;---------------------------------------------------------------------
;
; This kixtart script tries to scan your network and
; find any share drives and local usernames is
; possible. It is writen for NT Administartors
; and I do not take any resposibility for malign
; use of it especially with the aggressive scan.
; You can see the scanning results at your screen;
; a report file also will be created on current directory.
;
; All you have to do is to specify the ip range you want to
; scan when you promped with the following syntax :
;
;
;
; *.12.12.* will scan all the addrsses
; from 1 to 254 .12.12. from 1 to 254
; 12.12.[100-110].100 will scan all the addrsses
; 12.12. from 100 to 110 .100
; other valid ip ranges can be:
; *.*.*.* or [1-10].*.[200-223].*
;
;
;
; Please send me your commnents
; or any improvements you have made on it !
;
;
; George Bouras
; bourasg@unisystems.gr
;
;---------------------------------------------------------------------
; Here is just some information boxes and the prompt for the ip range
cls break on
dim $inboxmsg[10]
:chooserange
color r+/n
box(0,0,2,39,double) box(0,40,2,79,double)
box(3,0,5,39,double) box(3,40,5,79,double)
color c+/n
at(1,2) "Local Ip Address : " @ipaddress0
at(1,42) "Local host Name : " @hostname
at(4,2) @mdayno " " @day " " @year " ** " @time
at(4,42) "Current dir : " @curdir
color g+/n box(10,5,14,73,double) color c+/n
at(12,7) " Enter the IP range : " color y+/n gets $string
; Lets check if there are any dots in the range at all !
if len($string)=0 gosub badip goto "chooserange" endif
$n=0
do
$dot=substr($string,$n,1)
if $dot=. goto "dotok" endif
$n=$n+1
until $n=len($string)
gosub badip goto "chooserange" endif
:dotok
:choosemode
color g+/n box(16,5,20,73,double) color c+/n
at(18,7) " Press " color y+/n "1" color c+/n " for Quick" color y+/n
" 2 " color c+/n "for Normal" color y+/n " 3 " color c+/n
"for Aggresive Scan or" color y+/n " X " color c+/n "to exit"
at(23,78) get $mode
if $mode=x goto "end" endif
if $mode=1 or $mode=2 or $mode=3 else goto "choosemode" endif
; -------- Now I am going to analyse the IP range ---------
; -------- and found the boundaries of each octet ---------
$inboxmsg[1] = "Please wait while I analyse"
$inboxmsg[2] = " the IP range"
$boxstyle = double
gosub dosbox
$delimeter=.
gosub split
if $nomore_sub <> 4 gosub badip goto "chooserange" endif
if substr($sector1,1,1)="["
$n=1
do
$dot = substr($sector1,$n,1)
$n=$n+1
if $n=len($sector1) and $dot <> "-" gosub badip goto "chooserange" endif
until $dot="-"
$a1=val(rtrim(ltrim(substr($sector1,2,$n-3))))
$a2=val(rtrim(ltrim(substr($sector1,$n,len($sector1)-$n))))
else if substr($sector1,1,1) <> "*" $a1=val($sector1) $a2=$a1 endif
if substr($sector1,1,1)="*" $a1=1 $a2=254 endif endif
if substr($sector2,1,1)="["
$n=1
do
$dot = substr($sector2,$n,1)
$n=$n+1
if $n=len($sector2) and $dot <> "-" gosub badip goto "chooserange" endif
until $dot="-"
$b1=val(rtrim(ltrim(substr($sector2,2,$n-3))))
$b2=val(rtrim(ltrim(substr($sector2,$n,len($sector2)-$n))))
else if substr($sector2,1,1) <> "*" $b1=val($sector2) $b2=$b1 endif
if substr($sector2,1,1)="*" $b1=1 $b2=254 endif endif
if substr($sector3,1,1)="["
$n=1
do
$dot = substr($sector3,$n,1)
$n=$n+1
if $n=len($sector3) and $dot <> "-" gosub badip goto "chooserange" endif
until $dot="-"
$c1=val(rtrim(ltrim(substr($sector3,2,$n-3))))
$c2=val(rtrim(ltrim(substr($sector3,$n,len($sector3)-$n))))
else if substr($sector3,1,1) <> "*" $c1=val($sector3) $c2=$c1 endif
if substr($sector3,1,1)="*" $c1=1 $c2=254 endif endif
if substr($sector4,1,1)="["
$n=1
do
$dot = substr($sector4,$n,1)
$n=$n+1
if $n=len($sector4) and $dot <> "-" gosub badip goto "chooserange" endif
until $dot="-"
$d1=val(rtrim(ltrim(substr($sector4,2,$n-3))))
$d2=val(rtrim(ltrim(substr($sector4,$n,len($sector4)-$n))))
else if substr($sector4,1,1) <> "*" $d1=val($sector4) $d2=$d1 endif
if substr($sector4,1,1)="*" $d1=1 $d2=254 endif endif
;----------------------------------------------------------------------------------
; ------------- lets count now the total number of IPs we must scan ...
;----------------------------------------------------------------------------------
$n= ($a2-$a1+1)*($b2-$b1+1)*($c2-$c1+1)*($d2-$d1+1)
$inboxmsg[1] = "You select to scan $n"
$inboxmsg[2] = " IP Addresses."
$inboxmsg[3] = " Please wait ..."
$boxstyle = double
gosub dosbox
sleep 2
; ------------- What I have now is the boundaries -----------------------
; ------------- of every octet. -----------------------------------------
; ------------- $a1 and $a2 for the first octet -------------------------
; ------------- $b1 and $b2 for the second octet ------------------------
; ------------- $c1 and $c2 for the third octet -------------------------
; ------------- $d1 and $d2 for the forth octet -------------------------
; ------------- so we can go for the super loop !!! ---------------------
if exist (@curdir + "\cache.log") del @curdir + "\cache.log" endif
if $null=open(1,@curdir + "\cache.log",3) goto "checklog" endif
$inboxmsg[1] = "Could not create the transaction file"
$inboxmsg[2] = " inside the current directory."
$inboxmsg[3] = " Proccess stoped"
$inboxmsg[4] = " Press any key to exit"
$boxstyle = double
gosub dosbox
get $null
goto "end"
:checklog
$null=close(1)
$logfile=@curdir + "\" + @mdayno + @month + @year + "@@" +
substr(@time,1,2) + substr(@time,4,2) + substr(@time,7,2) + ".txt"
if exist($logfile) del $logfile endif
if $null=open(2,$logfile,5) goto "check_nt" endif
$null=close(2)
$inboxmsg[1] = "Could not create the report file"
$inboxmsg[2] = " Proccess stoped."
$inboxmsg[3] = " Press any key to exit."
$boxstyle = double
gosub dosbox
get $null
goto "end"
:check_nt
if $mode=3 else goto "startloop" endif
if @inwin <> 1
$inboxmsg[1] = "Sorry but you can Perform an"
$inboxmsg[2] = " Aggressive scan only from"
$inboxmsg[3] = " an WinNT or Win2000 box"
$inboxmsg[4] = " Press anu key to exit"
$boxstyle = double
gosub dosbox
$null=close(2)
get $null
goto "end"
endif
shell "%comspec% /c global.exe > " + @curdir + "\cache.log" cls
if @error=1 $null="global.exe" goto "notexist" endif
shell "%comspec% /c local.exe > " + @curdir + "\cache.log" cls
if @error=1 $null="local.exe" else goto "startloop" endif
:notexist
$inboxmsg[1] = "I could not locate the file : " + $null
$inboxmsg[2] = "This file is a NT Resource kit utility"
$inboxmsg[3] = "Place this file somewhere to your path"
$inboxmsg[4] = " or install NT resourse kit and try"
$inboxmsg[5] = " again. Press any key to exit"
$boxstyle = double
gosub dosbox
$null=close(2)
get $null
goto "end"
:startloop
color r+/n cls ? ? box(0,0,2,24,single) color c+/n at(1,1)
select case $mode=1 " Quick "
case $mode=2 " Normal "
case $mode=3 "Aggressive "
endselect "scan started" ? ?
; Even if we can a use a loop procedure with four nested
; loops in order to do all the scanning, we are going to
; use two different loop procedures (every one with four
; nested loops) . The one loop procedure will be for the
; quick and normal scan and the other loop procedure will
; be only for the aggressive scan. The reason is to speed
; up the script execution during the scan as many if
; statements will be executed once and not every time a
; new ip address will be proccessed. So may the script
; code will be a litle bit biger but it will finish sooner.
if val($mode) <= 2 goto "scan12" else goto "scan3" endif
; --------- start loop for quick or normal scan ---------
:scan12
$b1_temp=$b1
$c1_temp=$c1
$d1_temp=$d1
while $a2=>$a1
$b1=$b1_temp
while $b2=>$b1
$c1=$c1_temp
while $c2=>$c1
$d1=$d1_temp
while $d2=>$d1
; ****************************************************************
; ************ Here is the code inside the inner loop ************
; ****************************************************************
$ip="$a1.$b1.$c1.$d1"
select
case $mode=1
shell "%comspec% /c ping -n 1 -l 64 -w 1000 " + $ip + " > " + @curdir + "\cache.log"
case $mode=2
shell "%comspec% /c ping -a -n 1 -l 64 -w 2000 " + $ip + " > " + @curdir + "\cache.log"
endselect
; lets wait a litle until the log file created ...
while open(1, @curdir + "\cache.log" ,2) <> 0
sleep 1
loop
readline(1)
readline(1)
$data=readline(1)
if $mode=1 $name="undefined" goto "bypassname" endif
$n=0 $k=0 $dot=""
do
$dot=substr($data,$n,1)
if $dot="[" or $dot="]" $k=$k+1 endif
$n=$n+1
until $n=len($data)
if $k=2 ; this means that the name retreived
$n=0
do
$dot=substr($data,$n,1)
$n=$n+1
until $dot="["
$name=substr($data,9,$n-11)
else ; the name could not be retreived
$name="undefined"
endif
:bypassname
readline(1)
readline(1)
readline(1)
$data=readline(1)
; now I am going to check if the host is alive or not
if substr($data,1,5)="Reply"
$result="alive"
else
$result="down"
endif
select
case $mode=1
color w/n " host " color c+/n $ip chr(9) color w/n " is "
if $result="down" color r+/n else color g+/n endif $result ?
$scan_result="host " + $ip + " is " + $result
case $mode=2
color w/n "host " color c+/n $ip chr(9)
color w/n " with name "
if $name="undefined" color r+/n else color g+/n endif $name
chr(9) color w/n " is "
if $result="down" color r+/n else color g+/n endif $result ?
$scan_result="host " + $ip + " with name " + $name + " is " + $result
endselect
$null=writeline(2,$scan_result+chr(13)+chr(10))
$null=close(1)
; ****************************************************************
; *************** Here stops the code of inner loop **************
; ****************************************************************
$d1=$d1+1
loop
$c1=$c1+1
loop
$b1=$b1+1
loop
$a1=$a1+1
loop
goto "endloop"
; quick or normal scan is stoped
; ****************************************************************
; ****************************************************************
; --------- start loop for aggressive scan ---------
:scan3
$b1_temp=$b1
$c1_temp=$c1
$d1_temp=$d1
while $a2=>$a1
$b1=$b1_temp
while $b2=>$b1
$c1=$c1_temp
while $c2=>$c1
$d1=$d1_temp
while $d2=>$d1
; ****************************************************************
; ************ Here is the code inside the inner loop ************
; ****************************************************************
$ip="$a1.$b1.$c1.$d1"
shell "%comspec% /c ping -a -n 1 -l 64 -w 2000 " + $ip + " > " + @curdir + "\cache.log"
; lets wait a litle until the log file created ...
while open(1, @curdir + "\cache.log" ,2) <> 0
sleep 1
loop
readline(1)
readline(1)
$data=readline(1)
$n=0 $k=0 $dot=""
do
$dot=substr($data,$n,1)
if $dot="[" or $dot="]" $k=$k+1 endif
$n=$n+1
until $n=len($data)
if $k=2 ; this means that the name retreived
$n=0
do
$dot=substr($data,$n,1)
$n=$n+1
until $dot="["
$name=substr($data,9,$n-11)
else ; the name could not be retreived
$name="undefined"
endif
readline(1)
readline(1)
readline(1)
$data=readline(1)
; now I am going to check if the host is alive or not
if substr($data,1,5)="Reply"
$result="alive"
else
$result="down"
endif
color w/n "host " color c+/n $ip chr(9)
color w/n " with name "
if $name="undefined" color r+/n else color g+/n endif $name
chr(9) color w/n " is "
if $result="down" color r+/n else color g+/n endif $result ?
$scan_result="host " + $ip + " with name " + $name + " is " + $result
$null=close(1)
$null=writeline(2,$scan_result+chr(13)+chr(10))
if $result="down" goto "nextip" endif
; Now I am going to Retreive the remote Registered names with
; the use of " nbtstat -A ip " command
color w/n ?
"Please wait. Retreiving remote Registered names of " color c+/n $ip ?
shell "%comspec% /c nbtstat -A " + $ip + " > " + @curdir + "\cache.log"
; lets wait a litle until the log file created ...
while open(1, @curdir + "\cache.log" ,2) <> 0
sleep 1
loop
$null=readline(1)
if substr($null,1,4)=host or len($null)=4 or substr($null,1,5)="There"
color r+/n chr(9)+"could not get values" ? ?
$null=close(1)
goto "resources"
endif
; here is some text formatting commands
do $null=readline(1)
until substr($null,1,11)="MAC Address" $null=readline(1)
$null=writeline(2,chr(13)+chr(10)+"Remote Registered Names for the host "+ $ip +" are")
$null=writeline(2,chr(13)+chr(10)+"-------------------------------------------------------")
$null=writeline(2,chr(13)+chr(10))
color g+/n
do
$null=writeline(2,chr(9)+$null+chr(13)+chr(10))
$null=readline(1)
chr(9) $null ?
until len($null)=0 or @error=-1
$null=writeline(2,chr(13)+chr(10))
$null=close(1)
; ********************************************************************
; ********************************************************************
; ** Here is the code for Trying to Retreive the Remote resources **
; ********************************************************************
; ********************************************************************
:resources
color w/n
"Trying connect to host " color c+/n $ip color w/n " Please wait ... "
use "\\$ip\ipc$"
if @error=0 goto "goodip" endif
use "\\$ip\ipc$" /user:"Administrator" /password:""
if @error<>0 color r+/n " connection failed." ? ? goto "nextip" endif
:goodip
color g+/n " connection succeed !" ? ?
$n=1
do
select
case $n=1 $target="Administrators" $method="local"
case $n=2 $target="Users" $method="local"
case $n=3 $target="Domain Admins" $method="global"
case $n=4 $target="Domain Users" $method="global"
endselect
color w/n
"Retreiving remote $method $target, at host " color c+/n $ip color w/n " Please wait ..." ?
"----------------------------------------------------------------------------" ?
$null=writeline(2,
"Remote " + $method + " " + $target + " at host " + $ip + " are"+chr(13)+chr(10))
$null=writeline(2,"-----------------------------------------------------"+chr(13)+chr(10))
shell "%comspec% /c $method " +'"'+ $target + '" \\$ip > @curdir\cache.log'
; lets wait a litle until the log file created ...
while open(1, @curdir + "\cache.log" ,2) <> 0
sleep 1
loop
if
getfilesize(@curdir + "\cache.log")=0
$null="There are not any " + $method + " " + $target
color r+/n chr(9)+$null color w/n ? ?
$null=writeline(2,chr(9)+$null+chr(13)+chr(10))
goto "nonethere"
endif
$null=readline(1) color g+/n chr(9)+$null ?
do
$null=writeline(2,chr(9)+$null+chr(13)+chr(10))
$null=readline(1)
chr(9)+$null ?
until @error=-1
:nonethere
$null=close(1)
$null=writeline(2,chr(13)+chr(10))
$n=$n+1
until $n=5
$null=close(1)
color w/n
"Discovering remote share resources, at host " color c+/n $ip color w/n " Please wait ..." ?
"----------------------------------------------------------------------------" ?
$null=writeline(2,
"Remote Shares at host " + $ip + " are"+chr(13)+chr(10))
$null=writeline(2,"-----------------------------------------------------"+chr(13)+chr(10))
shell "%comspec% /c net view \\$ip > @curdir\cache.log"
; lets wait a litle until the log file created ...
while open(1, @curdir + "\cache.log" ,2) <> 0
sleep 1
loop
if getfilesize(@curdir + "\cache.log")=0
$null="Could not get shares"
color r+/n chr(9)+$null color w/n ? ?
$null=writeline(2,chr(9)+$null+chr(13)+chr(10))
$null=close(1)
goto "nextip"
endif
if substr(readline(1),1,5)="There" color r+/n
chr(9)+"There is not any share resource" ? ?
$null=writeline(2,chr(9)+
"There is not any share resource"+chr(13)+chr(10)+chr(13)+chr(10))
$null=close(1)
goto "nextip"
endif
; here is some text formatting commands
do $null=readline(1)
until substr($null,1,2)="--" or @error=-1
$null=readline(1)
color g+/n
do
$null ?
$null=writeline(2,chr(9)+$null+chr(13)+chr(10))
$null=readline(1)
until substr($null,1,7)="The com" or @error=-1
$null=writeline(2,chr(13)+chr(10))
$null=close(1) ?
:nextip
; ****************************************************************
; *************** Here stops the code of inner loop **************
; ****************************************************************
$d1=$d1+1
loop
$c1=$c1+1
loop
$b1=$b1+1
loop
$a1=$a1+1
loop
; ---- aggressive loop is stoped
:endloop
$null=close(2)
if exist (@curdir + "\cache.log") del @curdir + "\cache.log" endif
; ******************************************************************
; * *
; * Here is the Repository place for Custom Subroutines *
; * *
; ******************************************************************
goto "end"
; Here is my split Subroutine which brings the power
; of Perl to Kixtart Enviroment. With Split
; SubRoutine, You can split every string which is
; seperated internal with the specified delimiter, to
; sequential array entries. The array is created
; automaticaly with the appropriate length. Unfortune-
; ly in kix if you want to use an array you have to
; declare it at the start. Thats why exist the
; translation table at the end of the code.
; Now it is a piece of cace to edit and procced Ip
; addresses and CSV files.
;
; Before call this SubRoutine you must have specify
; the $string and the $delimeter variables
;
; George Bouras
; netcom@matrix.kapatel.gr
;
:split
$n=0
$n_subrout=1 $k_subrout=0 do
$dot=substr($string,$n_subrout,1)
if $dot=$delimeter $k_subrout=$k_subrout+1 endif
$n_subrout=$n_subrout+1
until $n_subrout=len($string)
dim $sector[$k_subrout+2]
do
$sector[$k_subrout]=""
$k_subrout=$k_subrout-1
until $k_subrout=0 $sector[0]=""
$n_subrout=1 do
$dot=substr($string,$n_subrout,1)
if $dot=$delimeter $k_subrout=$k_subrout+1 goto "skip" endif
$sector[$k_subrout]=$sector[$k_subrout]+$dot
:skip
$n_subrout=$n_subrout+1
until $n_subrout=len($string)+1
$n_subrout=$k_subrout
do
$sector[$n_subrout+1]=ltrim(rtrim($sector[$n_subrout]))
$n_subrout=$n_subrout-1
until $n_subrout=-1
$nomore_sub=$k_subrout + 1
if $nomore_sub => 1 $sector1 = $sector[1] else goto "endsplit" endif
if $nomore_sub => 2 $sector2 = $sector[2] else goto "endsplit" endif
if $nomore_sub => 3 $sector3 = $sector[3] else goto "endsplit" endif
if $nomore_sub => 4 $sector4 = $sector[4] else goto "endsplit" endif
if $nomore_sub => 5 $sector5 = $sector[5] else goto "endsplit" endif
if $nomore_sub => 6 $sector6 = $sector[6] else goto "endsplit" endif
if $nomore_sub => 7 $sector7 = $sector[7] else goto "endsplit" endif
if $nomore_sub => 8 $sector8 = $sector[8] else goto "endsplit" endif
if $nomore_sub => 9 $sector9 = $sector[9] else goto "endsplit" endif
if $nomore_sub => 10 $sector10 = $sector[10] else goto "endsplit" endif
if $nomore_sub => 11 $sector11 = $sector[11] else goto "endsplit" endif
if $nomore_sub => 12 $sector12 = $sector[12] else goto "endsplit" endif
if $nomore_sub => 13 $sector13 = $sector[13] else goto "endsplit" endif
if $nomore_sub => 14 $sector14 = $sector[14] else goto "endsplit" endif
if $nomore_sub => 15 $sector15 = $sector[15] else goto "endsplit" endif
if $nomore_sub => 16 $sector16 = $sector[16] else goto "endsplit" endif
if $nomore_sub => 17 $sector17 = $sector[17] else goto "endsplit" endif
if $nomore_sub => 18 $sector18 = $sector[18] else goto "endsplit" endif
if $nomore_sub => 19 $sector19 = $sector[19] else goto "endsplit" endif
if $nomore_sub => 20 $sector20 = $sector[20] else goto "endsplit" endif
:endsplit
return
; Here is some information about the right syntax of IP range
:badip
cls color g+/n ?
" The IP range you enter has invalid format" ?
" The general syntax of IP range is the following : " ? ?
color y+/n
" a.b.c.d" color g+/n " where every letter can be" ? ?
color y+/n " a number " color g+/n " between 1 and 254" color y+/n ?
" *" color g+/n " for the whole range from 1 to 254" ? color y+/n
" [m-n]" color g+/n " for the range from m to n" ? ?
" Some valid suntaxes are : " ? ? color c+/n
" 192.168.0.2" ? ?
" 10.*.1.[12-14]" ? ?
" [10-11].*.123.[200-212]" ? ?
" *.*.[1-4].[100-110]" ? ? color g+/n
" Press any key to continue ... " get $null color w/n cls
return
; ----- A subroutine to draw a --------------------------------
; ----- message box to the center -----------------------------
; ----- of the scren ------------------------------------------
:dosbox
cls
:dosboxnocls
$n=1
do
$n=$n+1
until $inboxmsg[$n]=""
$startline = 8 - ($n/2)
$startcolumn = 37 - len($inboxmsg[1])/2
color y+/n
box ($startline-1,$startcolumn,$startline+2*$n-1,
$startcolumn+len($inboxmsg[1])+3,$boxstyle)
color c+/n
$n=1
do
at ($startline + 2*$n - 1 , $startcolumn+2) $inboxmsg[$n]
$n=$n+1
until $inboxmsg[$n]=""
at(22,1)
$n=1
do
$inboxmsg[$n]=""
$n=$n+1
until $n=10
return
; -------- End of functions repository --------------------------------
:end
color w/n
