#!/bin/bash
#
# Title:         Nmapper for Bash Bunny
# Author:        Hak5Darren
# Version:       1.0
#
# Scans target with nmap using specified options
# Saves sequential logs to mass storage loot folder
#
# Red ...........Setup
# Red Blinking...Setup Failed. Target did not obtain IP address. Exit.
# Amber..........Scanning
# White..........Switching to Mass Storage (optional)
# Green..........Finished
# 

# See nmap --help for options. Default "-O --fuzzy" profiles target OS.
NMAP_OPTIONS="-O --fuzzy"
LOOTDIR=/root/udisk/loot/nmap

# Set LED Red while setting up attack
LED R

# Use RNDIS for Windows. Mac/*nix use ECM_ETHERNET
ATTACKMODE RNDIS_ETHERNET 
#ATTACKMODE ECM_ETHERNET

# Source bunny_helpers.sh to get environment variable TARGET_IP and TARGET_HOSTNAME
source bunny_helpers.sh

# Setup named logs in loot directory
mkdir -p $LOOTDIR
HOST=${TARGET_HOSTNAME}
# If hostname is blank set it to "noname"
[[ -z "$HOST" ]] && HOST="noname"
COUNT=$(ls -lad $LOOTDIR/$HOST*.log | wc -l)
COUNT=$((COUNT+1))

# Check target IP address. If unset, blink RED and end.
if [ -z "${TARGET_IP}" ]; then
    LED R 100
	exit 1
fi

# Set LED, nmap target and sync filesystem before optionally switching to mass storage
LED G R
nmap $NMAP_OPTIONS $TARGET_IP >> $LOOTDIR/$HOST-$COUNT.log
sync

# Optionally become mass storage when scan completes
#LED R G B
#ATTACKMODE STORAGE

# Payload complete. Set LED green
LED G