def __init__(self, target, port=139):
# consider implementing multiple port numbers (ex. 139,445)
self.target = target
self.port = port
self.nmap = Nmap(self.target, str(self.port))
def initialNmapScan(ip, ports='1-1024'):
nmap = Nmap(ip, ports)
serviceScan = nmap.tcpVersionScan()
openPorts = {'tcp': nmap.getOpenTcpPorts()}
os = nmap.getOs()
services = {}
ports = []
for port in openPorts['tcp']:
ports.append(port)
serviceName = serviceScan[port]['name']
serviceProduct = serviceScan[port]['product']
serviceVersion = serviceScan[port]['version']
state = serviceScan[port]['state']
services[port] = {
'name': serviceName,
'product': serviceProduct,
'version': serviceVersion,
'state': state
}
scanResults = {'ports': ports, 'services': services, 'os': os}
return scanResults
class FtpScanner:
def __init__(self, target, port=21):
self.target = target
self.port = port
self.nmap = Nmap(target, str(self.port))
def nmapScripts(self,
scriptList=[
'ftp-anon.nse', 'ftp-syst.nse', 'tftp-enum.nse'
]):
print(self.nmap.scripts(self.port, scriptList))
return self.nmap.scripts(self.port, scriptList)
def checkAnonymousLogin(self):
scanResult = self.nmap.customCommand('--script=ftp-anon.nse -p ' +
str(self.port))
return scanResult['scan'][self.target]['tcp'][
self.port]['script']['ftp-anon']
def getFiles(self, username='******', password=''):
ftp = FTP(self.target)
try:
ftp.login(user=username, passwd=password)
print('Login successful')
files = ftp.nlst()
for file in files:
print(file)
except:
print('Login failed')
def getBanner(self):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((self.target, self.port))
response = s.recv(1024)
s.close()
return response
except:
print(
colored('\n[-] Nework error with grabbing FTP banner\n',
'red'))
return None
class SmtpScanner():
def __init__(self, target, port=25):
self.target = target
self.port = port
self.nmap = Nmap(target, str(self.port))
def nmapScripts(self,
scriptList=['smtp-enum-users.nse', 'smtp-brute.nse']):
return self.nmap.scripts(self.port, scriptList)
def userVrfyBruteForce(
self, wordlist='/usr/share/wordlists/metasploit/unix_users.txt'):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((self.target, self.port))
s.recv(1024)
validUsers = []
userWordlist = open(wordlist, 'r')
counter = 0
for user in userWordlist:
s.send('VRFY ' + user.strip() + '\n')
response = s.recv(1024)
if response.split(' ')[0] != '550':
validUsers.append(user)
counter = counter + 1
if counter % 20 == 0:
s.close()
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((self.target, self.port))
s.recv(1024)
s.close()
return validUsers
except:
print(
colored('\n[-] Network error connecting to SMTP server\n',
'red'))
return None
def getBanner(self):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((self.target, self.port))
response = s.recv(1024)
s.close()
return response
class MysqlScanner():
def __init__(self, target, port=3306):
self.target = target
self.port = port
self.nmap = Nmap(target, str(self.port))
def nmapScripts(self,
scriptList=[
'mysql-audit.nse', 'mysql-databases.nse',
'mysql-dump-hashes.nse', 'mysql-empty-password.nse',
'mysql-enum.nse', 'mysql-info.nse', 'mysql-query.nse',
'mysql-users.nse', 'mysql-variables.nse'
]):
return self.nmap.scripts(self.port, scriptList)
class MysqlScanner():
def __init__(self, target, port=3306):
self.target = target
self.port = port
self.nmap = Nmap(target, str(self.port))
def nmapScripts(self,
scriptList=[
'mysql-audit.nse', 'mysql-databases.nse',
'mysql-dump-hashes.nse', 'mysql-empty-password.nse',
'mysql-enum.nse', 'mysql-info.nse', 'mysql-query.nse',
'mysql-users.nse', 'mysql-variables.nse'
]):
return self.nmap.scripts(self.port, scriptList)
def getBanner(self):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((self.target, self.port))
response = s.recv(1024)
s.close()
return response
def runCommand(self, username='', password='', command=''):
if command[-1:] != ';':
command = command + ';'
if password == '':
cmd = 'mysql --user={} --host={} --execute="{}"'.format(
username, self.target, command)
else:
cmd = 'mysql --user={} --password={} --host={} --execute="{}"'.format(
username, password, self.target, command)
result = subprocess.Popen(cmd,
stdout=subprocess.PIPE,
stdin=subprocess.PIPE,
shell=True).communicate()
return result[0]
def nmapVulnScan(ip, portList):
nmap = Nmap(ip)
scanResults = {'vuln-scan': nmap.vulnScan(portList)}
return scanResults
def nmapVulnScan(ip, ports='1-1024'):
nmap = Nmap(ip)
scanResults = {'vuln-scan': nmap.vulnScan(ports)}
return scanResults
def __init__(self, target, port=21):
self.target = target
self.port = port
self.nmap = Nmap(target, str(self.port))
'--target',
type=str,
help='specify the target IP address',
required=True)
parser.add_argument('-p', '--ports', type=str, help='specify port range')
args = parser.parse_args()
target = args.target
portRange = args.ports if args.ports != None else '1-1024'
print('Target: ' + target)
print('Ports: ' + portRange)
# ============================== setup nmap ==============================
nmap = Nmap(target, portRange)
services = nmap.tcpVersionScan()
# ============================== service scan ==============================
printHeader('Service Scan')
httpPorts = []
print(' Port State Service, Product, Version')
print(' ------------------------------------')
for port in nmap.getOpenTcpPorts():
serviceName = services[port]['name']
serviceProduct = services[port]['product']
class SmbScanner():
def __init__(self, target, port=139):
# consider implementing multiple port numbers (ex. 139,445)
self.target = target
self.port = port
self.nmap = Nmap(self.target, str(self.port))
def nmapScripts(self, scriptList=['smb-enum-users']):
return self.nmap.scripts(self.port, scriptList)
def checkAnonymousLogin(self):
smbConnect = SMBConnection('', '', '', '', use_ntlm_v2=True)
return smbConnect.connect(str(self.target), self.port)
def listShares(self, username='', password=''):
smbConnect = SMBConnection(username,
password,
'',
'',
use_ntlm_v2=True)
smbConnect.connect(str(self.target), self.port)
shareObjs = smbConnect.listShares()
shares = {}
for share in shareObjs:
if self.listFiles(share.name):
shares[share.name] = True
else:
shares[share.name] = False
return shares
def listFiles(self, share, username='', password=''):
try:
smbConnect = SMBConnection(username,
password,
'',
'',
use_ntlm_v2=True)
smbConnect.connect(str(self.target), self.port)
sharedFiles = smbConnect.listPath(share, '/')
files = {}
for file in sharedFiles:
if file.isDirectory:
files[str(file.filename)] = 'd'
else:
files[str(file.filename)] = 'f'
files.pop('.', None)
files.pop('..', None)
return {share: files}
except:
print(
colored(
'\n[-] Network error connecting to SMB share: {}\n'.format(
share), 'red'))
return None
def mountShare(self, share, username='', password='', smbVers='1.0'):
if username == '' and password == '':
if not os.path.isdir('mounts/smb'):
os.system('mkdir mounts/smb')
if os.path.isdir('mounts/smb/{}'.format(share)):
os.system('umount -l mounts/smb/{}'.format(share))
else:
os.system('mkdir mounts/smb/{}'.format(share))
mountCommand = 'mount -t cifs //{}/{}/ mounts/smb/{} -o guest,vers={}'.format(
self.target, share, share, smbVers)
os.system(mountCommand)
else:
print(
colored(
'\n[-] Cannot mount SMB share ({}), anonymous login not permitted\n'
.format(share), 'red'))
def unmountShare(self, share):
if os.path.isdir('mounts/smb/{}'.format(share)):
os.system('umount -l mounts/smb/{}'.format(share))