#!/bin/bash # Device Identification Script for 192.168.50.81 # This script will attempt to identify what device is on the specified IP address TARGET_IP="192.168.50.81" LOG_FILE="device_identification_$(date +%Y%m%d_%H%M%S).log" echo "=== Device Identification Report for $TARGET_IP ===" | tee $LOG_FILE echo "Timestamp: $(date)" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE # Function to check if device is reachable check_reachability() { echo "1. Checking device reachability..." | tee -a $LOG_FILE if ping -c 3 -W 2 $TARGET_IP > /dev/null 2>&1; then echo "✅ Device is reachable" | tee -a $LOG_FILE return 0 else echo "❌ Device is not reachable" | tee -a $LOG_FILE return 1 fi } # Function to get basic network info get_network_info() { echo "" | tee -a $LOG_FILE echo "2. Getting network information..." | tee -a $LOG_FILE # Get MAC address MAC_ADDRESS=$(arp -n | grep $TARGET_IP | awk '{print $3}') if [ ! -z "$MAC_ADDRESS" ]; then echo "MAC Address: $MAC_ADDRESS" | tee -a $LOG_FILE # Try to identify vendor from MAC VENDOR_OUI=$(echo $MAC_ADDRESS | cut -d: -f1-3 | tr '[:lower:]' '[:upper:]') echo "Vendor OUI: $VENDOR_OUI" | tee -a $LOG_FILE else echo "MAC Address: Not found in ARP table" | tee -a $LOG_FILE fi # Get hostname if possible HOSTNAME=$(nslookup $TARGET_IP 2>/dev/null | grep "name =" | awk '{print $4}' | sed 's/\.$//') if [ ! -z "$HOSTNAME" ]; then echo "Hostname: $HOSTNAME" | tee -a $LOG_FILE else echo "Hostname: Not found" | tee -a $LOG_FILE fi } # Function to scan for open ports scan_ports() { echo "" | tee -a $LOG_FILE echo "3. Scanning for open ports..." | tee -a $LOG_FILE # Quick port scan for common ports COMMON_PORTS="21,22,23,25,53,80,110,143,443,993,995,8080,8443" if command -v nmap > /dev/null 2>&1; then echo "Using nmap for port scan..." | tee -a $LOG_FILE nmap -p $COMMON_PORTS --open --host-timeout 30s $TARGET_IP | tee -a $LOG_FILE else echo "nmap not available, using netcat for basic port check..." | tee -a $LOG_FILE for port in 22 80 443 8080; do if timeout 3 bash -c "/dev/null; then echo "Port $port: OPEN" | tee -a $LOG_FILE else echo "Port $port: closed" | tee -a $LOG_FILE fi done fi } # Function to identify services identify_services() { echo "" | tee -a $LOG_FILE echo "4. Identifying services..." | tee -a $LOG_FILE # Check for SSH if timeout 3 bash -c "/dev/null; then echo "SSH (22): Available" | tee -a $LOG_FILE # Try to get SSH banner SSH_BANNER=$(timeout 5 bash -c "echo | nc $TARGET_IP 22" 2>/dev/null | head -1) if [ ! -z "$SSH_BANNER" ]; then echo "SSH Banner: $SSH_BANNER" | tee -a $LOG_FILE fi fi # Check for HTTP/HTTPS if timeout 3 bash -c "/dev/null; then echo "HTTP (80): Available" | tee -a $LOG_FILE # Try to get HTTP headers HTTP_HEADERS=$(timeout 5 curl -I http://$TARGET_IP 2>/dev/null | head -5) if [ ! -z "$HTTP_HEADERS" ]; then echo "HTTP Headers:" | tee -a $LOG_FILE echo "$HTTP_HEADERS" | tee -a $LOG_FILE fi fi if timeout 3 bash -c "/dev/null; then echo "HTTPS (443): Available" | tee -a $LOG_FILE fi # Check for other common services for port in 21 23 25 53 110 143 993 995 8080 8443; do if timeout 3 bash -c "/dev/null; then case $port in 21) echo "FTP (21): Available" | tee -a $LOG_FILE ;; 23) echo "Telnet (23): Available" | tee -a $LOG_FILE ;; 25) echo "SMTP (25): Available" | tee -a $LOG_FILE ;; 53) echo "DNS (53): Available" | tee -a $LOG_FILE ;; 110) echo "POP3 (110): Available" | tee -a $LOG_FILE ;; 143) echo "IMAP (143): Available" | tee -a $LOG_FILE ;; 993) echo "IMAPS (993): Available" | tee -a $LOG_FILE ;; 995) echo "POP3S (995): Available" | tee -a $LOG_FILE ;; 8080) echo "HTTP Alt (8080): Available" | tee -a $LOG_FILE ;; 8443) echo "HTTPS Alt (8443): Available" | tee -a $LOG_FILE ;; esac fi done } # Function to check for device fingerprinting device_fingerprint() { echo "" | tee -a $LOG_FILE echo "5. Device fingerprinting..." | tee -a $LOG_FILE # Try to get HTTP response for device identification if timeout 3 bash -c "/dev/null; then echo "Attempting HTTP device identification..." | tee -a $LOG_FILE HTTP_RESPONSE=$(timeout 10 curl -s -L http://$TARGET_IP 2>/dev/null | head -20) if [ ! -z "$HTTP_RESPONSE" ]; then echo "HTTP Response (first 20 lines):" | tee -a $LOG_FILE echo "$HTTP_RESPONSE" | tee -a $LOG_FILE fi fi # Check for common IoT/device management interfaces for path in "/" "/admin" "/login" "/setup" "/config" "/status"; do if timeout 3 bash -c "/dev/null; then HTTP_STATUS=$(timeout 5 curl -s -o /dev/null -w "%{http_code}" http://$TARGET_IP$path 2>/dev/null) if [ "$HTTP_STATUS" = "200" ]; then echo "Web interface found at: http://$TARGET_IP$path" | tee -a $LOG_FILE fi fi done } # Function to check for Tailscale check_tailscale() { echo "" | tee -a $LOG_FILE echo "6. Checking for Tailscale..." | tee -a $LOG_FILE # Check if device responds on Tailscale ports for port in 41641 41642; do if timeout 3 bash -c "/dev/null; then echo "Tailscale port $port: OPEN" | tee -a $LOG_FILE fi done } # Function to provide device type suggestions suggest_device_type() { echo "" | tee -a $LOG_FILE echo "7. Device type analysis..." | tee -a $LOG_FILE OPEN_PORTS=$(grep -E "(OPEN|Available)" $LOG_FILE | wc -l) HAS_SSH=$(grep -c "SSH.*Available" $LOG_FILE) HAS_HTTP=$(grep -c "HTTP.*Available" $LOG_FILE) HAS_HTTPS=$(grep -c "HTTPS.*Available" $LOG_FILE) echo "Analysis based on open services:" | tee -a $LOG_FILE echo "- Total open services: $OPEN_PORTS" | tee -a $LOG_FILE echo "- SSH available: $HAS_SSH" | tee -a $LOG_FILE echo "- HTTP available: $HAS_HTTP" | tee -a $LOG_FILE echo "- HTTPS available: $HAS_HTTPS" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "Possible device types:" | tee -a $LOG_FILE if [ $HAS_SSH -gt 0 ] && [ $HAS_HTTP -gt 0 ]; then echo "🔍 Likely a Linux server or NAS device" | tee -a $LOG_FILE elif [ $HAS_HTTP -gt 0 ] && [ $HAS_SSH -eq 0 ]; then echo "🔍 Likely a web-enabled device (printer, camera, IoT device)" | tee -a $LOG_FILE elif [ $HAS_SSH -gt 0 ] && [ $HAS_HTTP -eq 0 ]; then echo "🔍 Likely a headless Linux device or server" | tee -a $LOG_FILE else echo "🔍 Could be a network device, IoT device, or mobile device" | tee -a $LOG_FILE fi } # Main execution main() { if check_reachability; then get_network_info scan_ports identify_services device_fingerprint check_tailscale suggest_device_type echo "" | tee -a $LOG_FILE echo "=== Identification Complete ===" | tee -a $LOG_FILE echo "Full report saved to: $LOG_FILE" | tee -a $LOG_FILE echo "" | tee -a $LOG_FILE echo "Next steps:" | tee -a $LOG_FILE echo "1. Check your router's DHCP client list" | tee -a $LOG_FILE echo "2. Look for device names in your router's admin interface" | tee -a $LOG_FILE echo "3. Check if any mobile devices or IoT devices are connected" | tee -a $LOG_FILE echo "4. Review the log file for detailed information" | tee -a $LOG_FILE else echo "Device is not reachable. It may be:" | tee -a $LOG_FILE echo "- Powered off" | tee -a $LOG_FILE echo "- Not connected to the network" | tee -a $LOG_FILE echo "- Using a different IP address" | tee -a $LOG_FILE echo "- Blocking ping requests" | tee -a $LOG_FILE fi } # Run the main function main