Merge branch 'Rhig-master'

ajdelgado · Aug 22, 2016 · 4a4a6ec · 4a4a6ec
2 parents c953ec8 + efc5b56
commit 4a4a6ec
Showing 1 changed file with 63 additions and 29 deletions.
diff --git a/arp-fingerprint b/arp-fingerprint
@@ -33,6 +33,8 @@ use warnings;
 use strict;
 use Getopt::Std;
 #
+sub get_localnet($);
+#
 my $arpscan="arp-scan -q -r 1";
 #
 # Hash of known fingerprints
@@ -77,7 +79,7 @@ my $arpscan="arp-scan -q -r 1";
 # Cisco IOS	IOS 12.3(15) on Cisco 2503
 # Cisco IOS	IOS 12.4(3) on Cisco 2811
 # Cisco IOS	IOS 12.4(24)T1 on Cisco 1841
-# Cisco IOS	IOS 15.0(1)M on Cisco 7206 (dynamips)
+# Cisco IOS	IOS 15.0(1)M on Cisco 7206 (dynamips) 
 # Solaris 2.5.1	Solaris 2.5.1 (SPARC) on Sun SPARCstation 20
 # Solaris 2.6	Solaris 2.6 (SPARC) on Sun Ultra 5
 # Solaris 7	Solaris 7 (x86) on VMware
@@ -158,7 +160,7 @@ my %fp_hash = (
    '11110100011' => 'MacOS 10.3, FreeBSD 4.3, IRIX 6.5, AIX 4.3, AIX 5.3',
    '10010100011' => 'SCO OS 5.0.7',
    '10110100000' => 'Win 3.11, 95, NT 3.51',
-   '11110000011' => '2.11BSD, 4.3BSD, OpenBSD 3.1, 3.9, 4.8, 5.1, Nortel Contivity 6.00, 6.05, RiscOS 5.19',
+   '11110000011' => '2.11BSD, 4.3BSD, OpenBSD 3.1, OpenBSD 3.9, 4.8, 5.1, Nortel Contivity 6.00, 6.05, RiscOS 5.19',
    '10110110000' => 'NetBSD 2.0.2, 4.0, 5.1',
    '10110111111' => 'PIX OS 4.4, 5.1, 5.2, 5.3, Android 4.1',
    '11110111111' => 'PIX OS 6.0, 6.1, 6.2, ScreenOS 5.0 (transparent), Plan9, Blackberry OS',
@@ -179,16 +181,19 @@ Fingerprint the target system using arp-scan.
         -h Display this usage message.
         -v Give verbose progress messages.
 	-o <option-string> Pass specified options to arp-scan
+	-l Fingerprint all targets in the local net.
 /;
 my %opts;
 my $user_opts="";
 my $verbose;
 my $fingerprint="";
 my $fp_name;
+my @targets;
+my $target;
 #
 # Process options
 #
-die "$usage\n" unless getopts('hvo:',\%opts);
+die "$usage\n" unless getopts('hlvo:',\%opts);
 if ($opts{h}) {
    print "$usage\n";
    exit(0);
@@ -197,55 +202,65 @@ $verbose=$opts{v} ? 1 : 0;
 if ($opts{o}) {
    $user_opts = $opts{o};
 }
-#
-if ($#ARGV != 0) {
+
+#If we're working in localnet mode, we don't need arguments
+if ($#ARGV != 0 && !$opts{l}) {
    die "$usage\n";
 }
-my $target=shift;
+
+if ($opts{l}) {
+   @targets=get_localnet($user_opts);
+} else {
+   @targets=@ARGV;
+}
+
+for $target (@targets) {
+   $fingerprint="";
 #
 # Check that the target is not an IP range or network.
 #
-if ($target =~ /\d+\.\d+\.\d+\.\d+-\d+\.\d+\.\d+\.\d+/ ||
-    $target =~ /\d+\.\d+\.\d+\.\d+\/\d+/ ||
-    $target =~ /\d+\.\d+\.\d+\.\d+:\d+\.\d+\.\d+\.\d+/) {
-   die "argument must be a single IP address or hostname\n";
-}
+   if ($target =~ /\d+\.\d+\.\d+\.\d+-\d+\.\d+\.\d+\.\d+/ ||
+       $target =~ /\d+\.\d+\.\d+\.\d+\/\d+/ ||
+       $target =~ /\d+\.\d+\.\d+\.\d+:\d+\.\d+\.\d+\.\d+/) {
+      die "argument must be a single IP address or hostname\n";
+   }
 #
 # Check that the system responds to an arp-scan with no options.
 # If it does, then fingerprint the target.
 #
-if (&fp("","$target") eq "1") {
+   if (&fp("","$target") eq "1") {
 # 1: source protocol address = localhost
-   $fingerprint .= &fp("--arpspa=127.0.0.1","$target");
+      $fingerprint .= &fp("--arpspa=127.0.0.1","$target");
 # 2: source protocol address = zero
-   $fingerprint .= &fp("--arpspa=0.0.0.0","$target");
+      $fingerprint .= &fp("--arpspa=0.0.0.0","$target");
 # 3: source protocol address = broadcast
-   $fingerprint .= &fp("--arpspa=255.255.255.255","$target");
+      $fingerprint .= &fp("--arpspa=255.255.255.255","$target");
 # 4: source protocol address = non local (network 1 is reserved)
-   $fingerprint .= &fp("--arpspa=1.0.0.1","$target");	# Non-local source IP
+      $fingerprint .= &fp("--arpspa=1.0.0.1","$target");	# Non-local source IP
 # 5: invalid arp opcode
-   $fingerprint .= &fp("--arpop=255","$target");
+      $fingerprint .= &fp("--arpop=255","$target");
 # 6: arp hardware type = IEEE_802.2
-   $fingerprint .= &fp("--arphrd=6","$target");
+      $fingerprint .= &fp("--arphrd=6","$target");
 # 7: invalid arp hardware type
-   $fingerprint .= &fp("--arphrd=255","$target");
+      $fingerprint .= &fp("--arphrd=255","$target");
 # 8: invalid arp protocol type
-   $fingerprint .= &fp("--arppro=0xffff","$target");
+      $fingerprint .= &fp("--arppro=0xffff","$target");
 # 9: arp protocol type = Novell IPX
-   $fingerprint .= &fp("--arppro=0x8137","$target");
+      $fingerprint .= &fp("--arppro=0x8137","$target");
 # 10: invalid protocol address length
-   $fingerprint .= &fp("--arppln=6","$target");
+      $fingerprint .= &fp("--arppln=6","$target");
 # 11: Invalid hardware address length
-   $fingerprint .= &fp("--arphln=8","$target");
+      $fingerprint .= &fp("--arphln=8","$target");
 #
-   if (defined $fp_hash{$fingerprint}) {
-      $fp_name = "$fp_hash{$fingerprint}";
+      if (defined $fp_hash{$fingerprint}) {
+         $fp_name = "$fp_hash{$fingerprint}";
+      } else {
+         $fp_name = "UNKNOWN";
+      }
+      print "$target\t$fingerprint\t$fp_name\n";
    } else {
-      $fp_name = "UNKNOWN";
+      print "$target\tNo Response\n";
    }
-   print "$target\t$fingerprint\t$fp_name\n";
-} else {
-   print "$target\tNo Response\n";
 }
 #
 # Scan the specified IP address with arp-scan using the given options.
@@ -276,3 +291,22 @@ sub fp ($$) {
 
    return $response;
 }
+
+#
+# use -l flag on arp-scan to collect all IPs in the local network
+#
+sub get_localnet($) {
+   my $user_opts = $_[0];
+   my @targets;
+
+   open(ARPSCAN, "$arpscan $user_opts -l |") || die "arp-scan failed";
+   while (<ARPSCAN>) {
+      if (/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\t/) {
+         push @targets, $1;
+      }
+   }
+   close(ARPSCAN);
+
+   die "parse of arp-scan failed" unless @targets;
+   return @targets;
+}