[EMAIL PROTECTED] wrote:
Thanks for the help. I have made the changes you suggested.
Some were merely pointing out errors you made, hoping that you would be
able to figure out the correct solution on your own.
However, now the irc subroutine is always called.
That is because you don't test the output of namp for irc.
For example, if I give the port as
80 and nmap identifies http running, it still calls the irc subroutine.
It should only call the irc subroutine if nmap identifies the port as
running irc. This is why I was under the impression that I need to
search nmap's output file for the work irc.
Yes you do.
What is the most efficent
way of doing this? Would it be to read in the file and then search for
the string irc, or can this be done directly using a regex like? I dont
think I completely understand the use of the regex you suggested.
I never suggested a regex anywhere in my post.
code with changes made:
# nmap subroutine
sub nmap {
# use nmap for service fingerprinting and write results to
<ip>-results-nmap.txt
my @array = "nmap -sV -P0 -T4 -o results-nmap.txt -p $port $ip";
system(@array);
print ("\n");
print ("Nmap results written to results-nmap.txt\n");
# read nmap results into an array for searching
my @searcharraynmap = qx/nmap -sV -P0 -T4 -p $port $ip/;
my $searchresults = @searcharraynmap;
# call irc subroutine if irc found
if ($searchresults)
{
irc();
}
}
# end nmap subroutine
If all you want to do is run a subroutine if 'irc' is output from nmap:
sub nmap {
if ( grep /\birc\b/, qx/nmap -sV -P0 -T4 -p $port $ip/ ) {
irc();
}
}
On Dec 3, 2008 7:53pm, "John W. Krahn" <[EMAIL PROTECTED]> wrote:
[EMAIL PROTECTED] wrote:
I am working on a script to help find malicious traffic that takes the
supplied ip and port from the user, does a number of checks (reverse
dns, whois, banner grabbing, amap and nmap service fingerprinting), and
then prints the results to a file. My intent is to quickly check blocked
outbound traffic based on firewall logs to find infected machines. I
have most of the script working correctly, except I want to take my nmap
results that are written to a file and search them for the word irc. If
it is found, call the irc subroutine. Nmap outputs correctly, but when I
try to open the file to search it, I get an error stating No such file
or directory. When I check the dir that script is called from, I see the
nmap output being created. What am I doing wrong here?
Please do *not* top-post. Please *trim* any extraneous text below your
post.
John
--
Those people who think they know everything are a great
annoyance to those of us who do. -- Isaac Asimov
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
