Python: Check IPs for DNS entries and see if host is UP or DOWN, check SSH login. Export info to a CSV file

This script is a simple revision of the DNS_HOST_CHECK.py script. The difference is this script, in addition to the previous checks, attempts also an SSH login and reports back it failed or not

import socket
import subprocess
import netifaces
import csv
import paramiko
 
def checkPING(IP):
    try:
        ping = subprocess.check_output(['ping', '-c1', ip])
        return "Host is UP"
    except:
        return "Host is DOWN"
 
def checkDNS(IP):
    try:
        dns = socket.gethostbyaddr(ip)
        return dns[0]
    except:
        return "No DNS entry found"
 
def checkSSH(IP):
    try:
        ssh = paramiko.SSHClient()
        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
        ssh.connect(ip, username='root', password='Password!')
        ssh.close()
        return "SSH OK"
    except:
        return "SSH NO"
 
ip_list = []
dns_list = []
status_list = []
ssh_list = []
 
csvfile= open('file.csv', 'w')
for loop_ip in range (30):
    ip = '10.0.0.%d' % loop_ip
    print ip, checkDNS(ip), checkPING(ip),checkSSH(ip)
    data = ip+" ",checkDNS(ip)+" ",checkPING(ip)+" ",checkSSH(ip)
    #data_list.append(data)
    ip_list.append(ip)
    dns_list.append(checkDNS(ip))
    status_list.append(checkPING(ip))
    ssh_list.append(checkSSH(ip))
#print data_list
writer = csv.writer(csvfile, dialect='excel')
writer.writerows(zip(ip_list, dns_list, status_list, ssh_list))

Share Button

BASH – Script that reports failed SSH connections

It will scan for servers in the network you specified and detect which servers have the SSH port open thus avoiding any non SSH running servers such as Windows (saves a huge amount of time).  In other words you can only SSH to a server by actually typing your password.

The script assumes that ssh passwordless access is not setup. In order for this to work you will need to install the sshpass utility found in the EPEL yum repository and also have nmap installed.  The script will only report on which servers a specific username failed to connect.

 

>SSH_failure
ADMINLOGIN="gmastrokostas"
ADMINPASS="SomePassword"
#It is useless to scan host ".1" and ".255". In fact it is borderline dangerous to scan 255 because the router will broadcast the command on all servers which will lead to a lot of traffic 
nmap_network=`nmap -n -P0 -p22 192.168.1.2-254 | grep Interesting | awk '{print $4}' | awk -F: '{print $1}'`

for loop in $nmap_network;
do
/usr/bin/sshpass -p $ADMINPASS ssh -oStrictHostKeyChecking=no -oCheckHostIP=no -t $ADMINLOGIN@$loop exit;
if [[ $? -gt 0 ]];
then
echo "Failed to connecit to server "$loop"" >> SSH_failure
else
echo "Success on $loop";
fi
done
echo "Here are the servers user name $ADMINLOGIN cannot login"
for loop in `awk '{print $6}' SSH_failure`; do nslookup $loop | grep name | awk '{print$4}'; done;
Share Button

Bash – IPtables SSH root logins protection.

Please be aware. This script was created for excersice reasons only. Using this script in a production/home system can lead to problems if the attacker is smart enough. This is NOT a sophisticated tool to protect your system.

The script captures IPs from log files where a root SSH connection has been attempted. It then blacklists those IPs by creating a firewall for them. All the blacklisted IPs are inserted into a master file. The master file is being updated with new unique IPs each time the script is run. There are tools that already do this type of tasks in a much more elaborate manner….but hey…I like scripting 🙂

 

Continue reading

Share Button