1 #!/bin/bash 2 #This script name is scan_analyse.sh 3 . /etc/profile 4 echo "start time is $(date)" 5 time=$(date +"%Y-%m-%d") 6 yesterday=`date -d "1 day ago " +"%Y-%m-%d"` 7 work_dir="/root/nmap_scan" 8 now_dir="$work_dir/scan_result/$time" 9 IP='1.1.1.0/24' 10 contact_mail='xx@mail.com' 11 rm -rf $now_dir 12 if [ ! -d "$work_dir/scan_result/$time" ];then 13 mkdir -p $work_dir/scan_diff_result/$time 14 fi 15 rm -rf $work_dir/scan_diff_result/$time/result.log 16 ip_32=`echo $IP|cut -d . -f 1-3` 17 if [ ! -d $now_dir/$ip_32 ];then 18 mkdir -p $now_dir/$ip_32 19 fi 20 for i in {1..254} 21 do 22 nmap -sS -r -n $ip_32.$i |egrep -v "(Starting|scanned)"|egrep "(Nmap|open)" >$now_dir/$ip_32/$ip_32.$i 23 if [ `cat $now_dir/$ip_32/$ip_32.$i|wc -l` -eq 1 ];then 24 rm -rf $now_dir/$ip_32/$ip_32.$i 25 fi 26 done 27 echo "stop time is $(date)" 28 for b in $ip_32 29 do 30 for i in $(ls $now_dir/$b) 31 do 32 if [ ! -f "$work_dir/scan_source/$b/$i" ];then 33 echo "增加新主机 $i,下面是全部信息:">>$work_dir/scan_diff_result/$time/result.log 34 if [ `cat $now_dir/$b/$i|wc -l` -gt 100 ];then 35 echo "开启了所有端口,怀疑是有nat或者负载均衡!">>$work_dir/scan_diff_result/$time/result.log 36 else 37 cat $now_dir/$b/$i>>$work_dir/scan_diff_result/$time/result.log 38 fi 39 40 else 41 if [ `diff -u $now_dir/$b/$i $work_dir/scan_source/$b/$i|egrep -v "(---|+++|@@)"|egrep "(Nmap|-|+)"|wc -l` -gt 100 ];then 42 head -n 1 $now_dir/$b/$i>>$work_dir/scan_diff_result/$time/result.log 43 echo "开启了所有端口,怀疑是有nat或者负载均衡!">>$work_dir/scan_diff_result/$time/result.log 44 else 45 diff -u $now_dir/$b/$i $work_dir/scan_source/$b/$i|egrep -v "(---|+++|@@)"|egrep "(Nmap|-|+)"|sed -e 's# Nmap scan report for#扫描主机#g'|sed -e 's#^+#关闭了 #g' -e 's#^-#开启了 #g'>>$work_dir/scan_diff_result/$time/result.log 46 fi 47 fi 48 done 49 done 50 if [ `cat $work_dir/scan_diff_result/$time/result.log|wc -l` -eq 0 ];then 51 echo "今日一切正常,没有变化的端口!"|mail -s "【$time】所有IDC机房差异端口扫描结果" $contact_mail 52 else 53 sed -i "1i 大家好: 下面是$time日所有IDC机房扫描新增主机或已有主机新增或关闭端口情况,请各项目负责人及时认领与确认. " $work_dir/scan_diff_result/$time/result.log 54 cat $work_dir/scan_diff_result/$time/result.log|mail -s "【$time】所有IDC机房差异端口扫描结果" $contact_mail 55 fi 56 rm -rf $work_dir/scan_source/ 57 cp -a $work_dir/scan_result/$time $work_dir/scan_source 58 if [ $? -eq 0 ];then 59 echo "运行完成,操作成功!" 60 else 61 echo "运行完成,操作失败!" 62 fi