#!usr/bin/perl -w # # Trevelyn -=Weak-Net Labs=- 2008 #IP Address: use LWP::Simple; my $IP = get "http://www.whatismyip.com/automation/n09230945.asp"; $ENV{"EXIP"} = $IP; #============================# # Help: # #============================# ($arg) = @ARGV; if ($arg eq "--help") {system ('clear'); print "\n\nJust do \"perl ngh0st.pl\"\n"; print " __ .__ _______ __ \n"; print " ____ _____/ |_ ____ | |__ \\ _ \\ _______/ |_ \n"; print " / \\_/ __ \\ __\\ ______ / ___\\| | \\/ /_\\ \\ / ___/\\ __\\ \n"; print "| | \\ ___/| | /_____/ / /_/ > Y \\ \\_/ \\\\___ \\ | | \n"; print "|___| /\\___ >__| \\___ /|___| /\\_____ /____ > |__| \n"; print " \\/ \\/ /_____/ \\/ \\/ \\/ \n\n"; print "\nVersion 2.0 - http://zombie.el.cx/ngh0st/ \n2008 -=Weak-Net Labs=- KP101ST[at]gmail[dot]com\n\n";exit;} #============================# # Subroutines: # #============================# ##EXTRA WIFI SETUP STUFF sub wifu2 { $ENV{"WIFU"} = $wifu; print "Should I scan with $wifu? (y/n) "; $wifuscan = ; chomp ($wifuscan); if ($wifuscan eq "n") { &scan; } if ($wifuscan eq "y") { system ('airodump-ng $WIFU --write output'); &wifu_report; } sub setmon { system ('clear'); print "\n\n\n .o-------------------------------o.\n"; print " --== Welcome to Net-gh0st! ==--\n"; print " .o-------------------------------o.\n\n\n"; print "what's the wireless devices name? "; $wifu = ; chomp ($wifu); $ENV{"WIFU"} = $wifu; if ($wifu eq "ath0") { system ('ifconfig $WIFU down && airmon-ng stop $WIFU && airmon-ng start wifi0');&wifu2} else { system ('ifconfig $WIFU down && airmon-ng stop $WIFU && airmon-ng start $WIFU');&wifu2}} } sub wifu_report { print "Would you like a report of the surrounding BSS\'s? (y/n) "; $ans = ; chomp ($ans); if ($ans eq "y") { system ('echo "o--------------------------------------------o" >> analysis.txt'); system ('echo " WiFu SCAN:" >> analysis.txt && echo "o--------------------------------------------o" >> analysis.txt && cat output-01.txt >> analysis.txt'); system ('rm -rf outpu*');print "done :-)\n\n"; &title;} if ($ans eq "n") {&scan;} } sub wifu3 { print "\nWould you like to add the surrounding wireless BSS info to your report? (y/n) "; $anr = ; chomp ($anr); if ($anr eq "y") {&wifi_analysis;} if ($anr eq "n") {&title;} } sub wifi_analysis { print "what's the wireless device\'s name? "; $wifu3 = ; chomp ($wifu3); $ENV{"WIFU"} = $wifu3; if ($wifu3 eq "ath0") { system ('ifconfig $WIFU down && airmon-ng stop $WIFU && airmon-ng start wifi0');} else { system ('ifconfig $WIFU down && airmon-ng stop $WIFU && airmon-ng start $WIFU');} print "I am going to start scanning now, simply press Ctrl+C to stop when you get the info you want... "; $ret0 = ; chomp $ret0; system ('echo "o--------------------------------------------o" >> analysis.txt && echo " WiFu SCAN:" >> analysis.txt && echo "o--------------------------------------------o" >> analysis.txt'); system ('airodump-ng $WIFU --write output'); system ('cat output-01.txt >> analysis.txt'); print "\nAll done :-)\n\n"; system ('rm -rf output*');exit;} #start(HUGE)sub routine "scan" sub scan { $type = ; chomp ($type); if ($type eq "help") {&help;} if ($type eq "0") {system ('smbtree -N'); print "\n"; system ('net cache list'); &title;} if ($type eq "2") {system ('route'); &title;} if ($type eq "n") {&rprt;} if ($type eq "1") {print "External WAN IP is $IP\n"; system ('nmap -T Aggressive -P0 $EXIP'); &title; system ('nslookup $EXIP');} if ($type eq "q") {print "\nGoodbye!! :-)\n\n";exit;} if ($type eq "8") {&analysis;} if ($type eq "3") {system ('ifconfig $CARD && iwconfig $CARD'); &title;} if ($type eq "7") {system ('smbtree -N && net cache list && route && nmap -T Aggressive -P0 $EXIP && ifconfig $CARD && iwconfig $CARD && nslookup $EXIP && cat /etc/resolv.conf'); print "\n\nAll done. :-)\n\n"; &title;} if ($type eq "4") { $ENV{"CARD"} = $card; system ('touch IPs.txt && chmod a+rxw IPs.txt'); system ('ettercap -Tpi $CARD // // -s lq'); &title;} if ($type eq "5") { system ('nslookup $EXIP && echo ""'); &title;} if ($type eq "w") { print "Is your WiFu card in monitor mode? (y/n) "; $monitor = ; chomp ($monitor); if ($monitor eq "n") {&setmon;} if ($monitor eq "y") {print "what is the card\'s name? "; $wifu = ; chomp ($wifu); &wifu2;}} if ($type eq "6") { system ('ping -c 10 google.com | grep % && traceroute google.com');&title; } if ($type eq "9") { print "\n\nGive me an IP to scan, if you don't know it you can (Ctrl+C) \nand run Option (4)\n"; print "to search all IP\'s on the LAN/WLAN... "; $ipscan = ; chomp ($ipscan);&pscan; } if ($type eq "u") { print "\nGive me an IP address, or domain to check... "; $upip = ; chomp ($upip); $ENV{"UPIP"} = ($upip); system ('hping2 $UPIP -c 2 -S -p 80 --tcp-timestamp | grep uptime');print "\n";&title; } else { print "that\'s not an option (yet)... "; &scan; } #END } sub pscan { $ENV{"IPSCAN"} = $ipscan; system ('nmap -T Aggressive -O -P0 $IPSCAN');&title;} sub type { chomp ($type); if ($type eq "smb") { system ('smbtree -N'); &title;}} sub title { print "Would you like another scan? (y/n) "; $athr = ; chomp ($athr); if ($athr eq "y") {&relay} if ($athr eq "n") {&rprt;}} sub help { system ('clear'); print "\n\n\n .o-------------------------------o.\n"; print " --== Welcome to Net-gh0st! ==--\n"; print " .o-------------------------------o.\n\n"; print " (0) Smb\n (1) Wan-info\n (2) Route-info\n (3) Local-info (NIC)\n"; print " (4) IP\'s on LAN \n (5) Nameserver\n (6) Connectivity\n"; print " (7) Ranged Scan\'s\n (8) Report Creator\n (9) Port Scan an IP \n"; print " (w) Wireless Scanning (channel hopping)\n"; print " (u) Check Server Uptime\n (q) to quit\n\nchoose one... "; &scan;} sub relay { print "type (help) or choose a scan type... "; &scan;} sub rprt { print "\nWould you like a report? (y/n) "; $rprt = ; chomp ($rprt); if ($rprt eq "y") { print "I will use analysis as the suffix.\n\n";&analysis;} if ($rprt eq "n") { print "\n\nAll done :-)\n\n";exit;} } #============================# # The Report: # #============================# sub analysis { $ENV{"CARD"} = $card; print "\n\nPrinting up the analysis.txt report, this may take a while ...\n\n"; print "\n\nScanning WAN info now... "; system ('date >> analysis.txt && echo "" >> analysis.txt'); system ('echo "o--------------------------------------------o" >> analysis.txt'); system ('echo " WAN INFO:" >> analysis.txt'); system ('echo "o--------------------------------------------o" >> analysis.txt'); system ('echo "external IP is:" >> analysis.txt && echo "" >> analysis.txt && echo $EXIP >> analysis.txt'); print "[done]\n\nScanning for opened ports... "; system ('nmap -T Aggressive -P0 $EXIP >> analysis.txt'); system ('echo "" >> analysis.txt'); system ('echo "" >> analysis.txt'); system ('echo "o--------------------------------------------o" >> analysis.txt'); system ('echo " NAMESERVER INFO:" >> analysis.txt'); system ('echo "o--------------------------------------------o" >> analysis.txt'); print "[done]\n\nGathering Nameserver info... "; system ('nslookup $EXIP >> analysis.txt'); system ('echo "" >> analysis.txt'); system ('echo "" >> analysis.txt'); print "[done]\n\nScanning for SMB info... "; system ('echo "o--------------------------------------------o" >> analysis.txt'); system ('echo " SMB INFO:" >> analysis.txt'); system ('echo "o--------------------------------------------o" >> analysis.txt'); system ('smbtree -N >> analysis.txt'); system ('echo "" >> analysis.txt'); system ('echo "" >> analysis.txt'); print "[done]\n\nGetting Local NIC info... "; system ('echo "o--------------------------------------------o" >> analysis.txt'); system ('echo " NIC INFO:" >> analysis.txt'); system ('echo "o--------------------------------------------o" >> analysis.txt'); system ('ifconfig $CARD >> analysis.txt'); system ('iwconfig $CARD >> analysis.txt'); print "[done]\n\nGathering LAN clients IP\'s "; system ('echo "o--------------------------------------------o" >> analysis.txt'); system ('echo " LOCAL IPs:" >> analysis.txt'); system ('echo "o--------------------------------------------o" >> analysis.txt'); system ('touch IPs.txt && chmod a+rxw IPs.txt && ettercap -Tpi $CARD // // -k IPs.txt -s q && cat IPs.txt >>analysis.txt'); system ('echo "" >> analysis.txt'); system ('echo "" >> analysis.txt'); print "\n [done]"; print "\n\nChecking Routing tables... "; system ('echo "o--------------------------------------------o" >> analysis.txt'); system ('echo " ROUTING TABLES:" >> analysis.txt'); system ('echo "o--------------------------------------------o" >> analysis.txt'); system ('route >> analysis.txt'); system ('echo "" >> analysis.txt'); system ('echo "" >> analysis.txt'); print"[done]\n\n"; system ('echo "" >> analysis.txt'); system ('echo "" >> analysis.txt'); print "Removing IPs.txt... "; system ('rm -rf IPs.txt'); print "[done]\n\n"; print "\n\n\nAll done :-)\n\n\n"; wifu3;} #============================# # TTY output: # #============================# system ('clear'); print "\n\n\n .o-------------------------------o.\n"; print " --== Welcome to Net-gh0st! ==--\n"; print " .o-------------------------------o.\n\n\n"; print "I will scan some things and make a nice report\n"; print "out of the results for you! :)\n\n"; print "NOTE: run net-gh0st as root to use NIC in promiscuous mode...\n\n"; print "\nfirst I need to know your active network card\'s name.\n"; print "type the name and press ... "; $card = ; chomp ($card); &card; sub card {$ENV{"CARD"} = $card; print "\nOK, $card? (y/n) "; $crdans = ; chomp ($crdans); if ($crdans eq "y") { &dialogue1;} if ($crdans eq "n") { &dialogue2;} else {&card;}} sub crd2 {$ENV{"CARD"} = $crd2; print "\nOK, $crd2? (y/n) "; $crdans2 = ; chomp ($crdans2); if ($crdans2 eq "y") { $card = $crd2; &dialogue1;} if ($crdans2 eq "n") { &dialogue2;} else {&crd2;}} sub dialogue1 { system ('clear'); print "\n\n\n .o-------------------------------o.\n"; print " --== Welcome to Net-gh0st! ==--\n"; print " .o-------------------------------o.\n\n\n"; print "Now tell me what you need to know about the network\n"; print "or just simply type \'(7)\' for a wide ranged fast scan.\n"; print "\nFor suggestions of scan types, type \'help\' and press ... "; &scan; } sub dialogue2 { $ENV{"CARD"} = $card; print "OK, give me the active NIC to use, and press "; $crd2 = ; chomp ($crd2); &crd2;}