def main(): target = 'nmap.scan.org' option = '-sT -A' for i in range(1, 3): scanner(target, option, i) sleep(500) new_rep = NmapParser('scan1.xml') old_rep = NmapParser('scan2.xml') print_diffrences( new_rep, old_rep, )
def nmap_smb_vulnscan(): """ Scans available smb services in the database for smb signing and ms17-010. """ service_search = ServiceSearch() services = service_search.get_services(ports=['445'], tags=['!smb_vulnscan'], up=True) services = [service for service in services] service_dict = {} for service in services: service.add_tag('smb_vulnscan') service_dict[str(service.address)] = service nmap_args = "-Pn -n --disable-arp-ping --script smb-security-mode.nse,smb-vuln-ms17-010.nse -p 445".split( " ") if services: result = nmap(nmap_args, [str(s.address) for s in services]) parser = NmapParser() report = parser.parse_fromstring(result) smb_signing = 0 ms17 = 0 for nmap_host in report.hosts: for script_result in nmap_host.scripts_results: script_result = script_result.get('elements', {}) service = service_dict[str(nmap_host.address)] if script_result.get('message_signing', '') == 'disabled': print_success("({}) SMB Signing disabled".format( nmap_host.address)) service.add_tag('smb_signing_disabled') smb_signing += 1 if script_result.get('CVE-2017-0143', {}).get('state', '') == 'VULNERABLE': print_success("({}) Vulnerable for MS17-010".format( nmap_host.address)) service.add_tag('MS17-010') ms17 += 1 service.update(tags=service.tags) print_notification( "Completed, 'smb_signing_disabled' tag added to systems with smb signing disabled, 'MS17-010' tag added to systems that did not apply MS17-010." ) stats = { 'smb_signing': smb_signing, 'MS17_010': ms17, 'scanned_services': len(services) } Logger().log( 'smb_vulnscan', 'Scanned {} smb services for vulnerabilities'.format( len(services)), stats) else: print_notification("No services found to scan.")
def import_nmap(result, tag, check_function=all_hosts, import_services=False): """ Imports the given nmap result. """ host_search = HostSearch(arguments=False) service_search = ServiceSearch() parser = NmapParser() report = parser.parse_fromstring(result) imported_hosts = 0 imported_services = 0 for nmap_host in report.hosts: if check_function(nmap_host): imported_hosts += 1 host = host_search.id_to_object(nmap_host.address) host.status = nmap_host.status host.add_tag(tag) if nmap_host.os_fingerprinted: host.os = nmap_host.os_fingerprint if nmap_host.hostnames: host.hostname.extend(nmap_host.hostnames) if import_services: for service in nmap_host.services: imported_services += 1 serv = Service(**service.get_dict()) serv.address = nmap_host.address service_id = service_search.object_to_id(serv) if service_id: # Existing object, save the banner and script results. serv_old = Service.get(service_id) if service.banner: serv_old.banner = service.banner # TODO implement # if service.script_results: # serv_old.script_results.extend(service.script_results) serv_old.save() else: # New object serv.address = nmap_host.address serv.save() if service.state == 'open': host.open_ports.append(service.port) if service.state == 'closed': host.closed_ports.append(service.port) if service.state == 'filtered': host.filtered_ports.append(service.port) host.save() if imported_hosts: print_success("Imported {} hosts, with tag {}".format( imported_hosts, tag)) else: print_error("No hosts found") return {'hosts': imported_hosts, 'services': imported_services}
def scanner(target, option, iteration): nmap = NmapProcess(target, option) return_code = nmap.run() #or nmap.run_background() #or nmap.sudo_ran_background(run_as=root) if return_code != 0: print('Scann cannot be completed:{0}', format(nmap.stderr)) try: parsed = NmapParser(nmap.stdout) file = open('scan' + str(iteration + '.xml', 'w')) file.write(parsed) file.close() except NmapParserException as e: print('Parsing error: {0}'.format(e.msg))
def do_scan(targets): parsed = None a = str(targets) nm = NmapProcess(targets=targets, options='-sV -sT -oN "/tmp/recolib_%s" % targets') rnm = nm.run() npars= NmapParser() parsed = npars.parse(nmap_data=npars) do_reports(a, parsed) for host in parsed.hosts: services = host.services for service in services: if service.state == "open": print str(service) if "http" in str(service): httpenum(str(host)) return parsedi
def os_discovery(): """ Performs os (and domain) discovery of smb hosts. """ hs = HostSearch() hosts = hs.get_hosts(ports=[445], tags=['!nmap_os']) # TODO fix filter for emtpy fields. hosts = [host for host in hosts if not host.os] host_dict = {} for host in hosts: host_dict[str(host.address)] = host arguments = "--script smb-os-discovery.nse -p 445 -Pn -n --disable-arp-ping".split( ' ') if len(hosts): count = 0 print_notification("Checking OS of {} systems".format(len(hosts))) result = nmap(arguments, [str(h.address) for h in hosts]) parser = NmapParser() report = parser.parse_fromstring(result) for nmap_host in report.hosts: for script_result in nmap_host.scripts_results: script_result = script_result.get('elements', {}) host = host_dict[str(nmap_host.address)] if 'fqdn' in script_result: host.hostname.append(script_result['fqdn']) if 'os' in script_result: count += 1 host.os = script_result['os'] host_dict[str(nmap_host.address)] = host for host in hosts: host.add_tag('nmap_os') host.save() print_notification("Done, found the os of {} systems".format(count)) else: print_notification("No systems found to be checked.")
def parse_nmap_logfile(self, logfile, privip=False): """ parse hosts and ports from nmap xml logfile (-l) """ nmap = NmapParser() try: parsed = nmap.parse_fromfile(logfile) except: self.log('nmap', eargs=f'{logfile}', _type='err', end='\n') else: for host in parsed.hosts: if len(host.hostnames) >= 1: _host = host.hostnames[0] # better work with hostname else: _host = host.address try: if ipaddress.ip_address(_host).is_private: privip = True except: pass # hostname ports = [] res = host.get_open_ports() if res: for port, proto in res: tmp = str(host.get_service(port)).translate( str.maketrans('', '', ':[])')).split() service = self.misc.lookup_port_service( str(port), proto) ports.append([str(port), service]) self.opts['targets'][proto].append({ 'host': _host, 'ports': ports, 'privip': privip }) else: # host up but no ports found self.opts['targets']['tcp'].append({ 'host': _host, 'ports': [], 'privip': privip }) return
import nmapparser import libnmap import nmap import csv from libnmap.process import NmapProcess from libnmap.parser import NmapParser from libnmap.objects.service import NmapService nm = libnmap.process.NmapProcess(targets='127.0.0.1', options='-sT -sV --open -nvvv') rc = nm.run() nmout = nm.stdout print nmout succes = nm.is_successful() print "succes {0}".format(succes) pars = NmapParser(nmout) serv = NmapService(nm) nm. nmstd = nm.stdout print nmstd nmparsed= libnmap.parser.NmapParser.parse(nmstd) for s in nmparsed.hosts: print s for s in nmaparsed; print s rnm = nmrx.get_raw_data() print rnm