def main():
target = 'nmap.scan.org'
option = '-sT -A'
for i in range(1, 3):
scanner(target, option, i)
sleep(500)
new_rep = NmapParser('scan1.xml')
old_rep = NmapParser('scan2.xml')
print_diffrences(
new_rep,
old_rep,
)
def nmap_smb_vulnscan():
"""
Scans available smb services in the database for smb signing and ms17-010.
"""
service_search = ServiceSearch()
services = service_search.get_services(ports=['445'],
tags=['!smb_vulnscan'],
up=True)
services = [service for service in services]
service_dict = {}
for service in services:
service.add_tag('smb_vulnscan')
service_dict[str(service.address)] = service
nmap_args = "-Pn -n --disable-arp-ping --script smb-security-mode.nse,smb-vuln-ms17-010.nse -p 445".split(
" ")
if services:
result = nmap(nmap_args, [str(s.address) for s in services])
parser = NmapParser()
report = parser.parse_fromstring(result)
smb_signing = 0
ms17 = 0
for nmap_host in report.hosts:
for script_result in nmap_host.scripts_results:
script_result = script_result.get('elements', {})
service = service_dict[str(nmap_host.address)]
if script_result.get('message_signing', '') == 'disabled':
print_success("({}) SMB Signing disabled".format(
nmap_host.address))
service.add_tag('smb_signing_disabled')
smb_signing += 1
if script_result.get('CVE-2017-0143',
{}).get('state', '') == 'VULNERABLE':
print_success("({}) Vulnerable for MS17-010".format(
nmap_host.address))
service.add_tag('MS17-010')
ms17 += 1
service.update(tags=service.tags)
print_notification(
"Completed, 'smb_signing_disabled' tag added to systems with smb signing disabled, 'MS17-010' tag added to systems that did not apply MS17-010."
)
stats = {
'smb_signing': smb_signing,
'MS17_010': ms17,
'scanned_services': len(services)
}
Logger().log(
'smb_vulnscan',
'Scanned {} smb services for vulnerabilities'.format(
len(services)), stats)
else:
print_notification("No services found to scan.")
def import_nmap(result, tag, check_function=all_hosts, import_services=False):
"""
Imports the given nmap result.
"""
host_search = HostSearch(arguments=False)
service_search = ServiceSearch()
parser = NmapParser()
report = parser.parse_fromstring(result)
imported_hosts = 0
imported_services = 0
for nmap_host in report.hosts:
if check_function(nmap_host):
imported_hosts += 1
host = host_search.id_to_object(nmap_host.address)
host.status = nmap_host.status
host.add_tag(tag)
if nmap_host.os_fingerprinted:
host.os = nmap_host.os_fingerprint
if nmap_host.hostnames:
host.hostname.extend(nmap_host.hostnames)
if import_services:
for service in nmap_host.services:
imported_services += 1
serv = Service(**service.get_dict())
serv.address = nmap_host.address
service_id = service_search.object_to_id(serv)
if service_id:
# Existing object, save the banner and script results.
serv_old = Service.get(service_id)
if service.banner:
serv_old.banner = service.banner
# TODO implement
# if service.script_results:
# serv_old.script_results.extend(service.script_results)
serv_old.save()
else:
# New object
serv.address = nmap_host.address
serv.save()
if service.state == 'open':
host.open_ports.append(service.port)
if service.state == 'closed':
host.closed_ports.append(service.port)
if service.state == 'filtered':
host.filtered_ports.append(service.port)
host.save()
if imported_hosts:
print_success("Imported {} hosts, with tag {}".format(
imported_hosts, tag))
else:
print_error("No hosts found")
return {'hosts': imported_hosts, 'services': imported_services}
def scanner(target, option, iteration):
nmap = NmapProcess(target, option)
return_code = nmap.run()
#or nmap.run_background()
#or nmap.sudo_ran_background(run_as=root)
if return_code != 0:
print('Scann cannot be completed:{0}', format(nmap.stderr))
try:
parsed = NmapParser(nmap.stdout)
file = open('scan' + str(iteration + '.xml', 'w'))
file.write(parsed)
file.close()
except NmapParserException as e:
print('Parsing error: {0}'.format(e.msg))
def do_scan(targets):
parsed = None
a = str(targets)
nm = NmapProcess(targets=targets, options='-sV -sT -oN "/tmp/recolib_%s" % targets')
rnm = nm.run()
npars= NmapParser()
parsed = npars.parse(nmap_data=npars)
do_reports(a, parsed)
for host in parsed.hosts:
services = host.services
for service in services:
if service.state == "open":
print str(service)
if "http" in str(service):
httpenum(str(host))
return parsedi
def os_discovery():
"""
Performs os (and domain) discovery of smb hosts.
"""
hs = HostSearch()
hosts = hs.get_hosts(ports=[445], tags=['!nmap_os'])
# TODO fix filter for emtpy fields.
hosts = [host for host in hosts if not host.os]
host_dict = {}
for host in hosts:
host_dict[str(host.address)] = host
arguments = "--script smb-os-discovery.nse -p 445 -Pn -n --disable-arp-ping".split(
' ')
if len(hosts):
count = 0
print_notification("Checking OS of {} systems".format(len(hosts)))
result = nmap(arguments, [str(h.address) for h in hosts])
parser = NmapParser()
report = parser.parse_fromstring(result)
for nmap_host in report.hosts:
for script_result in nmap_host.scripts_results:
script_result = script_result.get('elements', {})
host = host_dict[str(nmap_host.address)]
if 'fqdn' in script_result:
host.hostname.append(script_result['fqdn'])
if 'os' in script_result:
count += 1
host.os = script_result['os']
host_dict[str(nmap_host.address)] = host
for host in hosts:
host.add_tag('nmap_os')
host.save()
print_notification("Done, found the os of {} systems".format(count))
else:
print_notification("No systems found to be checked.")
def parse_nmap_logfile(self, logfile, privip=False):
""" parse hosts and ports from nmap xml logfile (-l) """
nmap = NmapParser()
try:
parsed = nmap.parse_fromfile(logfile)
except:
self.log('nmap', eargs=f'{logfile}', _type='err', end='\n')
else:
for host in parsed.hosts:
if len(host.hostnames) >= 1:
_host = host.hostnames[0] # better work with hostname
else:
_host = host.address
try:
if ipaddress.ip_address(_host).is_private:
privip = True
except:
pass # hostname
ports = []
res = host.get_open_ports()
if res:
for port, proto in res:
tmp = str(host.get_service(port)).translate(
str.maketrans('', '', ':[])')).split()
service = self.misc.lookup_port_service(
str(port), proto)
ports.append([str(port), service])
self.opts['targets'][proto].append({
'host': _host,
'ports': ports,
'privip': privip
})
else:
# host up but no ports found
self.opts['targets']['tcp'].append({
'host': _host,
'ports': [],
'privip': privip
})
return
import nmapparser
import libnmap
import nmap
import csv
from libnmap.process import NmapProcess
from libnmap.parser import NmapParser
from libnmap.objects.service import NmapService
nm = libnmap.process.NmapProcess(targets='127.0.0.1', options='-sT -sV --open -nvvv')
rc = nm.run()
nmout = nm.stdout
print nmout
succes = nm.is_successful()
print "succes {0}".format(succes)
pars = NmapParser(nmout)
serv = NmapService(nm)
nm.
nmstd = nm.stdout
print nmstd
nmparsed= libnmap.parser.NmapParser.parse(nmstd)
for s in nmparsed.hosts:
print s
for s in nmaparsed;
print s
rnm = nmrx.get_raw_data()
print rnm
