NAME
CRAPPS - Cisco Router Action Performing Perl Script
Author: Michael J. Vincent
DESCRIPTION
Script will interface with Cisco router via SNMP, Telnet or SSH supporting
regular login or username, and perform actions. SNMP supports a get
config, put config and a save config ("wr mem" for IOS). SNMP mode also
supports get and clear VTY line function and a get interface list and
monitor interface utilization function, including CPU, memory and proxy
ping.
Telnet and SSH mode supports the issuing of commands from a file. The only
default command issued in is "terminal length 0" for IOS or
"set length 0" for CatOS. Therefore, show commands can be in the
commands file along with config commands (on IOS, as long as preceded by
a "config term" and followed by an "end" and "wr mem" if save is
desired). Also supports log file of session transcript.
Password decrypt and encrypt mode is provided for Cisco passwords. Type
7 (not "enable secret") are decrypted or encrypted to all possible
combinations. Type 5 ("enable secret") are encrypted or cracked by
dictionary brute force.
Default execution with no options provides simple Ping.
DEPENDENCIES
The following will most likely be standard with a Perl install:
strict
warnings
Getopt::Long
Pod::Usage
Sys::Hostname
Socket (requires version >1.94 for IPv6 support)
IO::Socket::IP (Perl's > 5.16, otherwise IO::Socket::INET)
Net::Ping
Digest::MD5 ? (required by Crypt::PasswdMD5)
Term::ReadKey ? (required for password masking)
The following will probably require extra download:
Net::SNMP (required by Cisco::SNMP)
Cisco::SNMP *
Net::Telnet # (required by Net::Telnet::Cisco)
Net::Telnet::Cisco *
Net::SSH2 ?# (required by Net::SSH2::Cisco)
Net::SSH2::Cisco ?*
Crypt::Cisco *
Crypt::PasswdMD5 ? (required for MD5 -P modes)
? Modules for optional features
+ Not core modules - these are required by other modules.
# Not core modules, but supplied with Strawberry in vendor/lib
All above Perl modules are NOT written or maintained by Michael
Vincent (except *). For info on the required Perl modules, see
http://CPAN.org.
USAGE
The following steps are geared toward a Windows installation of
Perl and the use of CRAPPS on Windows. However, CRAPPS is written
in Perl and thus is platform independent. You can run it on any OS
that supports Perl and has the required modules. It has been tested
successfully on Windows 2000 and greater (e.g., XP, 2K3/8/12 Server,
7, 10) 32-bit and 64-bit with Strawberry Perl versions 5.14 and
newer (up to latest) 32-bit and 64-bit, Linux (various flavors)
and Mac OSX.
1) Install Perl
2) Install Perl Modules (if required)
3) Test CRAPPS.PL
4) Additional Uses
1) Install Perl
You'll need Perl. If you already have it, skip to step 2.
Perl on Windows:
Strawberry (http://strawberryperl.com/)
Grab the latest version. Install with all the default options. Once
installed, you may find it useful to add the ".PL" extension to your
PATHEXT environment variable so you can run the Perl scripts that
you'll no doubt write simply by typing their name rather than prefacing
them with the "perl" command.
This can be done by (example on Windows):
1) Control Panel --> System --> "Advanced" tab -->
"Environment Variables" button.
2) In the "System variables" section, locate the "PATHEXT" variable.
3) Press "Edit" button.
4) In the "Variable value:" text box that pops up, go to the end and
add the text ";.PL" without the double quotes. (That's semicolon
period capital P capital L.)
5) Press the "OK" button.
6) Press the "OK" button ("Environment Variables" window).
7) Press the "OK" button ("System Properties" window).
8) Close any open cmd.exe windows and open a new one.
9) Check your work by Start -> Run "cmd.exe". Type the command:
set PATHEXT
output should be something like:
C:\> set PATHEXT
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PL
Note the ;.PL added at the end.
2) Install Perl Modules
Next, you'll need the modules detailed in the above DEPENDENCIES
section. If you already have them installed, skip to step 3.
If you are behind a proxy to access the Internet, you'll need to add an
environment variable (similar to editing the PATHEXT environment
variable in Step 1 above) called "http_proxy" (without the double
quotes) and the value should be your proxy server. For example:
http://myproxy.mycompany.com:8080
a) Use the 'cpan' client once you can access the Internet.
You can simply install the required modules by:
cpan <module>
For CRAPPS, you will (most likely only - in addition to the default
Perl install) need:
cpan Net-Telnet-Cisco
cpan Cisco-SNMP
cpan Crypt::Cisco
Those commands will install those modules as well as their
dependencies: Net::Telnet and Net::SNMP respectively.
For optional features and full functionality, you will also need:
cpan Net::SSH2::Cisco
cpan Crypt::PasswdMD5
b) You can also download each module directly from CPAN
(http://search.cpan.org) and follow the installation procedures
included with each modules. Usually:
perl Makefile.PL
make
make test
make install
NOTE: 'make' should be 'dmake' on Windows Strawberry Perl
3) Test CRAPPS.PL
Once you've done ALL the above, you can run the CRAPPS.PL script simply
by typing:
crapps
at the cmd.exe prompt.
If you get something like:
C:\> crapps
Can't locate Net/Telnet/Cisco.pm in @INC (@INC contains: C:/Perl/lib
C:/Perl/site/lib .) at C:\crapps.pl line 41.
BEGIN failed--compilation aborted at C:\crapps.pl line 41.
You have a problem. In the above example, Perl can't find the
Net::Telnet::Cisco module. Are you sure you installed the modules
correctly in step 2 above?
If you get the following output, you're good to go!
C:\> crapps
crapps.pl: host required
Usage:
crapps -P password [options]
crapps [[SNMP options] | [Telnet options]] [options] host ...
To get the 411, use:
C:\> crapps --man
4) Additional Uses
Once you start using CRAPPS.PL to automate some tasks to Cisco routers/
switches, you'll start to realize that running it several times with
some "feedback" and parsing of output can lead to automation of more
complicated tasks. To illustrate this, I've created some Batch file
"wrappers" that call CRAPPS.PL in various configurations with various
input commands to complete complex tasks.
getcall.bat Acts like a call tracing application to find the
port on a Cisco CMM blade that a Cisco VoIP phone
is using when accessing the PSTN. This narrows
the call down to the specific channel on the T1.
We use this script at my current client when doing
testing to/from the PSTN. We can fail PSTN trunks
and verify which new T1 the calls are routed over
in the failure scenario. This script eliminates
the need to have Telnet sessions open to each of
the 4 CMM blades and having to issue two commands
to each and parse through the returned information
looking for the test phone I'm testing with.
getuser.bat You have an IP address - where is it on the network?
You traceroute, then telnet to the router. You do
an ARP lookup, you do a CAM lookup based on the
IP to MAC mapping. You've found the trunk port to
The access switch. You convert the MAC address
from IOS format to CatOS format. Now you telnet to
the access switch and do the final CAM lookup to
get the final port and MAC address where the IP
device is. Alternatively, you run this script and
it does it all for you!
Not included is a batch file that I wrote to use CRAPPS.PL to backup
all IOS and CatOS devices in the network via TFTP, save them in a
folder by date, rotate the folders to keep 10 versions of back configs,
run the batch file as a Scheduled Task every other night (to maintain
20 days worth of back configs) and use two simple files - 1 for IOS and
1 for CatOS - that contain the names/IP's of the devices to backup for
easy editing by those who are Perl/Batch disabled.