#!/bin/bash
#
# openpilot-scan.sh
#
# Jeremy Brown [jbrown3264/gmail]
# Dec 2020
#
# Checks for openpilot devices using the default SSH key
#
# Setup
# > apt-get install -y masscan && setcap cap_net_raw=ep /usr/bin/masscan
# > wget -q https://raw.githubusercontent.com/commaai/openpilot/master/tools/ssh/id_rsa
# > chmod 600 id_rsa
#
# Example
# > ./openpilot-scan.sh 10.100.100.1/24
#
# Disclaimer
# This script will port scan and attempt login to SSH servers which accept a
# given key. Use it at your own risk, no guarentees, only scan your own network
# or those that you have permission to scan. You assume full responsibility
# for any use or execution of these tools, authorized entry or otherwise actions.
#

KEY="id_rsa"
MATCH_IP='[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
MASSCAN_LOG="masscan.log"
SCAN_LOG="scan.log"
FOUND_FILE="found.txt"
SSH_PORT=8022
USER="root"

if [ $# -ne 1 ]; then
    echo "usage: ./openpilot-scan.sh ra.n.g.e/24"
    exit 1
fi

# scan
masscan --open -p $SSH_PORT -oL $MASSCAN_LOG $1 >/dev/null 2>&1

# parse
grep -ohP "$MATCH_IP" $MASSCAN_LOG > $SCAN_LOG

# check
while read IP
do
    ssh $USER@$IP \
	    -p $SSH_PORT \
        -o batchmode=yes \
        -o StrictHostKeyChecking=no \
        -T -i $KEY >/dev/null 2>&1

    if [ $? -ne 255 ]; then
	    echo $IP
        echo $IP >> $FOUND_FILE
    fi

done < $SCAN_LOG