#!/usr/bin/env perl -w
# Script ---------------------------------------------------------------------
# nmapwt: Run a battery of nmap scans against a host. Good tool to use
#         to see if your IDS is awake. This is not a great nmap wrapper
#         or anything just a quick time saver for testing.
# $Id: nmapwt,v 1.1 2008/11/07 18:47:59 jayrfink Exp $
#
# $Author: jayrfink $
# $Date: 2008/11/07 18:47:59 $
# $State $
#-----------------------------------------------------------------------------
$SIG{'INT' } = 'interrupt';     $SIG{'QUIT'} = 'interrupt';
$SIG{'HUP' } = 'interrupt';     $SIG{'TRAP'} = 'interrupt';
$SIG{'ABRT'} = 'interrupt';     $SIG{'STOP'} = 'interrupt';

use strict;

my $nmap_bin = `which nmap`; # Need to have this installed
my $lflag = 0; # start the extended level at 0
my $qflag = 0; # do not be quiet by default?
my $vflag = 0; # tell nmap itself to be loud
my $scan_expr = "foo";
my $scan_cnt = 1;

my @level1=("-sS","-sT","-sA","-sW");
my @level2=("-sN","-sF","-sX");
my @level3=("-P0","-sU");

sub interrupt {
        my($sig) = @_;
        die $sig;
        die;
}

sub usage {
  print "usage: $0 [[option][option arg]]\n";
  print "usage: $0 [[-c <count>][-l <level>][-s <host_or_ip_2scan>]-u]\n";
  print "options:\n";
  print " -c <int>   Loop the scan <int> times\n";
  print " -l <int>   Scan level of 1,2 or 3\n";
  print " -e <expr>  Scan expression (see nmap man page)\n";
  print " -q         Close STDOUT";
  print " -u         Print usage message and exit\n";
  print " -v         Tell nmap to be verbose\n";
  print "levels:\n";
  print "0: no options, default (might as well type nmap :)\n";
  print "1: TCP SYN/Connect/ACK/Window scans\n";
  print "2: TCP NULL, FIN and Xmas, zombie, FTP relay\n";
  print "3: Fingerprint and UDP\n";
}

if (!$nmap_bin) {
	print "Error: nmap binary not found\n";
	exit (1);
}

while ( my $arg = shift @ARGV ) {
	$arg =~ s/-//; # toss out the dash
	if ( $arg eq 'l' ) {
		$lflag = shift @ARGV;
	} elsif ( $arg eq 'e' ) {
		$scan_expr = shift @ARGV;
	} elsif ( $arg eq 'c' ) {
		$scan_cnt = shift @ARGV;
	} elsif ( $arg eq 'q' ) {
		$qflag++;
	} elsif ( $arg eq 'v' ) {
		$vflag++;
	} elsif ( $arg eq 'u' ) {
		usage();
		exit 0;
	} else {
		usage();
		exit 1;
	}
}

if ($scan_expr eq "foo") {
	print "Error: no scan expression found\n";
	usage();
	exit (1);
}

chomp($nmap_bin);

if ($qflag) {
	close STDOUT;
	close STDERR;
}

my $opts = " ";

if ($vflag) {
	my $opts = "-v";
}

until ($scan_cnt == 0) {

	if ($lflag == 0) {
		system("$nmap_bin $opts $scan_expr");
		exit ($?);
	} 

	if ($lflag >= 1) {
		foreach(@level1) {
			system("$nmap_bin $opts $_ $scan_expr");
		}
	}

	if ($lflag >= 2) {
		foreach(@level2) {
			system("$nmap_bin $opts $_ $scan_expr");
		}
	}

	if ($lflag >= 3) {
		print "Fingerprinting could take awhile ...\n";
		foreach(@level3) {
			system("$nmap_bin $opts $_ $scan_expr");
		}
	}

	$scan_cnt--;
}

exit (0);