Linux and Unix Scripting

Linux script (Scan and Port monitoring)

This script will allow you to process 4 things.

1- Scan a domain name

2- Scan scan domain and port

3- Scan a list of port

4- Monitoring port and black IP address and send alarm alert by mail (sendgrid)

————————————————————————————-

 

#!/bin/bash
clear
green=’\033[1;32m’
red=’\e[1;31m’
reset=’\033[0m’

SENDGRID_API_KEY=”<API KEY HERE>”
EMAIL_TO=”<YOUR EMAIL>”
FROM_EMAIL=”<ANYTHING YOU WANT>”
FROM_NAME=”<Server Log Update>”
SUBJECT=”Log Update”

trap ctrl_c INT
function ctrl_c() {
echo -e “\n${red}Ctrl+C Detected… Exiting Script${reset}”
sleep .2
exit 1;
}

script_name=${0##/}
if ! [ $1 ];then
echo -e “${red}USAGE ERROR${reset}\nexample-1:\t $script_name [IP|HOST] (scans most common ports only)”
echo -e “example-2:\t $script_name [IP|HOST] [PORT]”
echo -e “example-3:\t $script_name [IP|HOST] 20/443 ${green}(range divided by ‘/’ symbol)${reset}”
echo -e “example-4:\t ${script_name} use last-argument as => ${green}MONITOR${reset} <= to monitor port scans”
exit 1
fi

well_known=(1 5 7 18 20 21 22 23 25 29 37 42 49 53 69 70 79 80 8443 8080 103 108 109 110 115 118 119 137 139 143 150 156 161 179 190 194 389 396 443 444 445 458 587 547 563 569 1080)

if ! [[ $1 =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]];then
ip=$(ping -c1 -w1 $1 | head -1 | awk ‘{print $3}’ | sed ‘s/(//g;s/)//g’)
else
ip=”$1″
fi

ping -c1 -w1 $ip >/dev/null 2>&1;

if [[ “$?” -ne “0” ]];then
echo -e “${RED}ERRO: Host is down!${reset}”
exit 1
fi

if [[ $# == 1 ]];then
echo “Scannig $1 with most common ports”
for i in “${well_known[@]}”;do
nc -z -w 1 “$ip” $i && echo -e “${green}$ip:$i – UP${reset}” || echo -e “${red}$ip:$i – DOWN${reset}”
done
fi

if [[ $# == 2 ]] && [[ $2 =~ “/” ]];then
start=$(echo “$2” | sed ‘s!/.*!!g’)
end=$(echo “$2” | sed ‘s!.*/!!g’)
echo “SCANNIG $1 WITH IP ADDRESS AND RANGE ($start/$end)”
for i in $(seq $start $end);do
nc -z -w 1 “$ip” $i && echo -e “${green}$ip:$i – UP${reset}” || echo -e “${red}$ip:$i – DOWN${reset}”;
done
exit 0
fi

if [[ $# == 2 ]];then
echo “Scannig $1 with $2 port”
nc -z -w 1 “$ip” $2 && echo -e “${green}$ip:$2 – UP${reset}” || echo -e “${red}$ip:$2 – DOWN${reset}”
fi

if [[ $* =~ “-MONITOR” ]];then
echo -e “${green}MONITORING${reset}”
if ! [[ -e /sbin/iptables ]];then echo -e “${red}you need to install iptables${reset}”; exit 1;fi
iptables -I INPUT -p tcp -m tcp -m state –state NEW -j LOG –log-level 1 –log-prefix “#NEW#”

line_count=$(wc -l /var/log/syslog | awk ‘{print $1}’)

while true;do
new_line_count=$(wc -l /var/log/syslog | awk ‘{print $1}’)
wc -l “/var/log/syslog” | awk {‘printf $1’} &> /dev/null
if [[ $line_count -ne $new_line_count ]];then
line_count=$new_line_count
new_content=$(echo “Log file updated at [$(date +%T)]… Detected incomming connection “)
echo $new_content
log_data=$(cat /var/log/syslog | tail -20 | grep “#NEW#” | awk -F “\n” ‘{printf $1}’|sed “s/.*#NEW//g”;echo)

bodyHTML=”<p>$new_content</p><br>$log_data”
maildata='{“personalizations”: [{“to”: [{“email”: “‘${EMAIL_TO}'”}]}],”from”: {“email”: “‘${FROM_EMAIL}'”,
“name”: “‘${FROM_NAME}'”},”subject”: “‘${SUBJECT}'”,”content”: [{“type”: “text/html”, “value”: “‘${bodyHTML}'”}]}’

curl –request POST \
–url https://api.sendgrid.com/v3/mail/send \
–header ‘Authorization: Bearer ‘$SENDGRID_API_KEY \
–header ‘Content-Type: application/json’ \
–data “‘$maildata'”

fi
sleep 2 # change if you want
done
fi

# you can block ip with this command

# BLOCK -> iptables -A INPUT -s <IP> -j DROP
# UNLOCK -> iptables -D INPUT -s <IP> -j DROP