admin/HomeAudit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e5197b6d0ea65a6acbb55b1d77466e0c07849bc9
HomeAudit/identify_device.sh
admin fb869f1131 Initial commit
2025-08-24 11:13:39 -04:00

222 lines
8.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Device Identification Script for 192.168.50.81
# This script will attempt to identify what device is on the specified IP address
TARGET_IP="192.168.50.81"
LOG_FILE="device_identification_$(date +%Y%m%d_%H%M%S).log"
echo "=== Device Identification Report for $TARGET_IP ===" | tee $LOG_FILE
echo "Timestamp: $(date)" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
# Function to check if device is reachable
check_reachability() {
echo "1. Checking device reachability..." | tee -a $LOG_FILE
if ping -c 3 -W 2 $TARGET_IP > /dev/null 2>&1; then
echo "✅ Device is reachable" | tee -a $LOG_FILE
return 0
else
echo "❌ Device is not reachable" | tee -a $LOG_FILE
return 1
fi
}
# Function to get basic network info
get_network_info() {
echo "" | tee -a $LOG_FILE
echo "2. Getting network information..." | tee -a $LOG_FILE
# Get MAC address
MAC_ADDRESS=$(arp -n | grep $TARGET_IP | awk '{print $3}')
if [ ! -z "$MAC_ADDRESS" ]; then
echo "MAC Address: $MAC_ADDRESS" | tee -a $LOG_FILE
# Try to identify vendor from MAC
VENDOR_OUI=$(echo $MAC_ADDRESS | cut -d: -f1-3 | tr '[:lower:]' '[:upper:]')
echo "Vendor OUI: $VENDOR_OUI" | tee -a $LOG_FILE
else
echo "MAC Address: Not found in ARP table" | tee -a $LOG_FILE
fi
# Get hostname if possible
HOSTNAME=$(nslookup $TARGET_IP 2>/dev/null | grep "name =" | awk '{print $4}' | sed 's/\.$//')
if [ ! -z "$HOSTNAME" ]; then
echo "Hostname: $HOSTNAME" | tee -a $LOG_FILE
else
echo "Hostname: Not found" | tee -a $LOG_FILE
fi
}
# Function to scan for open ports
scan_ports() {
echo "" | tee -a $LOG_FILE
echo "3. Scanning for open ports..." | tee -a $LOG_FILE
# Quick port scan for common ports
COMMON_PORTS="21,22,23,25,53,80,110,143,443,993,995,8080,8443"
if command -v nmap > /dev/null 2>&1; then
echo "Using nmap for port scan..." | tee -a $LOG_FILE
nmap -p $COMMON_PORTS --open --host-timeout 30s $TARGET_IP | tee -a $LOG_FILE
else
echo "nmap not available, using netcat for basic port check..." | tee -a $LOG_FILE
for port in 22 80 443 8080; do
if timeout 3 bash -c "</dev/tcp/$TARGET_IP/$port" 2>/dev/null; then
echo "Port $port: OPEN" | tee -a $LOG_FILE
else
echo "Port $port: closed" | tee -a $LOG_FILE
fi
done
fi
}
# Function to identify services
identify_services() {
echo "" | tee -a $LOG_FILE
echo "4. Identifying services..." | tee -a $LOG_FILE
# Check for SSH
if timeout 3 bash -c "</dev/tcp/$TARGET_IP/22" 2>/dev/null; then
echo "SSH (22): Available" | tee -a $LOG_FILE
# Try to get SSH banner
SSH_BANNER=$(timeout 5 bash -c "echo | nc $TARGET_IP 22" 2>/dev/null | head -1)
if [ ! -z "$SSH_BANNER" ]; then
echo "SSH Banner: $SSH_BANNER" | tee -a $LOG_FILE
fi
fi
# Check for HTTP/HTTPS
if timeout 3 bash -c "</dev/tcp/$TARGET_IP/80" 2>/dev/null; then
echo "HTTP (80): Available" | tee -a $LOG_FILE
# Try to get HTTP headers
HTTP_HEADERS=$(timeout 5 curl -I http://$TARGET_IP 2>/dev/null | head -5)
if [ ! -z "$HTTP_HEADERS" ]; then
echo "HTTP Headers:" | tee -a $LOG_FILE
echo "$HTTP_HEADERS" | tee -a $LOG_FILE
fi
fi
if timeout 3 bash -c "</dev/tcp/$TARGET_IP/443" 2>/dev/null; then
echo "HTTPS (443): Available" | tee -a $LOG_FILE
fi
# Check for other common services
for port in 21 23 25 53 110 143 993 995 8080 8443; do
if timeout 3 bash -c "</dev/tcp/$TARGET_IP/$port" 2>/dev/null; then
case $port in
21) echo "FTP (21): Available" | tee -a $LOG_FILE ;;
23) echo "Telnet (23): Available" | tee -a $LOG_FILE ;;
25) echo "SMTP (25): Available" | tee -a $LOG_FILE ;;
53) echo "DNS (53): Available" | tee -a $LOG_FILE ;;
110) echo "POP3 (110): Available" | tee -a $LOG_FILE ;;
143) echo "IMAP (143): Available" | tee -a $LOG_FILE ;;
993) echo "IMAPS (993): Available" | tee -a $LOG_FILE ;;
995) echo "POP3S (995): Available" | tee -a $LOG_FILE ;;
8080) echo "HTTP Alt (8080): Available" | tee -a $LOG_FILE ;;
8443) echo "HTTPS Alt (8443): Available" | tee -a $LOG_FILE ;;
esac
fi
done
}
# Function to check for device fingerprinting
device_fingerprint() {
echo "" | tee -a $LOG_FILE
echo "5. Device fingerprinting..." | tee -a $LOG_FILE
# Try to get HTTP response for device identification
if timeout 3 bash -c "</dev/tcp/$TARGET_IP/80" 2>/dev/null; then
echo "Attempting HTTP device identification..." | tee -a $LOG_FILE
HTTP_RESPONSE=$(timeout 10 curl -s -L http://$TARGET_IP 2>/dev/null | head -20)
if [ ! -z "$HTTP_RESPONSE" ]; then
echo "HTTP Response (first 20 lines):" | tee -a $LOG_FILE
echo "$HTTP_RESPONSE" | tee -a $LOG_FILE
fi
fi
# Check for common IoT/device management interfaces
for path in "/" "/admin" "/login" "/setup" "/config" "/status"; do
if timeout 3 bash -c "</dev/tcp/$TARGET_IP/80" 2>/dev/null; then
HTTP_STATUS=$(timeout 5 curl -s -o /dev/null -w "%{http_code}" http://$TARGET_IP$path 2>/dev/null)
if [ "$HTTP_STATUS" = "200" ]; then
echo "Web interface found at: http://$TARGET_IP$path" | tee -a $LOG_FILE
fi
fi
done
}
# Function to check for Tailscale
check_tailscale() {
echo "" | tee -a $LOG_FILE
echo "6. Checking for Tailscale..." | tee -a $LOG_FILE
# Check if device responds on Tailscale ports
for port in 41641 41642; do
if timeout 3 bash -c "</dev/tcp/$TARGET_IP/$port" 2>/dev/null; then
echo "Tailscale port $port: OPEN" | tee -a $LOG_FILE
fi
done
}
# Function to provide device type suggestions
suggest_device_type() {
echo "" | tee -a $LOG_FILE
echo "7. Device type analysis..." | tee -a $LOG_FILE
OPEN_PORTS=$(grep -E "(OPEN|Available)" $LOG_FILE | wc -l)
HAS_SSH=$(grep -c "SSH.*Available" $LOG_FILE)
HAS_HTTP=$(grep -c "HTTP.*Available" $LOG_FILE)
HAS_HTTPS=$(grep -c "HTTPS.*Available" $LOG_FILE)
echo "Analysis based on open services:" | tee -a $LOG_FILE
echo "- Total open services: $OPEN_PORTS" | tee -a $LOG_FILE
echo "- SSH available: $HAS_SSH" | tee -a $LOG_FILE
echo "- HTTP available: $HAS_HTTP" | tee -a $LOG_FILE
echo "- HTTPS available: $HAS_HTTPS" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "Possible device types:" | tee -a $LOG_FILE
if [ $HAS_SSH -gt 0 ] && [ $HAS_HTTP -gt 0 ]; then
echo "🔍 Likely a Linux server or NAS device" | tee -a $LOG_FILE
elif [ $HAS_HTTP -gt 0 ] && [ $HAS_SSH -eq 0 ]; then
echo "🔍 Likely a web-enabled device (printer, camera, IoT device)" | tee -a $LOG_FILE
elif [ $HAS_SSH -gt 0 ] && [ $HAS_HTTP -eq 0 ]; then
echo "🔍 Likely a headless Linux device or server" | tee -a $LOG_FILE
else
echo "🔍 Could be a network device, IoT device, or mobile device" | tee -a $LOG_FILE
fi
}
# Main execution
main() {
if check_reachability; then
get_network_info
scan_ports
identify_services
device_fingerprint
check_tailscale
suggest_device_type
echo "" | tee -a $LOG_FILE
echo "=== Identification Complete ===" | tee -a $LOG_FILE
echo "Full report saved to: $LOG_FILE" | tee -a $LOG_FILE
echo "" | tee -a $LOG_FILE
echo "Next steps:" | tee -a $LOG_FILE
echo "1. Check your router's DHCP client list" | tee -a $LOG_FILE
echo "2. Look for device names in your router's admin interface" | tee -a $LOG_FILE
echo "3. Check if any mobile devices or IoT devices are connected" | tee -a $LOG_FILE
echo "4. Review the log file for detailed information" | tee -a $LOG_FILE
else
echo "Device is not reachable. It may be:" | tee -a $LOG_FILE
echo "- Powered off" | tee -a $LOG_FILE
echo "- Not connected to the network" | tee -a $LOG_FILE
echo "- Using a different IP address" | tee -a $LOG_FILE
echo "- Blocking ping requests" | tee -a $LOG_FILE
fi
}
# Run the main function
main
Reference in New Issue View Git Blame Copy Permalink