moonq/q-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
45bed943de2e35bbae178fc3a41082e5e026a4c2
q-tools/web/ssh-scan-lan
Ville Rantanen 707eba3ead transferring several commands from private repo
2021-10-08 11:19:58 +03:00

72 lines
2.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
if [[ "$1" = "-h" ]]; then
echo This scans your LAN for SSH servers.
echo 'Requires: nmap; ifconfig or nmcli'
exit
fi
PATH=$PATH:/sbin/:/usr/sbin
which nmap &>/dev/null || {
echo nmap required
exit 1
}
which ifconfig &>/dev/null && {
IPLIST="ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*'"
ifmask() {
ifconfig | grep $1 | \
grep -Eo 'netmask (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*'
}
}
which nmcli &>/dev/null && {
IPLIST="nmcli | grep -Eo 'inet4 ([0-9]*\.){3}[0-9]*'"
ifmask() {
cidr=$( nmcli | grep 'inet4 ' | grep $1 | \
grep -Eo '([0-9]*$)' )
value=$(( 0xffffffff ^ ((1 << (32 - $cidr)) - 1) ))
echo "$(( (value >> 24) & 0xff )).$(( (value >> 16) & 0xff )).$(( (value >> 8) & 0xff )).$(( value & 0xff ))"
}
}
servers_found=""
while read myip; do
ip_base=$( echo $myip | cut -d. -f 1-3 )
mymask=$( ifmask $myip )
IFS=. read -r i1 i2 i3 i4 <<< "$myip"
IFS=. read -r m1 m2 m3 m4 <<< "$mymask"
f1=$((i1 & m1))
f2=$((i2 & m2))
f3=$((i3 & m3))
f4=$(((i4 & m4)+1))
l1=$((i1 & m1 | 255-m1))
l2=$((i2 & m2 | 255-m2))
l3=$((i3 & m3 | 255-m3))
l4=$(((i4 & m4 | 255-m4)-1))
first_ip="$f1.$f2.$f3.$f4"
last_ip="$l1.$l2.$l3.$l4"
printf "IP: %15s/%-15s scan: %15s - %-15s\n" \
"$myip" "$mymask" "$first_ip" "$last_ip"
while read line; do
if [[ "$line" = "#"* ]]; then continue; fi
ip=$( echo $line | grep -Eo '([0-9]*\.){3}[0-9]*' )
if [[ $ip = $myip ]]; then continue; fi
ssh_server=$( ssh-keyscan -p 22 -t rsa -T 1 "$ip" 2>&1 | grep ^# | sed 's/:\([0-9]\+\)/ -p \1/' )
printf -v servers_found "%s%s\n" "$servers_found" "$ssh_server"
done < <( nmap -T5 -sP "$f1-$l1.$f2-$l2.$f3-$l3.$f4-$l4" -oG - )
done < <( eval $IPLIST | \
grep -Eo '([0-9]*\.){3}[0-9]*' | \
grep -v 127.0.0.1 | \
grep -v ^172. )
echo "SSH Servers found:"
printf "%s" "$servers_found" | sort -n | grep -v "^$"
Reference in New Issue View Git Blame Copy Permalink