#!/bin/bash

if [[ "$1" = "-h" ]]; then
  echo This scans your LAN for SSH servers.
  echo 'Requires: nmap; ifconfig or nmcli'
  exit
fi

PATH=$PATH:/sbin/:/usr/sbin

which nmap &>/dev/null || {
    echo nmap required
    exit 1
}

which ifconfig &>/dev/null && {
    IPLIST="ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*'"
    ifmask() {
        ifconfig | grep $1 | \
            grep -Eo 'netmask (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*'
    }
}
which nmcli &>/dev/null && {
    IPLIST="nmcli | grep -Eo 'inet4 ([0-9]*\.){3}[0-9]*'"
    ifmask() {
        cidr=$( nmcli | grep 'inet4 ' | grep $1 | \
            grep -Eo '([0-9]*$)' )
        value=$(( 0xffffffff ^ ((1 << (32 - $cidr)) - 1) ))
        echo "$(( (value >> 24) & 0xff )).$(( (value >> 16) & 0xff )).$(( (value >> 8) & 0xff )).$(( value & 0xff ))"
    }
}
servers_found=""

while read myip; do
    ip_base=$( echo $myip | cut -d. -f 1-3 )

    mymask=$( ifmask $myip )

    IFS=. read -r i1 i2 i3 i4 <<< "$myip"
    IFS=. read -r m1 m2 m3 m4 <<< "$mymask"

    f1=$((i1 & m1))
    f2=$((i2 & m2))
    f3=$((i3 & m3))
    f4=$(((i4 & m4)+1))
    l1=$((i1 & m1 | 255-m1))
    l2=$((i2 & m2 | 255-m2))
    l3=$((i3 & m3 | 255-m3))
    l4=$(((i4 & m4 | 255-m4)-1))

    first_ip="$f1.$f2.$f3.$f4"
    last_ip="$l1.$l2.$l3.$l4"

    printf "IP: %15s/%-15s scan: %15s - %-15s\n" \
        "$myip" "$mymask" "$first_ip" "$last_ip"

    while read line; do
        if [[ "$line" = "#"* ]]; then continue; fi
        ip=$( echo $line | grep -Eo '([0-9]*\.){3}[0-9]*' )
        if [[ $ip = $myip ]]; then continue; fi
        ssh_server=$( ssh-keyscan -p 22 -t rsa -T 1 "$ip" 2>&1 | grep ^# | sed 's/:\([0-9]\+\)/ -p \1/' )
        printf -v servers_found "%s%s\n" "$servers_found" "$ssh_server"
    done < <( nmap -T5 -sP "$f1-$l1.$f2-$l2.$f3-$l3.$f4-$l4" -oG - )

done < <( eval $IPLIST | \
 grep -Eo '([0-9]*\.){3}[0-9]*' | \
 grep -v 127.0.0.1 | \
 grep -v ^172. )

echo "SSH Servers found:"
printf "%s" "$servers_found" | sort -n | grep -v "^$"