#! /usr/bin/perl # # My hacked up little perl script to find access points on the wired network # # Version 0.03-BETA # # Author: Paul Asadoorian (paul@pauldotcom.com) # Web: http://pauldotcom.com # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO # EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # Large portions of this script taken from the example in Nmap Network Scanning # Link: http://nmap.org/book/output-formats-xml-with-perl.html # # USAGE # # 1) You will need the Nmap::Parser library (http://code.google.com/p/nmap-parser/) # # 2) Edit the "SendMail" function with your email address # # 3) /usr/sbin/sendmail needs to be functional and your system must be able to send email # # 4) You will need the xml results of an Nmap scan, example: # # nmap -PN -pT:80,443,23,22,21,U:161,1900,53,67 -sUVS -oA rogueaps%d --script discovery -O -T4 # use Getopt::Std; use Nmap::Parser; # # Do the usage stuff and get options # print "rogueapdetect.pl v0.02 - ( paul\@pauldotcom.com )\n",('-'x50),"\n\n"; getopts('hf:'); die "Usage: $0 [-f ]\n" unless ($opt_f); # # Send Email Function # # Simple Email Function # ($to, $from, $subject, $message) sub sendEmail { my ($to, $from, $subject, $message) = @_; my $sendmail = '/usr/sbin/sendmail'; open(MAIL, "|$sendmail -f $to -t"); print MAIL "From: $from\n"; print MAIL "To: $to\n"; print MAIL "Subject: $subject\n\n"; print MAIL "$message"; print MAIL ""; close(MAIL); } # # Create the parser object # my $np = new Nmap::Parser; # # Read Previous Nmap Results # $np->parsefile($opt_f); # #GETTING HOST INFORMATION # print "Hosts scanned:\n"; for my $host_obj ($np->all_hosts()){ $os = $host_obj->os_sig; if ($os->type() eq "WAP") { print 'IP Address : '.$host_obj->ipv4_addr()."\n", 'MAC Address : '.$host_obj->mac_addr()."\n", 'OS match : '.$os->name().$os->family()."\n", 'Device Type : '.$os->type()."\n"; $email_result = $email_result.'IP Address: '.$host_obj->ipv4_addr().' MAC Address : '.$host_obj->mac_addr().' OS match: '.$os->name().$os->family().' Device Type: '.$os->type()."\n"; } } print "Email result should be: $email_result\n"; # # Send Email # sendEmail("someone\@mydomain.com", "nmap\@mydomain.com", "Rogue APs Detected Today", $email_result); # #frees memory--helpful when dealing with memory intensive scripts # $np->purge();