 by analyzer on 30 May 2008, 20:02
by analyzer on 30 May 2008, 20:02 
			
			With this script you can discover hosts connected to your network (use with caution, network admins don't usually like these kinds of tools) 

- Code: Select all
- #!/bin/bash
 # Lan discovery by analyzer (requesthelp@free.fr).
 ############################################
 # THIS CAN BE MODIFIED
 sleeptime="1"
 ############################################
 
 # Normal color
 NORMAL='\033[0;39m'
 # RED: Error message
 RED='\033[1;31m'
 # YELLOW: Warning message
 YELLOW='\033[1;33m'
 # GREEN: Success message
 GREEN='\033[1;32m'
 
 RES_COL=70
 MOVE_TO_COL="\\033[${RES_COL}G"
 
 [[ $# -ne 1 ]] && echo "USAGE: $0 interface" && exit 1
 
 uid=`id -u` && [ "$uid" = "0" ] || { echo "This script binds ping to the specified interface, you must be root !"; exit; }
 
 interface=$1
 
 echo -n "Checking interface $interface ...      "
 sleep $sleeptime
 if [ `ifconfig $interface | grep -c "UP"` != "0" ] ; then
 echo -e "$MOVE_TO_COL[ ${GREEN}OK${NORMAL} ]"
 else
 echo -e "$MOVE_TO_COL[ ${RED}KO${NORMAL} ] => (interface is not available)"
 exit
 fi
 
 echo -n "Retrieving address IP for interface $interface ...      "
 IP=`ifconfig $interface | perl -ne 'if ( m/^\s*inet (?:addr:)?([\d.]+).*?cast/ ) { print qq($1\n); exit 0; }'`
 sleep $sleeptime
 if [[ ! "$IP" ]] ; then
 echo -e "$MOVE_TO_COL[ ${RED}KO${NORMAL} ] => (IP not retrieved)"
 exit
 fi
 
 echo "$IP" | awk -F. '{
 if ( (($1>=0) && ($1<=255)) && (($2>=0) && ($2<=255)) && (($3>=0) && ($3<=255)) && (($4>=0) && ($4<=255)) ) {
 exit 1;
 } else {
 exit 0;
 }
 }'
 
 [[ $? -eq 0 ]] && echo -e "$MOVE_TO_COL[ ${RED}KO${NORMAL} ]" && exit
 
 echo -e "$MOVE_TO_COL[ ${GREEN}OK${NORMAL} ] => $IP"
 
 
 echo -n "Retrieving netmask for interface $interface ...      "
 NETMASK=`ifconfig $interface | perl -ne 'if ( m/^.*Mask:([\d.]+).*$/ ) { print qq($1\n); exit 0; }'`
 sleep $sleeptime
 if [[ ! "$NETMASK" ]] ; then
 echo -e "$MOVE_TO_COL[ ${RED}KO${NORMAL} ] => (NETMASK not retrieved)"
 exit
 fi
 
 echo "$NETMASK" | awk -F. '{
 if ( (($1>=0) && ($1<=255)) && (($2>=0) && ($2<=255)) && (($3>=0) && ($3<=255)) && (($4>=0) && ($4<=255)) ) {
 exit 1;
 } else {
 exit 0;
 }
 }'
 
 [[ $? -eq 0 ]] && echo -e "$MOVE_TO_COL[ ${RED}KO${NORMAL} ]" && exit
 
 echo -e "$MOVE_TO_COL[ ${GREEN}OK${NORMAL} ] => $NETMASK"
 
 
 [[ -n $IP ]] && [[ -n $NETMASK ]] && eval `ipcalc --network $IP $NETMASK`
 
 echo -n "Determining network information ...      "
 [[ -n $IP ]] && [[ -n $NETMASK ]] && eval `ipcalc --prefix $IP $NETMASK`
 [[ ! $PREFIX ]] && echo -e "$MOVE_TO_COL[ ${RED}KO${NORMAL} ]" && exit
 
 NBHOSTS=$((2**(32-$PREFIX)-2))
 if [ $NBHOSTS -gt 32768 ] ; then
 echo -e "$MOVE_TO_COL[ ${RED}KO${NORMAL} ] => Network too big ($NBHOSTS hosts)"
 exit
 fi
 
 echo -e "$MOVE_TO_COL[ ${GREEN}OK${NORMAL} ]"
 
 echo -n "Discovery on network '$NETWORK' started ... ($NBHOSTS hosts)"
 echo "Scan started ..." > ./resume.txt
 subnet=`echo "$NETWORK" | cut -d. -f-2`
 
 firstaddr1=`echo "$NETWORK" | cut -d. -f3`
 lastaddr1=$((($NBHOSTS+2) / 255))
 lastaddr1=$(($lastaddr1 + $firstaddr1))
 lastaddr1=$(($lastaddr1-1))
 
 nbhostscanned=0
 for addr1 in `seq $firstaddr1 1 $lastaddr1`; do
 for addr2 in `seq 0 1 255`; do
 if [ $nbhostscanned -gt 0 ]; then         # Dont ping base network address
 if [ "$IP" != "${subnet}.${addr1}.${addr2}" ]; then
 (ping -c 1 -t 1 ${subnet}.${addr1}.${addr2} -I $interface > /dev/null && echo "   Found ${subnet}.${addr1}.${addr2}" >> ./resume.txt) &
 fi
 fi
 [[ $nbhostscanned -ge $NBHOSTS ]] && break      # End of job
 let nbhostscanned+=1
 done
 done
 
 if [ $nbhostscanned -eq $NBHOSTS ] ; then
 echo -e "$MOVE_TO_COL[ ${GREEN}OK${NORMAL} ] => ($nbhostscanned hosts scanned ...)"
 else
 echo -e "$MOVE_TO_COL[ ${YELLOW}OK${NORMAL} ] => ($nbhostscanned hosts scanned ...)"
 fi
 
 sleep 3
 echo "End of scan ..." >> ./resume.txt
 nbalive=`cat ./resume.txt | grep -v "$IP" | wc -l`
 let nbalive-=2
 if [ $nbalive -gt 0 ] ; then
 echo -e "Found [ ${GREEN}${nbalive}${NORMAL} ] hosts alive on network '$NETWORK' ! => Detail in file ./resume.txt"
 else
 echo -e "Found [ ${RED}${nbalive}${NORMAL} ] host alive on network '$NETWORK' ..."
 fi