LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Need Help with Bash Script (https://www.linuxquestions.org/questions/linux-newbie-8/need-help-with-bash-script-4175650130/)

nananie77 03-13-2019 07:56 PM

Need Help with Bash Script
 
Kindly help me find and fix errors in the Bash Script Below, I'm new to Bash.



#!/bin/bash
figlet VulnSCANNER
echo "By Tweneboah & Mildred"
select menu in "SQL" "XSS" "AUTH" "IIRB" "SM"
do
case $menu in

"SQL") # Sql Injection

echo "###################################################"
select ch in "Information Gathering" "vulnerablilty Scan"
do
case $ch in
"Information_gathering")
read -p "Enter IP/Domain name:" name
nmap -vv $name -sV -T4 -oX | grep "PORT" | grep "STATE" | grep "SERVICE" | grep "VERSION" | > open.txt
;;
"domain_information")
read -p "enter the domain:" domain
echo -e "\033[31mwhois information of domain...........\033[m"
nnmap -sV --script=http-sql-injection $domain -oX | grep "^Nmap" | grep -v seconds grep "STATE" | grep "SERVICE" | grep "VERSION"

;;


esac

done

"XSS") # Cros-site Scripting


select ch in "Information Gathering" "vulnerablilty Scan"
do
case $ch in
"Information_gathering")
read -p "Enter IP/Domain name:" name
nmap -vv $name -sV -T4 -oX | grep "PORT" | grep "STATE" | grep "SERVICE" | grep "VERSION" | > open.txt
;;
"vulnerablilty_scan")
read -p "enter the domain:" domain
echo -e "\033[31mwhois information of domain...........\033[m"
nnmap -sV --script=http-sql-injection $domain -oX | grep "^Nmap" | grep -v seconds grep "STATE" | grep "SERVICE" | grep "VERSION"

;;


esac
done




"AUTH") # Broken Authentication and Sesion Management
select ch in "Information Gathering" "vulnerablilty Scan"
do
case $ch in
"Information_gathering")
read -p "Enter IP/Domain name:" name
nmap -vv $name -sV -T4 -oX | grep "PORT" | grep "STATE" | grep "SERVICE" | grep "VERSION" | > open.txt
;;
"vulnerablilty_scan")
read -p "enter the domain:" domain
echo -e "\033[31mwhois information of domain...........\033[m"
nnmap -sV --script=http-sql-injection $domain -oX | grep "^Nmap" | grep -v seconds grep "STATE" | grep "SERVICE" | grep "VERSION"

;;


esac
done
;;

"IIRB") # Insecure Indirect Reference Object
select ch in "Information Gathering" "vulnerablilty Scan"
do
case $ch in
"Information_gathering")
read -p "Enter IP/Domain name:" name
nmap -vv $name -sV -T4 -oX | grep "PORT" | grep "STATE" | grep "SERVICE" | grep "VERSION" | > open.txt
;;
"vulnerablilty_scan")
read -p "enter the domain:" domain
echo -e "\033[31mwhois information of domain...........\033[m"
nnmap -sV --script=http-sql-injection $domain -oX | grep "^Nmap" | grep -v seconds grep "STATE" | grep "SERVICE" | grep "VERSION"

;;


esac
done


"SM") # Security Misconfiguration
select ch in "Information Gathering" "vulnerablilty Scan"
do
case $ch in
"Information_gathering")
read -p "Enter IP/Domain name:" name
nmap -vv $name -sV -T4 -oX | grep "PORT" | grep "STATE" | grep "SERVICE" | grep "VERSION" | > open.txt
;;
"vulnerablilty_scan")
read -p "enter the domain:" domain
echo -e "\033[31mwhois information of domain...........\033[m"
nnmap -sV --script=http-sql-injection $domain -oX | grep "^Nmap" | grep -v seconds grep "STATE" | grep "SERVICE" | grep "VERSION"

;;


esac
done





;;

esac
done

BW-userx 03-13-2019 09:12 PM

code tags, code tags, code tags, code tags, code tags please.

Code:

#!/bin/bash

#figlet VulnSCANNER
echo "By Tweneboah & Mildred"
        select menu in "SQL" "XSS" "AUTH" "IIRB" "SM"
        do
                case $menu in

                "SQL") # Sql Injection

                echo "###################################################"
                select ch in "Information Gathering" "vulnerablilty Scan"
                do
                        case $ch in
                                "Information_gathering")
                                        read -p "Enter IP/Domain name:" name
                                        nmap -vv $name -sV -T4 -oX | grep "PORT" | grep "STATE" | grep "SERVICE" | grep "VERSION" | > open.txt
                        ;;
                                "domain_information")
                                        read -p "enter the domain:" domain
                                        echo -e "\033[31mwhois information of domain...........\033[m"
                                        nnmap -sV --script=http-sql-injection $domain -oX | grep "^Nmap" | grep -v seconds grep "STATE" | grep "SERVICE" | grep "VERSION"
                        ;;
        esac #first case

        done
                #out of place
                #"XSS") # Cros-site Scripting



        select ch in "Information Gathering" "vulnerablilty Scan"
        do
                case $ch in
                        "Information_gathering")
                                        read -p "Enter IP/Domain name:" name
                                        nmap -vv $name -sV -T4 -oX | grep "PORT" | grep "STATE" | grep "SERVICE" | grep "VERSION" | > open.txt
                ;;
                        "vulnerablilty_scan")
                                        read -p "enter the domain:" domain
                                        echo -e "\033[31mwhois information of domain...........\033[m"
                                        nnmap -sV --script=http-sql-injection $domain -oX | grep "^Nmap" | grep -v seconds grep "STATE" | grep "SERVICE" | grep "VERSION"

                ;;


        esac
        done



#out of place
        #"AUTH") # Broken Authentication and Sesion Management

        select ch in "Information Gathering" "vulnerablilty Scan"
        do
                case $ch in
                        "Information_gathering")
                                read -p "Enter IP/Domain name:" name
                                nmap -vv $name -sV -T4 -oX | grep "PORT" | grep "STATE" | grep "SERVICE" | grep "VERSION" | > open.txt
                        ;;
                        "vulnerablilty_scan")
                                read -p "enter the domain:" domain
                                echo -e "\033[31mwhois information of domain...........\033[m"
                                nnmap -sV --script=http-sql-injection $domain -oX | grep "^Nmap" | grep -v seconds grep "STATE" | grep "SERVICE" | grep "VERSION"
                        ;;


                esac
        done
                ;;

                "IIRB") # Insecure Indirect Reference Object
        select ch in "Information Gathering" "vulnerablilty Scan"
        do
                case $ch in
                "Information_gathering")
                        read -p "Enter IP/Domain name:" name
                        nmap -vv $name -sV -T4 -oX | grep "PORT" | grep "STATE" | grep "SERVICE" | grep "VERSION" | > open.txt
                ;;
                "vulnerablilty_scan")
                        read -p "enter the domain:" domain
                        echo -e "\033[31mwhois information of domain...........\033[m"
                        nnmap -sV --script=http-sql-injection $domain -oX | grep "^Nmap" | grep -v seconds grep "STATE" | grep "SERVICE" | grep "VERSION"
                ;;
                esac
        done

                #out of place
        #"SM") # Security Misconfiguration

       
                select ch in "Information Gathering" "vulnerablilty Scan"
                do
                        case $ch in
                        "Information_gathering")
                                read -p "Enter IP/Domain name:" name
                                nmap -vv $name -sV -T4 -oX | grep "PORT" | grep "STATE" | grep "SERVICE" | grep "VERSION" | > open.txt
                        ;;
                        "vulnerablilty_scan")
                                read -p "enter the domain:" domain
                                echo -e "\033[31mwhois information of domain...........\033[m"
                                nnmap -sV --script=http-sql-injection $domain -oX | grep "^Nmap" | grep -v seconds grep "STATE" | grep "SERVICE" | grep "VERSION"
                        ;;


                        esac
        done
        ;;
        esac
done

I commented out and commented on three mistakes. Now it gives a menu to pick from, what exactly you are doing or looking for it to do is beyond me.

nananie77 03-13-2019 10:19 PM

I tried to make more simple, but I still cant make it work. This is the new script I made:

#!/bin/bash

read "Enter IP Address: " ip

while test -n "$@"; do
case "$@" in
"")
echo "Usage: $0 [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]"
RETVAL=1
;;
1|sqli)
nmap -sC -p445 --script smb-vuln-ms17-010.nse $ip > $resul
# Check for vulnerability
valida=$(grep "State: VULNERABLE" $resul | wc -l)
if [ "$valida" != "0" ]; then
echo $IP >> virus/IP.txt
;;
2|xss)
nmap -sC -p445 --script smb-vuln-ms17-010.nse $ip > $resul
# Check for vulnerability
valida=$(grep "State: VULNERABLE" $resul | wc -l)
if [ "$valida" != "0" ]; then
echo $IP >> virus/IP.txt
;;
3|authentication)
nmap -sC -p445 --script smb-vuln-ms17-010.nse $ip > $resul
# Check for vulnerability
valida=$(grep "State: VULNERABLE" $resul | wc -l)
if [ "$valida" != "0" ]; then
echo $IP >> virus/IP.txt
;;
4|session)
nmap -sC -p445 --script smb-vuln-ms17-010.nse $ip > $resul
# Check for vulnerability
valida=$(grep "State: VULNERABLE" $resul | wc -l)
if [ "$valida" != "0" ]; then
echo $IP >> virus/IP.txt
;;
5|IIRO)
nmap -sC -p445 --script smb-vuln-ms17-010.nse $ip > $resul
# Check for vulnerability
valida=$(grep "State: VULNERABLE" $resul | wc -l)
if [ "$valida" != "0" ]; then
echo $IP >> virus/IP.txt
;;
esac
done

Please Help!

frankbell 03-13-2019 10:41 PM

Did you not see BW-userx's suggestion to use code tags, which become available when you click the "Go Advanced" button beneath the "compose post" window? (Once you know what they look like, you can just type them in.)

They make posts of code much easier to parse.

berndbausch 03-13-2019 10:54 PM

Apart from formatting the code so that it becomes readable, you should also tell us precisely what is not working. Start by answering these questions: What to you expect the script to do, what does it do instead, what error messages (if any) are displayed.

Edit:

When you run this script, you get error messages like this:
Code:

$ sh bla.sh
bla.sh: line 3: read: `Enter IP Address: ': not a valid identifier
bla.sh: line 17: syntax error near unexpected token `;;'
bla.sh: line 17: `;;'

General advice: Read the error messages and act upon them.

Specifically, the first code line
Code:

read "Enter IP Address: " ip
violates Bash syntax. The read command doesn't take strings as parameters.

Also, there is a fi missing in line 17. The fi is required to terminate the if.

nananie77 03-14-2019 03:12 AM

Thanks, I'm checking on that now

pan64 03-14-2019 03:22 AM

try to use shellcheck.net to validate your script

nananie77 03-14-2019 03:55 AM

Quote:

Originally Posted by pan64 (Post 5973674)
try to use shellcheck.net to validate your script

After Checking at shell check, I got the the following code:

#!/bin/bash
echo "Enter IP Address: " read IP

while test -n "$@"; do
case "$@" in
"")
echo "Usage: $0 [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]"

;;
1|sqli)
nmap -sC -p445 --script smb-vuln-ms17-010.nse "$IP" > "resul"
# Check for vulnerability
valida=$(grep -c "State: VULNERABLE" "resul")
if [ "$valida" != "0" ]; then
echo "$IP" >> virus/IP.txt

fi
echo "$valida is not = 0"
;;
2|xss)
nmap -sC -p445 --script smb-vuln-ms17-010.nse "$IP" > "resul"
# Check for vulnerability
valida=$(grep -c "State: VULNERABLE" "resul")
if [ "$valida" != "0" ]; then
echo "$IP" >> virus/IP.txt
fi
echo "$valida is not = 0"
;;
3|authentication)
nmap -sC -p445 --script smb-vuln-ms17-010.nse "$IP" > "resul"
# Check for vulnerability
valida=$(grep -c "State: VULNERABLE" "resul")
if [ "$valida" != "0" ]; then
echo "$IP" >> virus/IP.txt

fi
echo "$valida is not = 0"
;;
4|session)
nmap -sC -p445 --script smb-vuln-ms17-010.nse "$IP" > "resul"
# Check for vulnerability
valida=$(grep -c "State: VULNERABLE" "resul")
if [ "$valida" != "0" ]; then
echo "$IP" >> virus/IP.txt

fi
echo "$valida is not = 0"
;;
5|IIRO)
nmap -sC -p445 --script smb-vuln-ms17-010.nse "$IP" > "resul"
# Check for vulnerability
valida=$(grep -c "State: VULNERABLE" "resul")
if [ "$valida" != "0" ]; then
echo "$IP" >> virus/IP.txt

fi
echo "$valida is not = 0"
;;
esac
done


But unfotunately, when I run the code, it goes infite loop:

Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session] [5|IIRO]
Usage: ./scann.sh [1|sqli] [2|xss] [3|authentication] [4|session]^C

pan64 03-14-2019 04:46 AM

again, please use code tags - as it was mentioned earlier.
Obviously your condition in while loop does not work (as expected). You need to rework it.

berndbausch 03-14-2019 04:47 AM

You really have a hard time finding those code tags, don’t you. Direct your eyes a bit lower, and you will see my signature. It contains instructions how to use code tags. I won’t ruin what’s left of my eyesight by looking at your unformatted code.

By the way, how do you run this code? Can you share the precise command you entered?

berndbausch 03-14-2019 05:20 AM

I couldn’t resist checking the code. I will send you the invoice for new eyeglasses.

Your script is a while loop which ends when $@ has a non-zero length. Since you entered no parameters, $@ is empty, and the while loop never stops.

BW-userx 03-14-2019 08:01 AM

OP you really need to stop and take a breath, then put your script aside or a moment then focus your thoughts to, "what are code tags, and how do I use them in here?"

click go advance
click on the # symbol
then place your code in between them tags that the # symbol produced.

After you see what they look like. You can even type them in and they will still work.

grail 03-14-2019 08:04 AM

Please read this :- http://www.catb.org/~esr/faqs/smart-questions.html

And then actually ask a question, which is not ... "Please fix my code that you know nothing about nor what it is or isn't doing?"

JJJCR 03-14-2019 10:12 PM

Quote:

Originally Posted by berndbausch (Post 5973713)
I couldn’t resist checking the code. I will send you the invoice for new eyeglasses.

Your script is a while loop which ends when $@ has a non-zero length. Since you entered no parameters, $@ is empty, and the while loop never stops.

Yes I saw in Ebay an Eyeglass for Coders, it's AI integrated it will auto-highlight which line on the code has errors. :)


All times are GMT -5. The time now is 07:06 PM.