-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathnmap.sh
97 lines (89 loc) · 2.46 KB
/
nmap.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
_patch_help() {
$@ --help | \
sed \
-e '/^\s*-\(s\|P\|o\)/ d' \
-e '/^\s*-\S/ s/: / /' \
-e '/^\s*--min/ s|/|, --|g' \
-e 's|/-|, -|' \
}
_patch_table() {
_patch_table_edit_options \
'--dns-servers;*,[`_module_os_hostname`]' \
'--exclude;*,[`_module_os_hostname`]' \
'--script;*[`_choice_script`]' \
'--script-help;[`_choice_script`]' \
'-T;[`_choice_template`]' \
'-e;[`_module_os_network_interface`]' \
';;' \
'-o-;[`_choice_output_format`];Scan output format' \
'-s-;[`_choice_scan`];Scan options' \
'-P-;[`_choice_protocol`];Protocol options' \
| \
_patch_table_edit_arguments ';;' 'hosts;*[`_module_os_hostname`]'
}
_choice_script() {
printf "%s\tCategory\n" all auth broadcast brute default discovery dos exploit external fuzzer intrusive malware safe version vuln
nmap --script-help all 2> /dev/null | gawk '
BEGIN { NUM = 0 split("", LINES) }
{ NUM += 1; LINES[NUM] = $0 }
END {
for (i = 1; i <= NUM; i++) {
line = LINES[i]
if (match(line, /^Categories:/)) {
matchLine = i
name = LINES[i-1]
desc = ""
} else if (i == matchLine + 1) {
} else if (desc == "" && match(line, / \S/)) {
desc = line
gsub(/(^\s+|\s+$)/, "", desc)
print name "\t" desc
}
}
}'
}
_choice_template() {
values=( paranoid sneaky polite normal aggressive insane )
length=${#values[@]}
for (( i=0; i<$length; i++)); do
echo -e "$i\t${values[$i]} timing"
done
}
_choice_output_format() {
cat <<-'EOF'
N normal format
X xml format
S Script kiddie format
G Grepable format
EOF
}
_choice_scan() {
cat <<-'EOF'
L List Scan - simply list targets to scan
n Ping Scan - disable port scan
S TCY SYNC scans
T Connect scans
A ACK scans
W Window scans
M Maimon scans
I Idle scan
Y SCTP INIT scans
Z COOKIE-ECHO scans
O IP protocol scan
V Probe open ports to determine service/version info
C equivalent to --script=default
EOF
}
_choice_protocol() {
cat <<-'EOF'
n Treat all hosts as online -- skip host discovery
S TCP SYNC discovery to given ports
A ACK discovery to given ports
U UDP discovery to given ports
Y SCTP discovery to given ports
E ICMP echo request discovery probes
P timestamp request discovery probes
M netmask request discovery probes
O IP Protocol Ping
EOF
}