I am working on a script to help find malicious traffic that takes the
supplied ip and port from the user, does a number of checks (reverse dns,
whois, banner grabbing, amap and nmap service fingerprinting), and then
prints the results to a file. My intent is to quickly check blocked
outbound traffic based on firewall logs to find infected machines. I have
most of the script working correctly, except I want to take my nmap results
that are written to a file and search them for the word irc. If it is
found, call the irc subroutine. Nmap outputs correctly, but when I try to
open the file to search it, I get an error stating No such file or
directory. When I check the dir that script is called from, I see the nmap
output being created. What am I doing wrong here?
code excerpt:
# nmap subroutine
sub nmap {
# use nmap for service fingerprinting and write results to
<ip>-results-nmap.txt
my @array = ("nmap", "-sV", "-P0", "-T4", "-o results-nmap.txt", "-p
$port", $ip);
system(@array);
print ("\n");
print ("Nmap results written to results-nmap.txt\n");
# open results-nmap.txt to search for irc
open (NMAPIRC, "results-nmap.txt") || die ("Could not open results-nmap.txt
to search for irc: $!\n"); #this is as far as the script gets
# read results-nmap.txt into an array for searching
my @searcharraynmap = <NMAPIRC>;
my $searchresults = grep {'irc'} @searcharraynmap;
# print value during testing - remove later
print ("Value of search results (nmap): $searchresults\n");
# call irc subroutine if irc found
if ($searchresults ne "")
{
irc();
}
}
# end nmap subroutine
