LinuxQuestions.org - Problems with Bash Script

- Programming (https://www.linuxquestions.org/questions/programming-9/)

- - Problems with Bash Script (https://www.linuxquestions.org/questions/programming-9/problems-with-bash-script-4175657134/)

Problems with Bash Script

I am pretty new to bash scripting and I am having some problems with the bash script I am tying to create. What it does is it reads in a text file list of sub-domains, then it uses the host command to determine if the sub-domain exists, and prints the domain and IP if it does. Then lastly it runs a masscan on the IP and prints the ports it found.

1.) First problem is this:

Example Output from host command:

root@xss:~# host mail.ru
mail.ru has address 94.100.180.202
mail.ru has address 217.69.139.202
mail.ru has address 94.100.180.200
mail.ru has address 217.69.139.200
mail.ru has IPv6 address 2a00:1148:db00:0:b0b0::1
mail.ru mail is handled by 10 mxs.mail.ru.

If the host command returns more then one IP address, like in the example above, my script only takes the first IP address then ignores the rest. I'd like it to print out all the IP addresses associated with the domain, the n scan them.

2.) The second problem is that the masscan results print on the page, I'd like it to only list the open ports it finds. it currently does this, but it prints it after all the masscan info that I'd like to omit.

I know its a lot of loaded questions, but I'd really appreciate any help.

Below is the script I'm working on.

Code:

#!/bin/bash

# Usage: ./subsearch.sh <Sub Domain List> <Domain>

# Example: ./subsearch.sh sublist yahoo.com





GREEN='\033[0;32m'              #Setup green color to be used in echo commands

NC='\033[0m'                    #This changes color back to normal or no color

RED='\033[0;31m'                #Setup red color to be used in echo statements



for sub in $(cat $1);do {      #Read list of sub-domains from file and determine the IP from host command

        OUTPUT=`host $sub.$2`  #Set output of host command into OUTPUT variable

        DOMAIN=`echo $OUTPUT |cut -d" " -f1`    #Echo domain name into DOMAIN variable

        IP=`echo $OUTPUT |cut -d" " -f4`        #Echo IP address into IP variable

        echo -e "${GREEN}Domain: "$DOMAIN      #Print Domain name

        echo -e "IP:    "$IP                  #Print IP address

        echo -e "${NC}"                                #Change color back to normal

        SCAN=`masscan $IP -p0-65535 --rate 10000`      #Masscan the IP address

        echo -e $SCAN |cut -d" " -f4                    #Print out discoverd open ports

      }

done

PS..I've attached an output of the current script if that helps.

Thanks again.

Just playing around with it for a minute. This might give you an idea.
using mail

Code:

#!/bin/bash

# Usage: ./subsearch.sh <Sub Domain List> <Domain>

# Example: ./subsearch.sh sublist yahoo.com



#  host mail.ru





GREEN='\033[0;32m'              #Setup green color to be used in echo commands

NC='\033[0m'                    #This changes color back to normal or no color

RED='\033[0;31m'                #Setup red color to be used in echo statements

i=0

for sub in $(cat $1);

do {      #Read list of sub-domains from file and determine the IP from host command

        addme=$(host "$sub".$2)

        

        echo $addme

        echo;echo

        #dynamically add values into an array, dynamically

        IP+=$(echo $addme | egrep -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')

        #OUTPUT+=($addme)  #Set output of host command into OUTPUT variable

}

done

 

 #loop populated array to use its contents. 

g=0

for i in ${IP[*]}

do

        echo "IP[$g]= $i"

        #SCAN=`masscan $IP -p0-65535 --rate 10000` 

        SCAN+=$(sudo  masscan "$i" -p0-65535 --rate 10000)

        echo

        ((g++))

done



for d in ${SCAN[*]}

do

        echo

        echo $d

        echo

done

Code:

userx@slack.it.netters:~

$ domains bin/subdomains ru

mail.ru has address 217.69.139.202 mail.ru has address 94.100.180.200 mail.ru has address 94.100.180.202 mail.ru has address 217.69.139.200 mail.ru has IPv6 address 2a00:1148:db00:0:b0b0::1 mail.ru mail is handled by 10 mxs.mail.ru.





IP[0]= 217.69.139.202



Starting masscan 1.0.4 (http://bit.ly/14GZzcT) at 2019-07-10 02:09:31 GMT

 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth

Initiating SYN Stealth Scan

Scanning 1 hosts [65536 ports/host]

                                                                            

IP[1]= 94.100.180.200



Starting masscan 1.0.4 (http://bit.ly/14GZzcT) at 2019-07-10 02:09:53 GMT

 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth

Initiating SYN Stealth Scan

Scanning 1 hosts [65536 ports/host]

                                                                            

IP[2]= 94.100.180.202



Starting masscan 1.0.4 (http://bit.ly/14GZzcT) at 2019-07-10 02:10:14 GMT

 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth

Initiating SYN Stealth Scan

Scanning 1 hosts [65536 ports/host]

                                                                            

IP[3]= 217.69.139.200



Starting masscan 1.0.4 (http://bit.ly/14GZzcT) at 2019-07-10 02:10:34 GMT

 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth

Initiating SYN Stealth Scan

Scanning 1 hosts [65536 ports/host]

                                                                            



Discovered





open





port





443/tcp





on





94.100.180.200





Discovered





open





port





80/tcp





on





94.100.180.202





Discovered





open





port





443/tcp





on





217.69.139.200

Here's a slightly different way of doing it, keeping in line with what you currently have.

Code:

#!/bin/bash



GREEN='\033[0;32m'              #Setup green color to be used in echo commands

NC='\033[0m'                    #This changes color back to normal or no color

RED='\033[0;31m'                #Setup red color to be used in echo statements



subdomain_file=$1

hostname=$2



# Exit unless the file of subdomains exists.

[[ -e "$subdomain_file" ]] || exit



# For each subdomain in the file, try to resolve $sub.$hostname.

# If it's successful, grep will match all IPv4 addresses and send them to the scanning loop.

while read -r sub; do

    while read -r resolved_host; do

        if [[ "$resolved_host" = *"has address"* ]]; then

            domain="${resolved_host%% *}"

            ip="${resolved_host##* }"



            echo -e "${GREEN}Domain: $domain"

            echo -e "IP:    $ip$NC"



            # Send stderr (the banner info, etc.) to /dev/null. It will still print open ports.

            sudo masscan "$ip" -p0-65535 --rate 10000 2>/dev/null | cut -d' ' -f4

        fi

    done <<< "$(host "$sub.$hostname")"

done < <(cat "$subdomain_file")

Thank you both. I found both your posts very helpful. Individual - your post was exactly what I was looking for.

Thanks again,
Scrag

Quote:

Originally Posted by Scrag (Post 6013789)

Thank you both. I found both your posts very helpful. Individual - your post was exactly what I was looking for.

Thanks again,
Scrag

Glad it worked for you. Ignore the grep comment; I was originally using grep to check for IPv4 addresses but realized host prints out "has address" for hosts with IPv4 addresses.