def snmp_scans(self):
print(
f"[+] Performing SNMP scans for {self.target_hosts} to {self.output_directory}"
)
print(
f"\t[>] Performing snmpwalk on public tree for: {self.target_hosts} - Checking for System Processes"
)
SCAN = (
f"snmpwalk -c public -v1 {self.target_hosts} 1.3.6.1.2.1.25.1.6.0 > '{self.output_directory}/{self.target_hosts}/systemprocesses.txt'"
)
run_scan(SCAN, stderr=subprocess.STDOUT)
print("[+] Completed SNMP scans for %s" % (self.target_hosts))
def nmap_scan(ip_address, output_directory, dns_server, quick,
no_udp_service_scan):
ip_address = ip_address.strip()
print("[+] Starting quick nmap scan for %s" % (ip_address))
flags = get_config_options('nmap', 'quickscan')
QUICKSCAN = f"nmap {flags} {ip_address} -oA '{output_directory}/{ip_address}.quick'"
quickresults = run_scan(QUICKSCAN)
write_recommendations(quickresults, ip_address, output_directory)
print("[*] TCP quick scans completed for %s" % ip_address)
if (quick):
return
if dns_server:
print("[+] Starting detailed TCP%s nmap scans for "
"%s using DNS Server %s" %
(("" if no_udp_service_scan is True else "/UDP"), ip_address,
dns_server))
print("[+] Using DNS server %s" % (dns_server))
flags = get_config_options("nmap", "tcpscan")
TCPSCAN = f"nmap {flags} --dns-servers {dns_server} -oN\
'{output_directory}/{ip_address}.nmap' -oX\
'{output_directory}/{ip_address}_nmap_scan_import.xml' {ip_address}"
flags = get_config_options("nmap", "dnsudpscan")
UDPSCAN = f"nmap {flags} \
--dns-servers {dns_server} -oN '{output_directory}/{ip_address}U.nmap' \
-oX '{output_directory}/{ip_address}U_nmap_scan_import.xml' {ip_address}"
else:
print("[+] Starting detailed TCP%s nmap scans for %s" %
(("" if no_udp_service_scan is True else "/UDP"), ip_address))
flags = get_config_options("nmap", "tcpscan")
TCPSCAN = f"nmap {flags} -oN\
'{output_directory}/{ip_address}.nmap' -oX\
'{output_directory}/{ip_address}_nmap_scan_import.xml' {ip_address}"
flags = get_config_options("nmap", "udpscan")
UDPSCAN = f"nmap {flags} {ip_address} -oA '{output_directory}/{ip_address}-udp'"
udpresult = "" if no_udp_service_scan is True else run_scan(UDPSCAN)
tcpresults = run_scan(TCPSCAN)
write_recommendations(tcpresults + udpresult, ip_address, output_directory)
print("[*] TCP%s scans completed for %s" %
(("" if no_udp_service_scan is True else "/UDP"), ip_address))
def snmp_scans(ip_address, output_directory):
print("[+] Performing SNMP scans for %s to %s" %
(ip_address, output_directory))
print(" [>] Performing snmpwalk on public tree for:"
" %s - Checking for System Processes" % (ip_address))
SCAN = ("snmpwalk -c public -v1 %s "
"1.3.6.1.2.1.25.1.6.0 > '%s%s-systemprocesses.txt'" %
(ip_address, output_directory, ip_address))
try:
run_scan(SCAN, stderr=subprocess.STDOUT)
except Exception:
print("[+] No Response from %s" % ip_address)
except subprocess.CalledProcessError:
print("[+] Subprocess failure during scan of %s" % ip_address)
print("[+] Completed SNMP scans for %s" % (ip_address))
def nmap_scan(self):
print(f"[+] Starting quick nmap scan for {self.target_hosts}")
flags = FileHelper.get_config_options('nmap', 'quickscan')
QUICKSCAN = f"nmap {flags} {self.target_hosts} -oA '{self.nmap_directory}.quick'"
quickresults = run_scan(QUICKSCAN)
FileHelper.write_recommendations(quickresults, self.target_hosts,
self.output_directory)
print(f"[*] TCP quick scans completed for {self.target_hosts}")
if (self.quick):
return
if self.dns_server:
print(
f"[+] Starting detailed TCP{('' if self.no_udp_service_scan is True else '/UDP')} nmap scans for {self.target_hosts} using DNS Server {self.dns_server}"
)
print("[+] Using DNS server %s" % (self.dns_server))
flags = FileHelper.get_config_options("nmap", "tcpscan")
TCPSCAN = f"nmap {flags} --dns-servers {self.dns_server} -oN '{self.nmap_directory}.nmap' -oX '{self.nmap_directory}/scan_import.xml' {self.target_hosts}"
flags = FileHelper.get_config_options("nmap", "dnsudpscan")
UDPSCAN = f"nmap {flags} --dns-servers {self.dns_server} -oN '{self.nmap_directory}U.nmap' -oX '{self.nmap_directory}/UDP_scan_import.xml' {self.target_hosts}"
else:
print(
f"[+] Starting detailed TCP{('' if self.no_udp_service_scan is True else '/UDP')} nmap scans for {self.target_hosts}"
)
flags = FileHelper.get_config_options("nmap", "tcpscan")
TCPSCAN = f"nmap {flags} -oN '{self.nmap_directory}.nmap' -oX '{self.nmap_directory}/scan_import.xml' {self.target_hosts}"
flags = FileHelper.get_config_options("nmap", "udpscan")
UDPSCAN = f"nmap {flags} {self.target_hosts} -oA '{self.nmap_directory}-udp'"
if self.no_udp_service_scan:
udpresult = ""
else:
udpresult = run_scan(UDPSCAN)
tcpresults = run_scan(TCPSCAN)
FileHelper.write_recommendations(tcpresults + udpresult,
self.target_hosts,
self.output_directory)
print(
f"[*] TCP{('' if self.no_udp_service_scan is True else '/UDP')} scans completed for {self.target_hosts}"
)
def find_dns(self):
FileHelper.check_directory(output_directory=self.output_directory)
output_file = open(self.output_file, 'w')
output_targets = open(self.output_targets, 'w')
targets = FileHelper.load_targets(self.target_hosts,
self.output_directory, self.quiet)
FileHelper.check_file(targets)
try:
target_file = open(targets, 'r')
print("[*] Loaded targets from: %s" % targets)
except FileExistsError as err:
print("[!] Unable to load: %s" % targets)
raise err
print("[*] Loaded targets from: %s" % targets)
print("[+] Enumerating TCP port 53 over targets to find dns servers")
for ip_address in target_file:
self.hostcount += 1
ip_address = ip_address.strip()
ip_address = ip_address.rstrip()
print(" [>] Testing %s for DNS" % ip_address)
DNSSCAN = "nmap -n -sV -Pn -vv -p53 %s" % (ip_address)
results = run_scan(DNSSCAN)
lines = results.split("\n")
for line in lines:
line = line.strip()
line = line.rstrip()
if (("53/tcp" in line) and ("open" in line)
and ("Discovered" not in line)):
print(" [=] Found DNS service running on: %s" %
(ip_address))
output_file.write(
"[*] Found DNS service running on: %s\n" %
(ip_address))
output_file.write(" [>] %s\n" % (line))
output_targets.write("%s\n" % (ip_address))
self.dns_server_list.append(ip_address)
self.dnscount += 1
print("[*] Found %s DNS servers within %s hosts" %
(str(self.dnscount), str(self.hostcount)))
output_file.close()
output_targets.close()
target_file.close()
return '' if len(self.dns_server_list) == 0 else ','.join(
self.dns_server_list)
def find_dns(target_hosts, output_directory, quiet):
check_directory(output_directory)
dns_server_list = []
results = 0
hostcount = 0
dnscount = 0
output_file = open(output_directory + "/DNS-Detailed.txt", 'w')
output_targets = open(output_directory + "/DNS-targets.txt", 'w')
targets = load_targets(target_hosts, output_directory, quiet)
target_file = open(targets, 'r')
print("[*] Loaded targets from: %s" % targets)
print("[+] Enumerating TCP port 53 over targets to find dns servers")
for ip_address in target_file:
hostcount += 1
ip_address = ip_address.strip()
ip_address = ip_address.rstrip()
print(" [>] Testing %s for DNS" % ip_address)
DNSSCAN = "nmap -n -sV -Pn -vv -p53 %s" % (ip_address)
results = run_scan(DNSSCAN)
lines = results.split("\n")
for line in lines:
line = line.strip()
line = line.rstrip()
if (("53/tcp" in line) and ("open" in line)
and ("Discovered" not in line)):
print(" [=] Found DNS service running on: %s" %
(ip_address))
output_file.write("[*] Found DNS service running on: %s\n" %
(ip_address))
output_file.write(" [>] %s\n" % (line))
output_targets.write("%s\n" % (ip_address))
dns_server_list.append(ip_address)
dnscount += 1
print("[*] Found %s DNS servers within %s hosts" %
(str(dnscount), str(hostcount)))
output_file.close()
output_targets.close()
return '' if len(dns_server_list) == 0 else ','.join(dns_server_list)
def hostname_scan(target_hosts, output_directory, quiet):
check_directory(output_directory)
output_file = output_directory + "/hostnames.txt"
f = open(output_file, 'w')
print("[+] Writing hostnames to: %s" % output_file)
hostnames = 0
SWEEP = ''
if (os.path.isfile(target_hosts)):
SWEEP = "nbtscan -q -f %s" % (target_hosts)
else:
SWEEP = "nbtscan -q %s" % (target_hosts)
results = run_scan(SWEEP)
lines = results.split("\n")
for line in lines:
line = line.strip()
line = line.rstrip()
# Final line is blank which causes list index issues if we don't
# continue past it.
if " " not in line:
continue
while " " in line:
line = line.replace(" ", " ")
ip_address = line.split(" ")[0]
host = line.split(" ")[1]
if (hostnames > 0):
f.write('\n')
print(" [>] Discovered hostname: %s (%s)" % (host, ip_address))
f.write("%s - %s" % (host, ip_address))
hostnames += 1
print("[*] Found %s hostnames." % (hostnames))
print("[*] Created hostname list %s" % (output_file))
f.close()
def call_nmap_sweep(target_hosts):
SWEEP = "nmap -n -sP %s" % (target_hosts)
results = run_scan(SWEEP)
lines = str(results).split("\n")
return lines
def call_nmap_sweep(self):
SWEEP = "nmap -n -sP %s" % (self.target_hosts)
results = run_scan(SWEEP)
self.nmap_lines = str(results).split("\n")