def test_scan_interfaces(self):
'''Tests that we can properly only find the LAN interfaces any nothing else'''
nmap_cfg = ndr.NmapConfig(self._scratch_config)
self.assertIn("lan127", nmap_cfg.scan_interfaces)
self.assertIn("lan322", nmap_cfg.scan_interfaces)
self.assertNotIn("monitor234", nmap_cfg.scan_interfaces)
def test_write_to_file(self):
'''Tests writing out the NMAP configuration to file'''
fd, out_file = tempfile.mkstemp()
os.close(fd) # Don't need to write anything to it
nmap_cfg = ndr.NmapConfig(netcfg_file=self._scratch_config,
nmap_cfgfile=out_file)
nmap_cfg.ip_address_config[ipaddress.ip_address(
"192.168.2.123")] = ndr.NmapScanMode.BASIC_ONLY
nmap_cfg.ip_address_config[ipaddress.ip_address(
"192.168.10.21")] = ndr.NmapScanMode.BLACKLIST
nmap_cfg.mac_address_config[
"FF:EE:CC:DD:EE:AA"] = ndr.NmapScanMode.BASIC_ONLY
nmap_cfg.mac_address_config[
"AA:BB:CC:DD:EE:FF"] = ndr.NmapScanMode.BLACKLIST
nmap_cfg.write_configuration()
# Read the config file back in as a YAML file
with open(out_file, 'r') as f:
contents = f.read()
#print(contents)
written_dict = yaml.safe_load(contents)
self.assertEqual(written_dict, nmap_cfg.to_dict())
os.remove(out_file)
def main():
'''Starts the scan network'''
# We need the NDR Network config for this scan
ndr_config = ndr.Config('/etc/ndr/config.yml')
parser = argparse.ArgumentParser(
description="Intelligently scans the network with NMAP")
parser.add_argument('--net-config',
default=ndr_config.ndr_netconfig_file,
help='Network Configuration File')
parser.add_argument('--nmap-config',
default=ndr_config.nmap_configuration_file,
help='NMAP Configuration File')
# Load in the NDR configuration
args = parser.parse_args()
if os.getuid() != 0:
print("ERROR: must be run as root")
return
nmap_config = ndr.NmapConfig(args.net_config)
nmap_runner = ndr.NmapRunner(ndr_config, nmap_config)
nmap_runner.run_network_scans()
def test_load_from_file(self):
'''NMAP runner should load it's configuration right from the get go as the second arg'''
nmap_cfg = ndr.NmapConfig(netcfg_file=self._scratch_config,
nmap_cfgfile=NMAP_CONFIG)
self.assertIn(ipaddress.ip_address("192.168.2.123"),
nmap_cfg.basic_only_ips)
self.assertIn(ipaddress.ip_address("192.168.10.21"),
nmap_cfg.blacklist_ips)
self.assertIn("FF:EE:CC:DD:EE:AA", nmap_cfg.basic_only_macs)
self.assertIn("AA:BB:CC:DD:EE:FF", nmap_cfg.blacklist_macs)
def test_networks_to_scan(self):
'''Tests that we determine the right CIDRs to scan'''
nmap_cfg = ndr.NmapConfig(self._scratch_config)
self.assertIn(ipaddress.ip_network("10.1.177.0/24"),
nmap_cfg.networks_to_scan)
self.assertIn(ipaddress.ip_network("192.168.17.0/28"),
nmap_cfg.networks_to_scan)
self.assertIn(ipaddress.ip_network("fdd1:2013:2f69:388f::/64"),
nmap_cfg.networks_to_scan)
self.assertNotIn(ipaddress.ip_network("10.2.177.0/24"),
nmap_cfg.networks_to_scan)
def test_load_from_file(self):
'''NMAP runner should load it's configuration right from the get go as the second arg'''
nmap_cfg = ndr.NmapConfig(netcfg_file=self._scratch_config,
nmap_cfgfile=NMAP_CONFIG)
self.assertEqual(
nmap_cfg.ip_address_config[ipaddress.ip_address("192.168.2.123")],
ndr.NmapScanMode.BASIC_ONLY)
self.assertEqual(
nmap_cfg.ip_address_config[ipaddress.ip_address("192.168.10.21")],
ndr.NmapScanMode.BLACKLIST)
self.assertEqual(nmap_cfg.mac_address_config["FF:EE:CC:DD:EE:AA"],
ndr.NmapScanMode.BASIC_ONLY)
self.assertEqual(nmap_cfg.mac_address_config["AA:BB:CC:DD:EE:FF"],
ndr.NmapScanMode.BLACKLIST)
def test_to_dict(self):
'''Tests serialization to dict'''
nmap_cfg = ndr.NmapConfig(self._scratch_config)
nmap_cfg.basic_only_ips.append(ipaddress.ip_address("192.168.2.123"))
nmap_cfg.blacklist_ips.append(ipaddress.ip_address("192.168.10.21"))
nmap_cfg.basic_only_macs.append("FF:EE:CC:DD:EE:AA")
nmap_cfg.blacklist_macs.append("AA:BB:CC:DD:EE:FF")
cfg_dict = nmap_cfg.to_dict()
self.assertEqual(cfg_dict['version'], 1)
self.assertEqual(cfg_dict['machine_ips']['192.168.2.123'],
'basic-only')
self.assertEqual(cfg_dict['machine_ips']['192.168.10.21'], 'blacklist')
self.assertEqual(cfg_dict['machine_macs']['FF:EE:CC:DD:EE:AA'],
'basic-only')
self.assertEqual(cfg_dict['machine_macs']['AA:BB:CC:DD:EE:FF'],
'blacklist')
def test_write_to_file(self):
'''Tests writing out the NMAP configuration to file'''
fd, out_file = tempfile.mkstemp()
os.close(fd) # Don't need to write anything to it
nmap_cfg = ndr.NmapConfig(netcfg_file=self._scratch_config,
nmap_cfgfile=out_file)
nmap_cfg.basic_only_ips.append(ipaddress.ip_address("192.168.2.123"))
nmap_cfg.blacklist_ips.append(ipaddress.ip_address("192.168.10.21"))
nmap_cfg.basic_only_macs.append("FF:EE:CC:DD:EE:AA")
nmap_cfg.blacklist_macs.append("AA:BB:CC:DD:EE:FF")
nmap_cfg.write_configuration()
# Read the config file back in as a YAML file
with open(out_file, 'r') as f:
contents = f.read()
#print(contents)
written_dict = yaml.safe_load(contents)
self.assertEqual(written_dict, nmap_cfg.to_dict())
os.remove(out_file)
def test_to_dict(self):
'''Tests serialization to dict'''
nmap_cfg = ndr.NmapConfig(self._scratch_config)
nmap_cfg.ip_address_config[ipaddress.ip_address(
"192.168.2.123")] = ndr.NmapScanMode.BASIC_ONLY
nmap_cfg.ip_address_config[ipaddress.ip_address(
"192.168.10.21")] = ndr.NmapScanMode.BLACKLIST
nmap_cfg.mac_address_config[
"FF:EE:CC:DD:EE:AA"] = ndr.NmapScanMode.BASIC_ONLY
nmap_cfg.mac_address_config[
"AA:BB:CC:DD:EE:FF"] = ndr.NmapScanMode.BLACKLIST
cfg_dict = nmap_cfg.to_dict()
self.assertEqual(cfg_dict['version'], 1)
self.assertEqual(cfg_dict['machine_ips']['192.168.2.123'],
'basic-only')
self.assertEqual(cfg_dict['machine_ips']['192.168.10.21'], 'blacklist')
self.assertEqual(cfg_dict['machine_macs']['FF:EE:CC:DD:EE:AA'],
'basic-only')
self.assertEqual(cfg_dict['machine_macs']['AA:BB:CC:DD:EE:FF'],
'blacklist')