# cleaning old temporary files

rm -f outfile.tmp > /dev/null
rm -f outfile.out > /dev/null
rm -f outfile.check > /dev/null
rm -f outfile.size > /dev/null
rm -f outfile.whois-scan > /dev/null

# =================================
# ---- START -----
# =================================

clear
echo "------------"
echo "MUis scanner"
echo "------------"
echo
echo "MUis is a multipurpose ip scanner. It allows you to scan an entire A class"
echo "for interesting B classes. Depending on your target, it will store interesting"
echo "B classes in a text file, then it will let you synscan them for a given service"
echo "or port, and it will let you 'clean' your scan output file in order to obtain"
echo "a clean ip list ready for your massroot. "
echo "MUis keeps track of your scan history and is able to recover both whois and"
echo "synscan sessions. You should not manage your files manually, MUis will do"
echo "the job."
echo

# =========== SCAN FAILURE RECOVERING SESSION ==========

# --- assuming no failures found

m=0
j=0

# ------ WHOIS scan failure recover ---------

if [ -f ./outfile.whois ]
then
echo "----- LET OP !! -----"
echo "MUis has found an interrupted whois scan file."
echo "You can delete it or you can use this partial file"
echo "and scan for service banners or open ports."
echo
echo "Please make your choice:"
echo
echo "(1) delete this file and start a new MUis session"
echo "(2) scan this ip list for services or open ports"
read k
if [ "$k" = "1" ]
then
rm -f outfile.whois > /dev/null
j=0
clear
fi
if [ "$k" = "2" ]
then
mv outfile.whois outfile.whois-scan
j=1
fi
fi

# ---- SYNSCAN failures recover -----

# --- (SYN) scans ----

if [ -f ./outfile.tmp-scan ]
then
if [ -f ./outfile.sscan ]
then
rm -f outfile.tmp-scan > /dev/null
else
mv outfile.tmp-scan outfile.sscan
fi
fi

if [ -f ./outfile.sscan ]
then
echo "MUis has found an interrupted synscan file."
echo "You can delete it or you can use this partial file"
echo "and filter it for a clean ip list. "
echo
echo "(1) delete this file and start a new MUis session"
echo "(2) clean this ip list grepping a string"
echo
echo "Please make your choice:"
read k
if [ "$k" = "1" ]
then
rm -f outfile.sscan > /dev/null
rm -f outfile.whois-scan > /dev/null
rm -f outfile.whois.* > /dev/null
m=0
j=0
clear
fi
if [ "$k" = "2" ]
then
m=1
j=1
clear
fi
fi

# ---- (ACK) scans ---------

if [ -f ./outfile.tcp ]
then
if [ -f ./outfile.scan ]
then
rm -f outfile.tcp
else
mv outfile.tcp outfile.scan
fi
fi

if [ -f ./outfile.scan ]
then
rm -f outfile.tmp-scan > /dev/null
echo "MUis has found an interrupted port scan file."
echo "You can delete it or you can use this partial file"
echo "and filter it for a clean ip list. "
echo
echo "(1) delete this file and start a new MUis session"
echo "(2) clean this ip list"
echo
echo "Please make your choice:"
read k
if [ "$k" = "1" ]
then
rm -f outfile.scan > /dev/null
rm -f outfile.whois-scan > /dev/null
rm -rf outfile.whois.* > /dev/null
m=0
j=0
clear
fi
if [ "$k" = "2" ]
then
m=2
j=1
clear
fi
fi

# ========= WHOIS MASS QUERY SESSION =============

if [ "$j" = "0" ]
then
echo "Choose your favourite whois server:"
echo
echo "(1) ARIN (for .com .edu .mil .gov and american sites)"
echo "(2) RIPE (for european sites)"
echo "(3) APNIC (for asia and Australia)"
echo
read y
clear
echo "Choose your target:"
echo
echo "(1) educational institutes"
echo "(2) government sites"
echo "(3) military sites"
echo "(4) other"
u="nothing-but-the-alt-string-for-other"
echo
echo
read t
if [ "$t" = "1" ]
then
u=".EDU"
v="Univ"
r="educational institutes"
fi
if [ "$t" = "2" ]
then
u=".GOV"
v="Govern"
r="government sites"
fi
if [ "$t" = "3" ]
then
u=".MIL"
v="Militar"
r="military sites"
fi
if [ "$t" = "4" ]
then
echo
echo "Please insert the string to search for:"
read v
r="string $v"
fi
clear
echo "Insert starting A class";read a
echo "Insert starting B class";read b
echo
echo "Ok, starting whois scan from $a.$b. Now please specify a valid ending B class:"
echo
echo "Insert ending B class"; read d
g="$a"
q="$b"
t="$d"
clear
if [ $d -lt $b ]
then
echo
echo "Ending B class should be greater then starting B class, assuming 255"
d=255
fi
echo
echo "Ok, starting whois scan from $a.$b to $a.$d for $r."
echo
c=1
z=0
while [ $b -le $d ]
do
echo "Whoising $a.$b .. please wait"
if [ "$y" = "1" ]
then
./whois -h whois.arin.net $a.$b > outfile.tmp
fi
if [ "$y" = "2" ]
then
./whois -h whois.ripe.net $a.$b > outfile.tmp
fi
if [ "$y" = "3" ]
then
./whois -h whois.apnic.net $a.$b > outfile.tmp
fi
cat outfile.tmp |grep "$u" >> outfile.check
cat outfile.tmp |grep "$v" >> outfile.check
cp outfile.check outfile.out
du -ks outfile.check > outfile.size
h=$(cut -f 1 outfile.size)
rm -f outfile.size > /dev/null
rm -f outfile.check > /dev/null
# checking if outfile is empty
if [ $h -gt $z ]
then
echo "$a.$b" >> outfile.whois
echo
echo "::$a.$b:::::::::::::::::::::::oOo::::::::::::::::::::::::::::::::"
cat outfile.out
rm -f outfile.out > /dev/null
echo ":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
echo
else
echo "$a.$b scanned and discarded"
fi
b=$[${b}+${c}]
done
rm -f outfile.out > /dev/null
rm -f outfile.tmp > /dev/null
clear

# --- checking if outfile.whois exists ----

if [ -f ./outfile.whois ]
then
echo "Scan results"
echo "-------------------"
echo "interesting B classes:"
echo
cat outfile.whois
cp outfile.whois outfile.whois-$g.$q-$g.$t
mv outfile.whois outfile.whois-scan
echo
echo "This output has been saved in outfile.whois-$g.$q-$g.$t"
else
echo "Scan has finished, no interesting B found, quitting."
exit
fi

fi

# ============= TCP SCAN SESSION ====================

if [ "$m" = "0" ]
then
echo "Now you can start synscan on interesting B classes."
echo "You can scan for a given port or service."
echo
echo "Make your choice:"
echo
echo "(1) SYNscan (for banners)"
echo "(2) Scan (for open ports)"
echo
read m

# ---- SYN scan style ----------

if [ "$m" = "1" ]
then
clear
echo "Ok. You have choosen synscan-like scan, so we will search for banners"
echo
echo "Insert scan speed (1=slow ; 20=fast)"
echo
read k
echo "Insert port to scan"
echo
read p
clear
for ip in `cat outfile.whois-scan`
do
echo "Ok, let's scan from $ip.1.1 to $ip.255.255 for services on port $p"; ./synscan $ip outfile.tmp-scan eth0 $k $p > /dev/null ;cat outfile.tmp-scan >> outfile.sscan ; rm -f outfile.tmp-scan ; done
fi

# ---- Normal scan style --------

if [ "$m" = "2" ]
then
clear
echo "Ok. You have choosen nmap-like scan, so we will search for open ports"
echo
echo "Insert scan speed (1=slow ; 20=fast)"
echo
read k
echo "Insert port to scan"
echo
read p
clear
for ip in `cat outfile.whois-scan`
do
echo "Ok, let's scan from $ip.1.1 to $ip.255.255 for open ports $p"; ./synscan $ip outfile.tmp.tcp eth0 $k $p > outfile.tcp ;cat outfile.tcp >> outfile.scan ; rm -f outfile.tmp.tcp ; rm -f outfile.tcp ; done
fi
fi

# ========= CLEANING SESSION ==================

if [ "$m" = "0" ]
then
clear
echo "Scan finished."
echo "Now it's time to clean it and run your massroot"
echo
fi

# --- cleaning synscan-like scan output ------

if [ "$m" = "1" ]
then
echo "Cleaning procedure for services syn scans"
echo "Insert string to grep from banner list:"
echo "(Example: wu-2.6.0 or SunOS)"
echo
read w
clear
echo "Grepping..."
cat outfile.sscan |grep "$w" >outfile.tmp.clean
echo "Cleaning..."
cat outfile.tmp.clean |sed -e s/"\([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\).*/\1/" >outfile.ready
rm -f outfile.tmp.clean > /dev/null
rm -f outfile.sscan > /dev/null
rm -f outfile.whois-scan > /dev/null
echo "Finished"
echo "ok dude, your ip list is in outfile.ready"
echo "Enjoy ;>"
fi

# --- cleaning nmap-like scan output ------

if [ "$m" = "2" ]
then
echo "Cleaning procedure for open ports scans.."
echo "Grepping.."
cat outfile.scan |grep "open" > outfile.dirty
echo "Cleaning.."
cat outfile.dirty |cut -d ':' -f1 >outfile.ready
rm -f outfile.scan > /dev/null
rm -f outfile.dirty > /dev/null
rm -f outfile.whois-scan > /dev/null
echo "Finished"
echo "ok dude, your ip list is in outfile.ready"
echo "Enjoy ;>"
fi
echo
echo "MUis r00lz!"