1 #!/bin/bash
2 #This script name is scan_analyse.sh
3 . /etc/profile
4 echo "start time is $(date)"
5 time=$(date +"%Y-%m-%d")
6 yesterday=`date -d "1 day ago " +"%Y-%m-%d"`
7 work_dir="/root/nmap_scan"
8 now_dir="$work_dir/scan_result/$time"
9 IP='1.1.1.0/24'
10 contact_mail='xx@mail.com'
11 rm -rf $now_dir
12 if [ ! -d "$work_dir/scan_result/$time" ];then
13 mkdir -p $work_dir/scan_diff_result/$time
14 fi
15 rm -rf $work_dir/scan_diff_result/$time/result.log
16 ip_32=`echo $IP|cut -d . -f 1-3`
17 if [ ! -d $now_dir/$ip_32 ];then
18 mkdir -p $now_dir/$ip_32
19 fi
20 for i in {1..254}
21 do
22 nmap -sS -r -n $ip_32.$i |egrep -v "(Starting|scanned)"|egrep "(Nmap|open)" >$now_dir/$ip_32/$ip_32.$i
23 if [ `cat $now_dir/$ip_32/$ip_32.$i|wc -l` -eq 1 ];then
24 rm -rf $now_dir/$ip_32/$ip_32.$i
25 fi
26 done
27 echo "stop time is $(date)"
28 for b in $ip_32
29 do
30 for i in $(ls $now_dir/$b)
31 do
32 if [ ! -f "$work_dir/scan_source/$b/$i" ];then
33 echo "增加新主机 $i,下面是全部信息:">>$work_dir/scan_diff_result/$time/result.log
34 if [ `cat $now_dir/$b/$i|wc -l` -gt 100 ];then
35 echo "开启了所有端口,怀疑是有nat或者负载均衡!">>$work_dir/scan_diff_result/$time/result.log
36 else
37 cat $now_dir/$b/$i>>$work_dir/scan_diff_result/$time/result.log
38 fi
39
40 else
41 if [ `diff -u $now_dir/$b/$i $work_dir/scan_source/$b/$i|egrep -v "(\-\-\-|\+\+\+|@@)"|egrep "(Nmap|\-|\+)"|wc -l` -gt 100 ];then
42 head -n 1 $now_dir/$b/$i>>$work_dir/scan_diff_result/$time/result.log
43 echo "开启了所有端口,怀疑是有nat或者负载均衡!">>$work_dir/scan_diff_result/$time/result.log
44 else
45 diff -u $now_dir/$b/$i $work_dir/scan_source/$b/$i|egrep -v "(\-\-\-|\+\+\+|@@)"|egrep "(Nmap|\-|\+)"|sed -e 's# Nmap scan report for#扫描主机#g'|sed -e 's#^+#关闭了 #g' -e 's#^-#开启了 #g'>>$work_dir/scan_diff_result/$time/result.log
46 fi
47 fi
48 done
49 done
50 if [ `cat $work_dir/scan_diff_result/$time/result.log|wc -l` -eq 0 ];then
51 echo "今日一切正常,没有变化的端口!"|mail -s "【$time】所有IDC机房差异端口扫描结果" $contact_mail
52 else
53 sed -i "1i 大家好: \n 下面是$time日所有IDC机房扫描新增主机或已有主机新增或关闭端口情况,请各项目负责人及时认领与确认.\n" $work_dir/scan_diff_result/$time/result.log
54 cat $work_dir/scan_diff_result/$time/result.log|mail -s "【$time】所有IDC机房差异端口扫描结果" $contact_mail
55 fi
56 rm -rf $work_dir/scan_source/
57 cp -a $work_dir/scan_result/$time $work_dir/scan_source
58 if [ $? -eq 0 ];then
59 echo "运行完成,操作成功!"
60 else
61 echo "运行完成,操作失败!"
62 fi
