每日端口监测扫描
#!/bin/bash PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin" Time=`date +%Y%m%d` Result_dir="/root/scan_result" Scan_port_name=(22 80) Scan_port=( 21,22,1433,1521,3306,3389 21,80,443,873,2601,7001,8000,8008,8080,8081,8088,8089,8090,8099,8888,9000,9090,9200,10000 ) Scan_list="/root/server.txt" Mail_group1='1@xxx.com,2@xxx.com' Mail_group2='456@xxx.com' function MAIL() { Mail_f=$1 #if [ `awk '/Open/' $Mail_f | awk '{print $2}'` -eq 0 ];then if [ 0`awk '/Open/{print $2}' $Mail_f` -eq 0 ];then mail -r SecGroup@xxx.com -s "每日端口扫描By 64.69发现对外开放端口" $Mail_group1 < $Mail_f else mail -r SecGroup@xxx.com -s "每日端口扫描By 64.69发现对外开放端口" $Mail_group2 < $Mail_f fi } function Filter_white2() { IP_white2=`echo -n $IP_white | sed -n 's/\./\\\./gp'` for k in `seq 2 ${White["$j"990]}` do if [[ "${White["$j"99$k]}" -eq "any" ]];then Port=$[$Port-0`awk -vIP="$IP_white" '{if($1==IP){print NF-1}}' $Filter_f`] sed -i -r "s/($IP_white2).*/\1/" $Filter_f break fi grep "$IP_white" $Filter_f | grep -qw " ${White["$j"99$k]}" && Port=$[$Port-1] && sed -i -r "/$IP_white2/s/ +${White["$j"99$k]}\?? / /" $Filter_f done } function Filter_white() { if [ ! -f "/root/white_list" ];then echo "#ip port/any" > "/root/white_list" fi White_file="/root/white_list" White=() eval $(awk ' BEGIN{ Sign=0 } { if($1~/[0-9]\.[0-9]/ && $0!~/#/) { Sign++ print "White["Sign"990]="NF for(i=1;i<=NF;i++) { print "White["Sign"99"i"]="$i } } } END{ print "Sign="Sign }' $White_file) for j in `seq 1 $Sign` do IP_white=${White["$j"991]} grep -q $IP_white $Filter_f && Filter_white2 done IP=$[$IP-`sed -n -r '/[0-9]{1,3}(\.[0-9]{1,3}){3} *$/p' $Filter_f | wc -l`] sed -i -r '/[0-9]{1,3}(\.[0-9]{1,3}){3} *$/d' $Filter_f } function Filter() { Source_f=$1;Filter_f=$2;Port_scan=$3 echo "每日端口扫描By 0.185" > $Filter_f echo "----------------------------------------------------------------------------------" >> $Filter_f #printf "IP ADDRESS $Port_scan" >> $Filter_f echo $Port_scan | awk -F ',' 'BEGIN{printf "IP ADDRESS "}{for(i=1;i<=NF;i++){printf ("%-10s",$i)}}' >> $Filter_f eval $(awk -vFilter_f=$Filter_f ' BEGIN{ Port=0 IP=0 IP_name=0 } { if($0~/Nmap scan/) { IP_name=$NF } if($1~/\//) { # if ("A"$2=="Aopen" && $3!~/?/) if ("A"$2=="Aopen") { if (IP_name!=0) { printf ("\n%-20s",IP_name) >> Filter_f IP++ IP_name=0 } if($3!~/?/) { gsub(/\/.*/,"",$1) } else { gsub(/\/.*/,"?",$1) } printf ("%-10s",$1) >> Filter_f Port++ } } } END{ printf "\n" >> Filter_f print "Port="Port print "IP="IP }' $Source_f) Filter_white echo -e "ALL $Port Dangerous Port Open in $IP IP" >> $Filter_f echo "发现对外开放端口的主机$IP台、端口$Port个,请各部门检查" >> $Filter_f echo "----------------------------------------------------------------------------------" >> $Filter_f } for i in ${Scan_port_name[@]} do #扫描结果文件目录 if [ ! -d "$Result_dir/$i/source$i" ];then mkdir -p "$Result_dir/$i/source$i" fi if [ ! -d "$Result_dir/$i/filter$i" ];then mkdir -p "$Result_dir/$i/filter$i" fi done for i in `seq 0 $[${#Scan_port_name[@]}-1]` do Source_file="$Result_dir/${Scan_port_name[$i]}/source${Scan_port_name[$i]}/source_$Time.txt" Filter_file="$Result_dir/${Scan_port_name[$i]}/filter${Scan_port_name[$i]}/filter_$Time.txt" nmap -iL $Scan_list -Pn -n -sV --version-all -p${Scan_port[$i]} > $Source_file 2>/dev/null Filter $Source_file $Filter_file ${Scan_port[$i]} MAIL $Filter_file done