def snmp_walk(target_hosts, output_directory, quiet): check_directory(output_directory) if (valid_ip(target_hosts)): target_ip(target_hosts, output_directory, quiet) else: target_file(target_hosts, output_directory, quiet)
def service_scan(target_hosts, output_directory, dns_server, quiet, quick, no_udp_service_scan): check_directory(output_directory) if (valid_ip(target_hosts)): target_ip(target_hosts, output_directory, dns_server, quiet, quick, no_udp_service_scan) else: target_file(target_hosts, output_directory, dns_server, quiet, quick, no_udp_service_scan)
def target_ip(target_hosts, output_directory, quiet): print("[*] Loaded single target: %s" % target_hosts) target_hosts = target_hosts.strip() snmp_directory = output_directory + '/' + target_hosts + '/scans/snmp/' check_directory(snmp_directory) jobs = [] p = multiprocessing.Process(target=snmp_scans, args=(target_hosts, snmp_directory)) jobs.append(p) p.start()
def ping_sweeper(target_hosts, output_directory, quiet): check_directory(output_directory) output_file = output_directory + "/targets.txt" print("[+] Performing ping sweep over %s" % target_hosts) lines = call_nmap_sweep(target_hosts) live_hosts = parse_nmap_output_for_live_hosts(lines) write_live_hosts_list_to_file(output_file, live_hosts) for ip_address in live_hosts: print(" [>] Discovered host: %s" % (ip_address)) print("[*] Found %s live hosts" % (len(live_hosts))) print("[*] Created target list %s" % (output_file))
def find_dns(target_hosts, output_directory, quiet): check_directory(output_directory) results = 0 hostcount = 0 dnscount = 0 output_file = open(output_directory + "/DNS-Detailed.txt", 'w') output_targets = open(output_directory + "/DNS-targets.txt", 'w') targets = load_targets(target_hosts, output_directory, quiet) target_file = open(targets, 'r') print("[*] Loaded targets from: %s" % targets) print("[+] Enumerating TCP port 53 over targets to find dns servers") for ip_address in target_file: hostcount += 1 ip_address = ip_address.strip() ip_address = ip_address.rstrip() print(" [>] Testing %s for DNS" % ip_address) DNSSCAN = "nmap -n -sV -Pn -vv -p53 %s" % (ip_address) results = subprocess.check_output(DNSSCAN, shell=True).decode("utf-8") lines = results.split("\n") for line in lines: line = line.strip() line = line.rstrip() if (("53/tcp" in line) and ("open" in line) and ("Discovered" not in line)): print( " [=] Found DNS service running on: %s" % (ip_address)) output_file.write( "[*] Found DNS service running on: %s\n" % (ip_address)) output_file.write(" [>] %s\n" % (line)) output_targets.write("%s" % (ip_address)) dnscount += 1 print("[*] Found %s DNS servers within %s hosts" % (str(dnscount), str(hostcount))) output_file.close() output_targets.close()
def hostname_scan(target_hosts, output_directory, quiet): check_directory(output_directory) output_file = output_directory + "/hostnames.txt" f = open(output_file, 'w') print("[+] Writing hostnames to: %s" % output_file) hostnames = 0 SWEEP = '' if (os.path.isfile(target_hosts)): SWEEP = "nbtscan -q -f %s" % (target_hosts) else: SWEEP = "nbtscan -q %s" % (target_hosts) results = subprocess.check_output(SWEEP, shell=True).decode("utf-8") lines = results.split("\n") for line in lines: line = line.strip() line = line.rstrip() # Final line is blank which causes list index issues if we don't # continue past it. if " " not in line: continue while " " in line: line = line.replace(" ", " ") ip_address = line.split(" ")[0] host = line.split(" ")[1] if (hostnames > 0): f.write('\n') print(" [>] Discovered hostname: %s (%s)" % (host, ip_address)) f.write("%s - %s" % (host, ip_address)) hostnames += 1 print("[*] Found %s hostnames." % (hostnames)) print("[*] Created hostname list %s" % (output_file)) f.close()
def target_file(target_hosts, output_directory, quiet): targets = load_targets(target_hosts, output_directory, quiet) target_file = open(targets, 'r') try: target_file = open(targets, 'r') print("[*] Loaded targets from: %s" % targets) except Exception: print("[!] Unable to load: %s" % targets) for ip_address in target_file: ip_address = ip_address.strip() snmp_directory = output_directory + '/' + ip_address + '/scans/snmp/' check_directory(snmp_directory) jobs = [] p = multiprocessing.Process(target=snmp_scans, args=(ip_address, snmp_directory)) jobs.append(p) p.start() target_file.close()