -p$(echo "${ports}") -oN nmap/CVEs_"$1".nmap "$1"
echo ""
fi
echo ""
echo -e "${YELLOW}Running Vuln scan on $portType ports"
echo -e "${NC}"
$nmapType -sV --script vuln -p$(echo "${ports}") -oN nmap/Vulns_"$1".nmap "$1"
echo -e ""
echo -e ""
echo -e ""
}
recon(){
reconRecommend "$1" | tee nmap/Recon_"$1".nmap
availableRecon=$(cat nmap/Recon_"$1".nmap | grep "$1" | cut -d " " -f 1 | sed 's/.///g; s/.py//g; s/cd/odat/g;' | sort -u | tr "n" "," | sed 's/,/, /g' | head -c-2)
secs=30
count=0
reconCommand=""
if [ ! -z "$availableRecon" ]; then
while [ ! $(echo "${reconCommand}") == "!" ]; do
echo -e "${YELLOW}"
echo -e "Which commands would you like to run?${NC}nAll (Default), $availableRecon, Skip <!>n"
while [[ ${count} -lt ${secs} ]]; do
tlimit=$(( $secs - $count ))
echo -e "rRunning Default in (${tlimit}) s: c"
read -t 1 reconCommand
[ ! -z "$reconCommand" ] && { break ; }
count=$((count+1))
done
if [ "$reconCommand" == "All" ] || [ -z $(echo "${reconCommand}") ]; then
runRecon "$1" "All"
reconCommand="!"
elif [[ "$reconCommand" =~ ^($(echo "${availableRecon}" | tr ", " "|"))$ ]]; then
runRecon "$1" $reconCommand
reconCommand="!"
elif [ "$reconCommand" == "Skip" ] || [ "$reconCommand" == "!" ]; then
reconCommand="!"
echo -e ""
echo -e ""
echo -e ""
else
echo -e "${NC}"
echo -e "${RED}Incorrect choice!"
echo -e "${NC}"
fi
done
fi
}
reconRecommend(){
echo -e "${GREEN}---------------------Recon Recommendations----------------------"
echo -e "${NC}"
oldIFS=$IFS
IFS=$'n'
if [ -f nmap/Full_"$1".nmap ] && [ -f nmap/Basic_"$1".nmap ]; then
ports=$(echo "${allPorts}")
file=$(cat nmap/Basic_"$1".nmap nmap/Full_"$1".nmap | grep -w "open")
elif [ -f nmap/Full_"$1".nmap ]; then
ports=$(echo "${allPorts}")
file=$(cat nmap/Quick_"$1".nmap nmap/Full_"$1".nmap | grep -w "open")
elif [ -f nmap/Basic_"$1".nmap ]; then
ports=$(echo "${basicPorts}")
file=$(cat nmap/Basic_"$1".nmap | grep -w "open")
else
ports=$(echo "${basicPorts}")
file=$(cat nmap/Quick_"$1".nmap | grep -w "open")
fi
if [[ ! -z $(echo "${file}" | grep -i http) ]]; then
echo -e "${NC}"
echo -e "${YELLOW}Web Servers Recon:"
echo -e "${NC}"
fi
for line in $file; do
if [[ ! -z $(echo "${line}" | grep -i http) ]]; then
port=$(echo "${line}" | cut -d "/" -f 1)
if [[ ! -z $(echo "${line}" | grep -w "IIS") ]]; then
pages=".html,.asp,.aspx,.php"
else
pages=".html,.php"
fi
if [[ ! -z $(echo "${line}" | grep ssl/http) ]]; then
#echo "sslyze --regular $1 | tee recon/sslyze_$1_$port.txt"
echo "sslscan $1 | tee recon/sslscan_$1_$port.txt"
echo "gobuster dir -w /usr/share/wordlists/dirb/common.txt -l -t 100 -e -k -x $pages -u https://$1:$port -o recon/gobuster_$1_$port.txt"
#echo "nikto -host https://$1:$port -ssl | tee recon/nikto_$1_$port.txt"
else
echo "gobuster dir -w /usr/share/wordlists/dirb/common.txt -l -t 100 -e -k -x $pages -u http://$1:$port -o recon/gobuster_$1_$port.txt"
#echo "nikto -host $1:$port | tee recon/nikto_$1_$port.txt"
fi
echo ""
fi
done
if [ -f nmap/Basic_"$1".nmap ]; then
cms=$(cat nmap/Basic_"$1".nmap | grep http-generator | cut -d " " -f 2)
if [ ! -z $(echo "${cms}") ]; then
for line in $cms; do
port=$(cat nmap/Basic_"$1".nmap | grep "$line" -B1 | grep -w "open" | cut -d "/" -f 1)
if [[ "$cms" =~ ^(Joomla|WordPress|Drupal)$ ]]; then
echo -e "${NC}"
echo -e "${YELLOW}CMS Recon:"
echo -e "${NC}"
fi
case "$cms" in
Joomla!) echo "joomscan --url http://$1:$port | tee recon/joomscan_$1_$port.txt";;
WordPress) echo "wpscan --url http://$1:$port --enumerate ap,u | tee recon/wpscan_$1_$port.txt";;
Drupal) echo "droopescan scan drupal -u http://$1:$port | tee recon/droopescan_$1_$port.txt";;
esac
done
fi
fi
if [[ ! -z $(echo "${file}" | grep -w "445/tcp") ]]; then
echo -e "${NC}"
echo -e "${YELLOW}SMB Recon:"
echo -e "${NC}"
echo "smbmap -H $1 | tee recon/smbmap_$1.txt"
echo "smbclient -L "//$1/" -U "guest"% | tee recon/smbclient_$1.txt"
if [[ $osType == "Windows" ]]; then
echo "nmap -Pn -p445 --script vuln -oN recon/SMB_vulns_$1.txt $1"
fi
if [[ $osType == "Linux" ]]; then
echo "enum4linux -a $1 | tee recon/enum4linux_$1.txt"
fi
echo ""
elif [[ ! -z $(echo "${file}" | grep -w "139/tcp") ]] && [[ $osType == "Linux" ]]; then
echo -e "${NC}"
echo -e "${YELLOW}SMB Recon:"
echo -e "${NC}"
echo "enum4linux -a $1 | tee recon/enum4linux_$1.txt"
echo ""
fi
if [ -f nmap/UDP_"$1".nmap ] && [[ ! -z $(cat nmap/UDP_"$1".nmap | grep open | grep -w "161/udp") ]]; then
echo -e "${NC}"
echo -e "${YELLOW}SNMP Recon:"
echo -e "${NC}"
echo "snmp-check $1 -c public | tee recon/snmpcheck_$1.txt"
echo "snmpwalk -Os -c public -v1 $1 | tee recon/snmpwalk_$1.txt"
echo ""
fi
if [[ ! -z $(echo "${file}" | grep -w "53/tcp") ]]; then
echo -e "${NC}"
echo -e "${YELLOW}DNS Recon:"
echo -e "${NC}"
echo "host -l $1 $1 | tee recon/hostname_$1.txt"
echo "dnsrecon -r $subnet/24 -n $1 | tee recon/dnsrecon_$1.txt"
echo "dnsrecon -r 127.0.0.0/24 -n $1 | tee recon/dnsrecon-local_$1.txt"
echo "dig -x $1 @$1 | tee recon/dig_$1.txt"
echo ""
fi
if [[ ! -z $(echo "${file}" | grep -w "389/tcp") ]]; then
echo -e "${NC}"
echo -e "${YELLOW}ldap Recon:"
echo -e "${NC}"
echo "ldapsearch -x -h $1 -s base | tee recon/ldapsearch_$1.txt"
echo "ldapsearch -x -h $1 -b $(cat recon/ldapsearch_$1.txt | grep rootDomainNamingContext | cut -d ' ' -f2) | tee recon/ldapsearch_DC_$1.txt"
echo "nmap -Pn -p 389 --script ldap-search --script-args 'ldap.username="$(cat recon/ldapsearch_$1.txt | grep rootDomainNamingContext | cut -d \" " -f2)"' $1 -oN recon/nmap_ldap_$1.txt"
echo ""
fi
if [[ ! -z $(echo "${file}" | grep -w "1521/tcp") ]]; then
echo -e "${NC}"
echo -e "${YELLOW}Oracle Recon "Exc. from Default":"
echo -e "${NC}"
echo "cd /opt/odat/;#$1;"
echo "./odat.py sidguesser -s $1 -p 1521"
echo "./odat.py passwordguesser -s $1 -p 1521 -d XE --accounts-file accounts/accounts-multiple.txt"
echo "cd -;#$1;"
echo ""
fi
IFS=$oldIFS
echo -e ""
echo -e ""
echo -e ""
}
runRecon(){
echo -e ""
echo -e ""
echo -e ""
echo -e "${GREEN}---------------------Running Recon Commands----------------------"
echo -e "${NC}"
oldIFS=$IFS
IFS=$'n'
if [[ ! -d recon/ ]]; then
mkdir recon/
fi
if [ "$2" == "All" ]; then
reconCommands=$(cat nmap/Recon_"$1".nmap | grep "$1" | grep -v odat)
else
reconCommands=$(cat nmap/Recon_"$1".nmap | grep "$1" | grep "$2")
fi
for line in $(echo "${reconCommands}"); do
currentScan=$(echo "$line" | cut -d " " -f 1 | sed 's/.///g; s/.py//g; s/cd/odat/g;' | sort -u | tr "n" "," | sed 's/,/, /g' | head -c-2)
fileName=$(echo "${line}" | awk -F "recon/" '{print $2}' | head -c-1)
if [ ! -z recon/$(echo "${fileName}") ] && [ ! -f recon/$(echo "${fileName}") ]; then
echo -e "${NC}"
echo -e "${YELLOW}Starting $currentScan scan"
echo -e "${NC}"
echo "$line" | /bin/bash
echo -e "${NC}"
echo -e "${YELLOW}Finished $currentScan scan"
echo -e "${NC}"
echo -e "${YELLOW}========================="
fi
done
IFS=$oldIFS
echo -e ""
echo -e ""
echo -e ""
}
footer(){
echo -e "${GREEN}---------------------Finished all Nmap scans---------------------"
echo -e "${NC}"
echo -e ""
if (( $SECONDS > 3600 )) ; then
let "hours=SECONDS/3600"
let "minutes=(SECONDS%3600)/60"
let "seconds=(SECONDS%3600)%60"
echo -e "${YELLOW}Completed in $hours hour(s), $minutes minute(s) and $seconds second(s)"
elif (( $SECONDS > 60 )) ; then
let "minutes=(SECONDS%3600)/60"
let "seconds=(SECONDS%3600)%60"
echo -e "${YELLOW}Completed in $minutes minute(s) and $seconds second(s)"
else
echo -e "${YELLOW}Completed in $SECONDS seconds"
fi
echo -e ""
}
if (( "$#" != 2 )); then
usage
fi
if [[ $1 =~ ^[0-9]+.[0-9]+.[0-9]+.[0-9]+$ ]]; then
:
else
echo -e "${RED}"
echo -e "${RED}Invalid IP!"
echo -e "${RED}"
usage
fi
if [[ "$2" =~ ^(Quick|Basic|UDP|Full|Vulns|Recon|All|quick|basic|udp|full|vulns|recon|all)$ ]]; then
if [[ ! -d $1 ]]; then
mkdir "$1"
fi
cd "$1" || exit
if [[ ! -d nmap/ ]]; then
mkdir nmap/
fi
assignPorts "$1"
header "$1" "$2"
case "$2" in
Quick | quick) quickScan "$1";;
Basic | basic) if [ ! -f nmap/Quick_"$1".nmap ]; then quickScan "$1"; fi
basicScan "$1";;
UDP | udp) UDPScan "$1";;
#Full | full) fullScan "$1";;
#Vulns | vulns) if [ ! -f nmap/Quick_"$1".nmap ]; then quickScan "$1"; fi
# vulnsScan "$1";;
Recon | recon) if [ ! -f nmap/Quick_"$1".nmap ]; then quickScan "$1"; fi
if [ ! -f nmap/Basic_"$1".nmap ]; then basicScan "$1"; fi
recon "$1";;
All | all) quickScan "$1"
basicScan "$1"
UDPScan "$1"
#fullScan "$1"
# vulnsScan "$1"
recon "$1";;
esac
footer
else
echo -e "${RED}"
echo -e "${RED}Invalid Type!"
echo -e "${RED}"
usage
fi
最后
以上就是朴实过客为你收集整理的黑客零基础第二章--信息收集第四章-自动化综合信息收集工具1.场景2.自动化信息收集工具3.修改后脚本的全部内容,希望文章能够帮你解决黑客零基础第二章--信息收集第四章-自动化综合信息收集工具1.场景2.自动化信息收集工具3.修改后脚本所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复