def scanner(ip):
global victims, interface
nmap = nmap3.NmapHostDiscovery()
victims = nmap.nmap_no_portscan(ip)["hosts"]
result = []
print("")
for element in victims:
addr = element["addr"]
if addr != gateway_ip and addr != get_local_ip(interface):
result.append(addr)
print(" -- " + addr)
if len(result) < 1:
print("No computers were found on the local network, try again.")
raise SystemExit
else:
print("")
answer = input("Continue? [Y/n] ")
if answer.lower() != 'y':
raise SystemExit
victims = result
return victims
def nmap():
with app.app_context():
info = Monitor.query.all()
if info is None:
exit(1)
ip = ''
for item in info:
ip = ip + item.ipaddr + ' '
nmap = nmap3.NmapHostDiscovery()
results = nmap.nmap_no_portscan(ip)
db.session.execute(Monitor.__table__.update(), [{'isok': '0'}])
db.session.commit()
if results is None:
exit(1)
for i in range(0, len(results['hosts'])):
ip = results['hosts'][i]['addr']
status = 1 if results['hosts'][i]['state'] == 'up' else '0'
mon = Monitor.query.filter_by(ipaddr=ip).first()
if mon:
mon.update_time = getCurrentDate()
mon.isok = status
db.session.add(mon)
db.session.execute(MonLog.__table__.insert(),
[{
'mon_id': mon.id,
'update_time': getCurrentDate()
}])
db.session.commit()
def pingRange():
print("Start Host: ", startHost)
print("End Host: ", endHost)
nmap = nmap3.NmapHostDiscovery()
ipRange = int(ipaddress.IPv4Address(endHost)) - int(
ipaddress.IPv4Address(
startHost)) #Gets the range of the IP Addresses to be scanned
address = ipaddress.IPv4Address(startHost)
for i in range(
ipRange + 1
): #For loop to scan all hosts within the range of IP Addresses provided
result = nmap.nmap_no_portscan(str(address),
args="-PE") #Command for ICMP Scan
if str(address) in result:
hostResults.append({
'address': str(address),
'state': result[str(address)]["state"]["state"]
}) #Stores the host IP Address and its state using ICMP Scan
else:
hostResults.append(
{
'address': str(address),
'state': 'down'
}
) #Stores the host IP Address and its state as down if there is an error
address += 1
scanPort()
def thread(self) -> None:
"""Scan for lost agents with NMAP, and signal them to a \
controller."""
mapper = nmap3.NmapHostDiscovery()
while self.thread_kill_flag is False:
results = mapper.nmap_no_portscan(
LOOKUP_BITS_TO_NETWORK_CLASS[self.bits] + "/" +
str(self.bits))
results.pop("stats")
results.pop("runtime")
self.client_lock.acquire(True)
for result in list(results.keys()):
self.host = result
# pylint: disable=broad-except
try:
Daemon.Herder.connect(self)
if Daemon.Herder.receive(self) == \
"KINETIC WAITING FOR CONTROLLER":
Daemon.Herder.send(
self,
"POINT " + socket.gethostname() + ".local")
else:
Daemon.Herder.disconnect(self)
except BaseException:
Daemon.Herder.disconnect(self)
self.client_lock.release()
def thread(self) -> None:
"""
Scan for lost agents with NMAP, and signal them to a controller.
:return: None
"""
mapper = nmap3.NmapHostDiscovery()
LOOKUP = {8: "10.0.0.0", 16: "172.16.0.0", 24: "192.168.0.0"}
while self.thread_kill_flag is False:
results = mapper.nmap_no_portscan(LOOKUP[self.bits] + "/" +
str(self.bits))
results.pop("stats")
results.pop("runtime")
for result in list(results.keys()):
self.host = result
try:
Daemon.Herder.connect(self)
if Daemon.Herder.receive(
self) == "KINETIC WAITING FOR CONTROLLER":
Daemon.Herder.send(
self,
"POINT " + socket.gethostname() + ".local")
else:
Daemon.Herder.disconnect(self)
except BaseException:
Daemon.Herder.disconnect(self)
def Fin_Scan(self, Host, Timing=4):
print("Loading ........................................")
self.Host = sock.gethostbyname(self.Host)
HOST_lib = nmap3.NmapHostDiscovery()
System = HOST_lib.nmap_portscan_only(str(self.Host),
args=f" -sF -T{self.Timing} -vv")
for z in System[self.Host]:
print(z['portid'], z['service']['name'], z['state'] + self.angry)
def Dns_Brute(self, Host, Timing=4):
print("Loading ........................................")
HOST_lib = nmap3.NmapHostDiscovery()
System = HOST_lib.nmap_dns_brute_script(self.Host)
for output in System:
print(" " + output['address'],
" " + output['hostname'] + self.angry)
def host_discovery(ip):
if ip.startswith('192') or ip.startswith('10'):
nmap = nmap3.NmapHostDiscovery()
result = nmap.nmap_no_portscan(ip + '/24')
else:
return None
return [h['addr'] for h in result['hosts']]
def scan(self):
nmap = nmap3.NmapHostDiscovery() # instantiate nmap object
for item in self.networks:
temp_scan_result = nmap.nmap_no_portscan(item.replace('\n', ''),
args="-R --system-dns")
self.scan_results = {**self.scan_results, **temp_scan_result}
self.scan_results.pop("stats")
self.scan_results.pop("runtime")
return self.scan_results
def scan_ip_survial(ip):
nmScan = nmap3.NmapHostDiscovery()
results = nmScan.nmap_portscan_only(ip)
if results[ip] and len(results[ip]) > 0:
return {
'IP': ip,
# 'Hostname:': nmScan[ip]['hostnames'][0]['name']
}
else:
return None
def perform_portscan():
# Fast portscan. Aka Stage 1
logging.debug('[FAST PORTSCAN] started')
nmap = nmap3.NmapHostDiscovery()
res = nmap.scan_top_ports(None, args="-F -iL ips_to_scan.txt")
res = remove_keys(res)
# logging.debug(res)
find_interesting_ip(res)
logging.debug('[FAST PORTSCAN] done')
return res
def main():
host = '181.171.237.33'
nmap = nmap3.NmapHostDiscovery()
results = nmap.nmap_portscan_only(host)
for service in results[host]:
print(f'''
Port: {service["portid"]}
State: {service["state"]}
Service: {service["service"]["name"]}
Protocol: {service["protocol"]}
''')
def main(args):
addr = None
network = None
if args.ifname:
addr, subnet = get_ip(args.ifname)
network = str(IPNetwork(f"{addr}/{subnet}").cidr)
elif args.subnet:
network = args.subnet
# Simple test, for more info: https://pypi.org/project/python3-nmap/
nmap = nmap3.NmapHostDiscovery()
results = nmap.nmap_no_portscan(network)
for i in results['hosts']:
print(i['addr'], file=sys.stdout)
def perform_host_discovery():
# Aka stage 0
logging.debug('[HOST DISCOVERY] started')
nmap = nmap3.NmapHostDiscovery()
res = nmap.nmap_no_portscan(
None, args="-sn --excludefile exclude_ip.txt -iL target.txt")
#logging.debug('Output of host discovery: ')
res = remove_keys(res)
# logging.debug(res)
f = open("ips_to_scan.txt", "w")
for ip in res:
logging.debug('Found IP: ' + ip)
if res[ip]['state']['state'] == "up":
f.write(ip + "\n")
f.close()
logging.debug('[HOST DISCOVERY] done')
def OpPorts():
pyfiglet.print_figlet("__________", font="standard", colors=colors1)
cprint('[+] Input the IP or URL to be Checked ------> ',
'red',
attrs=['bold'],
end=' ')
res = input()
print()
nmap = nmap3.NmapHostDiscovery()
results = nmap.nmap_portscan_only(res)
for i in results[res]:
cprint(
f'[+] {i["service"]["name"]}({i["portid"]}) : {i["state"].upper()} [+]',
'green',
attrs=['bold'])
print()
def pingSingle(host):
print("Host: ", host)
nmap = nmap3.NmapHostDiscovery()
result = nmap.nmap_no_portscan(host, args="-PE") #Command for ICMP scan
if host in result:
hostResults.append({
'address': host,
'state': result[host]["state"]["state"]
}) #Stores the host IP Address and its state using ICMP Scan
else:
hostResults.append({
'address': host,
'state': "down"
}) #Stores the host IP Address and its state using ICMP Scan
scanPort()
def get_hosts(host: str) -> Dict[str, List[str]]:
"""
"""
clients_list = []
try:
hd_scan = nmap3.NmapHostDiscovery()
result = hd_scan.nmap_no_portscan(host)
for res in result:
check_ip = re.match(r"^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$", res)
if check_ip:
ip = check_ip.group()
clients_list.append(ip)
except Exception as e:
clients_list = []
record_result(data=clients_list)
return {"result": clients_list}
def discover_ports(url: str):
"""
Scan a web server for all available https ports.
:param url: url to be scanned
:return: list of usable ports
"""
logging.info('Discovering ports...')
nmap = nmap3.NmapHostDiscovery()
# Scan with nmap for all open ports
logging.debug('Scanning with nmap for all open ports...')
result = nmap.nmap_portscan_only(url)
open_ports = [
port['portid'] for port in list(result.items())[0][1]['ports']
]
usable_ports = []
logging.debug(f'ports : {open_ports}')
for port in open_ports:
sleep = 0
# Loop until there is a valid response or after 10 seconds
while True:
try:
head = requests.head(f'https://{url}:{port}',
timeout=5,
verify=False,
headers={'Connection': 'close'})
if head.status_code < 400:
usable_ports.append(int(port))
break
except requests.exceptions.SSLError:
break
# Valid exception, there might a port alive after timeout
except (requests.exceptions.ReadTimeout,
requests.exceptions.Timeout):
usable_ports.append(int(port))
break
except requests.exceptions.ConnectionError as exception:
sleep = incremental_sleep(sleep, exception, 5)
logging.debug(f'scanned ports : {usable_ports}')
return usable_ports
def __init__(self, networks):
self.hosts = dict()
self.nmap = nmap3.NmapHostDiscovery()
self.networks = self.sanitaise_networks(networks)
self.scan_results = self.basic_scan()
import nmap3
import netifaces as ni
from rich.console import Console
console = Console()
nmap = nmap3.NmapHostDiscovery()
#Below is what is deciding what to do in different cases, then its doing the scan
try:
ni.ifaddresses('wlan0')
ip = ni.ifaddresses('wlan0')[ni.AF_INET][0]['addr']
ip = str(ip + '/24')
results = nmap.nmap_no_portscan(ip)
except:
try:
interface = str(input('Enter Your Interface name e.g. wlan0: '))
ni.ifaddresses(interface)
ip = ni.ifaddresses(interface)[ni.AF_INET][0]['addr']
ip = str(ip + '/24')
results = nmap.nmap_no_portscan(ip)
except KeyboardInterrupt:
print("\nGood Bye!")
console.print(f'[yellow]MAC ADDRESS [blue]--- [yellow]DEVICE NAME',
style="bold")
#Below is what's printing the result to the user
try:
for result in results:
try:
mac = results[result]['macaddress']['addr']
name = results[result]['macaddress']['vendor']
console.print(f'[yellow]{mac} [blue] --- [yellow]{name}',
def do_run(self, prg):
"run [command] ... execute a command\nPossible commands to run: scan, bruteforce, logintest\n"
if self.check_open_project():
if prg.strip() == "":
self.print_error(
"You need to specify something to run! \nPossible commands to run: scan, bruteforce, logintest"
)
# Run nmap scan
if prg == "scan":
nm = nmap3.NmapHostDiscovery()
prj_folder = os.path.join(self.PRJ_PATH, self.PRJ_NAME)
till_ctr = 0
with open(os.path.join(prj_folder, "to_crack.lst"),
"a") as outfile:
try:
# count number of ranges
max_range = 0
with open(os.path.join(prj_folder, "to_scan.lst"),
"r") as f:
for iprange in f:
max_range += 1
# run the scan
with open(os.path.join(prj_folder, "to_scan.lst"),
"r") as f:
for iprange in f:
ctr = 0
till_ctr += 1
# Skip priviously cracked
if till_ctr <= self.SCANNED_TILL:
continue
iprange = iprange.strip()
print("Scanning " + iprange + " [" +
str(till_ctr) + " / " + str(max_range) +
"]")
check_online_status.wait_for_connection(
self.TEST_DELAY)
try:
res = nm.nmap_portscan_only(
iprange, args="-p 22,3389-3390 -T5")
except KeyboardInterrupt:
print("")
return
# check results of the scan and save them
for key in res.keys():
if key not in ["runtime", "stats"]:
for port_dict in res[key]:
if port_dict['state'] == "open":
line = key + ":" + port_dict[
'portid']
print(line)
outfile.write(line + "\n")
ctr += 1
# Print how much hosts where found
if ctr > 0:
print(
f"{Fore.GREEN}{ctr} host(s) added{Style.RESET_ALL}"
)
self.SCANNED_TILL += 1
self.save_status()
except FileNotFoundError:
self.print_error(
"You need to add one or more IP-ranges before scanning!"
)
# Run hydra-attack
elif prg == "bruteforce" or prg == "logintest":
prj_folder = os.path.join(self.PRJ_PATH, self.PRJ_NAME)
till_ctr = 0
with open(os.path.join(prj_folder, "cracked_accounts.txt"),
"a") as outfile:
try:
# count
max_range = 0
with open(os.path.join(prj_folder, "to_crack.lst"),
"r") as f:
for host in f:
max_range += 1
# run hydra
with open(os.path.join(prj_folder, "to_crack.lst"),
"r") as f:
for host in f:
till_ctr += 1
# Skip priviously cracked
if till_ctr <= self.CRACKED_TILL:
continue
host = host.strip()
print("Cracking " + host + " [" +
str(till_ctr) + " / " + str(max_range) +
"]")
check_online_status.wait_for_connection(
self.TEST_DELAY)
hydra_cmd = "hydra -I -t 4 -L " + self.USER_LIST + " -P " + self.PW_LIST + " "
# override for combined list
if prg == "logintest":
hydra_cmd = "hydra -I -t 4 -C " + self.COMB_LIST + " "
ip, port = host.split(":")
if port == "22":
hydra_cmd += ip + " ssh"
if port == "3389":
hydra_cmd += ip + " rdp"
if port == "3390":
hydra_cmd += "-s 3390 " + ip + " rdp"
try:
ts = time.time()
res = subprocess.run(
hydra_cmd.split(" "),
stdout=subprocess.PIPE)
td = time.time() - ts
except KeyboardInterrupt:
print("")
return
lines = res.stdout.decode("utf-8").split("\n")
for line in lines:
if "password:"******"{Fore.GREEN}{line}{Style.RESET_ALL}"
)
outfile.write(line + "\n")
print("Bruteforcing done in " + str(td) +
" sec.")
self.CRACKED_TILL += 1
self.save_status()
except FileNotFoundError:
self.print_error(
'You need to find with "run scan" some hosts before cracking!'
)
# Unknown action - display error
else:
self.print_error('The input "' + prg +
'" is unknown... Use "scan" or "cracking"!')
# Save status of the project
print("")
self.save_status()
import os
import sys
import subprocess
import time
import ipaddress
import nmap3
import json
import signal
from datetime import datetime
from tabulate import tabulate
nmap = nmap3.Nmap() # Accessing list of basic Nmap functions
nmap_scan = nmap3.NmapScanTechniques(
) # Accessing list of Nmap scan technique functions
nmap_host = nmap3.NmapHostDiscovery(
) # Accessing list of Nmap host discovery functions
#Declaring Global Variables
port = 443 # Default port if no port is specified
startRange = None # Default start range
endRange = None # Default end range
runtime = False # Default show runtime
startTime = time.time() # Starting time in which the command was run
hostList = [] # List of host/s to be scanned
def portScan(port):
for host in hostList:
#CONNECT Scan
def launch(target, domain, ports, templates):
def tpl(i):
template = {
# OPTIONS FOR THE SCAN TECHNIQUE FUNCTION
1: '-sF', # 'FIN scan'
2: '-sI', # 'Idle scan'
3: '-sS', # 'Default: TCP SYN scan'
4: '-sP', # 'ping-only'
5: '-sT', # 'TCP connect() scan'
6: '-sU', # 'UDP scan'
7: '-F', # 'Fast scan'
# OPTIONS FOR THE SCAN DISCOVERY FUNCTION
8: '-Pn', # 'No ping scan'
9: '-sn', # 'Liveness detection: no port scan'
10: '-PR', # 'ARP scan: local network only'
11: '-n', # 'Disable DNS resolution: reduces noise'
12:
'-O --osscan-guess', # 'Used with no ping: aggressive OS detection'
13:
'-A', # 'Used with no ping: Advanced detection: OS detection and Version detection, Script scanning and Traceroute'
14:
'-A -T2', # 'Used with no ping: Advanced detection: with stealth scan mode'
15: '-A -v', # 'Used with no ping: Advanced detection: verbose'
16:
'-n -A', # 'Used with no ping: Advanced detection: scan with no DNS resolution'
17:
'-f -A', # 'Used with no ping: Advanced detection: combined with packet fragmentation'
18: '-T4 -sV', # 'Used with no ping: Aggressive service detection'
19:
'-n -sV --version-intensity 3', # 'Used with no ping: Aggressive service detection: with version-intensity 3'
20: '-n -V', # 'Used with no ping: Number version detection'
21:
'-O --osscan-guess -p ', # 'Used with no ping: OS detection with port selection'
# OPTIONS FOR THE SCAN COMMAND FUNCTION
22: '-sX', # 'Basic service detection combined with Xmas scan'
23: '-sA', # 'Firewall rule detection: ACK scan'
24: '-O', # 'OS detection'
25: '20 -sZ', # 'SCTP: Advanced silent scan for top20 ports'
26: '--top-ports', # 'Top ports scan (1000 ports)'
27: '-script dns-brute', # 'Dns-brute-script( to get subdomains )'
28:
'-sL', # 'List scan: lists each host on the network(s) specified, without sending any packets to the target hosts'
29: '-p-', # 'Subnet scan'
30: '-sV' # 'Basic service detection'
}
return template.get(i)
# try:
# nm = nmap3.Nmap()
# except nmap3.Nmap:
# print('Nmap not found', sys.exc_info()[0])
# sys.exit(1)
# except:
# print("Unexpected error:", sys.exc_info()[0])
# sys.exit(1)
nm = nmap3.Nmap()
nmt = nmap3.NmapScanTechniques()
nmd = nmap3.NmapHostDiscovery()
if templates or domain:
if ports:
# Not in the final code - just for debug
choice = tpl(21) + str(ports)
print("\n\nTrying option: ", choice)
tpl = tpl(21)
res = scan_discovery(nmd, tpl, target, ports)
# Print for debug
colored_json = highlight(json.dumps(res, indent=4, sort_keys=True),
lexers.JsonLexer(),
formatters.TerminalFormatter())
print("\n\n", colored_json)
elif domain:
tpl = tpl(27)
res = scan_command(nm, tpl, None, domain)
# Print for debug
colored_json = highlight(json.dumps(res, indent=4, sort_keys=True),
lexers.JsonLexer(),
formatters.TerminalFormatter())
print("\n\n", colored_json)
else:
tpl = tpl(templates)
print("\n\nTrying option: ", tpl)
if templates <= 7:
res = scan_techniques(nmt, tpl, target)
# Print for debug
colored_json = highlight(
json.dumps(res, indent=4, sort_keys=True),
lexers.JsonLexer(), formatters.TerminalFormatter())
print("\n\n", colored_json)
elif templates in range(8, 22):
res = scan_discovery(nmd, tpl, target, None)
# Print for debug
colored_json = highlight(
json.dumps(res, indent=4, sort_keys=True),
lexers.JsonLexer(), formatters.TerminalFormatter())
print("\n\n", colored_json)
else:
res = scan_command(nm, tpl, target, None)
# Print for debug
colored_json = highlight(
json.dumps(res, indent=4, sort_keys=True),
lexers.JsonLexer(), formatters.TerminalFormatter())
print("\n\n", colored_json)
else:
tpl = tpl(3)
res = scan_techniques(nmt, tpl, target)
# Print for debug
colored_json = highlight(json.dumps(res, indent=4, sort_keys=True),
lexers.JsonLexer(),
formatters.TerminalFormatter())
print("No option was set\n\n", colored_json)
def main():
logo = (f"""{PURP}
__ ______ ______ __ __ ______
/\ \ /\ ___\ /\__ _\ /\ \_\ \ /\ ___\
\ \ \____ \ \ __\ \/_/\ \/ \ \ __ \ \ \ __\
\ \_____\ \ \_____\ \ \_\ \ \_\ \_\ \ \_____\
\/_____/ \/_____/ \/_/ \/_/\/_/ \/_____/
by Hades921
""")
print(logo)
print("""
1. Information Gathering
2. Vulnerability Analysis
3. Exploiting
4. Passwords/Hashes
5. GeoIP
6. Network
""")
choice = input("Please select a module: ")
import os
clear = lambda: os.system('cls')
clear()
if choice == "1":
print(logo)
print("What kind of scan would you like to conduct?")
print("1. Whois Scan")
print("2. Port Scan")
print("3. Subdomain Scanner")
print("4. Spider")
print("5. OS fingerprinting")
print("6. Subnet scan")
print("99. Back \n")
infochoice = input("Please put in your choice: ")
if infochoice == "1":
clear = lambda: os.system('cls')
clear()
print(logo)
ip = input("What IP do you want to look up: ")
obj = IPWhois(ip)
res = obj.lookup_whois()
from pprint import pprint
pprint(res)
if infochoice == "2":
clear = lambda: os.system('cls')
clear()
os.system("python modules/port_scanner.py")
if infochoice == "3":
clear = lambda: os.system('cls')
clear()
os.system("python modules/subdomain_scanner.py")
if infochoice == "4":
os.system("python modules/spider.py")
if infochoice == "5":
import nmap3
nmap = nmap3.Nmap()
os_results = nmap.nmap_version_detection(
input("Please enter the IP you want to scan: "))
print(os_results)
if infochoice == "6":
import nmap3
nmap = nmap3.Nmap()
results = nmap.nmap_subnet_scan(
"Please enter the IP you want to scan: ")
if choice == "2":
print(logo)
print("""
You have selected the Vulnerability Analysis module
1. SQLI vulnerability scan
2. SSL vulnerability scan
3. XSS vulnerability scan
99. Back
""")
choice2 = input("Please select a module: ")
if choice2 == "1":
clear = lambda: os.system('cls')
clear()
os.system("python modules/sqli.py")
if choice2 == "2":
clear = lambda: os.system('cls')
clear()
import os
server = input("please put in the domain: ")
command = 'pysslscan scan --tls10 --scan=server.ciphers --scan=vuln.heartbleed --scan=server.compression --report=term:rating=ssllabs.2009e ' + server
os.system(command)
if choice2 == "3":
os.system("python modules/xss.py")
if choice == "3":
print(logo)
print("1. SQL injection")
print("2. DOS")
print("99. Back")
exChoice = input("Select an attack module: ")
if exChoice == "1":
clear = lambda: os.system('cls')
clear()
domain = input("what is the domain: ")
import os
myCmd = 'sqlmap -u ' + domain
os.system(myCmd)
if exChoice == "2":
print("Please select one")
print("1. SlowLoris")
print("2. SYN flood")
doschoice = input(": ")
if doschoice == "1":
clear = lambda: os.system('cls')
clear()
domain = input("What is the domain: ")
import os
myCmd = "slowloris -v " + domain
os.system(myCmd)
if doschoice == "2":
from modules import syn_flood
if choice == "4":
print(logo)
print("Lets crack some hashes")
print("1. hashes")
print("2. brute")
print("99. Back")
choice1 = input("select a module: ")
if choice1 == "1":
clear = lambda: os.system('cls')
clear()
print(logo)
print("1. Hash identifier")
print("2. Hash Cracking")
print("99. Back")
cryptographyc1 = input("Please put in your choice: ")
if cryptographyc1 == "1":
from modules import hash_identifier
if cryptographyc1 == "2":
print("""
1. Hash database lookup
2. Hash dictionary attack
""")
c = input("Please choose a module: ")
if c == "1":
clear = lambda: os.system('cls')
clear()
from modules import hash_database
if c == "2":
clear = lambda: os.system('cls')
clear()
from modules import hash_cracker2
if choice1 == "2":
clear = lambda: os.system('cls')
clear()
print(logo)
print("""
Please choose a module
1. SSH
2. FTP
""")
c1 = input(": ")
if c1 == "1":
from modules import ssh_bruter
if c1 == "2":
from modules import ftp_cracker
if choice == "5":
clear = lambda: os.system('cls')
clear()
print(logo)
adress = input("what ip do you want me to locate: ")
import urllib.request
import json
with urllib.request.urlopen("https://geolocation-db.com/json/" +
adress) as url:
data = json.loads(url.read().decode())
print(data)
if choice == "6":
clear = lambda: os.system('cls')
clear()
print(logo)
print("""Network Module
1. ARP scan
2. Local network host discovery
""")
nscan = input("Please select a module: ")
if nscan == "1":
os.system("sudo python3 modules/arp_req.py")
if nscan == "2":
import nmap3
ip = input("Please put in the local ip of the target: ")
nmap = nmap3.NmapHostDiscovery()
results = nmap.nmap_arp_discovery(ip)
import json
json_data = results
print(json.dumps(json_data, indent=1))
else:
return
class Networkscanner:
host_discoverer = nmap3.NmapScanTechniques().nmap_ping_scan
version_detector = nmap3.Nmap().nmap_version_detection
port_scanner = nmap3.NmapHostDiscovery().nmap_portscan_only
add_lock = threading.Lock()
def __init__(self, ip_range, port_range, detect_version):
print('[TRACE] Init NetworkScanner...')
ip_version = check_ip(ip_range)
if ip_version is None:
raise Exception('Bad ip range')
if not check_ports(port_range):
raise Exception('Bad port range')
self.ip_range = ip_range
self.port_range = port_range
self.detect_version = detect_version
self.args = '-T4 '
if ip_version == 6:
self.args += '-6'
else:
self.args += '-D RND:10'
self.available_hosts = Queue()
self.report = dict()
print('[TRACE] Init was done')
def __discover(self):
print('[TRACE] Discover what hosts are available...')
results = self.host_discoverer(target=self.ip_range, args=self.args)
for key, _ in results.items():
try:
ipaddress.ip_address(key)
self.available_hosts.put(key)
except:
pass
print(f'[TRACE] {self.available_hosts.qsize()} hosts are available')
def __scan_host(self, host):
results = dict()
results['state'] = 'up'
results['port_info'] = dict()
result = self.port_scanner(target=host,
args=self.args + ' -p ' + self.port_range)
open_ports = []
service_info = []
for state in result[host]['ports']:
if self.detect_version and (state['portid'] == '80'
or state['portid'] == '443'):
continue
if state['state'] == 'open':
open_ports.append(state['portid'])
if self.detect_version:
result = self.version_detector(target=host,
args=self.args + ' -p 80,443')
for state in result[host]['ports']:
port_report = dict()
port_report['state'] = state['state']
if port_report['state'] == 'open':
port_report['service'] = state['service']
service_info.append({state['portid']: port_report})
results['port_info']['service_info'] = service_info
results['port_info']['open_ports'] = open_ports
with self.add_lock:
self.report[host] = results
def __do_scan(self):
while True:
host = self.available_hosts.get()
self.__scan_host(host)
self.available_hosts.task_done()
def scan(self):
self.__discover()
print('[TRACE] Start scanning. Wait, please...')
for _ in range(0, min(100, self.available_hosts.qsize())):
threading.Thread(target=self.__do_scan, daemon=True).start()
self.available_hosts.join()
print('[TRACE] Scan has finished')
return self.report
import socket
import nmap
import nmap3
import datetime
import json
import dns.resolver
#Imports the required packages
hostname = socket.gethostname(
) #sets the varaiable hostname to the socket command
ip = socket.gethostbyname(
hostname) #sets the ip varaible and gets the ip of the machine
nm = nmap.PortScanner() #sets the nm varaible to call the nmap PortScanner
nm3Host = nmap3.NmapHostDiscovery(
) #sets the nm3Host to the nmap host discover
nm3 = nmap3.Nmap() #sets the nm3 varaible to the nmap command
DT = datetime.datetime.now() #sets DT to the date and time
dns = dns.resolver.Resolver() #sets dns to the dns command
def rangeScan(ip): #creates the range scan function with the input of the ip
for ip in nm.all_hosts(
): #creates a for loop for the ip in the scanned hosts
deviceName = ("Host : %s (%s)" % (ip, nm[ip].hostname()))
state = ("State : %s" % nm[ip].state())
fOpen = open("Port-Range-Scan(%s)-Created(%s).txt" % (portRange, DT),
"a")
fOpen.write("%s\n%s" % (deviceName, state))
fOpen.close()
#writes to the file
for protocol in nm[ip].all_protocols(
): #creates a for loop for protocol in all of the protocols that were scanned
