def parseNMap(file=None, string=None):
try:
if file: report = NmapParser.parse_fromfile(file)
if string: report = NmapParser.parse_fromstring(string)
except:
exit("Invalid Nmap xml!")
systems = []
for h in report.hosts:
system = {'mac':h.mac, 'ip':h.address, 'status':h.status, 'hostnames': h.hostnames,
'vendor':h.vendor, 'distance':h.distance}
cpeList = []
for c in h.os_match_probabilities():
for x in c.get_cpe():
cpeList.append(x)
cpeList=list(set(cpeList))
if len(cpeList)>0:
system['osDetect']=cpeList
services = []
for s in h.services:
service={'port':s.port, 'banner':s.banner, 'protocol':s.protocol, 'name':s.service,
'state':s.state, 'reason':s.reason}
if s.cpelist:
service['cpe'] = s.cpelist[0].cpestring
services.append(service)
system['services']=services
systems.append(system)
return systems
def parseNMap(file=None, string=None):
try:
if file: report = NmapParser.parse_fromfile(file)
if string: report = NmapParser.parse_fromstring(string)
except:
exit("Invalid Nmap xml!")
systems = []
for h in report.hosts:
system = {'mac':h.mac, 'ip':h.address, 'status':h.status, 'hostnames': h.hostnames,
'vendor':h.vendor, 'distance':h.distance}
cpeList = []
for c in h.os_match_probabilities():
for x in c.get_cpe():
cpeList.append(x)
cpeList=list(set(cpeList))
if len(cpeList)>0:
system['osDetect']=cpeList
services = []
for s in h.services:
service={'port':s.port, 'banner':s.banner, 'protocol':s.protocol, 'name':s.service,
'state':s.state, 'reason':s.reason}
if s.cpelist:
service['cpe'] = s.cpelist[0].cpestring
services.append(service)
system['services']=services
systems.append(system)
return systems
def _parseNMap(self, data):
try:
report = NmapParser.parse_fromstring(data)
except Exception as e:
print(e)
raise(Exception)
systems = []
for h in report.hosts:
system = {'mac':h.mac, 'ip':h.address, 'status':h.status, 'hostnames': h.hostnames,
'vendor':h.vendor, 'distance':h.distance}
cpeList = []
for c in h.os_match_probabilities():
for x in c.get_cpe():
cpeList.append(x)
cpeList=list(set(cpeList))
if len(cpeList)>0:
system['cpes']=cpeList
services = []
for s in h.services:
service={'port':s.port, 'banner':s.banner, 'protocol':s.protocol, 'name':s.service,
'state':s.state, 'reason':s.reason}
if s.cpelist:
service['cpe'] = s.cpelist[0].cpestring
services.append(service)
system['services']=services
systems.append(system)
scan={"systems":systems, "scan": {"time": report.endtime,
"type": report._nmaprun["args"]}}
return scan
def get_report_from_async_result(cls, task_id):
"""This classmethod gets a NmapReport object by the task_id.
The NmapReport is constructed on demand from the AsyncResult object. This can
only produce a valid result if the Celery Task is finished already.
Args:
cls (cls): The class itself (not an instance)
task_id (str): task_id
Note:
This currently is a Sub-Class of NmapReport. Maybe this can be done more
transparently (what's with super?). TODO
Returns:
NmapReport object
"""
try:
_resultdict = celery_pipe.AsyncResult(task_id).result
_resultxml = _resultdict['report']
_report = NmapParser.parse_fromstring(_resultxml)
return _report
except NmapParserException as e:
print e
return None
def save_report(cls, task_id=None):
"""This method stores a new NmapReportMeta to db
Call this method right after the Celery Task is finished.
It will
* get a NmapTask object (by the task_id) from db
* get the task result and create NmapReport object from result string
* save that NmapReport to
* update the NmapTask completed (+ c_status) field in the db to 1
* save the newly create NmapReportMeta object to db
Args:
task_id (str): The task_id as a string (e.g faef323-afec3-a...)
Returns:
NmapReportMeta
Raises:
MultipleObjectsReturned - if task_id is not unique (should never be the case)
DoesNotExist - if task_id does not have a corresponding NmapTask in db
TODO: or is it ObjectDoesNotExist
Examples:
"""
_nmap_task = NmapTask.objects.get(task_id=task_id)
_status = NmapTask.get_tasks_status_as_dict(task_id=task_id)[0]['status']
_result = str(_nmap_task.get_task_result())
try:
_nmap_report = NmapParser.parse_fromstring(_result)
if isinstance(_nmap_report, NmapReport):
print("Debug: NmapReport:")
print(_nmap_report)
else:
print("Error: Did not produce a valid NmapReport!")
except Exception as err:
print("Parse Report - Something went wrong: " + str(err))
_nmap_task.completed = 1
_nmap_task.completed_status = _status
_nmap_task.save()
report_meta = NmapReportMeta(task_id=_nmap_task.task_id,
task_comment=_nmap_task.comment,
task_created=_nmap_task.created,
report_stored=1,
report=_result,
user=User.objects.get(id=_nmap_task.user_id),
org_unit=OrgUnit.objects.get(id=_nmap_task.org_unit_id))
report_meta.save()
"""
# call Address.discover which discovers and stores addresses
r = Address.discover_from_report(report_id=_id)
"""
return report_meta
def parse_nmap_results(joblog=None, results=None):
"""
Post-processor for parsing out nmap results in xml format.
"""
from scanner.models import ScanResult
log = logging.getLogger(__name__)
log.debug("Called {}".format(__name__))
if results is None and joblog is None:
log.error("No results or joblog passed.")
return False
elif results is None:
results = joblog.stdout
try:
report = NmapParser.parse_fromstring(results)
except NmapParserException as e:
log.error("Invalid nmap xml passed. JobLog ID: {}. {}".format(
str(joblog.id), e))
return False
start_time = datetime.fromtimestamp(report.started)
end_time = datetime.fromtimestamp(report.endtime)
joblog.start_time = start_time
joblog.end_time = end_time
joblog.save()
for host in report.hosts:
host_data = {}
host_data.update({
"ip": host.address,
"mac": host.mac,
"hostname": host.hostnames,
"joblog": joblog,
"scan": joblog.job.scan,
"start_time": start_time,
"end_time": end_time
})
if host.os_fingerprinted:
host_data.update({"os": host.os})
all_results = []
for service in host.services:
if service.state != "filtered":
result = ScanResult(**host_data)
for field in [
f.name for f in ScanResult._meta.get_fields()
if f.name != "id"
]:
if hasattr(service, field):
setattr(result, field, getattr(service, field))
all_results.append(result)
ScanResult.objects.bulk_create(all_results)
return True
def get_nmap_report_by_task_id(cls, nmap_task_id, user_obj=None):
if user_obj:
orgunits = user_obj.orgunit_set.all()
queryset = NmapReportMeta.objects.filter(org_unit__in=orgunits)
else:
queryset = NmapReportMeta.objects.all()
_nrm = queryset.get(task_id=nmap_task_id)
return NmapParser.parse_fromstring(str(_nrm.report))
def get_report(cls, task_id):
_report = None
if isinstance(task_id, str) or isinstance(task_id, unicode):
try:
_resultdict = celery_pipe.AsyncResult(task_id).result
_resultxml = _resultdict['report']
_report = NmapParser.parse_fromstring(_resultxml)
except NmapParserException:
pass
return _report
def get_nmap_report_by_task_id(cls, nmap_task_id, user_obj=None):
if user_obj:
orgunits = user_obj.orgunit_set.all()
queryset = NmapReportMeta.objects.filter(org_unit__in=orgunits)
else:
queryset = NmapReportMeta.objects.all()
_nrm = queryset.get(task_id=nmap_task_id)
return NmapParser.parse_fromstring(str(_nrm.report))
def get_report(cls, task_id):
_report = None
if isinstance(task_id, str) or isinstance(task_id, unicode):
try:
_resultdict = celery_pipe.AsyncResult(task_id).result
_resultxml = _resultdict['report']
_report = NmapParser.parse_fromstring(_resultxml)
except NmapParserException:
pass
return _report
def nmap_smb_vulnscan():
"""
Scans available smb services in the database for smb signing and ms17-010.
"""
service_search = ServiceSearch()
services = service_search.get_services(ports=['445'],
tags=['!smb_vulnscan'],
up=True)
services = [service for service in services]
service_dict = {}
for service in services:
service.add_tag('smb_vulnscan')
service_dict[str(service.address)] = service
nmap_args = "-Pn -n --disable-arp-ping --script smb-security-mode.nse,smb-vuln-ms17-010.nse -p 445".split(
" ")
if services:
result = nmap(nmap_args, [str(s.address) for s in services])
parser = NmapParser()
report = parser.parse_fromstring(result)
smb_signing = 0
ms17 = 0
for nmap_host in report.hosts:
for script_result in nmap_host.scripts_results:
script_result = script_result.get('elements', {})
service = service_dict[str(nmap_host.address)]
if script_result.get('message_signing', '') == 'disabled':
print_success("({}) SMB Signing disabled".format(
nmap_host.address))
service.add_tag('smb_signing_disabled')
smb_signing += 1
if script_result.get('CVE-2017-0143',
{}).get('state', '') == 'VULNERABLE':
print_success("({}) Vulnerable for MS17-010".format(
nmap_host.address))
service.add_tag('MS17-010')
ms17 += 1
service.update(tags=service.tags)
print_notification(
"Completed, 'smb_signing_disabled' tag added to systems with smb signing disabled, 'MS17-010' tag added to systems that did not apply MS17-010."
)
stats = {
'smb_signing': smb_signing,
'MS17_010': ms17,
'scanned_services': len(services)
}
Logger().log(
'smb_vulnscan',
'Scanned {} smb services for vulnerabilities'.format(
len(services)), stats)
else:
print_notification("No services found to scan.")
def import_nmap(result, tag, check_function=all_hosts, import_services=False):
"""
Imports the given nmap result.
"""
host_search = HostSearch(arguments=False)
service_search = ServiceSearch()
parser = NmapParser()
report = parser.parse_fromstring(result)
imported_hosts = 0
imported_services = 0
for nmap_host in report.hosts:
if check_function(nmap_host):
imported_hosts += 1
host = host_search.id_to_object(nmap_host.address)
host.status = nmap_host.status
host.add_tag(tag)
if nmap_host.os_fingerprinted:
host.os = nmap_host.os_fingerprint
if nmap_host.hostnames:
host.hostname.extend(nmap_host.hostnames)
if import_services:
for service in nmap_host.services:
imported_services += 1
serv = Service(**service.get_dict())
serv.address = nmap_host.address
service_id = service_search.object_to_id(serv)
if service_id:
# Existing object, save the banner and script results.
serv_old = Service.get(service_id)
if service.banner:
serv_old.banner = service.banner
# TODO implement
# if service.script_results:
# serv_old.script_results.extend(service.script_results)
serv_old.save()
else:
# New object
serv.address = nmap_host.address
serv.save()
if service.state == 'open':
host.open_ports.append(service.port)
if service.state == 'closed':
host.closed_ports.append(service.port)
if service.state == 'filtered':
host.filtered_ports.append(service.port)
host.save()
if imported_hosts:
print_success("Imported {} hosts, with tag {}".format(
imported_hosts, tag))
else:
print_error("No hosts found")
return {'hosts': imported_hosts, 'services': imported_services}
def parse(datastring):
NmapParser.parse_fromstring(datastring)
retval = []
portcount = 0
rep = NmapParser.parse_fromfile('Linux_int.xml')
for _host in rep.hosts:
host = ', '.join(_host.hostnames)
ip = (_host.address)
# print the "_host.os_fingerprinted"
host_string = ip
for osmatch in _host.os.osmatches:
os = osmatch.name
accuracy = osmatch.accuracy
# print "os.splitlines()[0:1]"
for services in _host.services:
portcount = portcount + 1
print services.port, services.protocol, services.state, services.service
server_address = (host_string, services.port)
return (ip, os, portcount)
def do_scan(ip,argm):
try:
nmap_report = None
nm = NmapProcess(ip, options=argm)
rc = nm.run()
if nm.rc == 0:
nmap_result=nm.stdout
nmap_report = NmapParser.parse_fromstring(nmap_result)
else:
logger.error(nm.stderr)
except Exception as e:
logger.error(e.message)
return nmap_report
def launch(self, arguments=''):
"""
launches nmap scan
:return: nmap report as object type NmapObject
"""
nm = nmap.PortScanner()
self.config() #get ip and ports for scan
if arguments == '':
nm.scan(self.external_address, self.target_ports)
else:
nm.scan(self.external_address, self.target_ports, arguments=arguments)
print(nm.command_line())
result = nm.get_nmap_last_output()
nm_report = NmapParser.parse_fromstring(result)
self.write_result(nm_report)
return result
def scan(targets,options='-O -sV'):
'''
执行扫描
:param targets:扫描的目标,可以是List集合对象也,可以是以逗号分隔的目标集合。如"baidu.com" ,["baidu.com","qq.com"] ,"baidu.com,qq.com"
:param options:扫描参数,同namp一致。
:return:成功返回扫描结果Dict对象,否则返回None
'''
try:
nmapProcess=NmapProcess(targets=targets,options=options)
nmapProcess.run()
results = NmapParser.parse_fromstring(nmapProcess.stdout)
jsonData = json.loads(json.dumps(results, cls=ReportEncoder))
return jsonData
except Exception as e:
logging.error("Nmap scan error:{}".format(e))
return None
def analyse_nmap_xml_scan(self,
nmap_xml_output=None,
nmap_err='',
nmap_err_keep_trace='',
nmap_warn_keep_trace=''):
try:
report = NmapParser.parse_fromstring(nmap_xml_output)
report.__dict__['errors'] = nmap_err_keep_trace
report.__dict__['warnings'] = nmap_warn_keep_trace
return report
except Exception:
if len(nmap_err) > 0:
raise NmapError(nmap_err)
else:
raise NmapError(nmap_xml_output)
def save_report_from_import(cls,
xml_str=None,
comment=None,
user=None,
org_unit=None):
"""This method stores a new NmapReportMeta to db
Args:
xml_str (str):
comment (str):
user (User obj):
org_unit (OrgUnit obj(:
Returns:
NmapReportMeta
"""
fake_task_id = uuid.uuid4()
try:
_nmap_report = NmapParser.parse_fromstring(xml_str)
if isinstance(_nmap_report, NmapReport):
#print("Debug: NmapReport:")
#print(_nmap_report)
pass
else:
print("Error: Did not produce a valid NmapReport!")
raise Exception(
"Parse Report - Did not produce a valid NmapReport!")
except Exception as err:
raise Exception(
"Parse Report - Something went wrong: {0}".format(err))
report_meta = NmapReportMeta(task_id=fake_task_id,
task_comment=comment,
task_created=timezone.now(),
report_stored=1,
report=xml_str,
user=user,
org_unit=org_unit)
report_meta.save()
return report_meta
def callback_success(results):
parser_result = NmapParser.parse_fromstring(results[0].get('result'))
for host in parser_result.hosts:
services = []
for service in host.services:
if service.state == 'open':
services.append({
'host_ip':
host.address,
'port':
service.port,
'protocol':
service.protocol,
'tunnel':
service.tunnel,
'name':
service.service_dict.get('name'),
'cpe':
' '.join(service.service_dict.get('cpelist', [])),
'info': {
'status': service.state,
'banner': service.banner,
'fingerprint': service.servicefp[:500],
'product': service.service_dict.get('product'),
'version': service.service_dict.get('version'),
'extra': service.service_dict.get('extrainfo'),
}
})
try:
os_match = host.os_match_probabilities()[0]
except Exception as e:
os_match = None
with db.auto_commit():
item = Host.get_item_by_ip(host.address)
if item:
item.update(
service_count=len(services),
cpe=' '.join(os_match.get_cpe()) if os_match else '',
info={
'status': host.status,
'hostname': ' '.join(host.hostnames),
'system': os_match.name if os_match else '',
'mac': host.mac,
'accuracy': os_match.accuracy if os_match else 0,
'fingerprint': host.os_fingerprint[:500]
},
services=services)
def os_discovery():
"""
Performs os (and domain) discovery of smb hosts.
"""
hs = HostSearch()
hosts = hs.get_hosts(ports=[445], tags=['!nmap_os'])
# TODO fix filter for emtpy fields.
hosts = [host for host in hosts if not host.os]
host_dict = {}
for host in hosts:
host_dict[str(host.address)] = host
arguments = "--script smb-os-discovery.nse -p 445 -Pn -n --disable-arp-ping".split(
' ')
if len(hosts):
count = 0
print_notification("Checking OS of {} systems".format(len(hosts)))
result = nmap(arguments, [str(h.address) for h in hosts])
parser = NmapParser()
report = parser.parse_fromstring(result)
for nmap_host in report.hosts:
for script_result in nmap_host.scripts_results:
script_result = script_result.get('elements', {})
host = host_dict[str(nmap_host.address)]
if 'fqdn' in script_result:
host.hostname.append(script_result['fqdn'])
if 'os' in script_result:
count += 1
host.os = script_result['os']
host_dict[str(nmap_host.address)] = host
for host in hosts:
host.add_tag('nmap_os')
host.save()
print_notification("Done, found the os of {} systems".format(count))
else:
print_notification("No systems found to be checked.")
def save_report_from_import(cls,
xml_str=None,
comment=None,
user=None,
org_unit=None):
"""This method stores a new NmapReportMeta to db
Args:
xml_str (str):
comment (str):
user (User obj):
org_unit (OrgUnit obj(:
Returns:
NmapReportMeta
"""
fake_task_id = uuid.uuid4()
try:
_nmap_report = NmapParser.parse_fromstring(xml_str)
if isinstance(_nmap_report, NmapReport):
#print("Debug: NmapReport:")
#print(_nmap_report)
pass
else:
print("Error: Did not produce a valid NmapReport!")
raise Exception("Parse Report - Did not produce a valid NmapReport!")
except Exception as err:
raise Exception("Parse Report - Something went wrong: {0}".format(err))
report_meta = NmapReportMeta(task_id=fake_task_id,
task_comment=comment,
task_created=timezone.now(),
report_stored=1,
report=xml_str,
user=user,
org_unit=org_unit)
report_meta.save()
return report_meta
def run(self):
nm = NmapProcess(targets=str(self.artifact['name']), options='-sT -sV -Pn -T5 -p21,22,23,25,80,6667,1337')
nm.run()
if nm.is_successful():
report = NmapParser.parse_fromstring(nm.stdout)
for host in report.hosts:
if host.is_up():
results = {
'ports': host.get_open_ports(),
'services': []
}
for service in host.services:
if service.state == 'open':
serv = {
'banner': service.banner,
'protocol': service.protocol,
'service': service.service,
'port': service.port}
results['services'].append(serv)
if self.artifact['subtype'] == 'ipv4':
results['hostnames'] = host.hostnames
for h in host.hostnames:
self.artifact['children'].append({
'name': h,
'type': 'host',
'subtype': 'fqdn',
'source': 'Nmap'
})
elif self.artifact['subtype'] == 'fqdn':
results['ipv4'] = host.address
self.artifact['children'].append({
'name': host.address,
'type': 'host',
'subtype': 'ipv4',
'source': 'Nmap'
})
self.artifact['data']['nmap'] = results
else:
warning('Nmap scanner failed - no results')
def nmap_report(report_id):
_report = None
if report_id is not None:
try:
_resultdict = celery_pipe.AsyncResult(report_id).result
_resultxml = _resultdict['report']
_resultxml = _resultxml.encode('ascii', 'ignore')
_report = NmapParser.parse_fromstring(_resultxml)
except NmapParserException:
pass
_nmap_report = ''
_nmap_report += 'Starting Nmap {0} ( http://nmap.org ) at {1}\n'.format(_report.version, _report.started)
for host in _report.hosts:
if len(host.hostnames):
tmp_host = host.hostnames.pop()
else:
tmp_host = host.address
_nmap_report += 'Nmap scan report for {0} ({1})\n'.format(tmp_host, host.address)
_nmap_report += 'Host is {0}.\n'.format(host.status)
_nmap_report += ' PORT STATE SERVICE\n'
for serv in host.services:
pserv = '{0:>5s}/{1:3s} {2:12s} {3}'.format(
str(serv.port),
serv.protocol,
serv.state,
serv.service)
if len(serv.banner):
pserv += ' ({0})\n'.format(serv.banner)
else:
pserv += '\n'
_nmap_report += pserv
for script_out in host.scripts_results:
_nmap_report += "Output of {0}: {1}\n".format(script_out['id'], script_out['output'])
_nmap_report += 'Fingerprints: ' + '{0}\n'.format(host.os).replace('Fingerprints:', '')
_nmap_report += 'Uptime: {0}\n'.format(host.uptime)
response_content = {
'data': _nmap_report
}
return jsonify(response_content)
def get_all_reports(cls, tasks=None):
taskList = []
try:
if tasks is not None:
for a in tasks:
a = str(a)
if isinstance(a, str) or isinstance(a, unicode):
try:
_resultdict = celery_pipe.AsyncResult(a).result
_resultxml = _resultdict['report']
_reportA = NmapParser.parse_fromstring(_resultxml)
taskList.append(_reportA)
except NmapParserException:
pass
except NmapParserException:
pass
print taskList
print "Printed reports"
return taskList
def scan_background(targets,options='-O -sV'):
'''
后台执行扫描,带进度输出
:param targets:扫描的目标,可以是List集合对象也,可以是以逗号分隔的目标集合。如"baidu.com" ,["baidu.com","qq.com"] ,"baidu.com,qq.com"
:param options:扫描参数,同namp一致。
:return:成功返回扫描结果Dict对象,否则返回None
'''
try:
nmapProcess=NmapProcess(targets=targets,options=options)
nmapProcess.run_background()
while nmapProcess.is_running():
print("[*]Nmap Scan running: ETC: {0} DONE: {1}%".format(nmapProcess.etc,nmapProcess.progress))
sleep(1)
results=NmapParser.parse_fromstring(nmapProcess.stdout)
jsonData=json.loads(json.dumps(results,cls=ReportEncoder))
return jsonData
except Exception as e:
logging.error("Nmap scan error:{}".format(e))
return None
def inventory(self):
inventory = {}
inventory["hosts"] = {}
inventory["portmap"] = {}
#prepare
alldata = self.get_all_xml()
for i in alldata:
try:
nmap_report = NmapParser.parse_fromstring(str(i['data']))
#print json.dumps(nmap_report, cls=ReportEncoder, indent=4)
if nmap_report:
for nmap_host in nmap_report.hosts:
self.process_host(inventory, nmap_host, i['id'])
except:
print "ERROR: processing failed"
raise
self.inventory_postprocess(inventory)
return inventory
def parse_port_from_nmap_lcx(path):
with open(path) as fp:
return [h for x in fp.read().split('<!-- Split By Infinite bGN4 -->') for h in NmapParser.parse_fromstring(x.strip()).hosts]
def save_report(cls, task_id=None):
"""This method stores a new NmapReportMeta to db
Call this method right after the Celery Task is finished.
It will
* get a NmapTask object (by the task_id) from db
* get the task result and create NmapReport object from result string
* save that NmapReport to
* update the NmapTask completed (+ c_status) field in the db to 1
* save the newly create NmapReportMeta object to db
Args:
task_id (str): The task_id as a string (e.g faef323-afec3-a...)
Returns:
NmapReportMeta
Raises:
MultipleObjectsReturned - if task_id is not unique (should never be the case)
DoesNotExist - if task_id does not have a corresponding NmapTask in db
TODO: or is it ObjectDoesNotExist
Examples:
"""
_nmap_task = NmapTask.objects.get(task_id=task_id)
_status = NmapTask.get_tasks_status_as_dict(
task_id=task_id)[0]['status']
_result = str(_nmap_task.get_task_result())
try:
_nmap_report = NmapParser.parse_fromstring(_result)
if isinstance(_nmap_report, NmapReport):
print("Debug: NmapReport:")
print(_nmap_report)
else:
print("Error: Did not produce a valid NmapReport!")
except Exception as err:
print("Parse Report - Something went wrong: " + str(err))
_nmap_task.completed = 1
_nmap_task.completed_status = _status
_nmap_task.save()
report_meta = NmapReportMeta(
task_id=_nmap_task.task_id,
task_comment=_nmap_task.comment,
task_created=_nmap_task.created,
report_stored=1,
report=_result,
user=User.objects.get(id=_nmap_task.user_id),
org_unit=OrgUnit.objects.get(id=_nmap_task.org_unit_id))
report_meta.save()
"""
# call Address.discover which discovers and stores addresses
r = Address.discover_from_report(report_id=_id)
"""
return report_meta
def parse(data):
try:
return NmapParser.parse_fromstring(data, incomplete=True)
except:
return NmapParser.parse_fromstring(data)
def _nmap_results_parser(in_results: str) -> List[SecurityResult]:
nmap_report = NmapParser.parse_fromstring(in_results)
PLUGINS_VULN_CATEGORY = [
"afp-path-vuln",
"broadcast-avahi-dos",
"clamav-exec",
"distcc-cve2004-2687",
"dns-update",
"firewall-bypass",
"ftp-libopie",
"ftp-proftpd-backdoor",
"ftp-vsftpd-backdoor",
"ftp-vuln-cve2010-4221",
"http-adobe-coldfusion-apsa1301",
"http-aspnet-debug",
"http-avaya-ipoffice-users",
"http-awstatstotals-exec",
"http-axis2-dir-traversal",
"http-cookie-flags",
"http-cross-domain-policy",
"http-csrf",
"http-dlink-backdoor",
"http-dombased-xss",
"http-enum",
"http-fileupload-exploiter",
"http-frontpage-login",
"http-git",
"http-huawei-hg5xx-vuln",
"http-iis-webdav-vuln",
"http-internal-ip-disclosure",
"http-litespeed-sourcecode-download",
"http-majordomo2-dir-traversal",
"http-method-tamper",
"http-passwd",
"http-phpmyadmin-dir-traversal",
"http-phpself-xss",
"http-shellshock",
"http-slowloris-check",
"http-sql-injection",
"http-stored-xss",
"http-tplink-dir-traversal",
"http-trace",
"http-vmware-path-vuln",
"http-vuln-cve2006-3392",
"http-vuln-cve2010-0738",
"http-vuln-cve2010-2861",
"http-vuln-cve2011-3192",
"http-vuln-cve2011-3368",
"http-vuln-cve2012-1823",
"http-vuln-cve2013-0156",
"http-vuln-cve2013-6786",
"http-vuln-cve2013-7091",
"http-vuln-cve2014-2126",
"http-vuln-cve2014-2127",
"http-vuln-cve2014-2128",
"http-vuln-cve2014-2129",
"http-vuln-cve2014-3704",
"http-vuln-cve2014-8877",
"http-vuln-cve2015-1427",
"http-vuln-cve2015-1635",
"http-vuln-cve2017-5638",
"http-vuln-misfortune-cookie",
"http-vuln-wnr1000-creds",
"http-wordpress-users",
"ipmi-cipher-zero",
"irc-botnet-channels",
"irc-unrealircd-backdoor",
"mysql-vuln-cve2012-2122",
"netbus-auth-bypass",
"qconn-exec",
"rdp-vuln-ms12-020",
"realvnc-auth-bypass",
"rmi-vuln-classloader",
"samba-vuln-cve-2012-1182",
"smb-vuln-conficker",
"smb-vuln-cve2009-3103",
"smb-vuln-ms06-025",
"smb-vuln-ms07-029",
"smb-vuln-ms08-067",
"smb-vuln-ms10-054",
"smb-vuln-ms10-061",
"smb-vuln-regsvc-dos",
"smtp-vuln-cve2010-4344",
"smtp-vuln-cve2011-1720",
"smtp-vuln-cve2011-1764",
"ssl-ccs-injection",
"ssl-cert-intaddr",
"ssl-dh-params",
"ssl-heartbleed",
"ssl-known-key",
"ssl-poodle",
"sslv2-drown",
"supermicro-ipmi-conf",
"tls-ticketbleed",
"wdb-version"
]
results = []
for scanned_hosts in nmap_report.hosts:
for service in scanned_hosts.services:
if service.scripts_results:
for script in service.scripts_results:
#
# Determinate the level
#
# Search for 'vuln' category or any similar keywork
if script.get("id") in PLUGINS_VULN_CATEGORY:
level = "critical"
else:
level = "informational"
results.append(SecurityResult(
'nmap',
service.port,
tool_plugin_name=script.get('id'),
tool_version=nmap_report.version,
level=level,
log=script.get('output'),
vulnerability_type='net',
port_proto=service.protocol))
else:
results.append(SecurityResult(
'nmap',
service.port,
tool_version=nmap_report.version,
level="none",
log=service.banner,
vulnerability_type='net',
port_proto=service.protocol))
return results
def new_scan(self):
nm = NmapProcess(self.ip_range, options="-sP")
rc = nm.run()
return NmapParser.parse_fromstring(nm.stdout)
def test_parser_generic(self):
plist = NmapParser.parse_fromstring(self.ports_string)
for p in plist:
print p
def ProjectNoteUpload(request, project_id):
data = ''
# Output scan in normal, XML, s|<rIpt kIddi3, and Grepable format, respectively, to the given filename.
import_types = ['Plain Text', 'Nmap']
data_structures = ['Raw Note Data', 'Folder Structure']
#notes = Note.objects.filter(project=project_id)
notes = TreeNodeChoiceField(queryset=Note.objects.filter(
project=project_id))
if request.method == 'POST' and request.FILES['myfile']:
myfile = request.FILES['myfile']
rawdata = myfile.read().decode('utf-8')
import_type = request.POST.get('import_type')
structure = request.POST.get('structure')
parentid = request.POST.get('parentid')
if (parentid == ''):
parentid = None
else:
parentid = Note.objects.get(id=parentid)
if (import_type == 'Plain Text' and structure == 'Raw Note Data'):
data = "Importing... " + str(myfile)
newnote = Note(title=str(myfile),
note="<br />".join(rawdata.split("\n")),
project=Project.objects.get(id=project_id),
parent=parentid)
newnote.save()
elif (import_type == 'Nmap' and structure == 'Raw Note Data'):
data = "Importing... " + str(myfile)
newnote = Note(title=str(myfile),
note="<pre>" + rawdata + "</pre>",
project=Project.objects.get(id=project_id),
parent=parentid)
newnote.save()
elif (import_type == 'Nmap' and structure == 'Folder Structure'):
nmap_report = NmapParser.parse_fromstring(rawdata)
data += "Nmap scan summary: {0}\n\n".format(nmap_report.summary)
with transaction.atomic():
for host in nmap_report.hosts:
data += "Importing " + host.address + "\n"
note = ''
if len(host.hostnames) > 0:
note = "Hostnames: " + ", ".join(host.hostnames) + "\n"
if host.mac != '':
note += "MAC Address: " + host.mac + "\n"
if host.vendor != '':
note += "Vendor: " + host.vendor + "\n"
if host.os_fingerprinted:
note += "Operating System: " + str(
host.os_match_probabilities()[0]) + "\n"
if len(host.scripts_results) > 0:
note += "Scripts:\n"
for script in host.scripts_results:
note += str(script) + "\n"
note += "Serivices:\n"
for service in host.services:
note += str(service.port) + "/" + str(
service.protocol) + " " + service.state + "\n"
if len(service.scripts_results) > 0:
for scripts in service.scripts_results:
note += scripts['id'] + ":\n"
note += str(scripts['output']) + "\n"
#data += "======================\n" + note + "=======================\n"
newhost = Note(project=Project.objects.get(id=project_id),
title=host.address,
note="<br />".join(note.split("\n")),
parent=parentid)
newhost.save()
data += "Ports " + ', '.join(
str(i[0]) + "/" + i[1]
for i in host.get_ports()) + "\n\n"
for service in host.services:
title = str(
service.port
) + "/" + service.protocol + " " + service.service
note = service.banner
if len(service.scripts_results) > 0:
for scripts in service.scripts_results:
note += scripts['id'] + ":\n"
note += str(scripts['output']) + "\n"
#for port in host.get_ports():
# service = host.get_service(port[0], port[1])
# title = str(port[0]) + "/" + port[1] + " " + str(service.service) + "\n"
data += service.banner + "\n"
newport = Note(
project=Project.objects.get(id=project_id),
title=title,
note="<br />".join(note.split("\n")),
parent=newhost)
newport.save()
else:
data = "Unable to import:\n" + rawdata
context = {
'project_id': project_id,
'import_types': import_types,
'data_structures': data_structures,
'notes': notes,
'data': data
}
return render(request, 'note/upload.html', context)
def test_parser_generic(self):
plist = NmapParser.parse_fromstring(self.ports_string)
for p in plist:
print p
for nse_item in nmap_service.scripts_results:
jnse = {}
for skey in service_keys:
jnse[skey] = getattr(nmap_service, skey)
jnse['type'] = 'nse-script'
jnse['service'] = nse_item['id']
jnse['service-data'] = nse_item['output']
ritems.append(jnse)
return ritems
def mycallback(nmaptask):
nmaptask = nmap_proc.current_task
#if nmaptask:
#print("Task {0} ({1}): ETC: {2} DONE: {3}%".format(nmaptask.name,nmaptask.status,nmaptask.etc,nmaptask.progress))
nmap_proc = NmapProcess(targets="192.168.56.0/24",
options="-n -sV -T5 -A --max-retries 1",
event_callback=mycallback)
nmap_proc.run()
nmap_report = NmapParser.parse_fromstring(nmap_proc.stdout)
if nmap_report:
rep_date = datetime.fromtimestamp(int(nmap_report.started))
index = "nmap-{0}".format(rep_date.strftime('%Y-%m-%d'))
db = Elasticsearch([{'host': '192.168.56.101', 'port': 9200, 'send_get_body_as':'POST' } ])
j = store_report(nmap_report, db, index)
