by analyzer on 30 May 2008, 20:02
With this script you can discover hosts connected to your network (use with caution, network admins don't usually like these kinds of tools)
- Code: Select all
#!/bin/bash
# Lan discovery by analyzer (requesthelp@free.fr).
############################################
# THIS CAN BE MODIFIED
sleeptime="1"
############################################
# Normal color
NORMAL='\033[0;39m'
# RED: Error message
RED='\033[1;31m'
# YELLOW: Warning message
YELLOW='\033[1;33m'
# GREEN: Success message
GREEN='\033[1;32m'
RES_COL=70
MOVE_TO_COL="\\033[${RES_COL}G"
[[ $# -ne 1 ]] && echo "USAGE: $0 interface" && exit 1
uid=`id -u` && [ "$uid" = "0" ] || { echo "This script binds ping to the specified interface, you must be root !"; exit; }
interface=$1
echo -n "Checking interface $interface ... "
sleep $sleeptime
if [ `ifconfig $interface | grep -c "UP"` != "0" ] ; then
echo -e "$MOVE_TO_COL[ ${GREEN}OK${NORMAL} ]"
else
echo -e "$MOVE_TO_COL[ ${RED}KO${NORMAL} ] => (interface is not available)"
exit
fi
echo -n "Retrieving address IP for interface $interface ... "
IP=`ifconfig $interface | perl -ne 'if ( m/^\s*inet (?:addr:)?([\d.]+).*?cast/ ) { print qq($1\n); exit 0; }'`
sleep $sleeptime
if [[ ! "$IP" ]] ; then
echo -e "$MOVE_TO_COL[ ${RED}KO${NORMAL} ] => (IP not retrieved)"
exit
fi
echo "$IP" | awk -F. '{
if ( (($1>=0) && ($1<=255)) && (($2>=0) && ($2<=255)) && (($3>=0) && ($3<=255)) && (($4>=0) && ($4<=255)) ) {
exit 1;
} else {
exit 0;
}
}'
[[ $? -eq 0 ]] && echo -e "$MOVE_TO_COL[ ${RED}KO${NORMAL} ]" && exit
echo -e "$MOVE_TO_COL[ ${GREEN}OK${NORMAL} ] => $IP"
echo -n "Retrieving netmask for interface $interface ... "
NETMASK=`ifconfig $interface | perl -ne 'if ( m/^.*Mask:([\d.]+).*$/ ) { print qq($1\n); exit 0; }'`
sleep $sleeptime
if [[ ! "$NETMASK" ]] ; then
echo -e "$MOVE_TO_COL[ ${RED}KO${NORMAL} ] => (NETMASK not retrieved)"
exit
fi
echo "$NETMASK" | awk -F. '{
if ( (($1>=0) && ($1<=255)) && (($2>=0) && ($2<=255)) && (($3>=0) && ($3<=255)) && (($4>=0) && ($4<=255)) ) {
exit 1;
} else {
exit 0;
}
}'
[[ $? -eq 0 ]] && echo -e "$MOVE_TO_COL[ ${RED}KO${NORMAL} ]" && exit
echo -e "$MOVE_TO_COL[ ${GREEN}OK${NORMAL} ] => $NETMASK"
[[ -n $IP ]] && [[ -n $NETMASK ]] && eval `ipcalc --network $IP $NETMASK`
echo -n "Determining network information ... "
[[ -n $IP ]] && [[ -n $NETMASK ]] && eval `ipcalc --prefix $IP $NETMASK`
[[ ! $PREFIX ]] && echo -e "$MOVE_TO_COL[ ${RED}KO${NORMAL} ]" && exit
NBHOSTS=$((2**(32-$PREFIX)-2))
if [ $NBHOSTS -gt 32768 ] ; then
echo -e "$MOVE_TO_COL[ ${RED}KO${NORMAL} ] => Network too big ($NBHOSTS hosts)"
exit
fi
echo -e "$MOVE_TO_COL[ ${GREEN}OK${NORMAL} ]"
echo -n "Discovery on network '$NETWORK' started ... ($NBHOSTS hosts)"
echo "Scan started ..." > ./resume.txt
subnet=`echo "$NETWORK" | cut -d. -f-2`
firstaddr1=`echo "$NETWORK" | cut -d. -f3`
lastaddr1=$((($NBHOSTS+2) / 255))
lastaddr1=$(($lastaddr1 + $firstaddr1))
lastaddr1=$(($lastaddr1-1))
nbhostscanned=0
for addr1 in `seq $firstaddr1 1 $lastaddr1`; do
for addr2 in `seq 0 1 255`; do
if [ $nbhostscanned -gt 0 ]; then # Dont ping base network address
if [ "$IP" != "${subnet}.${addr1}.${addr2}" ]; then
(ping -c 1 -t 1 ${subnet}.${addr1}.${addr2} -I $interface > /dev/null && echo " Found ${subnet}.${addr1}.${addr2}" >> ./resume.txt) &
fi
fi
[[ $nbhostscanned -ge $NBHOSTS ]] && break # End of job
let nbhostscanned+=1
done
done
if [ $nbhostscanned -eq $NBHOSTS ] ; then
echo -e "$MOVE_TO_COL[ ${GREEN}OK${NORMAL} ] => ($nbhostscanned hosts scanned ...)"
else
echo -e "$MOVE_TO_COL[ ${YELLOW}OK${NORMAL} ] => ($nbhostscanned hosts scanned ...)"
fi
sleep 3
echo "End of scan ..." >> ./resume.txt
nbalive=`cat ./resume.txt | grep -v "$IP" | wc -l`
let nbalive-=2
if [ $nbalive -gt 0 ] ; then
echo -e "Found [ ${GREEN}${nbalive}${NORMAL} ] hosts alive on network '$NETWORK' ! => Detail in file ./resume.txt"
else
echo -e "Found [ ${RED}${nbalive}${NORMAL} ] host alive on network '$NETWORK' ..."
fi
