Thanks again John, I really appreciate you helping me out. I am new to perl
and still reading everything I can, but your explanations cleared a few
things up.
On Wed, Dec 3, 2008 at 9:39 PM, John W. Krahn <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
>
>>
>> Thanks for the help. I have made the changes you suggested.
>>
>
> Some were merely pointing out errors you made, hoping that you would be
> able to figure out the correct solution on your own.
>
> However, now the irc subroutine is always called.
>>
>
> That is because you don't test the output of namp for irc.
>
> For example, if I give the port as 80 and nmap identifies http running, it
>> still calls the irc subroutine. It should only call the irc subroutine if
>> nmap identifies the port as running irc. This is why I was under the
>> impression that I need to search nmap's output file for the work irc.
>>
>
> Yes you do.
>
> What is the most efficent way of doing this? Would it be to read in the
>> file and then search for the string irc, or can this be done directly using
>> a regex like? I dont think I completely understand the use of the regex you
>> suggested.
>>
>
> I never suggested a regex anywhere in my post.
>
> code with changes made:
>>
>> # nmap subroutine
>> sub nmap {
>>
>> # use nmap for service fingerprinting and write results to
>> <ip>-results-nmap.txt
>> my @array = "nmap -sV -P0 -T4 -o results-nmap.txt -p $port $ip";
>> system(@array);
>> print ("\n");
>> print ("Nmap results written to results-nmap.txt\n");
>>
>> # read nmap results into an array for searching
>> my @searcharraynmap = qx/nmap -sV -P0 -T4 -p $port $ip/;
>> my $searchresults = @searcharraynmap;
>>
>> # call irc subroutine if irc found
>> if ($searchresults)
>> {
>> irc();
>> }
>>
>>
>> }
>> # end nmap subroutine
>>
>
> If all you want to do is run a subroutine if 'irc' is output from nmap:
>
> sub nmap {
> if ( grep /\birc\b/, qx/nmap -sV -P0 -T4 -p $port $ip/ ) {
> irc();
> }
> }
>
>
> On Dec 3, 2008 7:53pm, "John W. Krahn" <[EMAIL PROTECTED]> wrote:
>>
>>> [EMAIL PROTECTED] wrote:
>>>
>>>
>>> I am working on a script to help find malicious traffic that takes the
>>>
>> supplied ip and port from the user, does a number of checks (reverse dns,
>> whois, banner grabbing, amap and nmap service fingerprinting), and then
>> prints the results to a file. My intent is to quickly check blocked outbound
>> traffic based on firewall logs to find infected machines. I have most of the
>> script working correctly, except I want to take my nmap results that are
>> written to a file and search them for the word irc. If it is found, call the
>> irc subroutine. Nmap outputs correctly, but when I try to open the file to
>> search it, I get an error stating No such file or directory. When I check
>> the dir that script is called from, I see the nmap output being created.
>> What am I doing wrong here?
>>
>
> Please do *not* top-post. Please *trim* any extraneous text below your
> post.
>
>
>
>
> John
> --
> Those people who think they know everything are a great
> annoyance to those of us who do. -- Isaac Asimov
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> http://learn.perl.org/
>
>
>
