diff --git a/home/.dot/.bash_aliases b/home/.dot/.bash_aliases index 2a82f74..3e9cc31 100644 --- a/home/.dot/.bash_aliases +++ b/home/.dot/.bash_aliases @@ -742,5 +742,63 @@ alias pi="pip3 install" alias pf="pip3 freeze" alias pr="pip3 install -r requirements.txt" +#nmap +#scan for open ports on target. +alias nmap_open_ports="sudo nmap --open" +# list all network interfaces on host where the command runs. +alias nmap_list_interfaces="sudo nmap --iflist" +#slow scan that avoids to spam the targets logs. +alias nmap_slow="sudo nmap -sS -v -T1" + +# scan to see if hosts are up with TCP FIN scan. +alias nmap_scanIP="sudo nmap -sF -v" + +#aggressive full scan that scans all ports, tries to determine OS and service versions. +alias nmap_full="sudo nmap -sS -T4 -PE -PP -PS80,443 -PY -g 53 -A -p1-65535 -v" + +#TCP ACK scan to check for firewall existence. +alias nmap_check_for_firewall="sudo nmap -sA -p1-65535 -v -T4" + +#host discovery with SYN and ACK probes instead of just pings to avoid firewall restrictions. +alias nmap_ping_through_firewall="nmap -PS -PA" + +#fast scan of the top 300 popular ports. +alias nmap_fast="sudo nmap -F -T5 --version-light --top-ports 300" + +#detects versions of services and OS, runs on all ports. +alias nmap_detect_versions="sudo nmap -sV -p1-65535 -O --osscan-guess -T4 -Pn" + +#uses vulscan script to check target services for vulnerabilities. +alias nmap_check_for_vulns="sudo nmap --script=vuln" + +#same as full but via UDP +alias nmap_full_udp="sudo nmap -sS -sU -T4 -A -v -PE -PS22,25,80 -PA21,23,80,443,3389 " + +#try to traceroute using the most common ports. +alias nmap_traceroute="sudo nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute " + +#same as nmap_full but also runs all the scripts. +alias nmap_full_with_scripts="sudo nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all " + +#ittle "safer" scan for OS version as connecting to only HTTP and HTTPS ports doesn't look so attacking. +alias nmap_web_safe_osscan="sudo nmap -p 80,443 -O -v --osscan-guess --fuzzy " + +#ICMP scan for active hosts +alias nmap_ping_scan="sudo nmap -n -sP" + +#OS-Scan +alias nmap_scanIP_os="sudo nmap -O " + +#OS & Service Scan +alias nmap_scanIP_osService="sudo nmap -A " + +# find all active IP addresses in a network +alias nmap_scanNetwork="scanNetwork_nmap" + +#Host-Discovery mit ARP +alias scanNetwork_arp="arp -a" + +#Host-Discovery mit ARP-scan +alias scanNetwork_arpScan="arp-scan --localnet" \ No newline at end of file diff --git a/home/.dot/.bash_functions.sh b/home/.dot/.bash_functions.sh index 744b25a..db6e519 100644 --- a/home/.dot/.bash_functions.sh +++ b/home/.dot/.bash_functions.sh @@ -2407,42 +2407,6 @@ raw2jpg_embedded(){ ufraw-batch --out-type=jpeg --embedded-image "$1" } -# find all active IP addresses in a network -scanNetwork_nmap(){ - - if ! [ -x "$(command -v nmap)" ]; then - echo 'Error: nmap is not installed.' >&2 - exit 1 - fi - - - if [ -z "${1}" ]; then - echo "Usage: scanNetwork 192.168.2 " - return 1 - fi - - nmap -sP "${1}.0/24"; arp-scan --localnet | grep "${1}.[0-9]* *ether" - - if ! [ -x "$(command -v arp-scan)" ]; then - echo 'Error: arp-scan is not installed.' >&2 - fi -} - -# Quickly ping range of IP adresses and return only those that are online -scanNetwork_ping(){ - - if [ -z "${1}" ]; then - echo "Usage: scanNetwork_ping 192.168.2 " - return 1 - fi - - network="${1}" - - { for i in {1..254}; do ping -c 1 -W 1 ${network}.$i & done } | grep "64 bytes" - -} - - # "Usage: raw2jpg_convert 'ARW|CR2' " raw2jpg_convert(){ @@ -3070,6 +3034,95 @@ https://devhints.io/bash } +# find all active IP addresses in a network +scanNetwork_nmap(){ + + if ! [ -x "$(command -v nmap)" ]; then + echo 'Error: nmap is not installed.' >&2 + exit 1 + fi + + + if [ -z "${1}" ]; then + echo "Usage: scanNetwork 192.168.2 " + return 1 + fi + + nmap -sP "${1}.0/24"; arp-scan --localnet | grep "${1}.[0-9]* *ether" + + if ! [ -x "$(command -v arp-scan)" ]; then + echo 'Error: arp-scan is not installed.' >&2 + fi +} + +# Quickly ping range of IP adresses and return only those that are online +scanNetwork_ping(){ + + if [ -z "${1}" ]; then + echo "Usage: scanNetwork_ping 192.168.2 " + return 1 + fi + + network="${1}" + + { for i in {1..254}; do ping -c 1 -W 1 ${network}.$i & done } | grep "64 bytes" + +} + +# Function to get the local IP and run nmap +nmap_scanNetworkPing() { + # Get the local IP address + local IP=$(hostname -I | awk '{print $1}') + + # Extract the network part of the IP address + local NETWORK=$(echo $IP | awk -F. '{print $1 "." $2 "." $3 ".0/24"}') + + # Run nmap with the constructed network range + sudo nmap -PE -sn -oG - $NETWORK + +} + +# Function to get the local IP and run nmap +nmap_scanNetworkAdvance() { + # Get the local IP address + local IP=$(hostname -I | awk '{print $1}') + + # Extract the network part of the IP address + local NETWORK=$(echo $IP | awk -F. '{print $1 "." $2 "." $3 ".0/24"}') + + # Run nmap with the constructed network range + sudo nmap -sn -oG - $NETWORK +} + +# Function to get the local IP and run nmap +nmap_listScan() { + # Get the local IP address + local IP=$(hostname -I | awk '{print $1}') + + # Extract the network part of the IP address + local NETWORK=$(echo $IP | awk -F. '{print $1 "." $2 "." $3 ".0/24"}') + + # Run nmap with the constructed network range + sudo nmap -sL $NETWORK +} + + +function nmap_bacnet_scanNetwork { +# get the IP address + # Get the local IP address + local IP=$(hostname -I | awk '{print $1}') + + # Extract the network part of the IP address + local NETWORK=$(echo $IP | awk -F. '{print $1 "." $2 "." $3 ".0/24"}') + +echo "Start nmap scan: sudo nmap --script bacnet-info -sU -p 47808 $NETWORK" +echo "" +sudo nmap --script bacnet-info -sU -p 47808 $NETWORK +echo "" + +} + + # -t Tabelle Diese Filterregel gilt für die Tabelle "Tabelle". # -I Chain [Position] Regel wird an Position "Position" der Kette "Chain" eingefügt. Bei Nichtangabe der Position wird die Regel am Anfang der Kette eingefügt. # -A Chain Regel wird an die Kette "Chain" angehängt.