def report(self): down_host = 0 for curhost in self._args.target_list: host_infol = self._args.coll.find({'host': curhost}) # first print host info nmap_report = NmapParser.parse(str(host_infol[0]['result'])) if nmap_report.hosts[0].status == 'up': print '====================== ' + curhost + ' ======================' print 'Host is %s' % nmap_report.hosts[0].status # print ports info print(" PORT STATE SERVICE") for cur_info in host_infol: nmap_report = NmapParser.parse(str(cur_info['result'])) for serv in nmap_report.hosts[0].services: pserv = "{0:>5s}/{1:3s} {2:12s} {3}".format( str(serv.port), serv.protocol, serv.state, serv.service) if len(serv.banner): pserv += " ({0})".format(serv.banner) print pserv else: down_host += 1 print '==========================================================' print 'Not shown: ' + str(down_host) + ' down host' print '=========================================================='
def test_host_address_unchanged(self): fdir = os.path.dirname(os.path.realpath(__file__)) fd1 = open("%s/%s" % (fdir, 'files/1_hosts_down.xml'), 'r') fd2 = open("%s/%s" % (fdir, 'files/1_hosts.xml'), 'r') fd3 = open("%s/%s" % (fdir, 'files/1_hosts.xml'), 'r') nr1 = NmapParser.parse(fd1.read()) nr2 = NmapParser.parse(fd2.read()) nr3 = NmapParser.parse(fd3.read()) h1 = nr1.hosts.pop() h2 = nr2.hosts.pop() h3 = nr3.hosts.pop() self.assertRaises(NmapDiffException, h1.diff, h2) self.assertEqual(h2.diff(h3).changed(), set([])) self.assertEqual(h2.diff(h3).added(), set([])) self.assertEqual(h2.diff(h3).removed(), set([])) self.assertEqual(h2.diff(h3).unchanged(), set(['status', "NmapService::tcp.22", "NmapService::tcp.111", "NmapService::tcp.631", 'hostnames', "NmapService::tcp.3306", 'address', "NmapService::tcp.25"]))
def test_port_state_unchanged(self): nservice1 = NmapParser.parse(port_string) nservice2 = NmapParser.parse(port_string_other2) #nservice3 = NmapParser.parse(port_string_other3) #nservice4 = NmapParser.parse(port_string_other4) self.assertEqual(nservice1.diff(nservice2).unchanged(), set(['banner', 'protocol', 'port', 'service', 'id', 'reason']))
def test_host_address_changed(self): fdir = os.path.dirname(os.path.realpath(__file__)) fd1 = open("%s/%s" % (fdir, 'files/1_hosts_down.xml'), 'r') fd2 = open("%s/%s" % (fdir, 'files/1_hosts.xml'), 'r') nr1 = NmapParser.parse(fd1.read()) nr2 = NmapParser.parse(fd2.read()) h1 = nr1.hosts[0] h2 = nr2.hosts[0] self.assertRaises(NmapDiffException, h1.diff, h2)
def test_extra_ports(self): h1 = NmapParser.parse(host1) h2 = NmapParser.parse(host2) self.assertEqual(h1.extraports_state['state'], {'count': '995', 'state': 'WILLY_WONCKA'}) self.assertEqual(h1.extraports_reasons, [{'reason': 'conn-refused', 'count': '995'}]) self.assertEqual(h2.extraports_state['state'], {'count': '995', 'state': 'closed'}) self.assertEqual(h2.extraports_reasons, [{'reason': 'conn-refused', 'count': '995'}])
def test_diff_host(self): h1 = NmapParser.parse(host1) h2 = NmapParser.parse(host2) h3 = NmapParser.parse(host3) c1 = h1.diff(h2) c2 = h1.diff(h3) c3 = h2.diff(h3) self.assertEqual(c1.changed(), set(["hostnames"])) self.assertEqual(c1.added(), set([])) self.assertEqual(c1.removed(), set([])) self.assertEqual( c1.unchanged(), set([ "status", "NmapService::tcp.22", "NmapService::tcp.111", "NmapService::tcp.631", "NmapService::tcp.3306", "address", "NmapService::tcp.25", "mac_addr", ]), ) self.assertEqual(c2.changed(), set(["status", "NmapService::tcp.3306"])) self.assertEqual(c2.added(), set(["NmapService::tcp.25"])) self.assertEqual(c2.removed(), set(["NmapService::tcp.3307"])) self.assertEqual( c2.unchanged(), set([ "NmapService::tcp.631", "hostnames", "NmapService::tcp.22", "NmapService::tcp.111", "address", "mac_addr", ]), ) self.assertEqual(c3.changed(), set(["status", "hostnames", "NmapService::tcp.3306"])) self.assertEqual(c3.added(), set(["NmapService::tcp.25"])) self.assertEqual(c3.removed(), set(["NmapService::tcp.3307"])) self.assertEqual( c3.unchanged(), set([ "NmapService::tcp.631", "NmapService::tcp.22", "NmapService::tcp.111", "address", "mac_addr", ]), )
def test_port_state_unchanged(self): nservice1 = NmapParser.parse(port_string) nservice2 = NmapParser.parse(port_string_other2) # nservice3 = NmapParser.parse(port_string_other3) # nservice4 = NmapParser.parse(port_string_other4) self.assertEqual( nservice1.diff(nservice2).unchanged(), set(["banner", "protocol", "port", "service", "id", "reason"]), )
def test_eq_host(self): h1 = NmapParser.parse(host1) h2 = NmapParser.parse(host2) h3 = NmapParser.parse(host3) h4 = NmapParser.parse(host4) self.assertNotEqual(h1, h2) self.assertEqual(h1, h1) self.assertNotEqual(h1, h3) self.assertEqual(h1, h4) self.assertNotEqual(h2, h3)
def test_host_api(self): h = NmapParser.parse(host2) self.assertEqual(h.starttime, "1361738318") self.assertEqual(h.endtime, "13617386177") self.assertEqual(h.address, '127.0.0.1') self.assertEqual(h.status, "up") self.assertEqual(h.hostnames, ['localhost', 'localhost', 'localhost2']) h2 = NmapParser.parse(host3) self.assertEqual(len(h2.services), 5) self.assertEqual(len(h2.get_ports()), 5) self.assertEqual(len(h2.get_open_ports()), 3) self.assertEqual(h2.get_service(22, "tcp").state, "open")
def test_report_constructor(self): for testfile in self.flist: fd = open(testfile['file'], 'r') s = fd.read() fd.close() nr = NmapParser.parse(s) nr2 = NmapParser.parse(s) self.assertEqual(len(nr.hosts), testfile['hosts']) self.assertEqual(len(nr2.hosts), testfile['hosts']) self.assertEqual(sorted(nr2.get_raw_data()), sorted(nr.get_raw_data()))
def test_port_state_changed(self): nservice1 = NmapParser.parse(port_string) nservice2 = NmapParser.parse(port_string_other2) nservice3 = NmapParser.parse(port_string_other3) nservice4 = NmapParser.parse(port_string_other4) self.assertEqual(nservice1.diff(nservice2).changed(), set(['state'])) self.assertRaises(NmapDiffException, nservice1.diff, nservice3) self.assertRaises(NmapDiffException, nservice1.diff, nservice4) # self.assertRaises(NmapDiffException, nservice2.diff, nservice3) self.assertEqual( nservice3.diff(nservice4).changed(), set(['state', 'service']))
def test_port_state_changed(self): nservice1 = NmapParser.parse(port_string) nservice2 = NmapParser.parse(port_string_other2) nservice3 = NmapParser.parse(port_string_other3) nservice4 = NmapParser.parse(port_string_other4) self.assertEqual(nservice1.diff(nservice2).changed(), set(['state'])) self.assertRaises(NmapDiffException, nservice1.diff, nservice3) self.assertRaises(NmapDiffException, nservice1.diff, nservice4) # self.assertRaises(NmapDiffException, nservice2.diff, nservice3) self.assertEqual(nservice3.diff(nservice4).changed(), set(['state', 'service']))
def test_service_not_equal(self): for testfile in self.flist: fd = open(testfile['file'], 'r') np1 = NmapParser.parse(fd.read()) fd.close() fd = open(testfile['file'], 'r') np2 = NmapParser.parse(fd.read()) fd.close() host1 = np1.hosts.pop() host2 = np2.hosts.pop() for i in range(len(host1.services)): host1.services[i]._state['state'] = 'changed' self.assertNotEqual(host1.services[i], host2.services[i])
def test_host_equal(self): for testfile in self.flist: fd = open(testfile['file'], 'r') np1 = NmapParser.parse(fd.read()) fd.close() fd = open(testfile['file'], 'r') np2 = NmapParser.parse(fd.read()) fd.close() host1 = np1.hosts.pop() host2 = np2.hosts.pop() host1.services[0]._portid = '23' self.assertEqual(host1, host2)
def test_host_not_equal(self): for testfile in self.flist: fd = open(testfile["file"], "r") np1 = NmapParser.parse(fd.read()) fd.close() fd = open(testfile["file"], "r") np2 = NmapParser.parse(fd.read()) fd.close() host1 = np1.hosts.pop() host2 = np2.hosts.pop() host1.address = {"addr": "1.3.3.7", "addrtype": "ipv4"} self.assertNotEqual(host1, host2)
def test_host_not_equal(self): for testfile in self.flist: fd = open(testfile['file'], 'r') np1 = NmapParser.parse(fd.read()) fd.close() fd = open(testfile['file'], 'r') np2 = NmapParser.parse(fd.read()) fd.close() host1 = np1.hosts.pop() host2 = np2.hosts.pop() host1.address = {'addr': '1.3.3.7', 'addrtype': 'ipv4'} self.assertNotEqual(host1, host2)
def test_host_not_equal(self): for testfile in self.flist: fd = open(testfile['file'], 'r') np1 = NmapParser.parse(fd.read()) fd.close() fd = open(testfile['file'], 'r') np2 = NmapParser.parse(fd.read()) fd.close() host1 = np1.hosts.pop() host2 = np2.hosts.pop() host1._address['addr'] = 'xxxxxx' self.assertNotEqual(host1, host2)
def knockd_test(ip,outfile,start_key,stop_key): ## Baseline Nmap Scan print "\n[-] Scanning " + ip + " with Nmap, this could take a minute...go get some coffee" nm = NmapProcess(ip, options="-p 0-65535") rc = nm.run() if nm.rc == 0: before = NmapParser.parse(nm.stdout) before_ports = before.hosts[0].get_ports() else: print nm.stderr sys.exit() ## Sending Default Knockd Port Knock Sequence with Scapy print "\n[-] Sending default knockd sequence to " + ip for x in start_key: send(IP(dst=ip)/TCP(dport=x),verbose=0) ## Subsequent Nmap Scan print "\n[-] Scanning again...too soon for more coffee???" rc = nm.run() if nm.rc == 0: after = NmapParser.parse(nm.stdout) after_ports = after.hosts[0].get_ports() else: print nm.stderr sys.exit() ## Compare Scans to Determine if any Services were Activated diff = set(after_ports)-set(before_ports) new_ports = list(diff) if len(new_ports) > 0: print "\n[+] " + str(len(new_ports)) + " new port(s) opened..." for x in new_ports: print x print "\nWriting to output file - " + outfile f = open(outfile,'a') f.write("Ports opened on " + ip + " - " + str(new_ports) + "\n") f.close() ## Stopping Activated Services with Default Close Sequence print "\n[-] Disabling opened service on " + ip + " by sending default close sequence..." print " *** If you want to manually interact with the service, use the knockd_on-off.py script ***\n" for x in stop_key: send(IP(dst=ip)/TCP(dport=x),verbose=0) elif len(new_ports) == 0: print "\n[-] No new services opened...\n" else: print "\n[-] An error has occurred" sys.exit()
def knockd_test(ip, outfile, start_key, stop_key): ## Baseline Nmap Scan print "\n[-] Scanning " + ip + " with Nmap, this could take a minute...go get some coffee" nm = NmapProcess(ip, options="-p 0-65535") rc = nm.run() if nm.rc == 0: before = NmapParser.parse(nm.stdout) before_ports = before.hosts[0].get_ports() else: print nm.stderr sys.exit() ## Sending Default Knockd Port Knock Sequence with Scapy print "\n[-] Sending default knockd sequence to " + ip for x in start_key: send(IP(dst=ip) / TCP(dport=x), verbose=0) ## Subsequent Nmap Scan print "\n[-] Scanning again...too soon for more coffee???" rc = nm.run() if nm.rc == 0: after = NmapParser.parse(nm.stdout) after_ports = after.hosts[0].get_ports() else: print nm.stderr sys.exit() ## Compare Scans to Determine if any Services were Activated diff = set(after_ports) - set(before_ports) new_ports = list(diff) if len(new_ports) > 0: print "\n[+] " + str(len(new_ports)) + " new port(s) opened..." for x in new_ports: print x print "\nWriting to output file - " + outfile f = open(outfile, 'a') f.write("Ports opened on " + ip + " - " + str(new_ports) + "\n") f.close() ## Stopping Activated Services with Default Close Sequence print "\n[-] Disabling opened service on " + ip + " by sending default close sequence..." print " *** If you want to manually interact with the service, use the knockd_on-off.py script ***\n" for x in stop_key: send(IP(dst=ip) / TCP(dport=x), verbose=0) elif len(new_ports) == 0: print "\n[-] No new services opened...\n" else: print "\n[-] An error has occurred" sys.exit()
def _process(self, session): nmproc = NmapProcess("10.0.0.1", "-sT") parsed = None rc = nmproc.run() if rc != 0: logging.critical("NMAP Scan failed: {0}".format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: logging.critical("NMAP Parse failed: {0}".format(e.msg)) if parsed is not None: for host in parsed.hosts: if len(host.hostnames): tmp_host = host.hostnames.pop() else: tmp_host = host.address print("Nmap scan report for {0} ({1})".format( tmp_host, host.address)) print("Host is {0}.".format(host.status)) print(" PORT STATE SERVICE") for serv in host.services: pserv = "{0:>5s}/{1:3s} {2:12s} {3}".format( str(serv.port), serv.protocol, serv.state, serv.service) if len(serv.banner): pserv += " ({0})".format(serv.banner) print(pserv)
def os_fingerprint(target_ip): # param source_ip: 源站IP,不填则不做操作系统类型(linux|windows .etc)指纹检测 if not target_ip: return None report = None nm = NmapProcess(targets=target_ip, options='-O') rc = nm.run() if rc != 0: return report try: report = NmapParser.parse(nm.stdout) except: pass os_name = None if report: host = report.hosts[0] if host.os_fingerprinted: for osm in host.os.osmatches: if osm.accuracy >= 90: # 符合某操作系统指纹几率大于90%, 就取该指纹 os_name = osm.name break if not os_name: return 'unknown' if re.search('linux', os_name, re.I): return 'linux' elif re.search('windows', os_name, re.I): return 'windows' else: return 'unknown'
def _process(self, session): nmproc = NmapProcess("10.0.0.1", "-sT") parsed = None rc = nmproc.run() if rc != 0: logging.critical("NMAP Scan failed: {0}".format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: logging.critical("NMAP Parse failed: {0}".format(e.msg)) if parsed is not None: for host in parsed.hosts: if len(host.hostnames): tmp_host = host.hostnames.pop() else: tmp_host = host.address print("Nmap scan report for {0} ({1})".format(tmp_host, host.address)) print("Host is {0}.".format(host.status)) print(" PORT STATE SERVICE") for serv in host.services: pserv = "{0:>5s}/{1:3s} {2:12s} {3}".format( str(serv.port), serv.protocol, serv.state, serv.service ) if len(serv.banner): pserv += " ({0})".format(serv.banner) print(pserv)
def nmap_scan(hosts): ''' Do Nmap scan ''' # -sV is included by default in NmapProcess nmap cmd # To add more: options = '-T4 -sU -p-' # hosts = ['192.168.0.1', '192.168.0.2'] #nmap_args = '-T4 -sV -sS -pU:161,137,139'# -sS -sU --top-ports' nmap_args = '-T4 -sS -sV --max-rtt-timeout 150ms --max-retries 3' print '[*] Running: nmap {0} -iL <hostlist>'.format(nmap_args) nmap_proc = NmapProcess(targets=hosts, options=nmap_args) #rc = nmap_proc.sudo_run() rc = nmap_proc.sudo_run_background() while nmap_proc.is_running(): print("[*] Nmap progress: {1}%".format(nmap_proc.etc, nmap_proc.progress)) time.sleep(2) xml = nmap_proc.stdout try: report = NmapParser.parse(nmap_proc.stdout) except NmapParserException as e: print 'Exception raised while parsing scan: {0}'.format(e.msg) sys.exit() return report
def nmap_scan(targets): # Nmap scan with service detection (-sV), script scanning (-sC) on all # ports (-p-) and agressive timing (-T4) nmap_proc = NmapProcess(targets, options='-sV -sC -p- -T4', safe_mode=False) nmap_proc.run_background() # Checks nmap progress every 30 seconds print('Nmap start at {0}'.format(datetime.today().ctime())) while nmap_proc.is_running(): nmaptask = nmap_proc.current_task if nmaptask: print("Task {0} {1} ({2}): Progress: {3}%".format( len(nmap_proc.tasks) + 1, nmaptask.name, nmaptask.status, nmaptask.progress)) sleep(30) print(nmap_proc.summary) try: report = NmapParser.parse(nmap_proc.stdout) except NmapParserException as e: print('Exception raised while parsing scan: {0}'.format(e.msg)) if report.hosts_total == 0: print('No hosts discovered') sys.exit() return report
def do_scan(targets,options): parsed = None proc = NmapProcess(targets,options) running = proc.run() if running != 0: raise Exception("Scan failed") return NmapParser.parse(proc.stdout)
def consume(self, targets): print(targets) nm = NmapProcess(targets, options='-v -sn') rc = nm.run() try: parsed = NmapParser.parse(nm.stdout) except NmapParserException as e: print("Exception raised while parsing scan: %s" % (e.msg)) HOST_UP = 1 HOST_DOWN = 0 scans = Table('host_up', connection=self.dynamo) with scans.batch_write() as batch: for host in parsed.hosts: # Insert into database and delete from queue if (host.status == 'down'): status = 0 elif (host.status == 'up'): status = 1 else: status = -1 batch.put_item(data={ 'ip': host.address, 'status': status, 'datetime': int(time.time()) })
def nmap_script_scan(self, target, portlist=None, version_intense="0", script_name=None): ''' Runs nmap with the -sC arg or the --script arg if script_name is provided. Options used are: -sV --version-intensity <default:0> -sC|--script=<script_name> Arguments: - ``target``: IP or the range of IPs that need to be tested - ``portlist``: list of ports, range of ports that need to be tested. They can either be comma separated or separated by hyphen example: 121,161,240 or 1-100 - ``version_intense``: Version intensity of OS detection - ``script_name``: Script Name that needs to be referenced Examples: | nmap script scan | target | portlist | version_intense | script_name | ''' target = str(target) if portlist and script_name: nmap_proc_cmd = "-Pn -sV --version-intensity {0} --script={1} -p {2}".format(version_intense, script_name, portlist) elif portlist and not script_name: nmap_proc_cmd = "-Pn -sV --version-intensity {0} -sC -p {1}".format(version_intense, portlist) elif script_name and not portlist: raise Exception('EXCEPTION: If you use specific script, you have to specify a port') else: nmap_proc_cmd = "-Pn -sV --version-intensity {0} -sC".format(version_intense) nmproc = NmapProcess(target, nmap_proc_cmd) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in parsing results: {0}'.format(ne.msg)
def nmap_os_services_scan(self, target, portlist=None, version_intense = 0): ''' Runs Arguments: - ``target``: IP or the range of IPs that need to be tested - ``portlist``: list of ports, range of ports that need to be tested. They can either be comma separated or separated by hyphen example: 121,161,240 or 1-100 - ``version_intense``: Version intensity of OS detection Examples: | nmap os services scan | target | portlist | version_intense | ''' target = str(target) if portlist: nmap_proc_cmd = "-Pn -sV --version-intensity {0} -p {1}".format(portlist, version_intense) else: nmap_proc_cmd = "-Pn -sV --version-intensity {0}".format(portlist) nmproc = NmapProcess(target, nmap_proc_cmd) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in parsing results: {0}'.format(ne.msg)
def nmap_os_services_scan(self, target, portlist=None, version_intense = 0, file_export = None): ''' Runs Arguments: - ``target``: IP or the range of IPs that need to be tested - ``portlist``: list of ports, range of ports that need to be tested. They can either be comma separated or separated by hyphen example: 121,161,240 or 1-100 - ``version_intense``: Version intensity of OS detection - ``file_export``: is an optional param that exports the file to a txt file with the -oN flag Examples: | nmap os services scan | target | portlist | version_intense | file_export | ''' target = str(target) if portlist: nmap_proc_cmd = "-Pn -sV --version-intensity {0} -p {1}".format(version_intense, portlist) else: nmap_proc_cmd = "-Pn -sV --version-intensity {0}".format(version_intense) if file_export: nmap_proc_cmd += " -oN {0}".format(file_export) nmproc = NmapProcess(target, nmap_proc_cmd, safe_mode=False) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in parsing results: {0}'.format(ne.msg)
def parse_nmap_report(self,nmap_stdout): """parse start flag""" if(self._flg_is_storing != True): self._flg_is_storing = True if(self._flg_store_finished != False): self._flg_store_finished = False try: nmap_report = NmapParser.parse(nmap_stdout) self._flg_is_storing = True for host in nmap_report.hosts: if len(host.hostnames): tmp_host = host.hostnames.pop() else: tmp_host = host.address for serv in host.services: # if serv.state in self.port_states: self.scan_report[str(serv.port)+serv.protocol] = serv.service """parse finished flag""" if(self._flg_is_storing != False): self._flg_is_storing = False if(self._flg_is_storing != True): self._flg_is_storing = True print self.scan_report.items() return _flg_store_finished except Exception, e: return e
def parse_nmap_report(nmap_stdout, taskid=None): try: # 处理结果并写入后台数据库 nmap_report = NmapParser.parse(nmap_stdout) # 声明后台对应的ORM数据库处理模型 my_services_backend = BackendPluginFactory.create(plugin_name='backend_service', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600) my_hosts_backend = BackendPluginFactory.create(plugin_name='backend_host', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600) # 开始处理扫描结果 for host in nmap_report.hosts: # print("Nmap scan : {0}".format(host.address)) host.taskid = taskid # 处理主机开放的服务和端口 for serv in host.services: serv.address = host.address serv.taskid = taskid serv.endtime = host.endtime if serv.state in global_log_states: serv.save(my_services_backend) host.save(my_hosts_backend) return '* Scan finished' except Exception as e: # 处理报表出错,返回错误结果 return e
def do_scan(target,options): command = ["/usr/bin/nmap", "-oX", "-"] + options + [str(target)] print("Executing nmap Command") print(command) output = subprocess.check_output(command) print output return NmapParser.parse(output)
def start(self): ''' Start Discovery ''' logs = core.logs.Logger(config=self.config, proc_name="discovery.nmap") logger = logs.getLogger() logger = logs.clean_handlers(logger) logger.info("Starting scan of environment") try: nmap = NmapProcess( self.config['discovery']['plugins']['nmap']['target'], options=self.config['discovery']['plugins']['nmap']['flags']) except Exception as e: raise Exception("Failed to execute nmap process: {0}".format( e.message)) up = [] while True: nmap.run() nmap_report = NmapParser.parse(nmap.stdout) for scanned_host in nmap_report.hosts: if "up" in scanned_host.status and scanned_host.address not in up: up.append(scanned_host.address) logger.debug("Found new host: {0}".format( scanned_host.address)) if self.dbc.new_discovery(ip=scanned_host.address): logger.debug( "Added host {0} to discovery queue".format( scanned_host.address)) else: logger.debug( "Failed to add host {0} to discovery queue".format( scanned_host.address)) logger.debug("Scanned {0} hosts, {1} found up".format( len(nmap_report.hosts), len(up))) time.sleep(self.config['discovery']['plugins']['nmap']['interval']) return True
def test_exec(self): nmapobj = NmapProcess(targets="127.0.0.1", options="-sP") rc = nmapobj.run() parsed = NmapParser.parse(nmapobj.stdout) self.assertEqual(rc, 0) self.assertGreater(len(nmapobj.stdout), 0) self.assertIsInstance(parsed, NmapReport)
def nmap_default_scan(self, target, file_export=None): ''' Runs a basic nmap scan on nmap's default 1024 ports. Performs the default scan - file_export is an optional param that exports the file to a txt file with the -oN flag Examples: | nmap default scan | target | file_export | ''' target = str(target) if file_export == None: nmproc = NmapProcess(target) else: nmproc = NmapProcess(target, '-oN {0}'.format(file_export), safe_mode=False) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format( nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print(parsed) self.results = parsed except NmapParserException as ne: print('EXCEPTION: Exception in Parsing results: {0}'.format( ne.msg))
def parse_nmap_report(nmap_stdout, taskid=None): try: # 处理结果并写入后台数据库 nmap_report = NmapParser.parse(nmap_stdout) # 声明后台对应的ORM数据库处理模型 my_services_backend = BackendPluginFactory.create(plugin_name='backend_service', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600) my_hosts_backend = BackendPluginFactory.create(plugin_name='backend_host', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600) # 开始处理扫描结果 for host in nmap_report.hosts: # print("Nmap scan : {0}".format(host.address)) host.taskid = taskid # 处理主机开放的服务和端口 for serv in host.services: serv.address = host.address serv.taskid = taskid serv.endtime = host.endtime if serv.state in global_log_states: print host.address,serv.get_dict() port_dispath.delay(host.address,base64.b64encode(json.dumps(serv.get_dict())),str(taskid)) #do_port_notify(host.address,serv.get_dict(),taskid) #portDispath(host.address,serv.get_dict(),taskid) serv.save(my_services_backend) host.save(my_hosts_backend) #todo callback return 'Scan finished' except Exception, e: # 处理报表出错,返回错误结果 return e
def nmap_all_tcp_scan(self, target, file_export=None): ''' Runs nmap scan against all TCP Ports with version scanning. Options used -Pn -sV -p1-65535 Examples: | nmap default scan | target | file_export | file_export is an optional param that exports the file to a txt file with the -oN flag ''' target = str(target) if file_export == None: nmproc = NmapProcess(target, '-p1-65535 -sV') else: cmd = '-p1-65535 -sV -oN {0}'.format(file_export) nmproc = NmapProcess(target, cmd, safe_mode=False) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format( nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print(parsed) self.results = parsed except NmapParserException as ne: print('EXCEPTION: Exception in Parsing results: {0}'.format( ne.msg))
def getC(self,ip=None,config=None): try: if ip==None: ip=self.ip count={} ip=ip+"/24" ops="-open -p%s" getops=ops%config nm=NmapProcess(ip,options=getops) ps=nm.run() parsed=NmapParser.parse(nm.stdout) for host in parsed.hosts: count[host.address]=[host.address] for serv in host.services: if len(serv.cpelist)>1: count[host.address].append(serv.service+":"+str(serv.port)+":"+serv.cpelist[0]) else: count[host.address].append(serv.service+":"+str(serv.port)) return count except Exception,e: print e return []
def nmap_specific_udp_scan(self, target, portlist, file_export=None): ''' Runs nmap against specified UDP ports given in the portlist argument. Arguments: - ``target``: IP or the range of IPs that need to be tested - ``portlist``: list of ports, range of ports that need to be tested. They can either be comma separated or separated by hyphen example: 121,161,240 or 1-100 - ``file_export``: is an optional param that exports the file to a txt file with the -oN flag Examples: | nmap specific udp scan | target | portlist | file_export | ''' target = str(target) if file_export == None: nmproc = NmapProcess(target, '-p1-65535 -sV') else: cmd = '-sU -sV -p {0} -oN {1}'.format(portlist, file_export) nmproc = NmapProcess(target, cmd, safe_mode=False) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format( nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print(parsed) self.results = parsed except NmapParserException as ne: print('EXCEPTION: Exception in parsing results: {0}'.format( ne.msg))
def _parse_results(self, stdout): """ Parses results from an nmap scan. Returns True if successful, False otherwise. """ try: results = NmapParser.parse(stdout) now = datetime.now() self.last_results = [] for host in results.hosts: if host.is_up(): if host.hostnames: name = host.hostnames[0] else: name = host.ipv4 if host.mac: mac = host.mac else: mac = _arp(host.ipv4) if mac: device = Device(mac, name, host.ipv4, now) self.last_results.append(device) _LOGGER.info("nmap scan successful") return True except NmapParserException as parse_exc: _LOGGER.error("failed to parse nmap results: %s", parse_exc.msg) self.last_results = [] return False
def _parse_results(self, stdout): """ Parses results from an nmap scan. Returns True if successful, False otherwise. """ try: results = NmapParser.parse(stdout) now = dt_util.now() self.last_results = [] for host in results.hosts: if host.is_up(): if host.hostnames: name = host.hostnames[0] else: name = host.ipv4 if host.mac: mac = host.mac else: mac = _arp(host.ipv4) if mac: device = Device(mac.upper(), name, host.ipv4, now) self.last_results.append(device) _LOGGER.info("nmap scan successful") return True except NmapParserException as parse_exc: _LOGGER.error("failed to parse nmap results: %s", parse_exc.msg) self.last_results = [] return False
async def parse_xml_for_linux_from_file(self, nmap_file): output = [] try: # moving into files directory to read xml curr_dir = os.getcwd() temp_dir = os.path.join(curr_dir, r'files') os.chdir(temp_dir) with open(nmap_file, 'r') as f: xml_str = f.read().replace("\n", "") except IOError as e: return e, 'FileReadError' try: nmap_obj = NmapParser.parse(nmap_data=xml_str, data_type='XML') except Exception as e: return e, 'XMLError' for host in nmap_obj.hosts: if host.is_up(): try: if host.os_match_probabilities( )[0].osclasses[0].osfamily == "Linux": output.append(str(host.address)) except Exception as e: self.logger.info( f"Host {host.address} is not a Linux machine") return output
def start(self): ''' Start Discovery ''' logs = core.logs.Logger(config=self.config, proc_name="discovery.nmap") logger = logs.getLogger() logger = logs.clean_handlers(logger) logger.info("Starting scan of environment") try: nmap = NmapProcess(self.config['discovery']['plugins']['nmap']['target'], options=self.config['discovery']['plugins']['nmap']['flags']) except Exception as e: raise Exception("Failed to execute nmap process: {0}".format(e.message)) up = [] while True: nmap.run() nmap_report = NmapParser.parse(nmap.stdout) for scanned_host in nmap_report.hosts: if "up" in scanned_host.status and scanned_host.address not in up: up.append(scanned_host.address) logger.debug("Found new host: {0}".format(scanned_host.address)) if self.dbc.new_discovery(ip=scanned_host.address): logger.debug("Added host {0} to discovery queue".format( scanned_host.address)) else: logger.debug("Failed to add host {0} to discovery queue".format( scanned_host.address)) logger.debug("Scanned {0} hosts, {1} found up".format( len(nmap_report.hosts), len(up))) time.sleep(self.config['discovery']['plugins']['nmap']['interval']) return True
def parse_nmap_report(nmap_stdout, taskid=None): try: # 处理结果并写入后台数据库 nmap_report = NmapParser.parse(nmap_stdout) # 声明后台对应的ORM数据库处理模型 my_services_backend = BackendPluginFactory.create(plugin_name='backend_service', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600) my_hosts_backend = BackendPluginFactory.create(plugin_name='backend_host', url=global_dbcoon, echo=False, encoding='utf-8', pool_timeout=3600) # 开始处理扫描结果 for host in nmap_report.hosts: # print("Nmap scan : {0}".format(host.address)) host.taskid = taskid # 处理主机开放的服务和端口 for serv in host.services: serv.address = host.address serv.taskid = taskid serv.endtime = host.endtime if serv.state in global_log_states: serv.save(my_services_backend) host.save(my_hosts_backend) return '* Scan finished' except Exception, e: # 处理报表出错,返回错误结果 return e
def _generate_nmap_dict_report(self, targets, options, request): """ Executes the Nmap tool to scan/analyze a list of hosts (IPs) with the specific (parameters) options. :param targets: List of hosts (IPs) to scan/analyze. :param options: Options required to execute Nmap tool. :param request: The request message. :return: The Nmap output information (formatted) based on the original Nmap XML report information. """ # Create Nmap process and run it nmproc = NmapProcess(targets, options) try: # Run the Nmap process nmproc.run() # Generate report nmap_report = NmapParser.parse(nmproc.stdout) # Parse Nmap report parsed_report = self._parse_nmap_xml_report(nmap_report) # Return the parse Nmap report return parsed_report except Exception as ex: logger.exception("Nmap scan failed: {0}".format(nmproc.stderr)) err_res = ErrorResponse(request, MessageUtils.encode(str(ex))) self._app.client.send_response(err_res)
def portScan(): global parsed print"Scanning ports: %s" %ports nm = NmapProcess(args.target, options="-sS -n -T4 -p%s" %ports) rc = nm.run() if rc != 0: print("nmap scan failed: {0}".format(nm.stderr)) parsed = NmapParser.parse(nm.stdout)
def test_class_ports_parser(self): plist = NmapParser.parse(self.ports_string) self.assertEqual(len(plist), 4) self.assertEqual(sorted([p.port for p in plist]), sorted([22, 25, 9929, 80])) self.assertRaises(ValueError, NmapParser.parse, self.ports_string2)
def test_runstats(self): for testfile in self.flist_two: fd = open(testfile['file'], 'r') s = fd.read() fd.close() nr = NmapParser.parse(s) self.assertEqual(getattr(nr, 'endtime'), int(testfile['endtime'])) self.assertEqual(getattr(nr, 'summary'), testfile['summary']) self.assertEqual(getattr(nr, 'elapsed'), float(testfile['elapsed']))
def test_class_port_parser(self): p = NmapParser.parse(self.port_string) self.assertEqual(p.port, 25) self.assertNotEqual(p.state, "open") self.assertEqual(p.state, "filtered") self.assertEqual(p.service, "smtp") self.assertEqual(p.reason, "admin-prohibited") self.assertEqual(p.reason_ttl, "253") self.assertEqual(p.reason_ip, "109.133.192.1")