nmap+diff实现自动化扫描,并发送邮件
NMap,英文是Network Mapper,最早是Linux下的网络扫描和嗅探工具包。软件简介nmap是一个网络连接端扫描软件,用来扫描网上电脑开放的网络连接端。
CentOS安装nmap端口查看工具
一、安装nmap
yum install nmap #输入y安装
安装完后我们可以在随意一个地方建一个*.sh文件,脚本内容如下:
#!/bin/bash
#author:zrh
NETWORK="172.25.0.0/24"
mail_user="[email protected]"
time=$(date -d "today" +%Y-%m-%d)
hostname=$(hostname)
send_mail () {
echo "$1" | mail -s "Port survival detection in $hostname - $time" $mail_user
}
send_mail2 () {
echo "$1" | mail -s "Port already change in $hostname - $time" $mail_user
}
nmap_port1 () {
cd /nmap
if [ $? -eq 0 ]; then
cd /nmap
nmap -sS $NETWORK > nmap1.txt
send_mail "`cat nmap1.txt`"
echo "`cat nmap1.txt`"
else
mkdir /nmap
nmap -sS $NETWORK > nmap1.txt
send_mail "`cat nmap1.txt`"
echo "`cat nmap1.txt`"
fi
}
nmap_port2() {
cd /nmap
nmap -sS $NETWORK > nmap2.txt
diff nmap1.txt nmap2.txt > nmap3.txt
cat nmap3.txt | grep "/tcp"
if [ $? -eq 0 ];then
diff nmap1.txt nmap2.txt > nmap3.txt
a=$(cat nmap1.txt | grep "tcp" | wc -l)
b=$(cat nmap2.txt | grep "tcp" | wc -l)
if [ $a -gt $b ]; then
reduce=$(cat nmap3.txt | grep "tcp" | cut -c "3-10" | cut -d/ -f1)
send_mail2 "The $hostname reduces port with $reduce port `cat nmap3.txt` "
else
if [ $a -lt $b ];then
increase=$(cat nmap3.txt | grep "tcp" | cut -c "3-10" | cut -d/ -f1)
send_mail2 "The $hostname increases port with $increase ports `cat nmap3.txt` "
break
fi
fi
else
send_mail "The port is unchanged"
fi
}
$1
crontab () {
cat /etc/crontab | grep "bash $0 nmap_port2"
if [ $? -eq 0 ]; then
echo "The port test has been written to the time task, and 00:00 will perform the task"
else
echo "0 0 * * * bash $0 nmap_port2" >> /etc/crontab
fi
}
line(){
echo "Please echo \"test\""
echo "If you check your script file please input \"nmap_port/nmap_port2\" "
}
line
test () {
nmap_port1
crontab
}
$1
以上的脚本我们就可以随时检查主机所在的网段端口的变化情况。