def consume(self, targets): print(targets) nm = NmapProcess(targets, options='-v -sn') rc = nm.run() try: parsed = NmapParser.parse(nm.stdout) except NmapParserException as e: print("Exception raised while parsing scan: %s" % (e.msg)) HOST_UP = 1 HOST_DOWN = 0 scans = Table('host_up', connection=self.dynamo) with scans.batch_write() as batch: for host in parsed.hosts: # Insert into database and delete from queue if (host.status == 'down'): status = 0 elif (host.status == 'up'): status = 1 else: status = -1 batch.put_item(data={ 'ip': host.address, 'status': status, 'datetime': int(time.time()) })
def getC(self,ip=None,config=None): try: if ip==None: ip=self.ip count={} ip=ip+"/24" ops="-open -p%s" getops=ops%config nm=NmapProcess(ip,options=getops) ps=nm.run() parsed=NmapParser.parse(nm.stdout) for host in parsed.hosts: count[host.address]=[host.address] for serv in host.services: if len(serv.cpelist)>1: count[host.address].append(serv.service+":"+str(serv.port)+":"+serv.cpelist[0]) else: count[host.address].append(serv.service+":"+str(serv.port)) return count except Exception,e: print e return []
def celery_nmap_scan(targets, options): """celery_nmap_scan task""" def status_callback(nmapscan=None): """status callback""" try: celery_nmap_scan.update_state(state="PROGRESS", meta={"progress": nmapscan.progress, "ready": 0, "etc": nmapscan.etc}) except Exception as e: print("status_callback error: " + str(e)) # scan is not yet finished (or even started). # But I need to do this before the NmapProcess is started because # otherwise other tasks might be queued in front of this! _nmap_task_id = celery_nmap_scan.request.id store_nmap_report_meta.apply_async(kwargs={'nmap_task_id': str(_nmap_task_id)}) print("tasks.py: Targets and Options") print(targets) print(options) nm = NmapProcess(targets, options, event_callback=status_callback) rc = nm.sudo_run() if rc == 0 and nm.stdout: r = nm.stdout else: r = None return r
def _process(self, session): nmproc = NmapProcess("10.0.0.1", "-sT") parsed = None rc = nmproc.run() if rc != 0: logging.critical("NMAP Scan failed: {0}".format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: logging.critical("NMAP Parse failed: {0}".format(e.msg)) if parsed is not None: for host in parsed.hosts: if len(host.hostnames): tmp_host = host.hostnames.pop() else: tmp_host = host.address print("Nmap scan report for {0} ({1})".format(tmp_host, host.address)) print("Host is {0}.".format(host.status)) print(" PORT STATE SERVICE") for serv in host.services: pserv = "{0:>5s}/{1:3s} {2:12s} {3}".format( str(serv.port), serv.protocol, serv.state, serv.service ) if len(serv.banner): pserv += " ({0})".format(serv.banner) print(pserv)
def nmap_os_services_scan(self, target, portlist=None, version_intense = 0): ''' Runs Arguments: - ``target``: IP or the range of IPs that need to be tested - ``portlist``: list of ports, range of ports that need to be tested. They can either be comma separated or separated by hyphen example: 121,161,240 or 1-100 - ``version_intense``: Version intensity of OS detection Examples: | nmap os services scan | target | portlist | version_intense | ''' target = str(target) if portlist: nmap_proc_cmd = "-Pn -sV --version-intensity {0} -p {1}".format(portlist, version_intense) else: nmap_proc_cmd = "-Pn -sV --version-intensity {0}".format(portlist) nmproc = NmapProcess(target, nmap_proc_cmd) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in parsing results: {0}'.format(ne.msg)
def nmap_script_scan(self, target, portlist=None, version_intense="0", script_name=None): ''' Runs nmap with the -sC arg or the --script arg if script_name is provided. Options used are: -sV --version-intensity <default:0> -sC|--script=<script_name> Arguments: - ``target``: IP or the range of IPs that need to be tested - ``portlist``: list of ports, range of ports that need to be tested. They can either be comma separated or separated by hyphen example: 121,161,240 or 1-100 - ``version_intense``: Version intensity of OS detection - ``script_name``: Script Name that needs to be referenced Examples: | nmap script scan | target | portlist | version_intense | script_name | ''' target = str(target) if portlist and script_name: nmap_proc_cmd = "-Pn -sV --version-intensity {0} --script={1} -p {2}".format(version_intense, script_name, portlist) elif portlist and not script_name: nmap_proc_cmd = "-Pn -sV --version-intensity {0} -sC -p {1}".format(version_intense, portlist) elif script_name and not portlist: raise Exception('EXCEPTION: If you use specific script, you have to specify a port') else: nmap_proc_cmd = "-Pn -sV --version-intensity {0} -sC".format(version_intense) nmproc = NmapProcess(target, nmap_proc_cmd) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in parsing results: {0}'.format(ne.msg)
def celery_nmap_scan(targets, options): """celery_nmap_scan task""" def status_callback(nmapscan=None): """status callback""" try: current_task.update_state(state="PROGRESS", meta={"done": nmapscan.progress, "etc": nmapscan.etc}) except Exception as e: print("status_callback error: " + str(e)) nm = NmapProcess(targets, options, event_callback=status_callback) rc = nm.run() if rc == 0 and nm.stdout: r = nm.stdout # scan is finished. Now call task to insert Report into persistent db celery_nmap_store_report.delay(task_id=celery_nmap_scan.request.id) else: r = None return {"rc": rc, "report": r}
def _update_info(self): """ Scans the network for devices. Returns boolean if scanning successful. """ if not self.success_init: return False _LOGGER.info("Scanning") options = "-F --host-timeout 5" exclude_targets = set() if self.home_interval: now = dt_util.now() for host in self.last_results: if host.last_update + self.home_interval > now: exclude_targets.add(host) if len(exclude_targets) > 0: target_list = [t.ip for t in exclude_targets] options += " --exclude {}".format(",".join(target_list)) nmap = NmapProcess(targets=self.hosts, options=options) nmap.run() if nmap.rc == 0: if self._parse_results(nmap.stdout): self.last_results.extend(exclude_targets) else: self.last_results = [] _LOGGER.error(nmap.stderr) return False
def nmap_scan(hosts): ''' Do Nmap scan ''' # -sV is included by default in NmapProcess nmap cmd # To add more: options = '-T4 -sU -p-' # hosts = ['192.168.0.1', '192.168.0.2'] #nmap_args = '-T4 -sV -sS -pU:161,137,139'# -sS -sU --top-ports' nmap_args = '-T4 -sS -sV --max-rtt-timeout 150ms --max-retries 3' print '[*] Running: nmap {0} -iL <hostlist>'.format(nmap_args) nmap_proc = NmapProcess(targets=hosts, options=nmap_args) #rc = nmap_proc.sudo_run() rc = nmap_proc.sudo_run_background() while nmap_proc.is_running(): print("[*] Nmap progress: {1}%".format(nmap_proc.etc, nmap_proc.progress)) time.sleep(2) xml = nmap_proc.stdout try: report = NmapParser.parse(nmap_proc.stdout) except NmapParserException as e: print 'Exception raised while parsing scan: {0}'.format(e.msg) sys.exit() return report
def do_scan(targets,options): parsed = None proc = NmapProcess(targets,options) running = proc.run() if running != 0: raise Exception("Scan failed") return NmapParser.parse(proc.stdout)
def start(self): ''' Start Discovery ''' logs = core.logs.Logger(config=self.config, proc_name="discovery.nmap") logger = logs.getLogger() logger = logs.clean_handlers(logger) logger.info("Starting scan of environment") try: nmap = NmapProcess(self.config['discovery']['plugins']['nmap']['target'], options=self.config['discovery']['plugins']['nmap']['flags']) except Exception as e: raise Exception("Failed to execute nmap process: {0}".format(e.message)) up = [] while True: nmap.run() nmap_report = NmapParser.parse(nmap.stdout) for scanned_host in nmap_report.hosts: if "up" in scanned_host.status and scanned_host.address not in up: up.append(scanned_host.address) logger.debug("Found new host: {0}".format(scanned_host.address)) if self.dbc.new_discovery(ip=scanned_host.address): logger.debug("Added host {0} to discovery queue".format( scanned_host.address)) else: logger.debug("Failed to add host {0} to discovery queue".format( scanned_host.address)) logger.debug("Scanned {0} hosts, {1} found up".format( len(nmap_report.hosts), len(up))) time.sleep(self.config['discovery']['plugins']['nmap']['interval']) return True
def portScan(): global parsed print"Scanning ports: %s" %ports nm = NmapProcess(args.target, options="-sS -n -T4 -p%s" %ports) rc = nm.run() if rc != 0: print("nmap scan failed: {0}".format(nm.stderr)) parsed = NmapParser.parse(nm.stdout)
def is_alive(self): self.alive = False nmproc = NmapProcess(str(self.ip), '-sn') rc = nmproc.run() if rc != 0: self.has_error("(alive) {}".format(nmproc.stderr)) else: nmap_report = NmapParser.parse(nmproc.stdout) self.alive = (nmap_report.hosts[0].status == 'up')
def nmap_scan(targets, options): nm = NmapProcess(targets, options) rc = nm.run() if nm.rc == 0: return nm.stdout else: return nm.stderr
def worker(q, lock, percent, pingtype): ''' Create Nmap processes to ping sweep each subnet then add a percentage of the hosts that are up to the master sample list ''' for netblock in iter(q.get, 'STOP'): if pingtype == 'portscan': nmap_args = '--top-ports 5 --max-rtt-timeout 150ms --max-retries 3' elif pingtype == 'arpscan': nmap_args = '-T4 -sn --max-rtt-timeout 150ms --max-retries 3' else: nmap_args = '-T4 -PE -sn --max-rtt-timeout 150ms --max-retries 3' print '[*] nmap {0} {1}'.format(nmap_args, netblock) nmap_proc = NmapProcess(targets=netblock, options=nmap_args) rc = nmap_proc.run() xml = nmap_proc.stdout try: report = NmapParser.parse(xml) except NmapParserException as e: print 'Exception raised while parsing scan: {0}'.format(e.msg) continue subnet_hosts_up = [] for host in report.hosts: if host.is_up(): ip = host.address hostname = None if len(host.hostnames) != 0: hostname = host.hostnames[0] if pingtype == 'portscan': for s in host.services: if re.search('open|filtered', s.state): subnet_hosts_up.append(ip) break else: subnet_hosts_up.append(ip) num_hosts = float(len(subnet_hosts_up)) random_sample_num = int(ceil(num_hosts * percent)) sample = [] for i in xrange(random_sample_num): s = random.choice(subnet_hosts_up) sample.append(s) if len(sample) > 0: print '[+] Random {0}% of live hosts in subnet {1}:'.format(percent*100, netblock) for ip in sample: print ' ', ip if len(sample) > 0: with lock: with open('SampleIPs.txt', 'a+') as f: for ip in sample: f.write(ip+'\n')
def scan_host(target_host, num_tries): nm = NmapProcess(target_host, options='-sT -Pn -T3') cur_try = 0 while cur_try < num_tries: logger.debug( "Now running scan attempt #%d for host at %s." % (cur_try + 1, target_host) ) result = nm.run_background() while nm.is_running(): logger.debug( "Scan running. ETC: %s. DONE: %s." % (nm.etc, nm.progress) ) sleep(2) if nm.rc != 0: logger.warning( "Scan #%d for host at %s failed!" % (cur_try + 1, target_host) ) cur_try += 1 else: logger.debug( "Scan for host at %s succeeded!" % (target_host,) ) break if str(nm.state) != str(nm.DONE): logger.warning( "Scan for host at %s failed!" % (target_host,) ) return else: try: parsed = NmapParser.parse(nm.stdout) except NmapParserException as e: logger.error( "NmapParserException thrown: %s." % (e.msg,) ) host = parsed.hosts[0] to_return = [] for service in host.services: to_return.append( "%s//%s//%s//%s" % ( host.ipv4, service.protocol, str(service.port), service.state ) ) return to_return
def do_scan(targets, options, fqp=None): nm = NmapProcess(targets, options, fqp=fqp) rc = nm.run() if rc != 0: print "nmap scan failed: %s" % (nm.stderr) try: parsed = NmapParser.parse(nm.stdout) except NmapParserException as e: print "Exception raised while parsing scan: %s" % (e.msg) return parsed
def do_scan(targets, options): parsed = None nmproc = NmapProcess(targets, options) rc = nmproc.run() message = "" if rc != 0: message = "Tarama yapılırken bir hata oluştu: {0}".format(nmproc.stderr) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: message = "Tarama sonucu parse edilirken bir hata oluştu: {0}".format(e.msg) return {"message": message, "parsed": parsed}
def startNmap(self): #start Nmap scan func self.nmapScan = NmapProcess(self.scanIp, options='-sV -T4 -A -Pn -p 22-65534') self.rc = self.nmapScan.run() if self.nmapScan.rc == 0: #print self.nmapScan.stdout return self.nmapScan.stdout else: print self.nmapScan.stderr logging.info('nmap scan error' + self.scanIp) return False
def performVersionScan(nmapInput, nmapOutput, dbOutputPath): print(Fore.BLUE + "\n - Starting nmap scan...") scanner = NmapProcess( targets=nmapInput, options= "--script http-server-header.nse,http-devframework.nse,http-headers -sV -T4 -p80,443 -oX " + nmapOutput, safe_mode=False) scanner.run() print(Fore.BLUE + "\n - Finished nmap scan!") data = parseNmapOutput(nmapOutput, nmapInput) writeToDatabase(data, dbOutputPath)
def get_hosts_from_scan(self, target, options=''): nmap_proc = NmapProcess(targets=target, options=options) nmap_proc.run() nmap_report_obj = NmapParser.parse(nmap_proc.stdout) hosts = {} for host in nmap_report_obj.hosts: hosts[host.address] = host.status return hosts
def do_scan(targets, options): nm = NmapProcess(targets, options) rc = nm.run() if rc != 0: print("nmap scan failed: {0}".format(nm.stderr)) try: parsed = NmapParser.parse(nm.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def udp_scan(ip): nm = NmapProcess(ip, options="-sU -T4 -p 1-65535") nm.run() soup = BeautifulSoup(nm.stdout, "lxml") ports_xml = soup.find('host').find('ports').find_all('port') open_ports = [] closed_ports = [] for px in ports_xml: if px.find('state').get('state') == 'open': open_ports.append(int(px.get('portid'))) elif px.find('state').get('state') == 'closed': closed_ports.append(int(px.get('portid'))) return {'open': open_ports, 'closed': closed_ports}
def __init__(self, ip, port, callback, options=None, safemode=False): if options: options = "-vvvvv " + options else: options = "-vvvvv" # self.options = "-vv {} -p {} {}".format(self.scantype, port, ip) self.ip = ip self.port = port self.callback = callback self.nmap_proc = NmapProcess(targets=self.ip, options=options, event_callback=self.callback, safe_mode=safemode)
def nmap_follow_up_scan(hosts, port): """ This needs to be reworked. If nmap service scan can't determine the service, i run an nmap scan without service detection to get the default port. I should just read the IANA ports file instead and grep for the port, or maybe even the nmap version of the IANA ports list. :param hosts: :param port: :return: """ nm = NmapProcess(hosts, options="-Pn -p %d" % port) rc = nm.run() nmap_report = NmapParser.parse(nm.stdout) return nmap_report
def is_port_open(self, port): nmproc = NmapProcess(str(self.ip), '-p ' + str(port)) rc = nmproc.run() if rc != 0: self.has_error("nmap scan failed: {0}".format(nmproc.stderr)) return False else: nmap_report = NmapParser.parse(nmproc.stdout) if nmap_report.hosts[0].status == 'up': return (nmap_report.hosts[0].services[0].state == 'open') else: return False
def nmap_scan(hosts, outfile, add_args): ''' Do Nmap scan ''' nmap_args = '-sS -O -T4 -sV -n {} --max-retries 5 -oA {}'.format( add_args, outfile) print_info('Running: nmap {}'.format(nmap_args)) nmap_proc = NmapProcess(targets=hosts, options=nmap_args, safe_mode=False) rc = nmap_proc.sudo_run_background() nmap_status_printer(nmap_proc) report = NmapParser.parse_fromfile(os.getcwd() + '/{}.xml'.format(outfile)) return report
def run_scan(target, options, output_filename=None): nmap_proc = NmapProcess(target, options) logger.info("Starting nmap scan of {} with options {}".format(target, options)) nmap_proc.run() logger.info("Completed nmap scan of {} with options {}".format(target, options)) if output_filename is not None: try: tree = etree.ElementTree(etree.fromstring(nmap_proc.stdout)) tree.write(output_filename) except (IOError, etree.ParseError) as e: return e, 'XMLError' return nmap_proc.stdout, 'Success'
def tcp_fin_scan(ip): nm = NmapProcess(ip, options="-sF -T4 -p 1-65535") nm.run() soup = BeautifulSoup(nm.stdout, "lxml") try: ports_xml = soup.find('host').find('ports').find_all('port') closed_ports = [] for px in ports_xml: if px.find('state').get('state') == 'closed': closed_ports.append(int(px.get('portid'))) return closed_ports except: return []
def nmap_scan(ip, options): parsed = None nmproc = NmapProcess(ip, options) rc = nmproc.run() if rc != 0: print("nmap scan failed: {0}".format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def run_scan_check_blacklist(self, target, options): nmap_proc = NmapProcess(targets=target, options=options) nmap_proc.run() nmap_report_obj = NmapParser.parse(nmap_proc.stdout) count = 0 for host in nmap_report_obj.hosts: if host.status == "up" and host.address in self.blacklist: count = count+1 return count
def _run_scan(self): nmap_proc = NmapProcess(targets=self._target, options="-Pn -sT -sU -p "+self._port) nmap_proc.run_background() while nmap_proc.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nmap_proc.etc, nmap_proc.progress)) sleep(2) if nmap_proc.rc != 0: print("Nmap scan failed: {0}".format(nmap_proc.stderr)) sys.exit(2) else: return nmap_proc
def __do_scan(targets, options): ''' do scan a target by nmap ''' parsed = None nmproc = NmapProcess(targets=targets, options=options) nmproc.run() try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def scanByNmap(self, target, policy): runtime = 0 try: nmap_proc = NmapProcess(targets=target, options=policy, safe_mode=True) nmap_proc.run_background() while nmap_proc.is_running(): if runtime >= self.nmap_timeout: nmap_proc.stop() if self.output_mode != "silent": print self.R + u'\n[x] scan_host {} timeout...'.format( target) + self.W break else: if self.output_mode != "silent": sys.stdout.write( u'\033[1;34m[~] scan_host is {},scan progress is {}%({} sec)\n\033[0m' .format(target, nmap_proc.progress, runtime)) sys.stdout.flush() sleep(5) runtime += 5 if nmap_proc.is_successful() and nmap_proc.stdout: self.parserReport(nmap_proc.stdout) except Exception as e: print e
def do_nmap_scan(scan_ip_list, scan_port): # nmap自定义UA,避免被WAF检测到 nmap_proc = NmapProcess( scan_ip_list, options='-sT -sV -p ' + str(scan_port) + ' -script-args http.useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36"' ) nmap_proc.run() nmap_repot = NmapParser.parse(nmap_proc.stdout) for host in nmap_repot.hosts: for serv in host.services: if serv.state in global_port_states: print 'scan_host is %s,scan result is %s|%s|%s|%s|%s'\ % (host.address, str(serv.port), serv.protocol, serv.state, serv.service, serv.banner)
def scanner(target, option, iteration): nmap = NmapProcess(target, option) return_code = nmap.run() #or nmap.run_background() #or nmap.sudo_ran_background(run_as=root) if return_code != 0: print('Scann cannot be completed:{0}', format(nmap.stderr)) try: parsed = NmapParser(nmap.stdout) file = open('scan' + str(iteration + '.xml', 'w')) file.write(parsed) file.close() except NmapParserException as e: print('Parsing error: {0}'.format(e.msg))
def do_scan(targets, options): parsed = None nmproc = NmapProcess(targets, options) rc = nmproc.run() if rc != 0: print("Scan Failed: {0}".format(nmproc.stderr)) print(type(nmproc.stdout)) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def scan(): form = IPscannerForm() if form.validate_on_submit(): ip = form.ip.data ip = str(ip) nm1 = NmapProcess(ip, options="-sn") nm1.run() parsed = NmapParser.parse(nm1.stdout) G = nx.Graph() nm2 = NmapProcess("www.baidu.com", options="--traceroute") nm2.run() collection = xml.etree.ElementTree.fromstring(nm2.stdout) nodes = collection.getiterator("hop") trace_list = [] pre_node = '' for node in nodes: trace_list.append(node.attrib["ipaddr"]) G.add_node(node.attrib["ipaddr"]) if pre_node != '': G.add_edge(node.attrib["ipaddr"], pre_node) pre_node = node.attrib["ipaddr"] for host in parsed.hosts: if host.is_up(): G.add_node(host.address) G.add_edge(host.address, trace_list[0]) gra_json = json.dumps(G.adj) return render_template('result.html', gra_json=gra_json) return render_template('scan.html', form=form)
def nmap_scan(hosts): ''' Do Nmap scan ''' # This is top 1000 tcp + top 50 UDP scan # Nmap has chosen not to do --top-udp/tcp-ports options due to not wanting to overcomplicate # the cmd line interface nmap_args = '-sS -n --max-retries 5 -p 445 -oA smb-scan' nmap_proc = NmapProcess(targets=hosts, options=nmap_args, safe_mode=False) rc = nmap_proc.sudo_run_background() nmap_status_printer(nmap_proc) report = NmapParser.parse_fromfile(os.getcwd() + '/smb-scan.xml') return report
def do_scan(ip,argm): try: nmap_report = None nm = NmapProcess(ip, options=argm) rc = nm.run() if nm.rc == 0: nmap_result=nm.stdout nmap_report = NmapParser.parse_fromstring(nmap_result) else: logger.error(nm.stderr) except Exception as e: logger.error(e.message) return nmap_report
def _run_scan(targets, options): """Runs a nmap scan with the given options, returns a report for the given scan. """ parsed = None nmproc = NmapProcess(targets, options) return_code = nmproc.run() if return_code == 0: try: parsed = NmapParser.parse(nmproc.stdout) return parsed except NmapParserException as e: print "scan failed: {0}".format(nmproc.stderr) return 1
def ip_info(subnet): nm = NmapProcess(subnet, options="-Pn -O") rc = nm.sudo_run() if nm.rc == 0: rep = NmapParser.parse(nm.stdout) for host in rep.hosts: if host.is_up(): print("IP Address: {0}".format(host.address)) if host.os_fingerprinted: for osm in host.os.osmatches: print("OS Type: {0}".format(osm.name)) print ("Last seen timestamp: {0}\n" .format(host.lastboot)) else: print (nm.stderr)
def nmap_func(res_name): nm = NmapProcess(res_name, options="-O") rc = nm.run() if nm.rc == 0: bs = BeautifulSoup(nm.stdout, 'lxml') things=bs.find_all('osmatch') for i in things: os_dict=[i['accuracy'], i['name'], i.osclass['osfamily'], i.osclass['vendor'], i.find('cpe').text] return os_dict
def Scan1(ip): global ip_info ports = str(ip_info[ip]).strip('[|]|\'').replace("', '", ',') nmap_proc = NmapProcess( ip, options='-sT -sV -p ' + ports + ' -script-args http.useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36"' ) nmap_proc.run() nmap_repot = NmapParser.parse(nmap_proc.stdout) conn = psycopg2.connect(database=database, host=hhost, port=dport, user=user, password=password) cur = conn.cursor() for host in nmap_repot.hosts: for serv in host.services: while True: try: cur.execute( "select * from assets where ip='%s' and port='%s'" % (host.address, str(serv.port))) tmp = cur.fetchall() if (len(tmp) == 0): cur.execute( "INSERT INTO public.\"assets\"(ip, port, protocol, state, service, banner) values ('%s', '%s', '%s', '%s', '%s', '%s')" % (host.address, str(serv.port), serv.protocol, serv.state, serv.service, serv.banner)) else: cur.excute( "UPDATE assets SET protocol='%s', state='%s', service='%s', banner='%s' WHERE ip='%s' and port='%s';" % (serv.protocol, serv.state, serv.service, serv.banner, host.address, str(serv.port))) print("%s\t%s\t%s\t%s\t%s\t%s" % (host.address, str(serv.port), serv.protocol, serv.state, serv.service, serv.banner)) break except: conn = psycopg2.connect(database=database, host=hhost, port=dport, user=user, password=password) cur = conn.cursor() print("retry: %s:%s" % (host.address, str(serv.port))) conn.commit() conn.close()
def knockd_test(ip,outfile,start_key,stop_key): ## Baseline Nmap Scan print "\n[-] Scanning " + ip + " with Nmap, this could take a minute...go get some coffee" nm = NmapProcess(ip, options="-p 0-65535") rc = nm.run() if nm.rc == 0: before = NmapParser.parse(nm.stdout) before_ports = before.hosts[0].get_ports() else: print nm.stderr sys.exit() ## Sending Default Knockd Port Knock Sequence with Scapy print "\n[-] Sending default knockd sequence to " + ip for x in start_key: send(IP(dst=ip)/TCP(dport=x),verbose=0) ## Subsequent Nmap Scan print "\n[-] Scanning again...too soon for more coffee???" rc = nm.run() if nm.rc == 0: after = NmapParser.parse(nm.stdout) after_ports = after.hosts[0].get_ports() else: print nm.stderr sys.exit() ## Compare Scans to Determine if any Services were Activated diff = set(after_ports)-set(before_ports) new_ports = list(diff) if len(new_ports) > 0: print "\n[+] " + str(len(new_ports)) + " new port(s) opened..." for x in new_ports: print x print "\nWriting to output file - " + outfile f = open(outfile,'a') f.write("Ports opened on " + ip + " - " + str(new_ports) + "\n") f.close() ## Stopping Activated Services with Default Close Sequence print "\n[-] Disabling opened service on " + ip + " by sending default close sequence..." print " *** If you want to manually interact with the service, use the knockd_on-off.py script ***\n" for x in stop_key: send(IP(dst=ip)/TCP(dport=x),verbose=0) elif len(new_ports) == 0: print "\n[-] No new services opened...\n" else: print "\n[-] An error has occurred" sys.exit()
def knockd_test(ip, outfile, start_key, stop_key): ## Baseline Nmap Scan print "\n[-] Scanning " + ip + " with Nmap, this could take a minute...go get some coffee" nm = NmapProcess(ip, options="-p 0-65535") rc = nm.run() if nm.rc == 0: before = NmapParser.parse(nm.stdout) before_ports = before.hosts[0].get_ports() else: print nm.stderr sys.exit() ## Sending Default Knockd Port Knock Sequence with Scapy print "\n[-] Sending default knockd sequence to " + ip for x in start_key: send(IP(dst=ip) / TCP(dport=x), verbose=0) ## Subsequent Nmap Scan print "\n[-] Scanning again...too soon for more coffee???" rc = nm.run() if nm.rc == 0: after = NmapParser.parse(nm.stdout) after_ports = after.hosts[0].get_ports() else: print nm.stderr sys.exit() ## Compare Scans to Determine if any Services were Activated diff = set(after_ports) - set(before_ports) new_ports = list(diff) if len(new_ports) > 0: print "\n[+] " + str(len(new_ports)) + " new port(s) opened..." for x in new_ports: print x print "\nWriting to output file - " + outfile f = open(outfile, 'a') f.write("Ports opened on " + ip + " - " + str(new_ports) + "\n") f.close() ## Stopping Activated Services with Default Close Sequence print "\n[-] Disabling opened service on " + ip + " by sending default close sequence..." print " *** If you want to manually interact with the service, use the knockd_on-off.py script ***\n" for x in stop_key: send(IP(dst=ip) / TCP(dport=x), verbose=0) elif len(new_ports) == 0: print "\n[-] No new services opened...\n" else: print "\n[-] An error has occurred" sys.exit()
def run(self, target, options, callback): """ Executes the scan on a given target. :param target: :param options: :param callback: callback function to report status to the server. :return: report object :rtype: `dscan.models.structures.Report` """ self.ctarget = (target, options) nmap_proc = None try: options = " ".join([options, f"-oN {self.report_name('nmap')}"]) nmap_proc = NmapProcess(targets=target, options=options, safe_mode=False, event_callback=self.show_status) log.info("Nmap scan started Sending success status") callback(Status.SUCCESS) rc = nmap_proc.run() if rc == 0: # after finished encode and hash the contents for transfer. self.__inc() data = nmap_proc.stdout.encode("utf-8") report_file = self.report_name("xml") with open(self.report_name("xml"), "wb") as rfile: rfile.write(data) rfile.flush() digest = hashlib.sha512(data).hexdigest() report = Report(len(data), os.path.basename(report_file), digest) self.print(target, 100) return report else: callback(Status.FAILED) log.error(f"Nmap Scan failed {nmap_proc.stderr}") except Exception as ex: log.error(f"something went wrong {ex}") callback(Status.FAILED) finally: if nmap_proc: nmap_proc.stop() # orthodox fix NmapProcess is leaving subprocess streams open. subproc = getattr(nmap_proc, "_NmapProcess__nmap_proc") if subproc: subproc.stdout.close() subproc.stderr.close()
def run_nmap_scan(self): parsed = None nmap_proc = NmapProcess(targets="10.10.10.3", options="") nmap_proc.run_background() while nmap_proc.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format( nmap_proc.etc, nmap_proc.progress)) sleep(2) nmap_report = NmapParser.parse(nmap_proc.stdout) nmap_results = NmapResults() nmap_results.add_hosts(nmap_report) return nmap_results
def celery_nmap_scan(targets, options): def status_callback(nmapscan=None, data=''): current_task.update_state(state='PROGRESS', meta={'done': nmapscan.progress, 'etc': nmapscan.etc}) nm = NmapProcess(targets, options, event_callback=status_callback) rc = nm.run() if rc == 0 and nm.stdout: r = nm.stdout else: r = None return {'rc': rc, 'report': r}
def do_scan(host, options): # uncomment line below to manually input target IP #host = input("Enter Target Host Address: ") parsed = None nmproc = NmapProcess(host, options) rc = nmproc.run() if rc != 0: print("nmap scan failed: {0}".format(nmproc.stderr)) print(type(nmproc.stdout)) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def run(self, port, hosts): print "[*] Probing %d hosts on port %s" % (len(hosts), port) opts = self.build_nmap_options(port) nm = NmapProcess(hosts, options=opts, fqp=self._whereis("nmap") ) rc = nm.run() if nm.rc == 0: nmap_report = NmapParser.parse(nm.stdout) for scanned_host in nmap_report.hosts: if self.is_ipidseq_incremental( scanned_host ): for open_port in scanned_host.get_open_ports(): self.final_print(scanned_host.ipv4, open_port[0], 'FOUND')
class Mynmap(object): def __init__(self, scanIp): self.scanIp = scanIp def startNmap(self): self.nmapScan = NmapProcess(self.scanIp, options='-sV -T4 -A -Pn -p 22-65534') self.rc = self.nmapScan.run() if self.nmapScan.rc == 0: #print self.nmapScan.stdout return self.nmapScan.stdout else: print self.nmapScan.stderr logging.info('nmap scan error'+ self.scanIp) return False def startParse(self): #nmap xml parse func try: self.startNmapScan = self.startNmap() if self.startNmap is not False: self.parse = NmapParser.parse(self.startNmapScan) self.nmapScanreport = self.startReport() else: sys.exit(0) except NmapParserException as e: logging.info(e) sys.exit(0) def startReport(self): self.report = self.parse if self.report: for self.host in self.report.hosts: for self.serv in self.host.services: if len(self.serv.banner) and self.serv.state == 'open': scanResult.append((str(self.host.address) + ' ' + '+' + ' ' + 'NmapService: [' +str(self.serv.state) + ' ' + str(self.serv.protocol) + ' ' + "<" + str(self.serv.port) + ">" + ' ' + str(self.serv.service) + ' ' + str(self.serv.banner)) + ']') else: if self.serv.state == 'open': scanResult.append((str(self.host.address) + ' ' + '+' + ' ' + 'NmapService: [' + str(self.serv.state) + ' ' + str(self.serv.protocol) + ' ' + "<" + str(self.serv.port) + ">" + ' ' + str(self.serv.service)) + ']')
def nmap_all_tcp_scan(self, target): ''' Runs nmap scan against all TCP Ports with version scanning. Options used -Pn -sV -p1-65535 Examples: | nmap all tcp scan | target | ''' target = str(target) nmproc = NmapProcess(target, '-p1-65535 -sV') rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in Parsing results: {0}'.format(ne.msg)
def nmap_default_scan(self, target): ''' Runs a basic nmap scan on nmap's default 1024 ports. Performs the scan with -Pn -sS -sV Options Examples: | nmap default scan | target | ''' target = str(target) nmproc = NmapProcess(target, '-Pn -sS -sV') rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in Parsing results: {0}'.format(ne.msg)