#!/bin/sh # # Batch-scanner.sh - Vulnerability Scan Add-On for Nessus Copyright (C) 2012 David Marcoux This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ################################################################ # Edit the following variables as necessary # # netsend=1 # (Send popup message to user.) # netsend=0 # (Don't send popup message to user.) netsend=0 netsender="SECURITYADMIN" netsendMsg="Warning: This computer appears to be vulnerable." # email=1 # (Send email to contact address.) # email=0 # (Do not send email to contact address.) email=0 emailSubj="Automated Scan Results" emailBody=" Dear IT support staff, An automated scan indicates that patch X is not installed. Regards, SECURITYADMIN " user=MyNessusUsername (usually root) pass=MyNessusPassword host=MyNessusServerHost (usually localhost) port=MyNessusServerPortNumber (usually 1241) ################################################################## # DO NOT EDIT ANY VARIABLES OR CODE BELOW THIS POINT # nessus=/usr/local/bin/nessus inputfile=$1 ipblocknum=0 starttime=`date` ################################################################### # If the user provides no parameters then display usage hint # if [ $# -lt 1 ]; then echo -e "\nUsage: $./batch-scanner [results dir]\n" exit fi ################################################################### # Write some startup information to the screen # echo " Nessus Batch Scanner version: 0.4b Send Email flag=$email Send Popup flag=$netsend " ################################################################### # Establish the output directory and location for temp files # echo " " if [ $# -eq 2 ]; then outputdir=$2 if [ ! -d $outputdir ]; then mkdir $outputdir > /dev/null 2>&1 fi else outputdir=/tmp fi reportfile=$outputdir/ScanReport.csv echo "Writing results to directory: $outputdir" tmpinputfile=/tmp/$$.input.tmp tmpEmailMsg=/tmp/$$.email.tmp tmpVulnInfo=/tmp/$$.vulninfo.tmp tmpVulnInfoUnsorted=/tmp/$$.vulninfounosrted.tmp tmpnmbparse=/tmp/$$.nmbparse.tmp ipaddrlist=/tmp/$$.ipaddrlist.tmp ################################################################### # Begin processing the input file, scanning and reporting # cat $1 | while read target_description target_ip_range email_contact do vulnsyscount=0 ############################################################### # Establish input and output files for the current IP address block # echo $target_ip_range > $tmpinputfile outputfile=$outputdir/$target_description.txt if [ -f $outputfile ]; then echo " Warning: Overwriting existing file: $outputfile" fi ############################################################### # Perform the actual Nessus scan and write an HTML log file # let "ipblocknum += 1" echo "Scanning IP Range #$ipblocknum: $target_ip_range ($target_description) ..." $nessus -T txt -q $host $port $user $pass $tmpinputfile $outputfile rm $tmpinputfile ################################################################ # Search the HTML log file for the IP addresses of vulnerable systems # grep -e '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\} (Security' $outputfile | awk '{print $1 " " $3}' > $ipaddrlist scantime=`date '+%d-%b %H:%M %Z'` ################################################################ # For every IP addresses in the HTML log file, do the following # cat $ipaddrlist | while read ipaddr severity do let "vulnsyscount += 1" ############################################################ # Gather NMB info from the current IP address # nmblookup -A $ipaddr > $tmpnmbparse # reset variables from previous nmb query domain= hostname= username= domain=`egrep '<00> - ' $tmpnmbparse | awk '{ print $1 }' | sort -u` hostname=`egrep '<00> - ' $tmpnmbparse | awk '{ print $1 }' | sort -u` username=`egrep '<03>' $tmpnmbparse | tail -1 | awk '{ print $1 }' ` dnsname=`host $ipaddr | grep pointer | awk '{ print $5 }' ` if [ "$username" = "$hostname" ];then username= fi smbinfo=`echo $domain $hostname $username` if [ ! -f $reportfile ];then echo -e 'IP Address,Scan Time,Location,Domain,Hostname,Username,DNS,Severity' >> $reportfile fi echo -e $ipaddr,$scantime,$target_description,$domain,$hostname,$username,$dnsname,$severity >> $reportfile echo -e $ipaddr '\t' $smbinfo >> $tmpVulnInfoUnsorted ############################################################ # Send Pop up message # if [ $netsend -eq 1 ]; then echo $netsendMsg |smbclient -U $netsender -I "$ipaddr" -M `nmblookup -A "$ipaddr"|sed -e '1d' -e '3,/*/d'|cut -f2|cut -d' ' -f1` > /dev/null 2>&1 if [ $? -eq 0 ]; then echo " Popup sent to $ipaddr. Success.." else echo " Popup sent to $ipaddr. Failed.." fi else echo " Vulnerable system identified: $ipaddr." fi done rm $ipaddrlist ############################################################### # If the scan finds vulnerable systems, do the following # if [ $vulnsyscount -gt 0 ];then echo " Found $vulnsyscount vulnerable systems." if [ $email -eq 1 ];then if [ ! "$email_contact" = "NULL" ];then #sort $tmpVulnInfoUnsorted > $tmpVulnInfo cp $tmpVulnInfoUnsorted $tmpVulnInfo rm $tmpVulnInfoUnsorted echo " Sending email to $email_contact." echo -e "$emailBody " > $tmpEmailMsg echo -e "Location :\t $target_description" >> $tmpEmailMsg echo -e "Scan Time:\t $scantime" >> $tmpEmailMsg echo -e "IP Range :\t $target_ip_range" >> $tmpEmailMsg echo -e "Sys Total:\t $vulnsyscount \n\n" >> $tmpEmailMsg cat $tmpVulnInfo >> $tmpEmailMsg echo -e "\n" >> $tmpEmailMsg mail -s "$emailSubj" $email_contact < $tmpEmailMsg rm $tmpVulnInfo $tmpEmailMsg else echo " No valid email address. Email not sent." fi fi fi done echo " " echo "Results dir: $outputdir " echo "Start Time: $starttime " echo "Finish Time: `date` " echo " "