pentest.sh

#!/bin/bash
#__________________________________________________________
# Author:     phillips321 contact through phillips321.co.uk
# License:    CC BY-SA 3.0
# Use:        All in one pentest script designed for kali linux
# Released:   www.phillips321.co.uk
  version=11.5
# Dependencies:
#	nmap
#	sslscan - soon to be depreciated!
#	arp-scan
#	dialog
#	amap
#	tree
#	nfs-common
#	xwininfo
#	ssl-cipher-suite-check (included in download)
#	winlanfoe.pl (included in download)
#	rdp-sec-check.pl (also requires 'cpan install Encoding::BER')

# ToDo:
#	combine URLs for wget
#	add ability to launch nesssus against targets
#	prevent threads from being above 50?
#	domain_enum.php (included in download)

# ChangeLog:
#   v11.5 - temp bug fix to comment out read function from f_progress & f_progressquick, this needs looking into for a fix.
#	v11.4 - fixed x11 screen grab
#	v11.3 - added rdp-sec-check, changed custom list of UDP ports
#	v11.1 - added stats every output to nmap
#	v11.0 - fixed lots of old bugs and added ssl-cipher-suite-enum

# Program
f_setdefaults(){ #defaults for running the script
	NETINTERFACE="eth1"
	NMAPTCP="nmap -sS -vv -T4 -A -Pn -n -r --stats-every 60 -oA" # this needs to finish with -oA and cannot include -p
	NMAPUDP="nmap -sU -vv -T4 -A -Pn -n -r --stats-every 60 -oA" # this needs to finish with -oA and cannot include -p
	NMAPQUICKPORTS="7,13,17,19,21,22,23,25,50,53,69,80,111,123,135,137,139,161,199,443,445,500,1434,1556,2049,2301,2381,3181,3389,5353,8080,8081,8161,47001"
	NMAPTCPCUSTOMPORTS="7,11,13,19,21,22,23,37,53,67,68,69,80,88,111,123,135,137,139,177,389,427,443,445,464,514,515,593,636,714,735,852,898,1025,1029,1051,1065,1086,1087,1088,1099,1105,1108,1111,1126,1159,1433,1434,1521,1700,1792,1801,1830,1867,1947,2001,2049,2103,2105,2107,2331,2383,3100,3268,3269,3389,3872,4045,4889,5722,5983,5987,5988,5989,6112,6701,7100,7101,7201,7301,7401,7788,7799,8009,8080,8084,8099,8192,8193,8194,8443,8530,8531,8834,8888,9009,9084,9087,9090,9389,9999,17777,17778,20031,20352,22015,22098,22099,22100,22110,22111,22285,22286,22350,22610,22611,23015,23055,23333,23456,24041,27000,27010,32771,32772,32773,32774,32775,32776,32781,32783,32785,32798,47001,49152,49153,49154,49155,49157,49158,49159,49161,49168,49170,49171,49173,49176,49182,49183,49196,49205,49206,49212,49281,49349,49351,49520,49615,49667,49688,49703,49714,49716,49727,49762,49767,49839,49892,49896,49899,49998,50480,51113,51128,51197,51234,51565,51639,52834,53005,53037,54711,54807,54925,55043,55544,55587,56141,56737,60484,61045,61050,61484,61488,61873,61874,61877,61880,64843,64869"
	NMAPUDPCUSTOMPORTS="7,53,111,123,137,161,177,389,427,443,500,520,623,626,1194,1604,1645,1812,2049,2302,3784,4433,4740,5349,5351,5353,5683,5684,6481,6514,6636,8767,9987,10080,10161,10162,17185,26000,26001,26002,26003,26004,27910,27911,27912,27913,27914,27960,27961,27962,27963,27964,30720,30721,30722,30723,30724,44400,64738"
	XTERMVALS="-iconic -fn -*-*-*-*-*-*-7-*-*-*-*-*-*-* -geometry 80x10"
	NMAPTCPALL=1 ; NMAPTCPDEFAULT=1 ; NMAPTCPCUSTOM=1
	NMAPUDPALL=0 ; NMAPUDPDEFAULT=0 ; NMAPUDPCUSTOM=1
	RUNARPSCAN=0
	RUNQUICKNMAP=0
	RUNNMAP=0
	RUNAMAP=0
	RUNSSLSCAN=0
	RUNRDPSECCHECK=0
	RUNCUTY=0
	RUNSNMPSCAN=0
	RUNENUM4LINUXSCAN=0
	RUNSWAKS=0
	RUNUNISCAN=0
	RUNNFSSCAN=0
	RUNX11GRAB=0
	RUNWGET=0
	RUNNING=0
	THREADS=10
	SLEEPTIME=0.2
	MACIGNORE="be:ef:b0:0b:13:37"
	# Load custom config from file custom-config.conf if it exists
	scriptlocation=`echo "$0" | sed -e s/pentest.sh//`
	echo ${scriptlocation}custom-config.conf
	if [[ -e ${scriptlocation}custom-config.conf ]]
	then
		echo  "[+] Config file found at ${scriptlocation}"
		. ${scriptlocation}custom-config.conf
	fi
}
f_main(){ #this is the main bulk of the program that calls the scans
	dialog --title "Scan Types" --separate-output --output-fd 2 --checklist "What do you want to run? Scan selections are dependent on the scan type above it being run first. For example, you cannot run sslscan if anamp and nmap have not been run prior." 0 0 0 \
		arpscan "run arp-scan to create targets.txt" off \
		quicknmap "run a quick nmap of the targets" on \
		nmap "nmap targets" on \
		amap "amap ports found using nmap" on \
		sslscan "sslscan targets" on \
		sslciphersuite "ssl-cipher-suite" on \
		rdpseccheck "run rdp-sec-check against RDP" on \
		cutycapt "Take photo of web pages found?" off \
		snmpscans "Check for default SNMP community strings" off \
        enum4linux "Run enum4linux against targets" on \
        smtp "connect to SMTP to check if they allow relaying of mail" off \
        uniscan "run uniscan against HTTP(s) ports" off \
        nfsscan "connect to nfs services and list contents" off \
        x11grab "get screenshot of x11 sessions" off \
        wget "run wget against HTTP(s) ports" off \
	2> /tmp/answer
	case $? in 1|255) : do ; f_exit ;; esac
	checklist=`cat /tmp/answer`
	for opt in ${checklist}
    do
		case ${opt} in
			arpscan) : do ; RUNARPSCAN=1 ;;
			quicknmap) : do ; RUNQUICKNMAP=1 ;;
			nmap) : do ; RUNNMAP=1 ;;
			amap) : do ; RUNAMAP=1 ;;
			sslscan) : do ; RUNSSLSCAN=1 ;;
			sslciphersuite) : do ; RUNSSLCIPHERSUITE=1 ;;
			rdpseccheck) : do ; RUNRDPSECCHECK=1 ;;
			cutycapt) : do ; RUNCUTY=1 ;;
			snmpscans) : do ; RUNSNMPSCAN=1 ;;
			snmpget) : do ; RUNSNMPGET=1 ;;
			enum4linux) : do ; RUNENUM4LINUXSCAN=1 ;;
			smtp) : do ; RUNSWAKS=1 ;;
			uniscan) : do ; RUNUNISCAN=1 ;;
			nfsscan) : do ; RUNNFSSCAN=1 ;;
			x11grab) : do ; RUNX11GRAB=1 ;;
			wget) : do ; RUNWGET=1 ;;
		esac
	done
	clear
	echo -e "\e[00;32m[SETTINGS]\e[00m"
	read -p "[+] Where would you like the output to go:  " -e -i "`pwd`/output" OUTPUTDIR
	f_directorycheck

	#ask if you want to create scansource.txt
	read -p "[+] Do you wish to create scansource.txt evidence file? (y/n): " -e -i "y" ANSWER
	if [ "$(echo $ANSWER | tr [:upper:] [:lower:])" == "y" ]
	then
		f_scansource 1>&2
	fi
	if [ -s targets.txt ]
	then
		cp targets.txt ${OUTPUTDIR}/targets.txt
	fi
	read -p "[+] How many threads would you like to run:  " -e -i "${THREADS}" THREADS
	#gets creds for enum4linux scans
	if [ ${RUNENUM4LINUXSCAN} == "1" ]
	then
		echo -e "\e[00;32m[ENUM4LINUX OPTIONS]\e[00m"
		read -p "[+] Do you wish to scan use creds with enum4linux?(y/n): " -e -i "n" ANSWER
		if [ "$(echo $ANSWER | tr [:upper:] [:lower:])" == "y" ]
		then
			read -p "[+] Username:  " -e -i "administrator" USERNAME
			read -p "[+] Password:  " -e -i "" PASSWORD
			enum4linux="/usr/bin/enum4linux -a -v -u ${USERNAME} -p '${PASSWORD}'"
		fi
	fi
	if [ ${RUNARPSCAN} == "1" ] ; then f_arpscan ; fi
	if [ ${RUNQUICKNMAP} == "1" ] ; then f_quicknmap ; fi
	if [ ${RUNNMAP} == "1" ] ; then f_nmapoptions ; f_nmapscans ; fi
	if [ ${RUNAMAP} == "1" ] ; then f_amapscans ; fi
	if [ ${RUNSSLSCAN} == "1" ] ; then f_sslscans ; fi
	if [ ${RUNSSLCIPHERSUITE} == "1" ] ; then f_sslciphersuite ; fi
	if [ ${RUNRDPSECCHECK} == "1" ] ; then f_rdpseccheck ; fi
	if [ ${RUNCUTY} == "1" ] ; then f_cuty ; fi
	if [ ${RUNSNMPSCAN} == "1" ] ; then f_snmpscan ; fi
	if [ ${RUNENUM4LINUXSCAN} == "1" ] ; then f_runenum4linuxscan ; fi
	if [ ${RUNSWAKS} == "1" ] ; then f_swaksscans ; fi
	if [ ${RUNUNISCAN} == "1" ] ; then f_uniscan ; fi
	if [ ${RUNNFSSCAN} == "1" ] ; then f_nfsscan ; fi
	if [ ${RUNX11GRAB} == "1" ] ; then f_x11grab ; fi
	if [ ${RUNWGET} == "1" ] ; then f_wget ; fi
}
f_debug(){ #this is debug information (insert f_debug in the script to pause)
	echo -e "\e[00;32m[DEBUG]\e[00m"
	echo "checklist = ${checklist}"
	echo "NMAPTCPDEFAULT=${NMAPTCPDEFAULT}"
	echo "NMAPTCPALL=${NMAPTCPALL}"
	echo "NMAPTCPCUSTOM=${NMAPTCPCUSTOM}"
	echo "NMAPTCPCUSTOMPORTS=${NMAPTCPCUSTOMPORTS}"
	echo "NMAPUDPDEFAULT=${NMAPUDPDEFAULT}"
	echo "NMAPUDPALL=${NMAPUDPALL}"
	echo "NMAPUDPCUSTOM=${NMAPUDPCUSTOM}"
	echo "NMAPUDPCUSTOMPORTS=${NMAPUDPCUSTOMPORTS}"
	echo "Number of scantypes = $((${NMAPTCPDEFAULT}+${NMAPTCPALL}+${NMAPTCPCUSTOM}+${NMAPUDPDEFAULT}+${NMAPUDPALL}+${NMAPUDPCUSTOM}))"
	echo "Output directory = ${OUTPUTDIR}"
	echo "Number of threads = ${THREADS}"
	echo "RUNARPSCAN = ${RUNARPSCAN}"
	echo "RUNQUICKNMAP = ${RUNQUICKNMAP}"
	echo "RUNNMAP = ${RUNNMAP}"
	echo "RUNAMAP = ${RUNAMAP}"
	echo "RUNSSLSCAN = ${RUNSSLSCAN}"
	echo "RUNCUTY = ${RUNCUTY}"
	echo "RUNSNMPSCAN = ${RUNSNMPSCAN}"
	echo "RUNENUM4LINUXSCAN = ${RUNENUM4LINUXSCAN}"
	echo "COUNT = ${COUNT}"
	echo "NUMBER = ${NUMBER}"
	echo "targets.txt =" ; cat targets.txt
	echo "result = ${result}"
	read -p "pause"
}
f_directorycheck(){ #creates dir if it's not present
	if [ -d ${OUTPUTDIR} ] ; then sleep 0 ; else mkdir -p ${OUTPUTDIR} ; fi
}
f_scansource(){ #creates scansource.txt containing network info
	echo -e "[+] Adding scansource.txt to output folder"
	ipaddr=`ifconfig ${NETINTERFACE} | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*'`
	cidr=`ip -o -f inet addr show | grep ${NETINTERFACE} | awk '/scope global/ {print $4}' | cut -d"/" -f2`
	f_cidr2mask ${cidr}
	echo "[+] Interface Details----------------" > ${OUTPUTDIR}/scansource.txt
	ifconfig ${NETINTERFACE} | sed '/^$/d' >> ${OUTPUTDIR}/scansource.txt
	echo -e "\n[+] Route Details--------------------" >> ${OUTPUTDIR}/scansource.txt
	route -n >> ${OUTPUTDIR}/scansource.txt
	echo -e "\n[+] IPCalc Details-------------------" >> ${OUTPUTDIR}/scansource.txt
	ipcalc -n -b "${ipaddr}" "${netmask}" >> ${OUTPUTDIR}/scansource.txt
	echo -e "\n[+] Arp-Scan Details-----------------" >> ${OUTPUTDIR}/scansource.txt
	arp-scan -I ${NETINTERFACE} -l | grep -v packets | grep -v Ending | grep -v Starting | grep -v Interface | sed '/^$/d' >> ${OUTPUTDIR}/scansource.txt
	echo -e "\n[+] NMAP Ping Sweep Details-----------------" >> ${OUTPUTDIR}/scansource.txt
	nmap -sP "${ipaddr}/${cidr}" | grep -v "Host is up" | sed -e 's/Nmap scan report for //' | grep -v Nmap | grep -v "${ipaddr}" | sed ':a;N;$!ba;s/\nMAC Address: / /g' | sed '/^$/d' >> ${OUTPUTDIR}/scansource.txt
	echo -e "\n[+] nbtscan -----------------" >> ${OUTPUTDIR}/scansource.txt
	nbtscan -qr "${ipaddr}/${cidr}" | sort -bt . -k 1,1n -k 2,2n -k 3,3n -k 4,4n >> ${OUTPUTDIR}/scansource.txt
	echo -e "\n[+] nbtscan verbose -----------------" > ${OUTPUTDIR}/scansource_nbt.txt
	nbtscan -qvr "${ipaddr}/${cidr}" >> ${OUTPUTDIR}/scansource_nbt.txt
}
f_mask2cidr(){ #function to turn mask into cidr value
	case $1 in
			255.255.0.0) cidr="16";;
			255.255.128.0) cidr="17";;
			255.255.192.0) cidr="18";;
			255.255.224.0) cidr="19";;
	        255.255.240.0) cidr="20";;
	        255.255.248.0) cidr="21";;
	        255.255.252.0) cidr="22";;
	        255.255.254.0) cidr="23";;
	        255.255.255.0) cidr="24";;
	        255.255.255.128) cidr="25";;
	        255.255.255.192) cidr="26";;
	        255.255.255.224) cidr="27";;
	        255.255.255.240) cidr="28";;
	        255.255.255.248) cidr="29";;
	        255.255.255.252) cidr="30";;
        	*) cidr="24" ; echo "[+] Error:Not able to figure out cidr from subnetmask (defaulting to /24)" ; sleep 5;;
	esac
}
f_cidr2mask(){ #function to turn mask into cidr value
	case $1 in
			16) netmask="255.255.0.0";;
			17) netmask="255.255.128.0";;
			18) netmask="255.255.192.0";;
			19) netmask="255.255.224.0";;
	        20) netmask="255.255.240.0";;
	        21) netmask="255.255.248.0";;
	        22) netmask="255.255.252.0";;
	        23) netmask="255.255.254.0";;
	        24) netmask="255.255.255.0";;
	        25) netmask="255.255.255.128";;
	        26) netmask="255.255.255.192";;
	        27) netmask="255.255.255.224";;
	        28) netmask="255.255.255.240";;
	        29) netmask="255.255.255.248";;
	        30) netmask="255.255.255.252";;
        	*) netmask="255.255.255.0" ; echo "[+] Error:Not able to figure out netmask from cidr (defaulting to /24)" ; sleep 5;;
	esac
}
f_progress(){ #outputs progress to screen
	PERCENTAGE=$(($((${COUNT}*100))/${NUMBER}))
	echo -en "\e[K\r[+] ${*} - now on ${COUNT} of ${NUMBER} - ${PERCENTAGE}% | "
	THREADSBEFORE=${THREADS}
	#read -t 5 -p "Threads: " -e -i ${THREADSBEFORE} THREADS
	if [ $? != 0 ] ; then THREADS=${THREADSBEFORE} ; fi
}
f_progressquick(){ #outputs progress to screen (uses small sleep)
	PERCENTAGE=$(($((${COUNT}*100))/${NUMBER}))
	echo -en "\e[K\r[+] ${*} - loading${COUNT} of ${NUMBER} - ${PERCENTAGE}% | "
	THREADSBEFORE=${THREADS}
	#read -t ${SLEEPTIME} -p "Threads: " -e -i ${THREADSBEFORE} THREADS
	if [ $? != 0 ] ; then THREADS=${THREADSBEFORE} ; fi
}
f_arpscan(){ #creates targets.txt and then allows editing
	echo -e "\e[00;32m[ARPSCAN]\e[00m"
	if [ -s targets.txt ]
	then
		echo -e "\e[00;31m[+] Error! \e[00m targets.txt file already found"
		read -p "Do you wish to create a new file(y/n)?: " -e -i "n" ANSWER
		if [ "$(echo $ANSWER | tr [:upper:] [:lower:])" == "n" ]
		then
			echo -e "\e[00;31m[+] Exiting to prevent overwrite of targets.txt\e[00m"
			exit 0
		fi
	fi
	echo  "[+] We are now scanning the local subnet for devices using arp-scan `echotime`"
	arp-scan -I ${NETINTERFACE} -l -g | grep . | grep -v ${MACIGNORE} | cut -f1 | grep -v packets |grep -v Interface | grep -v Ending | grep -v Starting | sort -bt . -k 1,1n -k 2,2n -k 3,3n -k 4,4n | uniq > `pwd`/targets.txt
	echo "[+] Arp-Scan complete. Please remove IPs you dont wish to scan `echotime`" ; sleep 3
	nano `pwd`/targets.txt
	cp `pwd`/targets.txt ${OUTPUTDIR}/targets.txt
}
f_nmapoptions(){ #determins what type of nmap scans you want
	echo -e "\e[00;32m[NMAP OPTIONS]\e[00m"
	ANSWER="y"
	while [ "$(echo $ANSWER | tr [:upper:] [:lower:])" != "n" ]
	do
		NMAPTCPCUSTOMPORTSCOUNT=$((`echo -n ${NMAPTCPCUSTOMPORTS} | sed 's/,/\n/g' | wc -l`+1))
		NMAPUDPCUSTOMPORTSCOUNT=$((`echo -n ${NMAPUDPCUSTOMPORTS} | sed 's/,/\n/g' | wc -l`+1))
		echo "[+] Nmap scans types - We are set to run the following:"
		echo "  ==============================="
		echo "  |_____________TCP_____________|"
		if [ ${NMAPTCPALL} = "1" ] ; then echo -en "  |\e[00;32m Big\e[00m "; else echo -en "  |\e[02;31m Big\e[00m "; fi
		if [ ${NMAPTCPDEFAULT} = "1" ] ; then echo -en "| \e[00;32mDefault\e[00m " ; else echo -en "| \e[02;31mDefault\e[00m "; fi
		if [ ${NMAPTCPCUSTOM} = "1" ] ; then echo -e "| \e[00;32mCustom (${NMAPTCPCUSTOMPORTSCOUNT})\e[00m|" ; else echo -e "| \e[02;31mCustom (${NMAPTCPCUSTOMPORTSCOUNT})\e[00m|"; fi
		echo "  ==============================="
		echo "  |_____________UDP_____________|"
		if [ ${NMAPUDPALL} = "1" ] ; then echo -en "  |\e[00;32m Big\e[00m " ; else echo -en "  |\e[02;31m Big\e[00m "; fi
		if [ ${NMAPUDPDEFAULT} = "1" ] ; then echo -en "| \e[00;32mDefault\e[00m " ; else echo -en "| \e[02;31mDefault\e[00m "; fi
		if [ ${NMAPUDPCUSTOM} = "1" ] ; then echo -e "| \e[00;32mCustom (${NMAPUDPCUSTOMPORTSCOUNT})\e[00m|" ; else echo -e "| \e[02;31mCustom (${NMAPUDPCUSTOMPORTSCOUNT})\e[00m|"; fi
		echo "  ==============================="
		read -p "[+] Do you want to change any of this(y/n)? " -e -i "n" ANSWER
		if [ "$(echo $ANSWER | tr [:upper:] [:lower:])" == "y" ]
		then
			read -p "  | Big TCP Scan(y/n)?: " -e -i "y" ANSWER1
			if [ "$(echo $ANSWER1 | tr [:upper:] [:lower:])" == "y" ]; then NMAPTCPALL=1 ; else NMAPTCPALL=0 ;fi
			read -p "  | Default TCP Scan(y/n)?: " -e -i "y" ANSWER2
			if [ "$(echo $ANSWER2 | tr [:upper:] [:lower:])" == "y" ]; then NMAPTCPDEFAULT=1 ; else NMAPTCPDEFAULT=0 ;fi
			read -p "  | Custom TCP Scan(y/n)?: " -e -i "y" ANSWER3
			if [ "$(echo $ANSWER3 | tr [:upper:] [:lower:])" == "y" ]; then NMAPTCPCUSTOM=1 ; else NMAPTCPCUSTOM=0 ;fi
			read -p "  | Big UDP Scan(y/n)?: " -e -i "n" ANSWER4
			if [ "$(echo $ANSWER4 | tr [:upper:] [:lower:])" == "y" ]; then NMAPUDPALL=1 ; else NMAPUDPALL=0 ;fi
			read -p "  | Default UDP Scan(y/n)?: " -e -i "y" ANSWER5
			if [ "$(echo $ANSWER5 | tr [:upper:] [:lower:])" == "y" ]; then NMAPUDPDEFAULT=1 ; else NMAPUDPDEFAULT=0 ;fi
			read -p "  | Custom UDP Scan(y/n)?: " -e -i "y" ANSWER6
			if [ "$(echo $ANSWER6 | tr [:upper:] [:lower:])" == "y" ]; then NMAPUDPCUSTOM=1 ; else NMAPUDPCUSTOM=0 ;fi
			if [ ${NMAPTCPCUSTOM} = "1" ]
			then
				echo "[+] Please enter the NMAP Custom TCP ports:"
				read -p "  | TCP:" -e -i "${NMAPTCPCUSTOMPORTS}" NMAPTCPCUSTOMPORTS
			fi
			if [ ${NMAPUDPCUSTOM} = "1" ]
			then
				echo "[+] Please enter the NMAP Custom UDP ports:"
				read -p "  | UDP:" -e -i "${NMAPUDPCUSTOMPORTS}" NMAPUDPCUSTOMPORTS
			fi
		fi
	done
}
f_quicknmap(){ #quick nmap scan of targets
	echo -e "\e[00;32m[QUICK NMAP]\e[00m"
	echo  -e "[+] Performing a quick nmap.... `echotime`"
	xterm -title "Quick nmap scan - running" -e "nmap -sSU -vv -iL targets.txt -Pn -p${NMAPQUICKPORTS} -n -r -oN ${OUTPUTDIR}/quicknmap.txt"
	xterm -title "Quick nmap scan - results" -e "cat ${OUTPUTDIR}/quicknmap.txt | grep -i \"Nmap\ scan\ report\ for\|open\" | grep -v filtered | less" &
	echo  -e "[+] Quick nmap finished `echotime`"
}
f_nmapscans(){ #nmap scans of targets
	echo -e "\e[00;32m[NMAP]\e[00m"
	echo  -e "[+] NMAP scans starting `echotime`"
	COUNT=0
	NUMBER=$(((`cat targets.txt| wc -l`)*$((${NMAPTCPDEFAULT}+${NMAPTCPALL}+${NMAPTCPCUSTOM}+${NMAPUDPDEFAULT}+${NMAPUDPALL}+${NMAPUDPCUSTOM}))))
	if [ -s targets.txt ] ; then sleep 0 ; else echo  "[+] targets.txt not found in current directory, we'll create one..." ; f_arpscan ; fi
	for i in `cat targets.txt`
	do
		f_progressquick "NMAP Progress"
		TARGET=${i}
		LOC=${OUTPUTDIR}/${TARGET}
		if [ -d ${LOC} ] ; then sleep 0 ; else mkdir -p ${LOC} ; fi
		if [ ${NMAPTCPDEFAULT} = "1" ] ; then ((COUNT++)); sleep ${SLEEPTIME}; xterm ${XTERMVALS} -title "${TARGET} NMAP small TCP" -e "${NMAPTCP} ${LOC}/small.tcp ${TARGET}" & fi
		if [ ${NMAPTCPALL} = "1" ] ; then ((COUNT++)); sleep ${SLEEPTIME}; xterm ${XTERMVALS} -title "${TARGET} NMAP big TCP" -e "${NMAPTCP} ${LOC}/big.tcp -p- ${TARGET}" & fi
		if [ ${NMAPTCPCUSTOM} = "1" ] ; then ((COUNT++)); sleep ${SLEEPTIME}; xterm ${XTERMVALS} -title "${TARGET} NMAP custom TCP" -e "${NMAPTCP} ${LOC}/custom.tcp -p${NMAPTCPCUSTOMPORTS} ${TARGET}" & fi
		if [ ${NMAPUDPDEFAULT} = "1" ] ; then ((COUNT++)); sleep ${SLEEPTIME}; xterm ${XTERMVALS} -title "${TARGET} NMAP small UDP" -e "${NMAPUDP} ${LOC}/small.udp ${TARGET}" & fi
		if [ ${NMAPUDPALL} = "1" ] ; then ((COUNT++)); sleep ${SLEEPTIME}; xterm ${XTERMVALS} -title "${TARGET} NMAP big UDP" -e "${NMAPUDP} ${LOC}/big.udp -p- ${TARGET}" & fi
		if [ ${NMAPUDPCUSTOM} = "1" ] ; then ((COUNT++)); sleep ${SLEEPTIME}; xterm ${XTERMVALS} -title "${TARGET} NMAP custom UDP" -e "${NMAPUDP} ${LOC}/custom.udp -p${NMAPUDPCUSTOMPORTS} ${TARGET}" & fi
		while [ `ps -Aef --cols 400 | grep NMAP | grep xterm | wc -l` -ge ${THREADS} ]
		do
			f_progress "NMAP Progress"
		done
		sleep 5
	done
	while [ `ps -Aef --cols 400 | grep NMAP | grep xterm | wc -l` -gt 0 ]
	do
		RUNNING=`ps -Aef --cols 400 | grep NMAP | grep xterm | wc -l`
		f_progress "NMAP Finishing(${RUNNING}left)"
	done
	echo "";echo -e "[+] NMAP scans finished `echotime`"
	# delete scans that were cancelled during running
	cd "${OUTPUTDIR}"
	for i in `ls */*.gnmap`;do wcl=`cat ${i} | wc -l`;if [ ${wcl} -le 2 ];then rm ${i};fi;done
	for i in `ls */*.xml`;do wcl=`cat ${i} | wc -l`;if [ ${wcl} -le 15 ];then rm ${i};fi;done
	for i in `ls */*.nmap`;do wcl=`cat ${i} | wc -l`;if [ ${wcl} -le 1 ];then rm ${i};fi;done

	# create open_ports.txt containing only 1 tcp and 1 udp scan from each IP in order of size (big>small>custom)
	echo  "[+] Creating open_ports.txt `echotime`"
	if [ -s open_ports.txt ] ; then rm open_ports.txt ; fi
	for i in `ls */*.nmap | cut -d"/" -f1 | sort -bt . -k 1,1n -k 2,2n -k 3,3n -k 4,4n | uniq`
	do
		echo "###################### ${i} RESULTS ######################" >> open_ports.txt
		if [ -f ${i}/big.tcp.nmap ]
		then
			echo "---------------------- TCP Big------------------------------" >> open_ports.txt
			cat ${i}/big.tcp.nmap | grep "open" | grep -v "OSScan" | grep -v "Missing" | grep -v "filtered" >> open_ports.txt
		elif [ -f ${i}/small.tcp.nmap ]
		then
			echo "---------------------- TCP Small------------------------------" >> open_ports.txt
			cat ${i}/small.tcp.nmap | grep "open" | grep -v "OSScan" | grep -v "Missing" | grep -v "filtered" >> open_ports.txt
		elif [ -f ${i}/custom.tcp.nmap ]
		then
			echo "---------------------- TCP Custom------------------------------" >> open_ports.txt
			cat *${i}/custom.tcp.nmap | grep "open" | grep -v "OSScan" | grep -v "Missing" | grep -v "filtered" >> open_ports.txt
		else
			echo "no results" >> open_ports.txt
		fi
		if [ -f ${i}/big.udp.nmap ]
		then
			echo "---------------------- UDP Big------------------------------" >> open_ports.txt
			cat ${i}/big.udp.nmap | grep "open" | grep -v "OSScan" | grep -v "Missing" | grep -v "filtered" >> open_ports.txt
		elif [ -f ${i}/small.udp.nmap ]
		then
			echo "---------------------- UDP Small------------------------------" >> open_ports.txt
			cat ${i}/small.udp.nmap | grep "open" | grep -v "OSScan" | grep -v "Missing" | grep -v "filtered" >> open_ports.txt
		elif [ -f ${i}/custom.udp.nmap ]
		then
			echo "---------------------- UDP Custom------------------------------" >> open_ports.txt
			cat *${i}/custom.udp.nmap | grep "open" | grep -v "OSScan" | grep -v "Missing" | grep -v "filtered" >> open_ports.txt
		else
			echo "no results" >> open_ports.txt
		fi
		echo ""  >> open_ports.txt
	done
	echo  "[+] Creating vlan_ports.txt `echotime`"
	cat open_ports.txt | grep open | cut -f1 -d"/" | sort -nu | grep -v fingerprint | grep -v "|" | sed ':a;N;$!ba;s/\n/,/g' | tr -cd '[0123456789,]' > vlan_ports.txt
	grep -i "ssl\|tls" */*.nmap | grep open | cut -d"/" -f1,2 | sed 's/\/.*.nmap//' | sort -u > nmap.ssl.txt
	grep -i "ms-wbt-server" */*.nmap | grep open | cut -d"/" -f1 | sed 's/\/.*.nmap//' | sort -u > nmap.rdp.txt
	cd ../
}
f_amapscans(){ #amap scans (of nmap output)
	echo -e "\e[00;32m[AMAP]\e[00m"
	echo -e "[+] AMAP scans starting `echotime`"
	cd "${OUTPUTDIR}"
	COUNT=0
	NUMBER=`ls */*.gnmap | sed -e "s/.gnmap//" | wc -l`
	for i in `ls */*.gnmap | sed -e "s/.gnmap//"`
	do
		f_progressquick "AMAP Progress"
		((COUNT++)); xterm ${XTERMVALS} -title "${i} AMAP" -e "amap -T 2 -C 1 -i ${i}.gnmap -o ${i}.amap | tee -a amap_full.txt" &
		while [ `ps -Aef --cols 400 | grep AMAP | grep xterm | wc -l` -ge ${THREADS} ]
		do
			f_progress "AMAP Progress"
		done
		sleep ${SLEEPTIME}
	done
	while [ `ps -Aef --cols 400 | grep AMAP | grep xterm | wc -l` -gt 0 ]
	do
		RUNNING=`ps -Aef --cols 400 | grep AMAP | grep xterm | wc -l`
		f_progress "AMAP Finishing(${RUNNING}left)"
	done
	cat amap_full.txt | cut -d" " -f3,4,5 | grep matches | sort -bt . -k 1,1n -k 2,2n -k 3,3n -k 4,4n | uniq > amap.txt
	cat amap.txt | grep http | cut -d"/" -f 1 | sort -bt . -k 1,1n -k 2,2n -k 3,3n -k 4,4n | uniq > amap.http.txt
	cat amap.txt | grep ssl | cut -d"/" -f 1 | sort -bt . -k 1,1n -k 2,2n -k 3,3n -k 4,4n | uniq > amap.ssl.txt
	cat amap_full.txt | cut -d" " -f3,4,5 | grep 161/udp | cut -d"/" -f1 | sort -bt . -k 1,1n -k 2,2n -k 3,3n -k 4,4n | uniq > amap.snmp.txt
	cat amap.txt | grep smtp | cut -d"/" -f 1 | sort -bt . -k 1,1n -k 2,2n -k 3,3n -k 4,4n | uniq > amap.smtp.txt
	cat amap.txt | grep nfs | cut -d"/" -f 1 | sort -bt . -k 1,1n -k 2,2n -k 3,3n -k 4,4n | uniq > amap.nfs.txt
	cat amap.txt | grep x-windows | cut -d"/" -f1 | sort -bt . -k 1,1n -k 2,2n -k 3,3n -k 4,4n | uniq > amap.x11.txt
	echo ""; echo -e "[+] AMAP scans finished `echotime`"
	cd ../
}
f_sslscans(){ #sslscans of ssl services (using nmap output)
	echo -e "\e[00;32m[SSL SCANS]\e[00m"
	echo -e "[+] SSLSCAN starting `echotime`"
	cd "${OUTPUTDIR}"
	if [ -s nmap.ssl.txt ]
	then
	COUNT=0
	NUMBER=`cat nmap.ssl.txt | grep -v 3389 | wc -l`
		for i in `cat nmap.ssl.txt | grep -v 3389`
		do
			f_progressquick "SSLSCAN Progress"
			HOST=`echo $i | cut -d":" -f1`
			PORT=`echo $i | cut -d":" -f2`
			((COUNT++)); xterm ${XTERMVALS} -title "${i} SSLSCAN" -e "sslscan --no-failed ${i} | tee ${HOST}/${PORT}.sslscan.txt; sleep 5" &
			while [ `ps -Aef --cols 400 | grep SSLSCAN | grep xterm | wc -l` -ge ${THREADS} ]
			do
				f_progress "SSLSCAN Progress"
			done
		sleep ${SLEEPTIME}
		done
		while [ `ps -Aef --cols 400 | grep SSLSCAN | grep xterm | wc -l` -gt 0 ]
		do
			RUNNING=`ps -Aef --cols 400 | grep SSLSCAN | grep xterm | wc -l`
			f_progress "SSLSCAN Finishing(${RUNNING}left)"
		done
		cat */*.sslscan.txt | grep "Testing\ SSL\|Accepted\|ERROR\|Signature\ Algorithm" | grep "SSLv2\|Testing\|\ 40\|\ 56\|md5" | grep -v "ERROR" > WeakCiphers.txt
		echo ""
	fi
	echo -e "[+] SSLSCAN finished `echotime`"
	cd ../
}
f_sslciphersuite(){ #ssl-cipher-suite-enum of ssl services (using nmap output)
	echo -e "\e[00;32m[SSLCIPHERSUITE]\e[00m"
	echo -e "[+] SSLCIPHERSUITE starting `echotime`"
	cd "${OUTPUTDIR}"
	if [ -s nmap.ssl.txt ]
	then
	COUNT=0
	NUMBER=`cat nmap.ssl.txt | grep -v 3389 | wc -l`
		for i in `cat nmap.ssl.txt | grep -v 3389`
		do
			f_progressquick "SSLCIPHERSUITE Progress"
			HOST=`echo $i | cut -d":" -f1`
			PORT=`echo $i | cut -d":" -f2`
			((COUNT++)); xterm ${XTERMVALS} -title "${i} SSLCIPHERSUITE" -e "ssl-cipher-suite-enum.pl ${i}| tee ${HOST}/${PORT}.ssl-cipher-suite-enum.txt; sleep 5" &
			while [ `ps -Aef --cols 400 | grep SSLCIPHERSUITE | grep xterm | wc -l` -ge ${THREADS} ]
			do
				f_progress "SSLCIPHERSUITE Progress"
			done
		sleep ${SLEEPTIME}
		done
		while [ `ps -Aef --cols 400 | grep SSLCIPHERSUITE | grep xterm | wc -l` -gt 0 ]
		do
			RUNNING=`ps -Aef --cols 400 | grep SSLCIPHERSUITE | grep xterm | wc -l`
			f_progress "SSLCIPHERSUITE Finishing(${RUNNING}left)"
		done
		echo ""
	fi
	echo -e "[+] SSLCIPHERSUITE finished `echotime`"
	cd ../
}
f_rdpseccheck(){ #rdp-sec-check of RDP services (using nmap output)
	echo -e "\e[00;32m[RDPSECCHECK]\e[00m"
	echo -e "[+] RDPSECCHECK starting `echotime`"
	cd "${OUTPUTDIR}"
	if [ -s nmap.rdp.txt ]
	then
	COUNT=0
	NUMBER=`cat nmap.rdp.txt | wc -l`
		for i in `cat nmap.rdp.txt`
		do
			f_progressquick "RDPSECCHECK Progress"
			HOST=`echo $i | cut -d":" -f1`
			PORT=`echo $i | cut -d":" -f2`
			((COUNT++)); xterm ${XTERMVALS} -title "${i} RDPSECCHECK" -e "/usr/share/sparta/scripts/rdp-sec-check.pl ${i} | tee ${HOST}/rdp-sec-check.txt; sleep 5" &
			while [ `ps -Aef --cols 400 | grep RDPSECCHECK | grep xterm | wc -l` -ge ${THREADS} ]
			do
				f_progress "RDPSECCHECK Progress"
			done
		sleep ${SLEEPTIME}
		done
		while [ `ps -Aef --cols 400 | grep RDPSECCHECK | grep xterm | wc -l` -gt 0 ]
		do
			RUNNING=`ps -Aef --cols 400 | grep RDPSECCHECK | grep xterm | wc -l`
			f_progress "RDPSECCHECK Finishing(${RUNNING}left)"
		done
		echo ""
	fi
	echo -e "[+] RDPSECCHECK finished `echotime`"
	cd ../
}
f_cuty(){ #takes photos of http(s) web site roots (using amap output)
	echo -e "\e[00;32m[CutyCapt]\e[00m"
	echo -e "[+] CutyCapt Scans starting `echotime`"
	cd "${OUTPUTDIR}"
	if [ -s amap.ssl.txt ]
	then
	COUNT=0
	NUMBER=`cat amap.ssl.txt | grep -v 3389 | wc -l`
		for i in `cat amap.ssl.txt | grep -v 3389`
		do
			f_progressquick "CutyCapt HTTPS Progress"
			HOST=`echo $i | cut -d":" -f1`
			PORT=`echo $i | cut -d":" -f2`
			((COUNT++)); xterm ${XTERMVALS} -title "${i} CutyCapt" -e "cutycapt --url=https://${i} --out=${HOST}/${PORT}_https.png" &
			while [ `ps -Aef --cols 400 | grep CutyCapt | grep xterm | wc -l` -ge ${THREADS} ]
			do
				f_progress "CutyCapt HTTPS Progress"
			done
			sleep ${SLEEPTIME}
		done
	fi
	if [ -s amap.http.txt ]
	then
	COUNT=0
	NUMBER=`cat amap.http.txt | grep -v 3389 | wc -l`
		for i in `cat amap.http.txt | grep -v 3389`
		do
			f_progressquick "CutyCapt HTTP Progress"
			HOST=`echo $i | cut -d":" -f1`
			PORT=`echo $i | cut -d":" -f2`
			((COUNT++)); xterm ${XTERMVALS} -title "${i} CutyCapt" -e "cutycapt --url=http://${i} --out=${HOST}/${PORT}_http.png" &
			while [ `ps -Aef --cols 400 | grep CutyCapt | grep xterm | wc -l` -ge ${THREADS} ]
			do
				f_progress "CutyCapt HTTP Progress"
			done
			sleep ${SLEEPTIME}
		done
	fi
	while [ `ps -Aef --cols 400 | grep CutyCapt | grep xterm | wc -l` -gt 0 ]
	do
		RUNNING=`ps -Aef --cols 400 | grep CutyCapt | grep xterm | wc -l`
		f_progress "CutyCapt Finishing(${RUNNING}left)"
	done
	echo -e "[+] CutyCapt Scans finished `echotime`"
	cd ../
}
f_snmpscan(){ #checks for default community strings (using amap output)
	echo -e "\e[00;32m[SNMP]\e[00m"
	echo -e "[+] SNMP scans starting `echotime`"
	cd "${OUTPUTDIR}"
	DICT="/usr/share/doc/onesixtyone/dict.txt"
	if [ -s amap.snmp.txt ]
	then
		COUNT=0
		DICTWC=`cat ${DICT} | wc -l`
		NUMBER=`cat amap.snmp.txt | wc -l`
		NUMBER=$((${NUMBER}*${DICTWC}))
		for i in `cat amap.snmp.txt`
		do
			f_progressquick "SNMP Scan Progress"
			HOST=`echo $i | cut -d":" -f1`
			PORT=`echo $i | cut -d":" -f2`
			for STRING in `cat ${DICT}`
			do
				((COUNT++)); xterm ${XTERMVALS} -title "${HOST}_${PORT}_${STRING} SNMPSCAN" -e "snmp-check -T 2 -t ${HOST} -p ${PORT} -c ${STRING} | tee ${HOST}/${PORT}_${STRING}_snmpscan.txt ; sleep 2" &
			done
			while [ `ps -Aef --cols 400 | grep SNMPSCAN | grep xterm | wc -l` -ge ${THREADS} ]
			do
				f_progress "SNMP Scan Progress"
			done
		sleep ${SLEEPTIME}
		done
		while [ `ps -Aef --cols 400 | grep SNMPSCAN | grep xterm | wc -l` -gt 0 ]
		do
			RUNNING=`ps -Aef --cols 400 | grep SNMPSCAN | grep xterm | wc -l`
			f_progress "SNMP Scan Finishing(${RUNNING}left)"
		done
		echo ""
	fi
	ls -1 */161* > SNMPCommunityStrings.txt
	echo -e "[+] SNMP scans finished `echotime`"
	cd ../
}
f_runenum4linuxscan(){ #enum4linux against targets
	echo -e "\e[00;32m[ENUM4LINUX]\e[00m"
	echo -e "[+] Enum4Linux scans starting `echotime`"
	cd "${OUTPUTDIR}"
	sleep ${SLEEPTIME}
	COUNT=0
	NUMBER=`cat targets.txt | wc -l`
	for i in `cat targets.txt`
	do
		f_progressquick "Enum4Linux Progress"
		((COUNT++)); xterm ${XTERMVALS} -title "${i} Enum4Linux" -e "enum4linux -v ${i} | tee ${i}/enum4linux.txt; sleep 5" &
		while [ `ps -Aef --cols 400 | grep Enum4Linux | grep xterm | wc -l` -ge ${THREADS} ]
		do
			f_progress "Enum4Linux Progress"
		done
	sleep ${SLEEPTIME}
	done
	while [ `ps -Aef --cols 400 | grep Enum4Linux | grep xterm | wc -l` -gt 0 ]
	do
		RUNNING=`ps -Aef --cols 400 | grep Enum4Linux | grep xterm | wc -l`
		f_progress "Enum4Linux Finishing(${RUNNING}left)"
	done
	echo -e "[+] Enum4Linux scans finished `echotime`"
	echo -e "[+] WinLanFoe.pl Running (WinHostDetails.txt) `echotime`"
	winlanfoe.pl -f > WinHostDetails.txt
	echo -e "[+] WinLanFoe.pl finished `echotime`"
	cd ../
}
f_swaksscans(){ #swaks test against smtp (using amap output)
	echo -e "\e[00;32m[SMTP]\e[00m"
	echo -e "[+] SMTP (swaks) scans starting `echotime`"
	cd "${OUTPUTDIR}"
	if [ -s amap.smtp.txt ]
	then
	COUNT=0
	NUMBER=`cat amap.smtp.txt | wc -l`
		for i in `cat amap.smtp.txt`
		do
			f_progressquick "SMTP Progress"
			HOST=`echo $i | cut -d":" -f1`
			PORT=`echo $i | cut -d":" -f2`
			((COUNT++)); xterm ${XTERMVALS} -title "${i} SWAKS" -e "swaks --to user@example.com --server ${i} | tee ${HOST}/${PORT}_smtp.txt; sleep 5" &
			while [ `ps -Aef --cols 400 | grep SWAKS | grep xterm | wc -l` -ge ${THREADS} ]
			do
				f_progress "SMTP Progress"
			done
		sleep ${SLEEPTIME}
		done
		while [ `ps -Aef --cols 400 | grep SWAKS | grep xterm | wc -l` -gt 0 ]
		do
			RUNNING=`ps -Aef --cols 400 | grep SWAKS | grep xterm | wc -l`
			f_progress "SMTP Finishing(${RUNNING}left)"
		done
		echo ""
	fi
	echo -e "[+] SMTP scans finished `echotime`"
	cd ../
}
f_uniscan(){ #run basic checks against web servers
	echo -e "\e[00;32m[UNISCAN]\e[00m"
	echo -e "[+] Uniscan scans starting `echotime`"
	cd "${OUTPUTDIR}"
	if [ -s amap.ssl.txt ]
	then
	COUNT=0
	NUMBER=`cat amap.ssl.txt | wc -l`
		for i in `cat amap.ssl.txt`
		do
			f_progressquick "Uniscan HTTPS Progress"
			HOST=`echo $i | cut -d":" -f1`
			PORT=`echo $i | cut -d":" -f2`
			((COUNT++)); xterm ${XTERMVALS} -title "${i} UNISCAN" -e "cd /pentest/web/uniscan/ ; ./uniscan.pl -u https://${i}/ -qweds | tee ${OUTPUTDIR}/${HOST}/${PORT}_uniscan.txt ; sleep 5" &
			while [ `ps -Aef --cols 400 | grep UNISCAN | grep xterm | wc -l` -ge ${THREADS} ]
			do
				f_progress "Uniscan HTTPS Progress"
			done
			sleep ${SLEEPTIME}
		done
		echo ""
	fi
	if [ -s amap.http.txt ]
	then
	COUNT=0
	NUMBER=`cat amap.http.txt | wc -l`
		for i in `cat amap.http.txt`
		do
			f_progress "Uniscan HTTP Progress"
			HOST=`echo $i | cut -d":" -f1`
			PORT=`echo $i | cut -d":" -f2`
			((COUNT++)); xterm ${XTERMVALS} -title "${i} UNISCAN" -e "cd /pentest/web/uniscan/ ; ./uniscan.pl -u http://${i}/ -qweds | tee ${OUTPUTDIR}/${HOST}/${PORT}_uniscan.txt" &
			while [ `ps -Aef --cols 400 | grep UNISCAN | grep xterm | wc -l` -ge ${THREADS} ]
			do
				f_progress "Uniscan HTTP Progress"
			done
			sleep ${SLEEPTIME}
		done
		echo ""
	fi
	while [ `ps -Aef --cols 400 | grep UNISCAN | grep xterm | wc -l` -gt 0 ]
	do
		RUNNING=`ps -Aef --cols 400 | grep UNISCAN | grep xterm | wc -l`
		f_progress "Uniscan Finishing(${RUNNING}left)"
	done
	echo -e "[+] Uniscan scans finished `echotime`"
	cd ../
}
f_nfsscan(){ #connect to nfs and run tree output
	echo -e "\e[00;32m[NFS]\e[00m"
	echo -e "[+] NFS Scans starting `echotime`"
	cd "${OUTPUTDIR}"
	for i in `cat amap.nfs.txt | cut -d":" -f 1` ; do showmount -e ${i} ; done > nfsmounts.txt
	if [ -s amap.nfs.txt ]
	then
	COUNT=0
	NUMBER=`cat amap.nfs.txt | wc -l`
		for i in `cat amap.nfs.txt | cut -d":" -f1`
		do
			f_progressquick "NFS Tree Progress"
			((COUNT++));
			NFSCOUNT=0
			for f in `showmount -e ${i} | cut -d" " -f1 | grep -v "Export"`
			do
				((NFSCOUNT++));
				mkdir -p /tmp/nfs${f}
				mount -o nolock,ro -t nfs ${i}:${f} /tmp/nfs${f}
				xterm ${XTERMVALS} -title "${i} NFS Tree" -e "tree -a -L 4 /tmp/nfs${f} | tee -a ${i}/nfs${NFSCOUNT}.txt ; sleep 5" &
			done

			while [ `ps -Aef --cols 400 | grep "NFS Tree" | grep xterm | wc -l` -ge ${THREADS} ]
			do
				f_progress "NFS Tree Progress"
			done
		sleep ${SLEEPTIME}
		done
		while [ `ps -Aef --cols 400 | grep "NFS Tree" | grep xterm | wc -l` -gt 0 ]
		do
			RUNNING=`ps -Aef --cols 400 | grep "NFS Tree" | grep xterm | wc -l`
			f_progress "NFS Tree Finishing(${RUNNING}left)"
		done
		for i in `cat amap.nfs.txt | cut -d":" -f1`
		do
			for a in `mount | grep $i | cut -d" " -f1`
			do
				umount ${a}
			done
		done
		echo ""
	fi
	echo -e "[+] NFS Scans Finished `echotime`"
	cd ../
}
f_x11grab(){ #connects to x11 servers and does screenshot
	echo -e "\e[00;32m[x11]\e[00m"
	echo -e "[+] x11 scans starting `echotime`"
	cd "${OUTPUTDIR}"
	if [ -s amap.x11.txt ]
	then
	COUNT=0
	NUMBER=`cat amap.x11.txt | wc -l`
		for i in `cat amap.x11.txt`
		do
			f_progressquick "x11grab Progress"
			HOST=`echo ${i} | cut -d":" -f1`
			PORT=`echo ${i} | cut -d":" -f2`
			PORTTR=`echo "${PORT: -1}"`
			((COUNT++)); xterm ${XTERMVALS} -title "${i} X11grab" -e "xwininfo -tree -root -display ${HOST}:${PORTTR} > ${HOST}/x11_${PORTTR}.txt && import -display ${HOST}:${PORTTR} -window root ${HOST}/x11_${PORTTR}.jpg" &
			while [ `ps -Aef --cols 400 | grep X11grab | grep xterm | wc -l` -ge ${THREADS} ]
			do
				f_progress "x11grab Progress"
			done
			sleep ${SLEEPTIME}
		done
		while [ `ps -Aef --cols 400 | grep X11grab | grep xterm | wc -l` -gt 0 ]
		do
			RUNNING=`ps -Aef --cols 400 | grep X11grab | grep xterm | wc -l`
			f_progress "x11grab Finishing(${RUNNING}left)"
		done
		echo ""
	fi
	echo -e "[+] x11 Scans finsihed `echotime`"
	cd ../
}
f_wget(){ #wget of http(s) web sites (using amap output)
	echo -e "\e[00;32m[WGET]\e[00m"
	echo -e "[+] WGET scans started `echotime`"
	cd "${OUTPUTDIR}"
	if [ -s amap.ssl.txt ]
	then
	COUNT=0
	NUMBER=`cat amap.ssl.txt | grep -v 3389 | wc -l`
		for i in `cat amap.ssl.txt | grep -v 3389`
		do
			f_progressquick "WGET HTTPS Progress"
			HOST=`echo $i | cut -d":" -f1`
			PORT=`echo $i | cut -d":" -f2`
			((COUNT++)); xterm ${XTERMVALS} -title "${i} WGET" -e "wget -t 1 -T 60 --no-check-certificate --save-headers -O- https://${i} > ${HOST}/${PORT}_wget_https.txt ; sleep 5" &
			while [ `ps -Aef --cols 400 | grep WGET | grep xterm | wc -l` -ge ${THREADS} ]
			do
				f_progress "WGET HTTPS Progress"
			done
			sleep ${SLEEPTIME}
		done
	fi
	if [ -s amap.http.txt ]
	then
	COUNT=0
	NUMBER=`cat amap.http.txt | grep -v 3389 | wc -l`
		for i in `cat amap.http.txt | grep -v 3389`
		do
			f_progress "WGET HTTP Progress"
			HOST=`echo $i | cut -d":" -f1`
			PORT=`echo $i | cut -d":" -f2`
			((COUNT++)); xterm ${XTERMVALS} -title "${i} WGET" -e "wget -t 1  -T 60 --save-headers -O- http://${i} > ${HOST}/${PORT}_wget_http.txt ; sleep 5" &
			while [ `ps -Aef --cols 400 | grep WGET | grep xterm | wc -l` -ge ${THREADS} ]
			do
				f_progress "WGET HTTP Progress"
			done
			sleep ${SLEEPTIME}
		done
	fi
	while [ `ps -Aef --cols 400 | grep WGET | grep xterm | wc -l` -gt 0 ]
	do
		RUNNING=`ps -Aef --cols 400 | grep WGET | grep xterm | wc -l`
		f_progress "WGET Finishing(${RUNNING}left)"
		echo ""
	done
	echo -e "[+] WGET scans finished `echotime`"
	cd ../
}
f_cleanup(){ #deletes files created that are empty or blank
	echo  "[+] Now cleaning up"
	cd "${OUTPUTDIR}"
	for i in `ls */*.png`
	do
		iSIZE=`stat -c %s ${i}`
		if [ ${iSIZE} -eq "469" ] ; then rm ${i} ; fi
	done
	if [ -s amap.ssl.txt ] ; then sleep 0 ; else rm amap.ssl.txt ; fi
	if [ -s amap.http.txt ] ; then sleep 0 ; else rm amap.http.txt ; fi
	if [ -s WeakCiphers.txt ] ; then sleep 0 ; else rm WeakCiphers.txt ; fi
	if [ -s SNMPCommunityStrings.txt ] ; then sleep 0 ; else rm SNMPCommunityStrings.txt ; fi
	if [ -s amap.snmp.txt ] ; then sleep 0 ; else rm amap.snmp.txt ; fi
	if [ -s amap.smtp.txt ] ; then sleep 0 ; else rm amap.smtp.txt ; fi
	for i in `ls */enum4linux.txt`;do wcl=`cat ${i} | wc -l`;if [ ${wcl} -le 30 ];then rm ${i};fi;done
	for i in `ls */*_snmpscan.txt`;do wcl=`cat ${i} | wc -l`;if [ ${wcl} -le 30 ];then rm ${i};fi;done
	if [ -s amap.nfs.txt ] ; then sleep 0 ; else rm amap.nfs.txt ; fi
	cd ../
}
f_displayresults(){ #displays output in xterm windows
	echo -e "\e[00;32m[RESULTS]\e[00m"
	echo  "[+] Displaying results"
	cd "${OUTPUTDIR}"
	if [ -s open_ports.txt ] ; then xterm -title "OpenPorts from ${OUTPUTDIR}" -e "grep -E --color=always '.*(ssh|rdp|ssl|http|telnet|https|sslv2|mail|smtp|snmp|oracle|sql|tnls|ftp|sftp|echo|chargen|dns|qotd|motd|finger|rlogin|rexec|discard|daytime).*|' open_ports.txt | less -R" & fi
	if [ -s WeakCiphers.txt ] ; then xterm -title "WeakCiphers from ${OUTPUTDIR}" -e "less -R WeakCiphers.txt" & fi
	if [ -s SNMPCommunityStrings.txt ] ; then xterm -title "SNMPCommunityStrings from ${OUTPUTDIR}" -e "less -R SNMPCommunityStrings.txt" & fi
	cd ../
	echo  "[+] Scanning has finished, now time to get root"
	echo "[+] Targets scanned"
	cat ${OUTPUTDIR}/targets.txt | sed ':a;N;$!ba;s/\n/,/g'
	echo "[+] Vlan Ports"
	cat ${OUTPUTDIR}/vlan_ports.txt
	echo ""
}
f_exit(){ #this is called upon ESC/Cancel press
	rm /tmp/answer
	echo  "[+] Exiting.... see ya"
	exit 1
}
echotime(){ #simply displays the time to the screen
	echo -e "\e[00;30m`date +"%T"`\e[00m"
}
### What to run ###
f_setdefaults
f_main
f_cleanup
f_displayresults
#f_debug
exit 0