Hi, you dont want to ask nmap to determine the OS based on port 23 scan only. so, s/p23// in the second nmap call. hence:
#!/bin/bash # solaris-telnetd-audit.sh IPSFILE="./ips.lst"; # file containing IPs to scan MESSAGE="possible-Solaris-telnet-server-found"; EMAIL="[EMAIL PROTECTED]"; for IP in `cat $IPSFILE` do echo "Trying $IP ..."; if nmap -P0 -n -p23 -sS $IP | grep -i open > /dev/null then if nmap -P0 -n -sV $IP | grep -ie 'SunOS' -ie 'Solaris' > /dev/null then echo "$MESSAGE -> $IP"; echo $IP >> $0.results; fi fi done cat $0.results | mail -s $MESSAGE $EMAIL my 0.02$ Cheers, endrazine- pagvac a écrit : > On 2/17/07, Marcin Antkiewicz <[EMAIL PROTECTED]> wrote: > >> On Sat, 17 Feb 2007, pagvac wrote: >> >>> The following script might also help find Solaris telnet servers on >>> your network. >>> >> [...] >> >> >>> for IP in `cat $IPSFILE` >>> do >>> echo "Trying $IP ..."; >>> if nmap -P0 -n -p23 -sS $IP | grep -i open > /dev/null >>> then >>> if nmap -P0 -n -p23 -sV $IP | grep -ie 'SunOS' -ie 'Solaris' >>> then >>> echo "$MESSAGE on $IP"; echo $IP >> >>> $0.results; echo $IP | mail -s $MESSAGE $EMAIL >>> fi >>> fi >>> done >>> >> The output would be too noisy on a large network. Few weeks ago I ran >> > > Noisy only on the screen/email output. However, notice that *only* the > IP addresses found running Solaris telnet servers are written to the > results file ($0.results). > > Perhaps we should change it to the following so that only one email is > sent with all the IP addresses found: > > #!/bin/bash > > # solaris-telnetd-audit.sh > > IPSFILE="./ips.lst"; # file containing IPs to scan > MESSAGE="possible-Solaris-telnet-server-found"; > EMAIL="[EMAIL PROTECTED]"; > > for IP in `cat $IPSFILE` > do > echo "Trying $IP ..."; > if nmap -P0 -n -p23 -sS $IP | grep -i open > /dev/null > then > if nmap -P0 -n -p23 -sV $IP | grep -ie 'SunOS' -ie > 'Solaris' > /dev/null > then > echo "$MESSAGE -> $IP"; echo $IP >> $0.results; > fi > fi > done > > cat $0.results | mail -s $MESSAGE $EMAIL > > > P.S.: I personally like using genip > [http://www.bindshell.net/tools/genip] for generating lists of IP > addresses. > > >> something that would go like this: >> >> >> ( echo "Sun bxes with telnet"; \ >> nmap -n -P0 -iL list -p 23 -O -oG - | \ >> grep -Ei 'Host.+open.+(Solaris|SunOS)' | \ >> cut -d ' ' -f 2 \ >> ) | mail -s "Check those" [EMAIL PROTECTED] >> >> >> -- >> Marcin Antkiewicz >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/