|
|
@@ -1,8 +1,10 @@ |
|
|
import random |
|
|
import argparse |
|
|
import tempfile |
|
|
import ipaddress |
|
|
from os import path |
|
|
from time import sleep |
|
|
from shlex import split |
|
|
from os import path, remove |
|
|
from scapy.all import sniff |
|
|
from threading import Thread |
|
|
from subprocess import Popen, PIPE |
|
|
@@ -20,37 +22,56 @@ def listen(args): |
|
|
log_file = open(args.output, "a") |
|
|
print(f'Listening for incoming packets on {args.interface}... Press Ctrl+C to stop.') |
|
|
sniff(iface=args.interface, prn=lambda packet: packet_callback(packet, log_file), store=0) |
|
|
|
|
|
|
|
|
def packet_callback(packet, log_file): |
|
|
global valid_ranges |
|
|
if packet.haslayer("IP"): |
|
|
for ip_range in intern_ranges: |
|
|
if ipaddress.ip_address(packet["IP"].src) in ipaddress.ip_network(ip_range, strict=False): |
|
|
slash24range = f'{".".join(packet["IP"].src.split(".")[:3])}.0/24' |
|
|
# print(slash24range, valid_ranges, slash24range in valid_ranges) |
|
|
if slash24range not in valid_ranges: |
|
|
valid_ranges.append(slash24range) |
|
|
log_file.write(f"{slash24range}\n") |
|
|
log_file.flush() |
|
|
print(slash24range) |
|
|
print(slash24range) |
|
|
|
|
|
def generate_ip_list(num_random_ips): |
|
|
ip_list = [] |
|
|
for ip_range in intern_ranges: |
|
|
net = ipaddress.ip_network(ip_range, strict=False) |
|
|
for subnet in net.subnets(new_prefix=24): |
|
|
subnet_ips = list(subnet.hosts()) |
|
|
if len(subnet_ips) > num_random_ips + 2: |
|
|
selected_ips = [str(subnet_ips[0]), str(subnet_ips[-1])] |
|
|
selected_ips += [str(ip) for ip in random.sample(subnet_ips[1:-1], num_random_ips)] |
|
|
ip_list.extend(selected_ips) |
|
|
return ip_list |
|
|
|
|
|
def scan(args): |
|
|
print("Launching Masscan on internal ranges") |
|
|
if args.rate: |
|
|
print(args.rate) |
|
|
rate = args.rate |
|
|
else: |
|
|
rate = "100000" |
|
|
command = f"xterm -e masscan 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12 -p 22,80,443,445,3389 --rate {rate}" |
|
|
Popen(split(command) , stdout=PIPE, stderr=PIPE) |
|
|
|
|
|
ip_list = generate_ip_list(args.num_random) |
|
|
print(f"Launching Masscan on {len(ip_list)} IPs") |
|
|
|
|
|
with tempfile.NamedTemporaryFile(delete=False, mode='w', dir='/tmp') as temp_file: |
|
|
temp_file_path = temp_file.name |
|
|
temp_file.write("\n".join(ip_list)) |
|
|
|
|
|
try: |
|
|
command = f"xterm -e masscan -iL {temp_file_path} -p 22,80,443,445,3389 --rate {args.rate}" |
|
|
process = Popen(split(command), stdout=PIPE, stderr=PIPE) |
|
|
stdout, stderr = process.communicate() |
|
|
print(stdout.decode(), stderr.decode()) |
|
|
finally: |
|
|
if path.isfile(temp_file_path): |
|
|
remove(temp_file_path) |
|
|
|
|
|
if __name__ == "__main__": |
|
|
parser = argparse.ArgumentParser() |
|
|
parser.add_argument("-i", help="Interface on which to listen and run scan", dest="interface", required=True) |
|
|
parser.add_argument("-i", help="Interface on which to listen and run scan", dest="interface", required=True) |
|
|
parser.add_argument("-o", help="File in which to write found ranges", dest="output", required=True) |
|
|
parser.add_argument("--scan", help="Launch internal ranges masscan", dest="scan", action="store_true") |
|
|
parser.add_argument("--rate", help="Scan rate (the more the faster)", dest="rate") |
|
|
parser.add_argument("--rate", help="Scan rate (the more the faster)", dest="rate", type=int, default=10000) |
|
|
parser.add_argument("-n", help="Number of random IPs to pick for each /24 subnet", dest="num_random", type=int, default=3) |
|
|
|
|
|
args = parser.parse_args() |
|
|
|
|
|
|
Dfte revised this gist