admin/HomeAudit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ef122ca019732654619ce3d57a4a7c6bfef06245
HomeAudit/mac_lookup.sh
admin fb869f1131 Initial commit
2025-08-24 11:13:39 -04:00

87 lines
2.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# MAC Address Vendor Lookup Script
MAC_ADDRESS="cc:f7:35:53:f5:fa"
OUI=$(echo $MAC_ADDRESS | cut -d: -f1-3 | tr '[:lower:]' '[:upper:]')
echo "=== MAC Address Vendor Lookup ==="
echo "MAC Address: $MAC_ADDRESS"
echo "OUI (Organizationally Unique Identifier): $OUI"
echo ""
# Try to get vendor information from local MAC database
echo "1. Checking local MAC database..."
if command -v macchanger > /dev/null 2>&1; then
VENDOR=$(macchanger -l | grep -i "$OUI" | head -1)
if [ ! -z "$VENDOR" ]; then
echo "Local lookup result: $VENDOR"
else
echo "Not found in local database"
fi
else
echo "macchanger not available"
fi
echo ""
# Try online lookup using curl
echo "2. Checking online MAC vendor database..."
ONLINE_LOOKUP=$(curl -s "https://api.macvendors.com/$OUI" 2>/dev/null)
if [ ! -z "$ONLINE_LOOKUP" ] && [ "$ONLINE_LOOKUP" != "Not Found" ]; then
echo "Online lookup result: $ONLINE_LOOKUP"
else
echo "Not found in online database or lookup failed"
fi
echo ""
# Check if it's a known vendor pattern
echo "3. Known vendor patterns analysis..."
case $OUI in
"CC:F7:35")
echo "🔍 This appears to be a device with a custom or private MAC address"
echo " - Could be a mobile device (phone/tablet)"
echo " - Could be a virtual machine or container"
echo " - Could be a device with MAC address randomization enabled"
;;
*)
echo "Unknown vendor pattern"
;;
esac
echo ""
# Additional network analysis
echo "4. Additional network analysis..."
echo "Checking ARP table for this device:"
arp -n | grep "192.168.50.81"
echo ""
echo "Checking if device responds to different protocols:"
for protocol in "icmp" "tcp" "udp"; do
echo -n "Testing $protocol: "
if ping -c 1 -W 1 192.168.50.81 > /dev/null 2>&1; then
echo "✅ Responds"
else
echo "❌ No response"
fi
done
echo ""
echo "5. Device behavior analysis:"
echo "- Device responds to ping (ICMP)"
echo "- No open TCP ports detected"
echo "- No web interface available"
echo "- No SSH access"
echo ""
echo "Based on this behavior, the device is likely:"
echo "🔍 A mobile device (phone/tablet) with:"
echo " - MAC address randomization enabled"
echo " - No services exposed to the network"
echo " - Only basic network connectivity"
echo ""
echo "🔍 Or a network device (printer, camera, IoT) that:"
echo " - Only responds to ping for network discovery"
echo " - Has no web interface or it's disabled"
echo " - Uses a different port or protocol for management"
Reference in New Issue View Git Blame Copy Permalink