-
Notifications
You must be signed in to change notification settings - Fork 21
/
dtpscan.sh
141 lines (121 loc) · 4.17 KB
/
dtpscan.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#!/usr/bin/env bash
# DTP Scan
# Daniel Compton
# www.commonexploits.com
# Twitter = @commonexploits
# 13/10/2013
# Requires tshark
# Tested on Bactrack 5 and Kali with Cisco devices
# Version 1.3 - soon will be integrated into Frogger version 2. updated to fix changes in tshark
DTPSEC="90" # number of seconds to sniff for DTP. Suggest 90 as packets are sent every 30-60 seconds depending on the DTP mode.
VERSION="1.3"
clear
echo -e "\e[00;32m########################################################\e[00m"
echo "*** DTPScan - The VLAN DTP SCanner $VERSION ***"
echo ""
echo "*** Detects DTP modes for VLAN Hopping (Passive) ***"
echo -e "\e[00;32m########################################################\e[00m"
#Check for tshark
which tshark >/dev/null
if [ $? -eq 1 ]
then
echo -e "\e[01;31m[!]\e[00m Unable to find the required tshark program, install and try again."
echo ""
exit 1
fi
echo ""
echo -e "\e[01;32m[-]\e[00m The following Interfaces are available"
echo ""
ifconfig | grep -o "eth.*" |cut -d " " -f1
echo ""
echo -e "\e[1;31m----------------------------------------------------------\e[00m"
echo -e "\e[01;31m[?]\e[00m Enter the interface to scan from as the source"
echo -e "\e[1;31m----------------------------------------------------------\e[00m"
read INT
ifconfig | grep -i -w "$INT" >/dev/null
if [ $? = 1 ]
then
echo ""
echo -e "\e[01;31m[!]\e[00m Sorry the interface you entered does not exist! - check and try again."
echo ""
exit 1
fi
echo ""
echo -e "\e[01;32m[-]\e[00m Now Sniffing DTP packets on interface $INT for "$DTPSEC" seconds."
echo ""
tshark -a duration:$DTPSEC -i $INT -Y "dtp" -x -V >dtp.tmp 2>&1
COUNTDTP=$(cat dtp.tmp |grep "dtp" |wc -l)
if [ $COUNTDTP = 0 ]
then
echo ""
echo -e "\e[01;31m[!]\e[00m No DTP packets were found. DTP is probably disabled and in 'switchport nonegotiate' mode."
echo ""
echo -e "\e[01;31m[!]\e[00m DTP VLAN attacks will not be possible from this port."
echo ""
echo -e "\e[01;33m[-]\e[00m Note: This attack is port specific and only applies to the port you are connected to. It does not represent all ports on the device."
echo ""
rm dtp.tmp 2>/dev/null
exit 0
else
DTPMODE=$(cat dtp.tmp |grep -o "Status: 0x.*" |awk '{ print $NF }' | sort --unique |head -1)
if [ $DTPMODE = "0x03" ]
then
echo ""
echo -e "\e[01;32m[+]\e[00m DTP was found enabled in it's default state of 'Auto'."
echo ""
echo -e "\e[01;32m[+]\e[00m VLAN hopping will be possible."
echo ""
elif [ $DTPMODE = "0x83" ]
then
echo ""
echo -e "\e[01;32m[+]\e[00m DTP was found enabled in mode 'switchport mode dynamic desirable'."
echo ""
echo -e "\e[01;32m[+]\e[00m VLAN hopping should be possible."
echo ""
elif [ $DTPMODE = "0x04" ]
then
echo ""
echo -e "\e[01;32m[+]\e[00m DTP was found enabled in mode 'switchport mode dynamic desirable'."
echo ""
echo -e "\e[01;32m[+]\e[00m VLAN hopping should be possible."
echo ""
elif [ $DTPMODE = "0x81" ]
then
echo ""
echo -e "\e[01;32m[+]\e[00m DTP was found enabled in Trunk mode 'switchport mode trunk'."
echo ""
echo -e "\e[01;31m[!]\e[00m DTP VLAN attacks will not be possible."
echo ""
elif [ $DTPMODE = "0xa5" ]
then
echo ""
echo -e "\e[01;32m[+]\e[00m DTP was found enabled in Trunk mode 'switchport mode trunk 802.1Q'. with 802.1Q encapsulation forced"
echo ""
echo -e "\e[01;31m[!]\e[00m DTP VLAN attacks will not be possible."
echo ""
elif [ $DTPMODE = "0x42" ]
then
echo ""
echo -e "\e[01;32m[+]\e[00m DTP was found enabled in Trunk mode 'switchport mode trunk ISL'. with ISL encapsulation forced"
echo ""
echo -e "\e[01;31m[!]\e[00m DTP VLAN attacks will not be possible."
echo ""
elif [ $DTPMODE = "0x84" ]
then
echo ""
echo -e "\e[01;32m[+]\e[00m DTP was found enabled in mode 'switchport mode dynamic auto'."
echo ""
echo -e "\e[01;32m[+]\e[00m VLAN hopping should be possible."
echo ""
elif [ $DTPMODE = "0x02" ]
then
echo ""
echo -e "\e[01;32m[+]\e[00m DTP was found enabled in mode 'switchport mode access'."
echo ""
echo -e "\e[01;31m[!]\e[00m DTP VLAN attacks will not be possible."
echo ""
fi
fi
rm dtp.tmp 2>/dev/null
exit 0