#!/usr/bin/perl # # nmap-search.pl # Written by MadHat (madhat@unspecific.com) # http://www.unspecific.com/nmap/ # # Basically, this will allow you to search through a nmap -oG (grepable) # file to look for specific things and reformat it for you. # # Copyright (c) 2001-2003, MadHat (madhat@unspecific.com) # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the distribution. # * Neither the name of MadHat Productions nor the names of its # contributors may be used to endorse or promote products derived # from this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR # PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # #--------------------------------------- # log directory where nmap-wrapper stored its log files $logdir = "/home/madhat/logs"; #--------------------------------------- # Don't change anything below here #--------------------------------------- $VERSION = '1.1'; if (defined $ENV{'REQUEST_METHOD'}) { use CGI ":standard"; use CGI::Carp "fatalsToBrowser"; print header, start_html('NMAP Search'), "<pre>"; opendir (DIR, $logdir) or die "ERROR: Unable able to open $logdir: $!\n"; @data = readdir(DIR); closedir(DIR); for (@data) { if (/\.nmap$/) { ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size, $atime,$mtime,$ctime,$blksize,$blocks) = stat($_); $mtime = localtime($mtime); $dblabel{$_} = "$_ - $mtime"; push(@dblist, $_); } } if (param('nmapdb')) { if (param('nmapdb') =~ /^\// or param('nmapdb') =~ /\.\./g) { error("problem with DB entry (" . param('nmapdb'). ") lets not try that again"); } $dbfile = param('nmapdb'); } else { $dbfile = "db.nmap"; } if (!param('field') and !param('search')) { print &search_page; exit; } elsif (!param('field') or !param('search')) { error("lack of input data"); } $srch_field = param('field'); $srch_search = param('search'); $html = 1; } else { use Getopt::Std; getopts('f:'); if (!$ARGV[1]) { print "nmap-search v$VERSION - madhat\@unspecific.com\n" . "usage: $0 [-f file] <field> <search>\n\n" . "<field> The field you want to look for (OS, host, port)\n" . "\tmay be shortened to the shortist non-duplicated string\n" . "\tos may be o, host may be h, etc...\n\n" . "<search> is the search string you want to look for\n" . "\tto search for an open port use port/state (21/open)\n\n" . "\tyou can use the bang (!) at the begining of a search\n" . "\tto look for entries that do not contain that string \n" . "\tto look for non Microsoft product, \n" . "\tlook for 'os' and '!microsoft'\n\n" . "\tentries seperated by a space are automatically ORed\n" . "\tbut, the first one will determin the NOT(!) or not...\n" . "\tso, if I used 'OS' for my field and\n" . "\t'!microsoft windows cisco'\n" . "\tthis would find all entries that did not have \n" . "\tmicrosoft, windows or cisco in the OS field.\n" . "[-f file] for the nmap (-oG) file you want to use as the DB\n\n"; exit; } else { $html = ''; if ($opt_f) { $dbfile = $opt_f; } else { $dbfile = "db.nmap"; } $srch_field = $ARGV[0]; $srch_search = $ARGV[1]; } } open (DB, "$dbfile") or error("Can't open DB($dbfile): $!\n"); @data = <DB>; close (DB); if ($srch_search =~ /^!(.+)$/) { print "NOT "; $srch_search = $1; $srch_search_not = 1; } print "searching for $srch_search "; if ($srch_field =~ /^!(.+)$/) { print "NOT "; $srch_field = $1; $srch_field_not = 1; } print "in field $srch_field\n"; $srch_search =~ s/\s+/\|/g; for (@data) { my %entry = (); next if (/^#/ or /^$/); chomp; s/\cM//; my @line = split("\t"); for my $entry (@line) { ($field, $data) = split (":", $entry); $entry{$field} = $data; if ($srch_search_not and !$srch_field_not) { if ($field =~ /^$srch_field/ig and $data !~ /$srch_search/ig) { $flag = 1; } } elsif ($srch_search_not and $srch_field_not) { if ($field !~ /^$srch_field/ig and $data !~ /$srch_search/ig) { $flag = 1; } } elsif (!$srch_search_not and $srch_field_not) { if ($field !~ /^$srch_field/ig and $data =~ /$srch_search/ig) { $flag = 1; } } else { if ($field =~ /^$srch_field/ig and $data =~ /$srch_search/ig) { $flag = 1; } } } if ($flag) { $count++; $output .= "-" x 40 . "\n"; $flag = 0; for $field (sort keys %entry) { $output .= "$field: $entry{$field}\n" unless ($field eq "Ports"); if ($field eq "Ports") { $entry{$field} =~ s/\//\t/ig; $entry{$field} =~ s/\,/\n\t/ig; $output .= "$field:\n"; $output .= "\t$entry{$field}\n"; } } $output .= "\n\n"; } } $count = $count?$count:0; print "$count entries found\n\n"; print "$output"; sub error { ($error) = @_; print start_html("Error") if ($html); print "Error: $error"; exit; } sub search_page { $data = "<form method=post> <center><table> <tr><td align=right>Field:</td><td><input name=field></td></tr> <tr><td align=right>Search:</td><td><input name=search></td></tr> <tr><td align=right>DB to Search:</td><td>"; $data .= popup_menu(-name=>nmapdb, -values=>\@dblist, -labels=>\%dblabel); $data .= "<tr><td colspan=2 align=center><input type=submit></td></tr></table></center> <pre> <b>field</b> The field you want to look for (OS, host, port) may be shortened to the shortist non-duplicated string os may be o, host may be h, etc... <b>search</b> is the search string you want to look for to search for an open port use port/state (21/open) you can use the bang (!) at the begining of a search to look for entries that do not contain that string to look for non Microsoft product, look for 'os' and '!microsoft' entries seperated by a space are automatically ORed but, the first one will determin the NOT(!) or not... so, if I used 'OS' for my field and '!microsoft windows cisco' this would find all entries that did not have microsoft, windows or cisco in the OS field. <b>DB></b> for the nmap (-oG) file you want to use as the DB The files listed are the local DBs The date/time stamp is the date they should have been created. </pre>"; return($data); }
kazbiel