#!/bin/sh
# Take Wardriving a bit further! connect to open WAPs and log it all
# with Trevelyn's new Wardriving enhancement script!
# Net-gh0st v-0.1
#
# 2008 Weak-Net Labs - kp101st[at]gmail[dot]com
#
#make sure you set up your device name on line 49. x)
spin()
{
	while true
	do 
		echo -n "-"
		sleep ".1" 
		echo -ne "\033[1D"
		sleep ".1" 
		echo -n '\'
		sleep ".1";   
		echo -ne "\033[1D"
		echo -n '|'
		sleep ".1"
		echo -ne "\033[1D"
		echo -n '/'
		sleep ".1"
		echo -ne "\033[1D"
	done
}
spin &
SPINPID=`jobs -p`
touch temp-out && chmod a+rxw temp-out
#tell you what i do:
SPINPID=`jobs -p` && kill -9 $SPINPID > kill.txt
echo ""
echo ".o-------------------------------o."
echo " --== Welcome to Net-gh0st! ==--"
echo ".o-------------------------------o."
echo ""
echo "I will scan your network for you and make you a file"
echo "called \"ngh0st-out.txt\" for you..."
echo ""
spin &
#sleep so you can read me...
sleep 4
SPINPID=`jobs -p` && kill -9 $SPINPID >> kill.txt
#scan the network and dump into the temp-out file
#
#please set your device name here!! e.g. eth0,ath0,wlan0,rausb0, etc..
#
ettercap -Tpi ath0 // // -k temp-out -s q
echo "" >> temp-out
echo "scanned for clients...             [done]"
echo "-----------------------------------------" >> temp-out
echo "local samba shares:" >> temp-out
echo "-----------------------------------------" >> temp-out
echo "" >> temp-out
smbtree -N >> temp-out
echo "" >> temp-out
echo "scanned for shares...              [done]"
echo "-----------------------------------------" >> temp-out
echo "routing tables for this LAN and Gateway IP:" >> temp-out
echo "-----------------------------------------" >> temp-out
echo "" >> temp-out
spin &
route >> temp-out
SPINID=`jobs -p` && kill -9 $SPINPID
echo "" >> temp-out
echo ""
echo "scanned for routing tables...      [done]"
echo "-----------------------------------------" >> temp-out
echo "This LAN-WLAN's external IP Address is:" >> temp-out
echo "-----------------------------------------" >> temp-out
echo "" >> temp-out
curl http://www.whatismyip.com/automation/n09230945.asp >> temp-out
echo "" >> temp-out
echo "getting external WAN IP...         [done]"
echo "-----------------------------------------" >> temp-out
echo "All open ports on this BSS's gateway are:" >> temp-out
echo "-----------------------------------------" >> temp-out
curl http://www.whatismyip.com/automation/n09230945.asp > IP.txt
EXIP=`cat IP.txt`
echo "" >> temp-out
spin &
nmap -P0 -T Aggressive $EXIP >> temp-out
SPINPID=`jobs -p` && kill -9 $SPINPID >> kill.txt
echo "" >> temp-out
echo ""
echo "scanning for open WAN ports...     [done]"
echo "-----------------------------------------" >> temp-out
echo "Looking up local/remote NS for LAN/WAN:" >> temp-out
echo "-----------------------------------------" >> temp-out
echo "" >> temp-out
cat /etc/resolv.conf >> temp-out
echo "" >> temp-out
echo "looking up Nameservers...          [done]"
echo "-----------------------------------------" >> temp-out
echo "Doing an NSlookup against external IP:" >> temp-out
echo "-----------------------------------------" >> temp-out
echo "" >> temp-out
nslookup $EXIP >> temp-out
echo "" >> temp-out
echo "Doing a NS lookup for external IP..[done]"
echo "-----------------------------------------" >> temp-out
echo "Checking for packet loss:" >> temp-out
echo "-----------------------------------------" >> temp-out
echo "" >> temp-out
spin &
ping -c 10 $EXIP | grep % >> temp-out
SPINPID=`jobs -p` && kill -9 $SPINPID > kill.txt
echo "" >> temp-out
echo ""
echo "checking for packet loss...        [done]"
echo "-----------------------------------------" >> temp-out
echo "your IP addresses:" >> temp-out
echo "-----------------------------------------" >> temp-out
echo "" >> temp-out
ifconfig | grep "et ad" >> temp-out
echo "" >> temp-out
echo "gathering local IP info...         [done]"
echo "-----------------------------------------" >> temp-out
echo "The SSID:" >> temp-out
echo "-----------------------------------------" >> temp-out
echo "" >> temp-out
iwconfig | grep ESSID >> temp-out
echo "" >> temp-out
echo "gathering BSS's ESSID (name)...    [done]"
echo "-----------------------------------------" >> temp-out
echo "MAC address && channel of AP or BSSID:" >> temp-out
echo "-----------------------------------------" >> temp-out
echo "" >> temp-out
iwconfig | grep Access >> temp-out
echo "" >> temp-out
echo "documenting AP MAC...              [done]"
#make the ngh0st.txt file...
touch ngh0st.txt && chmod a+rw ngh0st.txt
#add the date and a few lines for intro:
date > ngh0st.txt
echo "NETWORK INFO:" >> ngh0st.txt
echo "" >> ngh0st.txt
echo "-----------------------------------------" >> ngh0st.txt
echo "clients on the LAN-WLAN:" >> ngh0st.txt
echo "-----------------------------------------" >> ngh0st.txt
echo "" >> ngh0st.txt
#dump the temp-out to the ngh0st.txt..
cat temp-out >> ngh0st.txt
echo "cleaning thing's up a bit...       [done]"
rm temp-out
rm IP.txt
sleep 3
rm kill.txt
echo ""
echo "All finished :-)"
echo ""