Menu

每日端口监测扫描

2017-11-13 - Linux基础, Linux运维安全

每日端口监测扫描(首发在土司)


#!/bin/bash
PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin"
Time=`date +%Y%m%d`
Result_dir="/root/scan_result"
Scan_port_name=(22 80)
Scan_port=(
21,22,1433,1521,3306,3389
21,80,443,873,2601,7001,8000,8008,8080,8081,8088,8089,8090,8099,8888,9000,9090,9200,10000
)
Scan_list="/root/server.txt"
Mail_group1='[email protected],[email protected]'
Mail_group2='[email protected]'
function MAIL()
{
Mail_f=$1
#if [ `awk '/Open/' $Mail_f | awk '{print $2}'` -eq 0 ];then
if [ 0`awk '/Open/{print $2}' $Mail_f` -eq 0 ];then
mail -r [email protected] -s "每日端口扫描By 64.69发现对外开放端口" $Mail_group1 < $Mail_f
else
mail -r [email protected] -s "每日端口扫描By 64.69发现对外开放端口" $Mail_group2 < $Mail_f fi } function Filter_white2() { IP_white2=`echo -n $IP_white | sed -n 's/\./\\\./gp'` for k in `seq 2 ${White["$j"990]}` do if [[ "${White["$j"99$k]}" -eq "any" ]];then Port=$[$Port-0`awk -vIP="$IP_white" '{if($1==IP){print NF-1}}' $Filter_f`] sed -i -r "s/($IP_white2).*/\1/" $Filter_f break fi grep "$IP_white" $Filter_f | grep -qw " ${White["$j"99$k]}" && Port=$[$Port-1] && sed -i -r "/$IP_white2/s/ +${White["$j"99$k]}\?? / /" $Filter_f done } function Filter_white() { if [ ! -f "/root/white_list" ];then echo "#ip port/any" > "/root/white_list"
fi
White_file="/root/white_list"
White=()
eval $(awk '
BEGIN{
Sign=0
}
{
if($1~/[0-9]\.[0-9]/ && $0!~/#/)
{
Sign++
print "White["Sign"990]="NF
for(i=1;i<=NF;i++) { print "White["Sign"99"i"]="$i } } } END{ print "Sign="Sign }' $White_file) for j in `seq 1 $Sign` do IP_white=${White["$j"991]} grep -q $IP_white $Filter_f && Filter_white2 done IP=$[$IP-`sed -n -r '/[0-9]{1,3}(\.[0-9]{1,3}){3} *$/p' $Filter_f | wc -l`] sed -i -r '/[0-9]{1,3}(\.[0-9]{1,3}){3} *$/d' $Filter_f } function Filter() { Source_f=$1;Filter_f=$2;Port_scan=$3 echo "每日端口扫描By 0.185" > $Filter_f
echo "----------------------------------------------------------------------------------" >> $Filter_f
#printf "IP ADDRESS $Port_scan" >> $Filter_f
echo $Port_scan | awk -F ',' 'BEGIN{printf "IP ADDRESS "}{for(i=1;i<=NF;i++){printf ("%-10s",$i)}}' >> $Filter_f
eval $(awk -vFilter_f=$Filter_f '
BEGIN{
Port=0
IP=0
IP_name=0
}
{
if($0~/Nmap scan/)
{
IP_name=$NF
}
if($1~/\//)
{
# if ("A"$2=="Aopen" && $3!~/?/)
if ("A"$2=="Aopen")
{
if (IP_name!=0)
{
printf ("\n%-20s",IP_name) >> Filter_f
IP++
IP_name=0
}
if($3!~/?/)
{
gsub(/\/.*/,"",$1)
}
else
{
gsub(/\/.*/,"?",$1)
}
printf ("%-10s",$1) >> Filter_f
Port++
}
}
}
END{
printf "\n" >> Filter_f
print "Port="Port
print "IP="IP
}' $Source_f)
Filter_white
echo -e "ALL $Port Dangerous Port Open in $IP IP" >> $Filter_f
echo "发现对外开放端口的主机$IP台、端口$Port个,请各部门检查" >> $Filter_f
echo "----------------------------------------------------------------------------------" >> $Filter_f
}
for i in ${Scan_port_name[@]}
do
#扫描结果文件目录
if [ ! -d "$Result_dir/$i/source$i" ];then
mkdir -p "$Result_dir/$i/source$i"
fi
if [ ! -d "$Result_dir/$i/filter$i" ];then
mkdir -p "$Result_dir/$i/filter$i"
fi
done
for i in `seq 0 $[${#Scan_port_name[@]}-1]`
do
Source_file="$Result_dir/${Scan_port_name[$i]}/source${Scan_port_name[$i]}/source_$Time.txt"
Filter_file="$Result_dir/${Scan_port_name[$i]}/filter${Scan_port_name[$i]}/filter_$Time.txt"
nmap -iL $Scan_list -Pn -n -sV --version-all -p${Scan_port[$i]} > $Source_file 2>/dev/null
Filter $Source_file $Filter_file ${Scan_port[$i]}
MAIL $Filter_file
done