-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSNMPAT.sh
More file actions
526 lines (477 loc) · 17.7 KB
/
SNMPAT.sh
File metadata and controls
526 lines (477 loc) · 17.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
#!/bin/bash
set -euo pipefail
# Script Name: SNMP Audit Tool (SNMPAT)
# Description: This script performs an SNMP audit on a list of subnets and IP addresses using the onesixtyone SNMP scanner. It sorts the subnets and IP addresses, creates a file with SNMP community strings, and scans each subnet/IP one by one. The script then removes duplicate entries from the log file and performs a DNS lookup on each host, prepending the hostname to each line. The script also includes a cleanup section that removes all temporary files, leaving only the final log file.
# Github: wompRS
# Function to handle fatal errors
error_exit() {
echo "Error: $1" >&2
exit 1
}
# Ensure required commands are available
check_dependencies() {
command -v onesixtyone >/dev/null 2>&1 || error_exit "onesixtyone is required but not installed."
command -v dig >/dev/null 2>&1 || error_exit "dig is required but not installed."
}
check_dependencies
trim_entry() {
local entry=${1//$'\r'/}
entry="${entry#${entry%%[![:space:]]*}}"
entry="${entry%${entry##*[![:space:]]}}"
printf '%s' "$entry"
}
is_valid_ipv4() {
local candidate=$1
local IFS=.
read -r o1 o2 o3 o4 <<<"$candidate" || return 1
for octet in "$o1" "$o2" "$o3" "$o4"; do
[[ $octet =~ ^[0-9]+$ ]] || return 1
((octet >= 0 && octet <= 255)) || return 1
done
return 0
}
is_valid_cidr() {
local candidate=$1
local network mask
IFS=/ read -r network mask <<<"$candidate" || return 1
[[ -n ${mask:-} && $mask =~ ^[0-9]+$ ]] || return 1
((mask >= 0 && mask <= 32)) || return 1
is_valid_ipv4 "$network"
}
# Prompt user for SNMP community strings and store them in a temporary file
get_community_strings() {
local default_strings=("public" "community" "default" "admin" "private" "manager" "cisco" "snmp" "network" "monitor" "agent" "trap" "read" "write")
local -a collected_strings=()
declare -A seen_strings=()
local choice cs_input cs_file line entry trimmed
while true; do
echo -e "\e[93mSelect how to build the community string list:\e[0m"
echo "1. Add default list"
echo "2. Add strings manually"
echo "3. Add strings from a file"
echo "4. Finish"
read -rp $'\e[93;1mChoice [1-4]: \e[0m' choice
case "$choice" in
1)
for entry in "${default_strings[@]}"; do
trimmed=$(trim_entry "$entry")
if [[ -n $trimmed && -z ${seen_strings[$trimmed]+x} ]]; then
collected_strings+=("$trimmed")
seen_strings[$trimmed]=1
fi
done
echo -e "\e[92mAdded default community strings.\e[0m"
;;
2)
read -rp $'\e[93;1mEnter community strings (comma or space separated): \e[0m' cs_input
cs_input=${cs_input//,/ }
local -a manual_entries=()
if [[ -n $cs_input ]]; then
read -ra manual_entries <<<"$cs_input"
fi
for entry in "${manual_entries[@]}"; do
trimmed=$(trim_entry "$entry")
if [[ -n $trimmed && -z ${seen_strings[$trimmed]+x} ]]; then
collected_strings+=("$trimmed")
seen_strings[$trimmed]=1
fi
done
if [[ ${#manual_entries[@]} -gt 0 ]]; then
echo -e "\e[92mAdded manual entries.\e[0m"
else
echo -e "\e[93mNo manual entries detected.\e[0m"
fi
;;
3)
read -rp $'\e[93;1mEnter file path: \e[0m' cs_file
if [[ ! -f "$cs_file" ]]; then
echo -e "\e[91mCommunity string file not found: $cs_file\e[0m"
continue
fi
while IFS= read -r line || [[ -n $line ]]; do
line=$(trim_entry "$line")
line=${line//,/ }
[[ -z $line ]] && continue
local -a file_entries=()
read -ra file_entries <<<"$line"
for entry in "${file_entries[@]}"; do
trimmed=$(trim_entry "$entry")
if [[ -n $trimmed && -z ${seen_strings[$trimmed]+x} ]]; then
collected_strings+=("$trimmed")
seen_strings[$trimmed]=1
fi
done
done <"$cs_file"
echo -e "\e[92mLoaded community strings from file.\e[0m"
;;
4)
if [[ ${#collected_strings[@]} -eq 0 ]]; then
echo -e "\e[91mPlease add at least one community string before finishing.\e[0m"
continue
fi
break
;;
*)
echo -e "\e[91mInvalid choice. Please select option 1-4.\e[0m"
;;
esac
if [[ ${#collected_strings[@]} -gt 0 ]]; then
echo -e "\e[94mCurrent community strings (${#collected_strings[@]}):\e[0m"
for entry in "${collected_strings[@]}"; do
echo " - $entry"
done
fi
done
community_file=$(mktemp)
printf "%s\n" "${collected_strings[@]}" >"$community_file"
echo -e "\e[94mUsing ${#collected_strings[@]} community strings for all scans.\e[0m"
trap 'rm -f "$community_file"' EXIT
}
print_progress() {
local current=$1
# Prompt user for SNMP community strings and store them in a temporary file
get_community_strings() {
local default_strings=("public" "community" "default" "admin" "private" "manager" "cisco" "snmp" "network" "monitor" "agent" "trap" "read" "write")
echo -e "\e[93mSelect SNMP community string input:\e[0m"
echo "1. Use default list"
echo "2. Enter strings manually (comma-separated)"
echo "3. Provide path to a file"
read -rp $'\e[93;1mChoice [1-3]: \e[0m' choice
case "$choice" in
2)
read -rp $'\e[93;1mEnter community strings: \e[0m' cs_input
IFS=',' read -ra community_strings <<<"$cs_input"
;;
3)
read -rp $'\e[93;1mEnter file path: \e[0m' cs_file
[[ -f "$cs_file" ]] || error_exit "Community string file not found: $cs_file"
mapfile -t community_strings <"$cs_file"
;;
*)
community_strings=("${default_strings[@]}")
;;
esac
community_file=$(mktemp)
printf "%s\n" "${community_strings[@]}" >"$community_file"
trap 'rm -f "$community_file"' EXIT
}
get_community_strings
# Function to print a progress bar in light green color
print_progress() {
local current=$1 # Arguments: current progress, total, current subnet/IP, entry type
local total=$2
local subnet_ip=$3
local entry_type=$4
local progress=$((current * 100 / total))
local completed=$((progress / 2))
local remaining=$((50 - completed))
local light_green="\e[92m"
local reset_color="\e[0m"
local completed_bar=""
local remaining_bar=""
if ((completed > 0)); then
completed_bar=$(printf "%0.s#" $(seq 1 $completed))
fi
if ((remaining > 0)); then
remaining_bar=$(printf "%0.s-" $(seq 1 $remaining))
fi
printf "\rProgress: ${light_green}[%s%s] %d%%${reset_color} (Scanning %s, %s %d of %d)" "$completed_bar" "$remaining_bar" "$progress" "$subnet_ip" "$entry_type" "$current" "$total"
}
subnets=()
ip_addresses=()
summarize_targets() {
ip2int() {
local a b c d
IFS=. read -r a b c d <<<"$1"
echo $(((a << 24) + (b << 16) + (c << 8) + d))
}
cidr_contains_ip() {
local cidr=$1
local ip=$2
local network mask
IFS=/ read -r network mask <<<"$cidr"
local network_int=$(ip2int "$network")
local ip_int=$(ip2int "$ip")
local mask_int
if ((mask == 0)); then
mask_int=0
else
mask_int=$(((0xFFFFFFFF << (32 - mask)) & 0xFFFFFFFF))
fi
[[ $((network_int & mask_int)) -eq $((ip_int & mask_int)) ]]
}
subnet_host_count() {
local cidr=$1
local _network mask
IFS=/ read -r _network mask <<<"$cidr"
if ((mask == 32)); then
echo 1
else
echo $((2 ** (32 - mask)))
fi
}
dedupe_array() {
local -n input_ref=$1
if ((${#input_ref[@]})); then
mapfile -t input_ref < <(printf '%s\n' "${input_ref[@]}" | awk 'NF' | sort -u)
else
input_ref=()
fi
}
dedupe_array subnets
dedupe_array ip_addresses
echo -e "\e[94mSubnets:\e[0m"
if ((${#subnets[@]} == 0)); then
echo " (none)"
else
for subnet in "${subnets[@]}"; do
printf ' %s (covers %s addresses)\n' "$subnet" "$(subnet_host_count "$subnet")"
done
fi
echo -e "\e[94mIP Addresses:\e[0m"
local -a filtered_ips=()
if ((${#ip_addresses[@]} == 0)); then
echo " (none)"
fi
for ip in "${ip_addresses[@]}"; do
local is_duplicate=false
for subnet in "${subnets[@]}"; do
if cidr_contains_ip "$subnet" "$ip"; then
echo " $ip - Duplicate entry. Scanner will skip. Subnet: $subnet"
is_duplicate=true
break
fi
done
if [[ $is_duplicate == false ]]; then
echo " $ip"
filtered_ips+=("$ip")
fi
done
ip_addresses=("${filtered_ips[@]}")
}
print_current_entries() {
echo "Current list of entries:"
if ((${#subnets[@]} == 0 && ${#ip_addresses[@]} == 0)); then
echo " (none)"
else
for subnet in "${subnets[@]}"; do
[[ -n $subnet ]] && echo " $subnet"
done
for ip in "${ip_addresses[@]}"; do
[[ -n $ip ]] && echo " $ip"
done
fi
}
load_targets_from_file() {
local file_path=$1
local line
while IFS= read -r line || [[ -n $line ]]; do
line=$(trim_entry "$line")
line=${line//,/ }
[[ -z $line ]] && continue
local -a entries=()
read -ra entries <<<"$line"
for entry in "${entries[@]}"; do
add_target_entry "$entry"
done
done <"$file_path"
}
contains_entry() {
local needle=$1
shift || return 1
local item
for item in "$@"; do
[[ $item == "$needle" ]] && return 0
done
return 1
}
add_target_entry() {
local entry=$(trim_entry "$1")
[[ -z $entry ]] && return 0
if is_valid_cidr "$entry"; then
if contains_entry "$entry" "${subnets[@]}"; then
echo "Duplicate subnet entry: $entry"
else
subnets+=("$entry")
fi
elif is_valid_ipv4 "$entry"; then
if contains_entry "$entry" "${ip_addresses[@]}"; then
echo "Duplicate IP address entry: $entry"
else
ip_addresses+=("$entry")
fi
else
echo "Invalid subnet/IP format: $entry"
fi
}
get_community_strings
while true; do
read -p $'\e[93;1mEnter subnet/IP or file: \e[0m' input
if [[ $input == "done" ]]; then
print_current_entries
summarize_targets
if [[ ${#subnets[@]} -eq 0 && ${#ip_addresses[@]} -eq 0 ]]; then
echo "Please re-enter the subnets/IPs."
subnets=()
ip_addresses=()
continue
fi
break
elif [[ $input == *.txt || $input == *.csv ]]; then
if [[ -f $input ]]; then
load_targets_from_file "$input"
print_current_entries
summarize_targets
if [[ ${#subnets[@]} -eq 0 && ${#ip_addresses[@]} -eq 0 ]]; then
echo "Please re-enter the subnets/IPs."
subnets=()
ip_addresses=()
continue
fi
break
else
echo "File not found. Please try again."
fi
else
input=$(trim_entry "$input")
input=${input//,/ }
tokens=()
read -ra tokens <<<"$input"
for token in "${tokens[@]}"; do
token=$(trim_entry "$token")
[[ -z $token ]] && continue
if [[ $token == *.txt || $token == *.csv ]]; then
if [[ -f $token ]]; then
load_targets_from_file "$token"
else
echo "File not found: $token"
fi
else
add_target_entry "$token"
fi
done
print_current_entries
echo "" # Newline for clean output
read -p $'\e[93;1mDo you want to add any more subnets/IPs? (y/n): \e[0m' add_more
case $add_more in
[Yy]*) continue ;;
[Nn]*)
summarize_targets
if [[ ${#subnets[@]} -eq 0 && ${#ip_addresses[@]} -eq 0 ]]; then
echo "Please re-enter the subnets/IPs."
subnets=()
ip_addresses=()
continue
fi
break
;;
*) echo "Please answer yes or no." ;;
esac
fi
done
# Total number of subnets and IP addresses
total_subnets=${#subnets[@]}
total_ip_addresses=${#ip_addresses[@]}
total=$((total_subnets + total_ip_addresses))
# Ensure at least one address was provided
if [[ $total -eq 0 ]]; then
error_exit "No valid subnets or IP addresses provided."
fi
# Print the starting message
echo "" # Newline for clean output
if [[ $total_subnets -eq 0 ]]; then
echo -e "\e[94;1mStarting the scan for insecure SNMP Community Strings on $total_ip_addresses IP addresses.\e[0m"
else
echo -e "\e[94;1mStarting the scan for insecure SNMP Community Strings on $total_subnets subnets and $total_ip_addresses IP addresses.\e[0m"
fi
# Get the start time
start_time=$(date +%s)
# Get the current date and time
now=$(date +"%Y-%m-%d_%H-%M-%S")
current_user=$(whoami)
# Create a new log file with the current date in the name
log_file="$HOME/SNMPAT_log_$now.log"
# Ensure the log file can be created
if ! touch "$log_file"; then
error_exit "Unable to create log file at $log_file"
fi
# Write the date, time, and user info to the top of the log file
echo "SNMPAT started at $now by user $current_user." >"$log_file"
# Scan each subnet/IP one by one
current_index=0
for subnet in "${subnets[@]}"; do
((++current_index))
print_progress "$current_index" "$total" "$subnet" "Subnet"
if ! onesixtyone -c "$community_file" -i <(echo "$subnet") >>"$log_file"; then
echo "Error occurred while scanning subnet: $subnet"
fi
done
for ip in "${ip_addresses[@]}"; do
((++current_index))
print_progress "$current_index" "$total" "$ip" "IP"
if ! onesixtyone -c "$community_file" -i <(echo "$ip") >>"$log_file"; then
echo "Error occurred while scanning IP address: $ip"
for i in "${!subnets[@]}" "${!ip_addresses[@]}"; do
if [[ $i -lt ${#subnets[@]} ]]; then
print_progress "$((i + 1))" "$total" "${subnets[$i]}" "Subnet"
if ! onesixtyone -c "$community_file" -i <(echo "${subnets[$i]}") >>"$log_file"; then
echo "Error occurred while scanning subnet: ${subnets[$i]}"
fi
else
idx=$((i - ${#subnets[@]}))
print_progress "$((i + 1))" "$total" "${ip_addresses[$idx]}" "IP"
if ! onesixtyone -c "$community_file" -i <(echo "${ip_addresses[$idx]}") >>"$log_file"; then
echo "Error occurred while scanning IP address: ${ip_addresses[$idx]}"
fi
fi
done
echo ""
# Perform DNS lookup on each host and prepend hostname to each line
sed -i '/Error in sendto: Permission denied/d' $log_file # Remove the "Error in sendto: Permission denied" line from the log file
sed -i '/Scanning/d' $log_file # Remove the "Scanning" line from the log file
tail -n +5 "$log_file" | awk '{print $1}' | sort -u | while read -r ip; do
if ! hostname=$(dig +short -x "$ip"); then
echo "dig lookup failed for IP: $ip" >&2
continue
fi
if [[ -n $hostname ]]; then
sed -i "s|$ip|$hostname $ip|g" "$log_file"
else
echo "Failed to perform DNS lookup for IP: $ip"
fi
done
# Get the end time of the script
end_time=$(date +%s)
# Calculate the total execution time of the script
total_time=$((end_time - start_time))
# Write the total execution time to the top of the log file on line 3
sed -i "2iSNMPAT completed in $total_time seconds." $log_file
# Count unique IP entries and community strings
unique_ips=$(grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' $log_file | sort -u | wc -l)
unique_communities=$(grep -oP '\[[^\]]+\]' $log_file | sort -u | wc -l)
# Write the counts to the top of the log file
sed -i "3iThere are $unique_ips unique IP entries and $unique_communities unique community strings." $log_file
sed -i "4i------------------------------------------------------" $log_file
echo "" # Newline for clean output
echo "SNMPAT completed. You can view the log file at $log_file"
# Check for results in the log file. If none, write a message.
if [[ $unique_ips -eq 0 ]]; then
echo "" >>"$log_file" # Newline for clean output
echo "No results found using the provided community strings." >>"$log_file"
fi
read -p $'\e[93mDo you want to view the log file now? (yes/no): \e[0m' view_log
case $view_log in
[Yy]* | "") # Accept enter key as "yes"
echo "Thanks for using SNMPAT! Viewing $log_file now." # Newline for clean output
echo "------------------------------------------------------"
cat "$log_file"
;;
[Nn]*)
echo "" # Newline for clean output
echo "Log file not viewed. Thanks for using SNMPAT!"
;;
*)
echo "" # Newline for clean output
echo "Invalid option. Log file not viewed. Thanks for using SNMPAT!"
;;
esac