[EMAIL PROTECTED] wrote:
I am working on a script to help find malicious traffic that takes the
supplied ip and port from the user, does a number of checks (reverse
dns, whois, banner grabbing, amap and nmap service fingerprinting), and
then prints the results to a file. My intent is to quickly check blocked
outbound traffic based on firewall logs to find infected machines. I
have most of the script working correctly, except I want to take my nmap
results that are written to a file and search them for the word irc. If
it is found, call the irc subroutine. Nmap outputs correctly, but when I
try to open the file to search it, I get an error stating No such file
or directory. When I check the dir that script is called from, I see the
nmap output being created. What am I doing wrong here?
code excerpt:
# nmap subroutine
sub nmap {
# use nmap for service fingerprinting and write results to
<ip>-results-nmap.txt
my @array = ("nmap", "-sV", "-P0", "-T4", "-o results-nmap.txt", "-p
$port", $ip);
system(@array);
Your problem is that you can either supply a single string to system:
my $cmd = "nmap -sV -P0 -T4 -o results-nmap.txt -p $port $ip";
system $cmd;
Or a list with no extraneous whitespace:
my @cmd = 'nmap', '-sV', '-P0', '-T4', '-o', 'results-nmap.txt', '-p',
$port, $ip;
system @cmd;
But it won't work with a combination of both as in your example.
You should also verify that system() worked correctly:
my @cmd = 'nmap', '-sV', '-P0', '-T4', '-o', 'results-nmap.txt', '-p',
$port, $ip;
0 == system @cmd or die "system @cmd failed: $?";
print ("\n");
print ("Nmap results written to results-nmap.txt\n");
# open results-nmap.txt to search for irc
open (NMAPIRC, "results-nmap.txt") || die ("Could not open
results-nmap.txt to search for irc: $!\n"); #this is as far as the
script gets
# read results-nmap.txt into an array for searching
my @searcharraynmap = <NMAPIRC>;
Or you could just read the output of nmap directly into your array
without the intervening file:
my @searcharraynmap = qx/nmap -sV -P0 -T4 -p $port $ip/;
Or with more control over error messages:
open my $PIPE, '-|', 'nmap', '-sV', '-P0', '-T4', '-p', $port, $ip
or die "Cannot open a pipe from nmap: $!";
my @searcharraynmap = <$PIPE>;
close $PIPE or warn $! ? "Error closing nmap pipe: $!"
: "Exit status $? from nmap";
my $searchresults = grep {'irc'} @searcharraynmap;
Your grep() test is a string which is always true so every element of
@searcharraynmap will be passed through, and you are capturing the
results from grep in a scalar so $searchresults will contain the number
of elements in @searcharraynmap. That could be more simply written as:
my $searchresults = @searcharraynmap;
# print value during testing - remove later
print ("Value of search results (nmap): $searchresults\n");
# call irc subroutine if irc found
if ($searchresults ne "")
That should be:
if ( $searchresults )
{
irc();
}
}
# end nmap subroutine
John
--
Those people who think they know everything are a great
annoyance to those of us who do. -- Isaac Asimov
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
