Overclock.net › Forums › Software, Programming and Coding › Coding and Programming › Script help needed badly
New Posts  All Forums:Forum Nav:

Script help needed badly

post #1 of 11
Thread Starter 
Hey guys, I need some major help here. I need to make some sort of script (Any language would do), and I'm totally lost on how to do it...

I'm making a discovery script using nmap; and placing all valid IPs in a simple txt file. We can't use a ping sweep, because some machines are set to not respond to pings. Another reason we want to use nmap, is because it can distinguish between a normal workstation and a printer. So in the end I want a script that will scan a range of IP's, filter out any printers, and list all remaining responding IPs in a text file.

Below is a sample output file for NMAP.

Quote:
Starting Nmap 4.20 ( http://insecure.org ) at 2007-05-08 08:07 Mountain Daylight Time
Initiating Parallel DNS resolution of 1 host. at 08:07
Completed Parallel DNS resolution of 1 host. at 08:07, 0.00s elapsed
Initiating SYN Stealth Scan at 08:07
Scanning impulse.nrcs.usda.gov (199.141.32.10) [1697 ports]
Discovered open port 25/tcp on 199.141.32.10
Discovered open port 22/tcp on 199.141.32.10
Discovered open port 53/tcp on 199.141.32.10
Increasing send delay for 199.141.32.10 from 0 to 5 due to 19 out of 61 dropped probes since last increase.
Increasing send delay for 199.141.32.10 from 5 to 10 due to max_successful_tryno increase to 4
Discovered open port 13782/tcp on 199.141.32.10
Completed SYN Stealth Scan at 08:08, 45.25s elapsed (1697 total ports)
Initiating OS detection (try #1) against impulse.nrcs.usda.gov (199.141.32.10)
Retrying OS detection (try #2) against impulse.nrcs.usda.gov (199.141.32.10)
Retrying OS detection (try #3) against impulse.nrcs.usda.gov (199.141.32.10)
Retrying OS detection (try #4) against impulse.nrcs.usda.gov (199.141.32.10)
Retrying OS detection (try #5) against impulse.nrcs.usda.gov (199.141.32.10)
Host impulse.nrcs.usda.gov (199.141.32.10) appears to be up ... good.
Interesting ports on impulse.nrcs.usda.gov (199.141.32.10):
Not shown: 1693 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
13782/tcp open VeritasNetbackup
No exact OS matches for host (If you know what OS is running on it, see http://insecure.org/nmap/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=4.20%D=5/8%OT=22%CT=1%CU=39332%PV=N%DS=1%G=Y%TM=46408459%P= i686-p
OS:c-windows-windows)SEQ(SP=107%GCD=1%ISR=109%TI=I%II=I%SS=S%TS =7)SEQ(SP=10
OS:7%GCD=2%ISR=109%TI=I%II=I%SS=S%TS=7)SEQ(SP=107% GCD=1%ISR=109%TI=I%II=I%S
OS:S=S%TS=7)OPS(O1=NNT11NW0NNSM5B4%O2=NNT11NW0NNSM 5B4%O3=NNT11NW0M5B4%O4=NN
OS:T11NW0NNSM5B4%O5=NNT11NW0NNSM5B4%O6=NNT11NNSM5B 4)WIN(W1=6028%W2=6198%W3=
OS:6220%W4=6034%W5=6034%W6=60DA)ECN(R=Y%DF=Y%T=40% W=60F4%O=NW0NNSM5B4%CC=N%
OS:Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R= N)T3(R=N)T4(R=Y%DF=Y%T=40
OS:%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W= 0%S=Z%A=S+%F=AR%O=%RD=0%Q
OS:=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T 7(R=N)U1(R=Y%DF=Y%T=FF%TO
OS:S=0%IPL=70%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL =G%RUD=G)IE(R=Y%DFI=Y%T=F
OS:F%TOSI=S%CD=S%SI=S%DLI=S)


Uptime: 69.422 days (since Tue Feb 27 21:01:06 2007)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IPID Sequence Generation: Incremental

OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 57.921 seconds
Raw packets sent: 2695 (122.850KB) | Rcvd: 1764 (83.188KB)
    
CPUMotherboardGraphicsRAM
AMD 64 3500+ Asus A8N SLI Delux 128 MB 1024 MB 
Hard DriveOSMonitorKeyboard
Almost a TB XP Pro Some cheap Flat Panel Wireless Microsoft 
PowerCaseMouseMouse Pad
600 watt embarassing Wireless Microsoft Laser Stooges Baby!! 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AMD 64 3500+ Asus A8N SLI Delux 128 MB 1024 MB 
Hard DriveOSMonitorKeyboard
Almost a TB XP Pro Some cheap Flat Panel Wireless Microsoft 
PowerCaseMouseMouse Pad
600 watt embarassing Wireless Microsoft Laser Stooges Baby!! 
  hide details  
Reply
post #2 of 11
Not knowing anything about nmap, could it filter through an output list from another script? Pretty sure I could make a vbs to get IP's, but not sure on filtering out printers
post #3 of 11
Thread Starter 
I really don't care how this is done, or how many separate scripts are needed. Nmap can help distinguish what's a printer and what's a computer.

I was thinking something like this (Mind you I'm a complete noob when it comes to this stuff): tell Nmap to scan an IP (Easy to do in a script), put the output into a temp .txt file, look for certain parameters like a certain port number and the words Jet Direct. If any ports show up and Jet Direct is not present, then put the IP in another txt file.

Does this make sense??
    
CPUMotherboardGraphicsRAM
AMD 64 3500+ Asus A8N SLI Delux 128 MB 1024 MB 
Hard DriveOSMonitorKeyboard
Almost a TB XP Pro Some cheap Flat Panel Wireless Microsoft 
PowerCaseMouseMouse Pad
600 watt embarassing Wireless Microsoft Laser Stooges Baby!! 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AMD 64 3500+ Asus A8N SLI Delux 128 MB 1024 MB 
Hard DriveOSMonitorKeyboard
Almost a TB XP Pro Some cheap Flat Panel Wireless Microsoft 
PowerCaseMouseMouse Pad
600 watt embarassing Wireless Microsoft Laser Stooges Baby!! 
  hide details  
Reply
post #4 of 11
Show what are all the things you want the script to look for and put into the new file if it appears valid? Would the Jet Direct show up under a port, like so:
PORT STATE SERVICE
1023/open Jet Direct
BlackMesa
(14 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II x6 Gigabyte XFX RF460 16gb G.Skill 
Hard DriveHard DriveOSMonitor
OCZ Vertex2 Sata II Coorsair Force GS Sata III Debian (testing) Shimian 27" 
KeyboardMouse
Filco w/ blue cherries Who needs a mouse? 
  hide details  
Reply
BlackMesa
(14 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II x6 Gigabyte XFX RF460 16gb G.Skill 
Hard DriveHard DriveOSMonitor
OCZ Vertex2 Sata II Coorsair Force GS Sata III Debian (testing) Shimian 27" 
KeyboardMouse
Filco w/ blue cherries Who needs a mouse? 
  hide details  
Reply
post #5 of 11
Pulling out the IP addresses would be really easy with a regular expression.

Quote:
([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})

The only issue is that it pulls out every instance of the same IP.
Main Rig
(15 items)
 
  
Reply
Main Rig
(15 items)
 
  
Reply
post #6 of 11
Thread Starter 
Quote:
Originally Posted by dangerousHobo View Post
Show what are all the things you want the script to look for and put into the new file if it appears valid? Would the Jet Direct show up under a port, like so:
PORT STATE SERVICE
1023/open Jet Direct
It should first look to see if there are any open ports, this tells us if the machine is even on. Then it should look for Jet direct anywhere in the output, and trash the correspong IP.

Quote:
Originally Posted by BFRD View Post
Pulling out the IP addresses would be really easy with a regular expression.


The only issue is that it pulls out every instance of the same IP.
Wouldn't it be easy to eliminate any duplicates?

Again, complete noob here. Forgive me
    
CPUMotherboardGraphicsRAM
AMD 64 3500+ Asus A8N SLI Delux 128 MB 1024 MB 
Hard DriveOSMonitorKeyboard
Almost a TB XP Pro Some cheap Flat Panel Wireless Microsoft 
PowerCaseMouseMouse Pad
600 watt embarassing Wireless Microsoft Laser Stooges Baby!! 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AMD 64 3500+ Asus A8N SLI Delux 128 MB 1024 MB 
Hard DriveOSMonitorKeyboard
Almost a TB XP Pro Some cheap Flat Panel Wireless Microsoft 
PowerCaseMouseMouse Pad
600 watt embarassing Wireless Microsoft Laser Stooges Baby!! 
  hide details  
Reply
post #7 of 11
Very easy. Do you know perl?
It goes to eleven
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6300 DS3 EVGA 8600GTS 2GB XMS2 DDR2-800 
Hard DriveOSMonitorKeyboard
1.294 TB Arch Linux/XP Samsung 226bw Eclipse II 
PowerCaseMouse
Corsair 520HX Lian-Li v1000B Plus G7 
  hide details  
Reply
It goes to eleven
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6300 DS3 EVGA 8600GTS 2GB XMS2 DDR2-800 
Hard DriveOSMonitorKeyboard
1.294 TB Arch Linux/XP Samsung 226bw Eclipse II 
PowerCaseMouse
Corsair 520HX Lian-Li v1000B Plus G7 
  hide details  
Reply
post #8 of 11
Thread Starter 
The only thing I can really do is make batch files.
    
CPUMotherboardGraphicsRAM
AMD 64 3500+ Asus A8N SLI Delux 128 MB 1024 MB 
Hard DriveOSMonitorKeyboard
Almost a TB XP Pro Some cheap Flat Panel Wireless Microsoft 
PowerCaseMouseMouse Pad
600 watt embarassing Wireless Microsoft Laser Stooges Baby!! 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AMD 64 3500+ Asus A8N SLI Delux 128 MB 1024 MB 
Hard DriveOSMonitorKeyboard
Almost a TB XP Pro Some cheap Flat Panel Wireless Microsoft 
PowerCaseMouseMouse Pad
600 watt embarassing Wireless Microsoft Laser Stooges Baby!! 
  hide details  
Reply
post #9 of 11
What is the full nmap output? Is it a large single file with scans from mulitple machines, or one file per scanned machine?
Main Rig
(15 items)
 
  
Reply
Main Rig
(15 items)
 
  
Reply
post #10 of 11
Thread Starter 
Normally it's all machines in one file.
    
CPUMotherboardGraphicsRAM
AMD 64 3500+ Asus A8N SLI Delux 128 MB 1024 MB 
Hard DriveOSMonitorKeyboard
Almost a TB XP Pro Some cheap Flat Panel Wireless Microsoft 
PowerCaseMouseMouse Pad
600 watt embarassing Wireless Microsoft Laser Stooges Baby!! 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AMD 64 3500+ Asus A8N SLI Delux 128 MB 1024 MB 
Hard DriveOSMonitorKeyboard
Almost a TB XP Pro Some cheap Flat Panel Wireless Microsoft 
PowerCaseMouseMouse Pad
600 watt embarassing Wireless Microsoft Laser Stooges Baby!! 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Coding and Programming
Overclock.net › Forums › Software, Programming and Coding › Coding and Programming › Script help needed badly