Network Penetration Testing Scripts

This webpage provides Bash and PowerShell scripts for network penetration testing. Follow the instructions below to install and use these scripts effectively.

1. Bash Script

Installation on Linux

To install the necessary tools on your Linux system, use the following command:

sudo apt-get install nmap whois dnsutils traceroute curl openssl tcpdump

Installation on Termux

To install the necessary tools on Termux, use the following commands:

pkg update && pkg upgrade

pkg install nmap whois dnsutils curl openssl-tool tcpdump

Usage

./network_pentest.sh <target>

Replace <target> with the domain or IP address you want to test.

Functionality

The Bash script performs the following tasks:

Information Gathering: Collects WHOIS data, DNS records, and traceroute information.
Port Scanning: Uses Nmap to scan for open ports and vulnerabilities.
ICMP Checks: Tests for IPv4 and IPv6 connectivity using ping.
DMZ Check: Checks for DMZ configurations using Nmap.
OS Detection: Identifies the operating system of the target.
HTTP Analysis: Analyzes HTTP services and enumerates them.
SSL/TLS Check: Checks SSL/TLS configurations.
Traffic Monitoring: Captures network traffic for a specified duration.
AS Scanning: Identifies the Autonomous System associated with the target.
Report Generation: Compiles all findings into a report.

Code

#!/bin/bash

# Check for domain input
if [ "$#" -lt 1 ]; then
    echo "Usage: $0 <target>"
    exit 1
fi

TARGET=$1
RESULTS_DIR="network_pentest_$(date +'%Y%m%d_%H%M%S')"
mkdir -p "$RESULTS_DIR"

# Function to collect information
collect_info() {
    echo "Collecting information for $TARGET..."
    whois "$TARGET" | grep -i "origin" >> "$RESULTS_DIR/whois_info.txt"
    dig "$TARGET" ANY +short >> "$RESULTS_DIR/dns_info.txt"
    traceroute "$TARGET" >> "$RESULTS_DIR/topology.txt"
    nslookup "$TARGET" >> "$RESULTS_DIR/nslookup_info.txt"
    whois "$TARGET" >> "$RESULTS_DIR/full_whois_info.txt"
}

# Function to scan ports and vulnerabilities
scan_ports() {
    echo "Scanning ports for $TARGET..."
    nmap -p- --open -T4 "$TARGET" -oN "$RESULTS_DIR/nmap_scan.txt"
    nmap --script=vuln "$TARGET" >> "$RESULTS_DIR/vulnerability_scan.txt"
    nmap -sV "$TARGET" >> "$RESULTS_DIR/service_scan.txt"
}

# Function to check ICMP
check_icmp() {
    echo "Checking ICMP connectivity for $TARGET (IPv4)..."
    ping -c 4 "$TARGET" >> "$RESULTS_DIR/icmp_v4_results.txt" || echo "ICMP failed for $TARGET" >> "$RESULTS_DIR/icmp_v4_results.txt"
    echo "Checking ICMPv6 connectivity for $TARGET (IPv6)..."
    ping6 -c 4 "$TARGET" >> "$RESULTS_DIR/icmp_v6_results.txt" || echo "ICMPv6 failed for $TARGET" >> "$RESULTS_DIR/icmp_v6_results.txt"
}

# Function to check DMZ
check_dmz() {
    echo "Checking for DMZ configuration..."
    nmap -sS -p 1-1024 "$TARGET" --open -oN "$RESULTS_DIR/dmz_check.txt"
}

# Function to identify operating system
check_os() {
    echo "Identifying operating system for $TARGET..."
    nmap -O "$TARGET" >> "$RESULTS_DIR/os_detection.txt"
}

# Function to analyze HTTP
analyze_http() {
    echo "Analyzing HTTP services..."
    curl -I "$TARGET" >> "$RESULTS_DIR/http_analysis.txt"
    nmap -p 80,443 --script=http-enum "$TARGET" >> "$RESULTS_DIR/http_enum.txt"
}

# Function to check SSL/TLS
check_ssl() {
    echo "Checking SSL/TLS configurations..."
    echo | openssl s_client -connect "$TARGET:443" -servername "$TARGET" 2>/dev/null | openssl x509 -text >> "$RESULTS_DIR/ssl_check.txt"
}

# Function to monitor traffic
monitor_traffic() {
    echo "Monitoring traffic on $TARGET..."
    sudo tcpdump -i any -w "$RESULTS_DIR/traffic_capture.pcap" &
    sleep 60  # Duration of monitoring
    kill $!
}

# Function to check AS information
check_as() {
    echo "Checking Autonomous System information for $TARGET..."
    whois -h whois.cymru.com " -v $TARGET" >> "$RESULTS_DIR/as_info.txt"
}

# Function to generate report
generate_report() {
    echo "Generating report..."
    {
        echo "Network PenTest Report for $TARGET"
        echo "===================="
        cat "$RESULTS_DIR/whois_info.txt"
        cat "$RESULTS_DIR/dns_info.txt"
        cat "$RESULTS_DIR/nslookup_info.txt"
        cat "$RESULTS_DIR/full_whois_info.txt"
        cat "$RESULTS_DIR/topology.txt"
        cat "$RESULTS_DIR/nmap_scan.txt"
        cat "$RESULTS_DIR/vulnerability_scan.txt"
        cat "$RESULTS_DIR/service_scan.txt"
        cat "$RESULTS_DIR/os_detection.txt"
        cat "$RESULTS_DIR/icmp_v4_results.txt"
        cat "$RESULTS_DIR/icmp_v6_results.txt"
        cat "$RESULTS_DIR/dmz_check.txt"
        cat "$RESULTS_DIR/http_analysis.txt"
        cat "$RESULTS_DIR/http_enum.txt"
        cat "$RESULTS_DIR/ssl_check.txt"
        cat "$RESULTS_DIR/as_info.txt"
    } > "$RESULTS_DIR/report.txt"
}

# Execute functions
collect_info
scan_ports
check_icmp
check_dmz
check_os
analyze_http
check_ssl
monitor_traffic
check_as
generate_report

echo "Penetration test completed. Reports saved in $RESULTS_DIR."

2. PowerShell Script

Installation on Windows

Make sure you have the following tools installed:

Nmap
whois (available in Windows Subsystem for Linux or as a standalone tool)
curl
OpenSSL

To install Nmap, visit: Nmap Download

Usage

.\network_pentest.ps1 -Target <target>

Replace <target> with the domain or IP address you want to test.

Functionality

The PowerShell script performs similar tasks as the Bash script:

Information Gathering: Collects WHOIS data, DNS records, and traceroute information.
Port Scanning: Uses Nmap to scan for open ports and vulnerabilities.
ICMP Checks: Tests for IPv4 and IPv6 connectivity using ping.
DMZ Check: Checks for DMZ configurations using Nmap.
OS Detection: Identifies the operating system of the target.
HTTP Analysis: Analyzes HTTP services and enumerates them.
SSL/TLS Check: Checks SSL/TLS configurations.
Traffic Monitoring: Captures network traffic for a specified duration.
AS Check: Retrieves AS information for the target.
Report Generation: Compiles all findings into a report.

Code

param (
    [string]$Target
)

if (-not $Target) {
    Write-Host "Usage: .\network_pentest.ps1 -Target <target>"
    exit 1
}

$resultsDir = "network_pentest_$(Get-Date -Format 'yyyyMMdd_HHmmss')"
New-Item -ItemType Directory -Path $resultsDir

# Function to collect information
function Collect-Info {
    Write-Host "Collecting information for $Target..."
    whois $Target | Select-String "Origin" | Out-File "$resultsDir\whois_info.txt"
    nslookup $Target | Out-File "$resultsDir\nslookup_info.txt"
    Resolve-DnsName $Target | Out-File "$resultsDir\dns_info.txt"
    tracert $Target | Out-File "$resultsDir\traceroute_info.txt"
    whois $Target | Out-File "$resultsDir\full_whois_info.txt"
}

# Function to scan ports and vulnerabilities
function Scan-Ports {
    Write-Host "Scanning ports for $Target..."
    nmap -p- --open -T4 $Target -oN "$resultsDir\nmap_scan.txt"
    nmap --script=vuln $Target | Out-File "$resultsDir\vulnerability_scan.txt"
    nmap -sV $Target | Out-File "$resultsDir\service_scan.txt"
}

# Function to check ICMP
function Check-ICMP {
    Write-Host "Checking ICMP connectivity for $Target (IPv4)..."
    Test-Connection -ComputerName $Target -Count 4 | Out-File "$resultsDir\icmp_v4_results.txt"
    Write-Host "Checking ICMPv6 connectivity for $Target (IPv6)..."
    Test-Connection -ComputerName $Target -Count 4 -AddressFamily IPv6 | Out-File "$resultsDir\icmp_v6_results.txt"
}

# Function to check DMZ
function Check-DMZ {
    Write-Host "Checking for DMZ configuration..."
    nmap -sS -p 1-1024 $Target --open -oN "$resultsDir\dmz_check.txt"
}

# Function to identify operating system
function Check-OS {
    Write-Host "Identifying operating system for $Target..."
    nmap -O $Target | Out-File "$resultsDir\os_detection.txt"
}

# Function to analyze HTTP
function Analyze-HTTP {
    Write-Host "Analyzing HTTP services..."
    Invoke-WebRequest -Uri $Target -Method Head | Out-File "$resultsDir\http_analysis.txt"
    nmap -p 80,443 --script=http-enum $Target | Out-File "$resultsDir\http_enum.txt"
}

# Function to check SSL/TLS
function Check-SSL {
    Write-Host "Checking SSL/TLS configurations..."
    $ssl = New-Object Net.Security.SslStream([Net.Sockets.TcpClient]::new($Target, 443).GetStream(), $false, { $true })
    $ssl.AuthenticateAsClient($Target)
    $ssl.RemoteCertificate | Out-File "$resultsDir\ssl_check.txt"
}

# Function to monitor traffic
function Monitor-Traffic {
    Write-Host "Monitoring traffic on $Target..."
    Start-Process tcpdump -ArgumentList "-i any -w $resultsDir\traffic_capture.pcap"
    Start-Sleep -Seconds 60  # Duration of monitoring
    Stop-Process -Name "tcpdump"
}

# Function to check AS information
function Check-AS {
    Write-Host "Checking Autonomous System information for $Target..."
    whois -h whois.cymru.com " -v $Target" | Out-File "$resultsDir\as_info.txt"
}

# Function to generate report
function Generate-Report {
    Write-Host "Generating report..."
    Get-Content "$resultsDir\whois_info.txt" +
    Get-Content "$resultsDir\dns_info.txt" +
    Get-Content "$resultsDir\nslookup_info.txt" +
    Get-Content "$resultsDir\full_whois_info.txt" +
    Get-Content "$resultsDir\traceroute_info.txt" +
    Get-Content "$resultsDir\nmap_scan.txt" +
    Get-Content "$resultsDir\vulnerability_scan.txt" +
    Get-Content "$resultsDir\service_scan.txt" +
    Get-Content "$resultsDir\os_detection.txt" +
    Get-Content "$resultsDir\icmp_v4_results.txt" +
    Get-Content "$resultsDir\icmp_v6_results.txt" +
    Get-Content "$resultsDir\dmz_check.txt" +
    Get-Content "$resultsDir\http_analysis.txt" +
    Get-Content "$resultsDir\http_enum.txt" +
    Get-Content "$resultsDir\ssl_check.txt" +
    Get-Content "$resultsDir\as_info.txt" | Out-File "$resultsDir\report.txt"
}

# Execute functions
Collect-Info
Scan-Ports
Check-ICMP
Check-DMZ
Check-OS
Analyze-HTTP
Check-SSL
Monitor-Traffic
Check-AS
Generate-Report

Write-Host "Penetration test completed. Reports saved in $resultsDir."

Best Practices

Always obtain permission before conducting penetration tests on any network.
Perform tests in a controlled environment to prevent accidental damage.
Carefully review the generated reports for critical vulnerabilities.
Keep your tools updated with the latest security practices.

Troubleshooting

If you encounter issues while using these scripts, consider the following:

Ensure you have the necessary permissions to run the scripts.
Check if the required tools (Nmap, whois, etc.) are correctly installed.
Run the scripts with elevated privileges if required (especially for capturing traffic).
Review log files for error messages to identify the source of issues.

Frequently Asked Questions (FAQs)

Do I need to install anything else to run these scripts?
Yes, ensure you have the listed tools installed on your system.
Can I run these scripts on any network?
No, always obtain explicit permission before testing any network.
How long do the tests take?
The duration varies based on the target size and number of tests performed.
What if I find vulnerabilities?
Document them carefully and report to the relevant stakeholders for action.

Conclusion

Network penetration testing is a critical aspect of cybersecurity, allowing organizations to identify and remediate vulnerabilities. The provided scripts serve as a foundation for conducting effective penetration tests. Always follow ethical guidelines and best practices when performing security assessments.