-
Notifications
You must be signed in to change notification settings - Fork 34
/
Copy pathnmapslackscan.sh
84 lines (69 loc) · 2.54 KB
/
nmapslackscan.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/bin/bash -u
#
# Tools: NMAP, NDIFF, PRIPS and Slackcli
# SLACKTOKEN from here https://api.slack.com/web
# PRIPS : Parellel processing
# NDIFF latest version
NETWORKS="192.168.0.0/24"
TARGETS=$(for NETWORK in ${NETWORKS}; do prips $NETWORK; done)
INTERVAL="1800"
SLACKTOKEN="Get This From https://api.slack.com/web"
OPTIONS='-T4 --open --exclude-ports 25'
cd ~/scan
LAST_RUN_FILE='.lastrun'
while true; do
# If the last run file exists, we should only sleep for the time
# specified minus the time that's already elapsed.
if [ -e "${LAST_RUN_FILE}" ]; then
LAST_RUN_TS=$(date -r ${LAST_RUN_FILE} +%s)
NOW_TS=$(date +%s)
LAST_RUN_SECS=$(expr ${NOW_TS} - ${LAST_RUN_TS})
SLEEP=$(expr ${INTERVAL} - ${LAST_RUN_SECS})
if [ ${SLEEP} -gt 0 ]; then
UNTIL_SECS=$(expr ${NOW_TS} + ${SLEEP})
echo $(date) "- sleeping until" $(date --date="@${UNTIL_SECS}") "(${SLEEP}) seconds"
sleep ${SLEEP}
fi
fi
START_TIME=$(date +%s)
echo ''
echo '=================='
echo ''
DATE=`date +%Y-%m-%d_%H-%M-%S`
for TARGET in ${TARGETS}; do
CUR_LOG=scan-${TARGET/\//-}-${DATE}
PREV_LOG=scan-${TARGET/\//-}-prev
DIFF_LOG=scan-${TARGET/\//-}-diff
echo ''
echo $(date) "- starting ${TARGET}"
# Scan the target
nmap ${OPTIONS} ${TARGET} -oX ${CUR_LOG} >/dev/null
# If there's a previous log, diff it
if [ -e ${PREV_LOG} ]; then
# Exclude the Nmap version and current date - the date always changes
ndiff ${PREV_LOG} ${CUR_LOG} | egrep -v '^(\+|-)N' > ${DIFF_LOG}
if [ -s ${DIFF_LOG} ]; then
printf "Changes Detected, Sending to Slack."
nmap -sV ${TARGET} | grep open | grep -v "#" > openports.txt
slackcli -t $SLACKTOKEN -h nmap -m "Changes were detected on ${TARGET}. The following ports are now open: "
sleep 1
cat openports.txt | slackcli -t $SLACKTOKEN -h nmap -c
rm openports.txt
# Set the current nmap log file to reflect the last date changed
ln -sf ${CUR_LOG} ${PREV_LOG}
else
# No changes so remove our current log
printf "No Changes Detected."
rm ${CUR_LOG}
fi
rm ${DIFF_LOG}
else
# Create the previous scan log
ln -sf ${CUR_LOG} ${PREV_LOG}
fi
done
touch ${LAST_RUN_FILE}
END_TIME=$(date +%s)
echo
echo $(date) "- finished all targets in" $(expr ${END_TIME} - ${START_TIME}) "second(s)"
done