./MySQLscanner.sh
Host: 192.168.181.69 () Ports: 3306/open/tcp//mysql///
As we can see, this script was able to identify the only IP address on my
LAN with MySQL running. Your results may differ, depending on whether
any ports are running MySQL installations on your local network, of course.
Improving the MySQL Scanner
Now we want to adapt this script to make it applicable to more than just
your own local network. This script would be much easier to use if it could
prompt the user for the range of IP addresses they wanted to scan and the
port to look for, and then use that input. Remember, you learned how to
prompt the user and put their keyboard input into a variable in “Adding
Functionality with Variables and User Input” on page 84.
Let’s take a look at how you could use variables to make this script more
flexible and efficient.
Adding Prompts and Variables to Our Hacker Script
In your text editor, enter the script shown in Listing 8-4.
#! /bin/bash
u
echo "Enter the starting IP address : "
v
read FirstIP
w
echo "Enter the last octet of the last IP address : "
read LastOctetIP
Bash Scripting
89
x
echo "Enter the port number you want to scan for : "
read port
y
nmap -sT $FirstIP-$LastOctetIP -p $port >/dev/null -oG MySQLscan
z
cat MySQLscan | grep open > MySQLscan2
{
cat MySQLscan2
Listing 8-4: Your advanced MySQL port scanner
The first thing we need to do is replace the specified subnet with an IP
address range. We’ll create a variable called
FirstIP
and a second variable
named
LastOctetIP
to create the range as well as a variable named
port
for the
port number (the last octet is the last group of digits after the third period in
the IP address. In the IP address 192.168.1.101, the last octet is 101).
N O T E
The name of the variable is irrelevant, but best practice is to use a variable name that
helps you remember what the variable holds.
We also need to prompt the user for these values. We can do this by
using the
echo
command that we used in Listing 8-1.
To get a value for the
FirstIP
variable, echo
"Enter the starting IP
address : "
to the screen, asking the user for the first IP address they want
to scan
u
. Upon seeing this prompt on the screen, the user will enter the
first IP address, so we need to capture that input from the user.
We can do this with the
read
command followed by the name of the
variable we want to store the input in
v
. This command will put the IP
address entered by the user into the variable
FirstIP
. Then we can use that
value in
FirstIP
throughout our script.
We’ll do the same for the
LastOctetIP
w
and
port
x
variables by prompt-
ing the user to enter the information and then using a
read
command to
capture it.
Next, we need to edit the
nmap
command in our script to use the vari-
ables we just created and filled. To use the value stored in the variable,
we simply preface the variable name with
$
, as in
$port
, for example. So
at
y
, we scan a range of IP addresses, starting with the first user-input IP
through the second user-input IP, and look for the particular port input
by the user. We’ve used the variables in place of the subnet to scan and the
port to determine what to scan for. As before, we send the standard output
to /dev/null. Then, we send the output in a grep-able format to a file we
named MySQLscan.
The next line remains the same as in our simple scanner: it outputs the
contents of the MySQLscan file, pipes it to
grep
, where it is filtered for lines
that include the keyword
open
, and then sends that output to a new file named
MySQLscan2
z
. Finally, we display the contents of the MySQLscan2 file
{
.
If everything works as expected, this script will scan IP addresses from
the first input address to the last input address, searching for the input port
90
Chapter 8
and then reporting back with just the IP addresses that have the designated
port open. Save your script file as MySQLscannerAdvanced, remembering to
give yourself execute permission.
|
