class NmapTaskBack(AsyncTaskBack, NmapMixin): nmap = None def __init__(self, host, db, args, inqueue, outqueue): super().__init__(inqueue, outqueue) self.nmap = NmapProcess(targets=host, options=args) self.nmap.run() self.db = db if self.nmap.is_successful(): parsed = NmapParser.parse(self.nmap.stdout) self.result = self.get_result(parsed) self.store(parsed) self.thread.join() def get_result(self, report): result = [] for host in report.hosts: hostname = '' if len(host.hostnames): hostname = host.hostnames.pop() if host.status != 'up': continue services = [] for service in host.services: services.append({ 'port': service.port, 'proto': service.protocol, 'state': service.state, 'version': service.banner, 'service': service.service }) result.append({hostname: {'services': services}}) return result def is_running(self): if self.nmap: return self.nmap.is_running() def is_successful(self): return self.nmap.is_successful() def finish(self): self._stop = True return self.result def terminate(self): self.nmap.stop() def state(self): state = 'running' if self.nmap.is_running() else 'completed' return self.nmap.progress, state, self.nmap.command def __str__(self): return '{:>4}% {} - {}'.format( self.nmap.progress, self.nmap.command, 'running' if self.nmap.is_running() else 'completed')
def do_scan(self, target, options="-n -sS --host-timeout 600 --open"): # 记录结果 db = DB() nmproc = NmapProcess(target, options) nmproc.run_background() while nmproc.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format( nmproc.etc, nmproc.progress)) time.sleep(2) print("rc: {0} output: {1}".format(nmproc.rc, nmproc.summary)) try: # 创建文件名 md5 = hashlib.md5() md5.update(target) hash = md5.hexdigest() # with(open("data/nmap/" + hash + ".xml", "w")) as f: # f.write(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) # 扫描完成,解析结果 print {"status": 1, "result": hash} db.Nmap.update_one({"target": target}, {"$set": { "status": 1, "result": hash }})
def nmap_scan(hosts): ''' Do Nmap scan ''' # -sV is included by default in NmapProcess nmap cmd # To add more: options = '-T4 -sU -p-' # hosts = ['192.168.0.1', '192.168.0.2'] #nmap_args = '-T4 -sV -sS -pU:161,137,139'# -sS -sU --top-ports' nmap_args = '-T4 -sS -sV --max-rtt-timeout 100ms --max-retries 3' print '[*] Running: nmap {0} -iL <hostlist>'.format(nmap_args) nmap_proc = NmapProcess(targets=hosts, options=nmap_args) #rc = nmap_proc.sudo_run() rc = nmap_proc.sudo_run_background() while nmap_proc.is_running(): print("[*] Nmap progress: {1}%".format(nmap_proc.etc, nmap_proc.progress)) time.sleep(2) xml = nmap_proc.stdout try: report = NmapParser.parse(nmap_proc.stdout) except NmapParserException as e: print 'Exception raised while parsing scan: {0}'.format(e.msg) sys.exit() return report
def nmap_scan(targets): # Nmap scan with service detection (-sV), script scanning (-sC) on all # ports (-p-) and agressive timing (-T4) nmap_proc = NmapProcess(targets, options='-sV -sC -p- -T4', safe_mode=False) nmap_proc.run_background() # Checks nmap progress every 30 seconds print('Nmap start at {0}'.format(datetime.today().ctime())) while nmap_proc.is_running(): nmaptask = nmap_proc.current_task if nmaptask: print("Task {0} {1} ({2}): Progress: {3}%".format( len(nmap_proc.tasks) + 1, nmaptask.name, nmaptask.status, nmaptask.progress)) sleep(30) print(nmap_proc.summary) try: report = NmapParser.parse(nmap_proc.stdout) except NmapParserException as e: print('Exception raised while parsing scan: {0}'.format(e.msg)) if report.hosts_total == 0: print('No hosts discovered') sys.exit() return report
def nmap_scan(hosts): ''' Do Nmap scan ''' # -sV is included by default in NmapProcess nmap cmd # To add more: options = '-T4 -sU -p-' # hosts = ['192.168.0.1', '192.168.0.2'] #nmap_args = '-T4 -sV -sS -pU:161,137,139'# -sS -sU --top-ports' nmap_args = '-T4 -sS -sV --max-rtt-timeout 150ms --max-retries 3' print '[*] Running: nmap {0} -iL <hostlist>'.format(nmap_args) nmap_proc = NmapProcess(targets=hosts, options=nmap_args) #rc = nmap_proc.sudo_run() rc = nmap_proc.sudo_run_background() while nmap_proc.is_running(): print("[*] Nmap progress: {1}%".format(nmap_proc.etc, nmap_proc.progress)) time.sleep(2) xml = nmap_proc.stdout try: report = NmapParser.parse(nmap_proc.stdout) except NmapParserException as e: print 'Exception raised while parsing scan: {0}'.format(e.msg) sys.exit() return report
def scanByNmap(self, target, policy): runtime = 0 try: nmap_proc = NmapProcess(targets=target, options=policy, safe_mode=True) nmap_proc.run_background() while nmap_proc.is_running(): if runtime >= self.nmap_timeout: nmap_proc.stop() if self.output_mode != "silent": print self.R + u'\n[x] scan_host {} timeout...'.format( target) + self.W break else: if self.output_mode != "silent": sys.stdout.write( u'\033[1;34m[~] scan_host is {},scan progress is {}%({} sec)\n\033[0m' .format(target, nmap_proc.progress, runtime)) sys.stdout.flush() sleep(5) runtime += 5 if nmap_proc.is_successful() and nmap_proc.stdout: self.parserReport(nmap_proc.stdout) except Exception as e: print e
def udp_scan(self, udp_start, udp_end): ''' udp端口扫描 :param udp_start: :param udp_end: :return: json ''' nmap_proc = NmapProcess(targets=self.ip, options='-sU -e ' + str(self.iface) + ' -p ' + str(udp_start) + "-" + str(udp_end)) nmap_proc.run_background() while nmap_proc.is_running() and stop == 0: current = float(nmap_proc.progress) * self.udp_total * 0.01 self.udp_done.put(current) time.sleep(3) # 3秒更新一次百分比 if stop == 1: return ScanEngine = nmap.PortScanner() res = ScanEngine.analyse_nmap_xml_scan(nmap_proc.stdout) udp_ports = [] if dict(res)['scan'] and res: ret = dict(res)['scan'][self.ip] if 'udp' in ret: udp_ports = ret['udp'] for port in udp_ports: if str(udp_ports[port]['name']) and 'open' in str( udp_ports[port]["state"]): self.result.put({ "ip": self.ip, "port": str(port), "protocol": "UDP", "service": str(udp_ports[port]['name']), "state": str(udp_ports[port]["state"]) }) self.udp_done.put(self.udp_total)
def run_nmap_scan(scan_targets, scan_options): ''' Accepts scan targets and scan options for NmapProcess and launches scan Prints scan status updates and summary to stdout Returns NmapProcess object for further use TODO - catch keyboard interrupts and kill tasks so we can exit gracefully! nmap_proc.stop does not appear to fully kill threads in script scans so program will continue to execute but leaves an orphaned nmap process ''' status_update_interval = 5 #Check for sudo and disable scan options that require root if os.getuid() != 0: logging.warn( "Certain nmap scans require root privileges (SYN, UDP, ICMP, etc)..." ) logging.warn( "Disabling incompatible scan types and OS / service version detection options if enabled" ) scan_options = scan_options.replace("-sS", "-sT") scan_options = scan_options.replace("-sU", "") scan_options = scan_options.replace("-sP", "") scan_options = scan_options.replace("-sn", "") scan_options = scan_options.replace("-sV", "") scan_options = scan_options.replace("-O", "") nmap_proc = NmapProcess(targets=scan_targets, options=scan_options) print "Running scan command:\n" + nmap_proc.command nmap_proc.run_background() while nmap_proc.is_running(): try: time.sleep(status_update_interval) if nmap_proc.progress > 0: #Nmap only updates ETC periodically and will sometimes return a result that is behind current system time etctime = datetime.datetime.fromtimestamp(int(nmap_proc.etc)) systime = datetime.datetime.now().replace(microsecond=0) if etctime < systime: etctime = systime timeleft = etctime - systime print("{0} Timing: About {1}% done; ETC: {2} ({3} remaining)". format(nmap_proc.current_task.name, nmap_proc.progress, etctime, timeleft)) except KeyboardInterrupt: print "Keyboard Interrupt - Killing Current Nmap Scan!" nmap_proc.stop() if nmap_proc.rc == 0: print nmap_proc.summary + "\n" else: print nmap_proc.stderr + "\n" return nmap_proc
def collect_service_info(jsondata): """ >>> collect_service_info('{"target":"127.0.0.1"}') 扫描主机获取服务信息后通过HTTP API入库 :param jsondata: :return: """ ret = [] jsondata = json.loads(jsondata) target = jsondata.get("target", "") options = jsondata.get("options", global_options) log_states = jsondata.get("log_states", global_log_states) # 忽略内网IP ip = IP(target) if ip.iptype() == "PRIVATE": return "内网IP" if target.strip() == "": return "无IP" nmap_proc = NmapProcess(targets=str(target), options=options, safe_mode=False) nmap_proc.sudo_run_background() # nmap -O 参数需要root权限 while nmap_proc.is_running(): time.sleep(10) if nmap_proc.is_successful(): nmap_report = NmapParser.parse(nmap_proc.stdout) # 开始处理扫描结果 for host in nmap_report.hosts: # 处理主机开放的服务和端口 for serv in host.services: serv.address = host.address serv.endtime = host.endtime if serv.state in log_states: service = dict() service['address'] = serv.address service['port'] = serv.port service['service'] = serv.service service['state'] = serv.state service['protocol'] = serv.protocol service['product'] = serv.product if "product" in dir( serv) else None service[ 'product_version'] = serv.product_version if "product_version" in dir( serv) else None service[ 'product_extrainfo'] = serv.product_extrainfo if "product_extrainfo" in dir( serv) else None # HTTP API保存到远端服务器 CuteApi().post("/api/info/hostserviceinfo/add", service) ret.append(service) return json.dumps(ret)
def scan_host(target_host, num_tries): nm = NmapProcess(target_host, options='-sT -Pn -T3') cur_try = 0 while cur_try < num_tries: logger.debug( "Now running scan attempt #%d for host at %s." % (cur_try + 1, target_host) ) result = nm.run_background() while nm.is_running(): logger.debug( "Scan running. ETC: %s. DONE: %s." % (nm.etc, nm.progress) ) sleep(2) if nm.rc != 0: logger.warning( "Scan #%d for host at %s failed!" % (cur_try + 1, target_host) ) cur_try += 1 else: logger.debug( "Scan for host at %s succeeded!" % (target_host,) ) break if str(nm.state) != str(nm.DONE): logger.warning( "Scan for host at %s failed!" % (target_host,) ) return else: try: parsed = NmapParser.parse(nm.stdout) except NmapParserException as e: logger.error( "NmapParserException thrown: %s." % (e.msg,) ) host = parsed.hosts[0] to_return = [] for service in host.services: to_return.append( "%s//%s//%s//%s" % ( host.ipv4, service.protocol, str(service.port), service.state ) ) return to_return
def _run_scan(self): nmap_proc = NmapProcess(targets=self._target, options="-Pn -sT -sU -p "+self._port) nmap_proc.run_background() while nmap_proc.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nmap_proc.etc, nmap_proc.progress)) sleep(2) if nmap_proc.rc != 0: print("Nmap scan failed: {0}".format(nmap_proc.stderr)) sys.exit(2) else: return nmap_proc
def run_nmscan(pid: int): """ When run, queries the process information by the id provided from the database. Runs the test and returns the ouput of the test to the database :param pid: Id of process to run :return: None """ process = Process.query.filter_by(id=pid).first() scan = Scan.query.filter_by(id=process.scan_id).first() target_obj = Target.query.filter_by(id=scan.target_id).first() target = target_obj.domain nm = NmapProcess(targets=target, options="-sV -Pn -f --mtu 64 -p '*' -O") rc = nm.run_background() process.status = nm.state process.progress = nm.progress process.date_started = datetime.now().isoformat() scan.date_started = datetime.now().isoformat() db.session.commit() if nm.has_failed(): process.output = "nmap scan failed: {0}".format(nm.stderr) db.session.commit() return 1 while nm.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nm.etc, nm.progress)) if int(scan.progress) < int(float(nm.progress)): process.progress = int(float(nm.progress)) scan.progress = int(float(nm.progress)) db.session.commit() sleep(5) process.date_completed = datetime.now().isoformat() scan.date_completed = datetime.now().isoformat() if nm.has_failed(): process.status = nm.state scan.status = nm.state process.output = str(nm.stderr) elif nm.is_successful(): process.status = 3 scan.status = 3 scan.progress = 100 nmap_full_output = json.dumps(cb.data(fromstring(str(nm.stdout)))) nmap_output = Nmap.parse_nmap_output(nmap_full_output) if nmap_output: process.output = json.dumps(nmap_output) scan.output = json.dumps(nmap_output) else: scan.output = None db.session.commit()
def run_nmap_scan(scan_targets, scan_options): ''' Accepts scan targets and scan options for NmapProcess and launches scan Prints scan status updates and summary to stdout Returns NmapProcess object for further use TODO - catch keyboard interrupts and kill tasks so we can exit gracefully! nmap_proc.stop does not appear to fully kill threads in script scans so program will continue to execute but leaves an orphaned nmap process ''' status_update_interval = 5 #Check for sudo and disable scan options that require root if os.getuid()!=0: logging.warn("Certain nmap scans require root privileges (SYN, UDP, ICMP, etc)...") logging.warn("Disabling incompatible scan types and OS / service version detection options if enabled") scan_options = scan_options.replace("-sS", "-sT") scan_options = scan_options.replace("-sU", "") scan_options = scan_options.replace("-sP", "") scan_options = scan_options.replace("-sn", "") scan_options = scan_options.replace("-sV", "") scan_options = scan_options.replace("-O", "") nmap_proc = NmapProcess(targets=scan_targets, options=scan_options) print "Running scan command:\n"+nmap_proc.command nmap_proc.run_background() while nmap_proc.is_running(): try: time.sleep(status_update_interval) if nmap_proc.progress > 0: #Nmap only updates ETC periodically and will sometimes return a result that is behind current system time etctime = datetime.datetime.fromtimestamp(int(nmap_proc.etc)) systime = datetime.datetime.now().replace(microsecond=0) if etctime < systime: etctime = systime timeleft = etctime - systime print("{0} Timing: About {1}% done; ETC: {2} ({3} remaining)".format(nmap_proc.current_task.name, nmap_proc.progress, etctime, timeleft)) except KeyboardInterrupt: print "Keyboard Interrupt - Killing Current Nmap Scan!" nmap_proc.stop() if nmap_proc.rc == 0: print nmap_proc.summary + "\n" else: print nmap_proc.stderr + "\n" return nmap_proc
def do_scan(self): """scan start flag""" if(self._flg_is_scanning != True): self._flg_is_scanning = True if(self._flg_scan_finished != False): self._flg_scan_finished = False """运行次数初始化""" trycnt = 0 while True: """运行时间初始化""" runtime = 0 if trycnt >= self.retrycnt: print '-' * 50 return 'retry overflow' try: nmap_proc = NmapProcess(targets=self.targets,options=self.options,safe_mode=False) self._flg_is_scanning = True nmap_proc.run_background() while(nmap_proc.is_running()): """运行超时,结束掉任务,休息1分钟,再重启这个nmap任务""" if runtime >= self.timeout: print '-' * 50 print "timeout....terminate it...." nmap_proc.stop() """休眠时间""" sleep(60) trycnt += 1 break else: print 'running[%ss]:%s' %(runtime,nmap_proc.command) sleep(5) runtime += 5 if nmap_proc.is_successful(): """scan finished flag""" if(self._flg_is_scanning != False): self._flg_is_scanning = False if(self._flg_scan_finished != True): self._flg_scan_finished = True print '-' * 50 print nmap_proc.summary return nmap_proc.stdout except Exception,e: print e trycnt +=1 if trycnt >= retrycnt: print '-' * 50 print 'retry overflow' return e
def run_nmap_scan(self): parsed = None nmap_proc = NmapProcess(targets="10.10.10.3", options="") nmap_proc.run_background() while nmap_proc.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format( nmap_proc.etc, nmap_proc.progress)) sleep(2) nmap_report = NmapParser.parse(nmap_proc.stdout) nmap_results = NmapResults() nmap_results.add_hosts(nmap_report) return nmap_results
def nmap_scan(ip,ports,taskid): nmapscan.objects.create(ip=ip,task_id=taskid) result = nmapscan.objects.get(task_id=taskid) nmap_proc = NmapProcess(targets=ip, options='-sV -p '+ports) nmap_proc.run_background() while nmap_proc.is_running(): result.rate = str(nmap_proc.progress) result.save() time.sleep(2) # 两秒更新一次百分比 result.endtime = timezone.now() result.save() nm = nmap.PortScanner() print(nm.analyse_nmap_xml_scan(nmap_proc.stdout))
def do_scan(targets, options): parsed = None nmap_proc = NmapProcess(targets="scanme.nmap.org", options="-sS -sV -sC -O -nvvv -T4 -Pn") nmap_proc.run_background() while nmap_proc.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format( nmap_proc.etc, nmap_proc.progress)) sleep(2) print("rc: {0} output: {1}".format(nmap_proc.rc, nmap_proc.summary)) try: parsed = NmapParser.parse(nmap_proc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def default_scan(target_path): # config parameters sleep_interval = 10 # start scan target_list = read_targets(target_path) # heavy scan # nmap_proc = NmapProcess(targets=target_list, options="-sS -n -PE -PP -PM -PO -PS21,22,23,25,80,113,31339 -PA80," # "113,443,10042 -O -T4 -p-") # light scan nmap_proc = NmapProcess( targets=target_list, options="-PE -PP -PM -PO -PS21,22,23,25,80,113,31339 -PA80," "113,443,10042 -O -T4") # debug info print("scan target:") print(target_list) print("command:") print(nmap_proc.command) nmap_proc.run_background() while nmap_proc.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format( nmap_proc.etc, nmap_proc.progress)) time.sleep(sleep_interval) print("rc: {0} output: {1}".format(nmap_proc.rc, nmap_proc.summary)) # save to file time_label = time.strftime("%Y%m%d%H%M%S", time.localtime()) with open('nmap_scan_' + time_label + '.xml', 'w') as f: f.write(nmap_proc.stdout) f.close() try: nmap_report = NmapParser.parse(nmap_proc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return None print_scan(nmap_report) return nmap_report
def do_nmap_scan(targets, port): # 运行次数初始化 trycnt = 0 options = '-sT -P0 -sV -O --script=banner -p T:' + port.strip() while True: # 运行时间初始化 runtime = 0 if trycnt >= retrycnt: print '-' * 50 return 'retry overflow' try: nmap_proc = NmapProcess(targets=targets, options=options, safe_mode=False, fqp='/usr/bin/nmap') nmap_proc.run_background() while nmap_proc.is_running(): if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务 print '-' * 50 print "* timeout. terminate it..." nmap_proc.stop() # 休眠时间 sleep(60) trycnt += 1 break else: print 'running[%ss]:%s' % (runtime, nmap_proc.command) sleep(5) runtime += 5 if nmap_proc.is_successful(): print '-' * 50 print nmap_proc.summary return nmap_proc.stdout except Exception, e: # raise e print e trycnt += 1 if trycnt >= retrycnt: print '-' * 50 print '* retry overflow' return e
def do_scan(targets, options): parsed = None nmproc = NmapProcess(targets, options) #rc = nmproc.run() rc = nmproc.run_background() while nmproc.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nmproc.etc,nmproc.progress)) sleep(2) #print(type(nmproc.stdout)) file = open(output_name+'.xml','w') file.write(nmproc.stdout) file.close() try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def nmap_scan(target, commands): nm = NmapProcess(target, commands) #change to sudo_run(run_as='root') to run syn scans nm.run_background() command = nm.get_command_line() print(command) while nm.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format( nm.etc, nm.progress)) sleep(1) nmap_report = NmapParser.parse(nm.stdout) for host in nmap_report.hosts: if host.status == 'up': for serv in host.services: # if serv.port == 'open': service_check(host, serv) print("Primary Scan Completed \n")
def nmap_scan(ip,ports,taskid): scanIP.objects.get_or_create(ip=ip,task_id=taskid,scantime=datetime.datetime.now()) scan_ip_info.objects.filter(ipfor_id=scanIP.objects.get(ip=ip).id).delete() result = scanIP.objects.get(ip=ip) nmap_proc = NmapProcess(targets=ip, options='-sV -p '+ports) nmap_proc.run_background() while nmap_proc.is_running(): result.rate = str(nmap_proc.progress) result.save() time.sleep(2) # 两秒更新一次百分比 result.rate = str(nmap_proc.progress) result.endtime = datetime.datetime.now() result.save() nm = nmap.PortScanner() nmrs = nm.analyse_nmap_xml_scan(nmap_proc.stdout) for port,v in nmrs['scan'][ip]['tcp'].items(): scan_ip_info.objects.get_or_create(port=port,name=v['name'],state=v['state'],product=v['product']+' '+v['version'],cpe=v['cpe'],ipfor_id=scanIP.objects.get(ip=ip).id)
def nmap_scan(hosts): ''' Do Nmap scan ''' # This is top 1000 tcp + top 50 UDP scan # Nmap has chosen not to do --top-udp/tcp-ports options due to not wanting to overcomplicate # the cmd line interface nmap_args = '-sSUV -v --reason -T4 --max-retries 3 --max-rtt-timeout 150ms -pT:1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389,U:53,67-69,111,123,135,137-139,161-162,445,500,514,520,631,998,1434,1701,1900,4500,5353,49152,49154 -oA pm-nmap' print '[*] Running nmap' nmap_proc = NmapProcess(targets=hosts, options=nmap_args, safe_mode=False) rc = nmap_proc.sudo_run_background() while nmap_proc.is_running(): print("[*] Nmap running...") time.sleep(30) report = NmapParser.parse_fromfile('pm-nmap.xml') return report
def do_nmap_scan(targets, options=global_options): # 运行次数初始化 trycnt = 0 while True: # 运行时间初始化 runtime = 0 if trycnt >= retrycnt: print('-' * 50) return 'retry overflow' try: nmap_proc = NmapProcess(targets=targets, options=options, safe_mode=False) nmap_proc.run_background() while nmap_proc.is_running(): if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务 print('-' * 50) print("* timeout. terminate it...") nmap_proc.stop() # 休眠时间 sleep(5) trycnt += 1 break else: print('running[%ss]:%s' % (runtime, nmap_proc.command)) sleep(5) runtime += 5 if nmap_proc.is_successful(): print('-' * 50) print(nmap_proc.summary) return nmap_proc.stdout except Exception as e: # raise e print(e) trycnt += 1 if trycnt >= retrycnt: print('-' * 50) print('* retry overflow') return e
def nmap_scan(self, target: Dict[str, str]) -> None: """ Nmap scan task. Handles one Nmap process to scan the provided host(s) or range(s). Updates the host database when finished; may push status updates if invoked from web context. :param target: Target hosts or ranges in a format suitable for Nmap. """ storage.incr('scan_in_progress') options = Discovery.get_setting('scan_options') ports = Discovery.get_setting('ports') if ports: options += ' -p' + ports nm = NmapProcess(target['range'], options=options) nm.run_background() while nm.is_running(): self.update_state(state="PROGRESS", meta={ 'progress': nm.progress, 'target': target['name'] }) sleep(2) try: report = NmapParser.parse(nm.stdout) except NmapParserException as e: print(e) h = [(host.address, { str(p[0]): host.get_service(*p).get_dict() for p in host.get_open_ports() }) for host in report.hosts if host.is_up()] hosts = { host[0]: { 'ports': host[1], 'target': target['name'] } for host in h } update_hosts(hosts) storage.set('last_nmap_scan', int(time())) if scan_in_progress() > 0: storage.decr('scan_in_progress') self.update_state(state="RESULTS", meta={ 'hosts': h, 'target': target['name'] })
def do_scan(targets, options): parsed = None nmproc = NmapProcess(targets, options) rc = nmproc.run_background() while nmproc.is_running(): print("Nmap Scan is running: ETC: {0} DONE: {1}%".format(nmproc.etc, nmproc.progress)) sleep(2) print("rc: {0} output: {1}".format(nmproc.rc, nmproc.summary)) if rc != 0: print("nmap scan failed: {0}".format(nmproc.stderr)) print(type(nmproc.stdout)) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def scan_background(targets,options='-O -sV'): ''' 后台执行扫描,带进度输出 :param targets:扫描的目标,可以是List集合对象也,可以是以逗号分隔的目标集合。如"baidu.com" ,["baidu.com","qq.com"] ,"baidu.com,qq.com" :param options:扫描参数,同namp一致。 :return:成功返回扫描结果Dict对象,否则返回None ''' try: nmapProcess=NmapProcess(targets=targets,options=options) nmapProcess.run_background() while nmapProcess.is_running(): print("[*]Nmap Scan running: ETC: {0} DONE: {1}%".format(nmapProcess.etc,nmapProcess.progress)) sleep(1) results=NmapParser.parse_fromstring(nmapProcess.stdout) jsonData=json.loads(json.dumps(results,cls=ReportEncoder)) return jsonData except Exception as e: logging.error("Nmap scan error:{}".format(e)) return None
def do_nmap_scan(targets, options=global_options): # 运行次数初始化 trycnt = 0 while True: # 运行时间初始化 runtime = 0 if trycnt >= retrycnt: print '-' * 50 return 'retry overflow' try: nmap_proc = NmapProcess(targets=targets, options=options, safe_mode=False) nmap_proc.run_background() while nmap_proc.is_running(): if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务 print '-' * 50 print "* timeout. terminate it..." nmap_proc.stop() # 休眠时间 sleep(60) trycnt += 1 break else: print 'running[%ss]:%s' % (runtime, nmap_proc.command) sleep(5) runtime += 5 if nmap_proc.is_successful(): print '-' * 50 print nmap_proc.summary return nmap_proc.stdout except Exception, e: # raise e print e trycnt += 1 if trycnt >= retrycnt: print '-' * 50 print '* retry overflow' return e
def test(target): nm = NmapProcess(targets=target, options="-sV -Pn -f -p '*' -O ") rc = nm.sudo_run_background() while nm.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nm.etc, nm.progress)) sleep(5) if nm.is_successful(): try: parsed = NmapParser.parse(nm.stdout) print(parsed.summary) output = str(nm.stdout) print(output) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) else: out = str(nm.stderr) print(out)
def do_scan(targets, options): parsed = None nmproc = NmapProcess(targets, options) rc = nmproc.run_background() while nmproc.is_running(): print("Nmap Scan is running: ETC: {0} DONE: {1}%".format( nmproc.etc, nmproc.progress)) sleep(2) print("rc: {0} output: {1}".format(nmproc.rc, nmproc.summary)) if rc != 0: print("nmap scan failed: {0}".format(nmproc.stderr)) print(type(nmproc.stdout)) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def run(self): options = '-sT -sU -p{} -v -O'.format(','.join(self.ports)) logger.debug('Ip scan options: {!r}, ip_ranges: {}'.format( options, self.ip_ranges)) nmp_proc = NmapProcess(self.ip_ranges, options) nmp_proc.run_background() while nmp_proc.is_running(): self.progress = float(nmp_proc.progress) log = {'progress': self.progress, 'log': ''} self._log(log) time.sleep(self.loop_time) if nmp_proc.rc == 0: stdout = nmp_proc.stdout self._result(stdout) else: sys.stderr.write(nmp_proc.stdout) sys.stderr.close() sys.exit(2)
def do_scan(targets, options): parsed = None nmproc = NmapProcess(targets, options) nmproc.run_background() while nmproc.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format( nmproc.etc, nmproc.progress)) time.sleep(2) rc = nmproc.rc if rc != 0: print("nmap scan failed: {0}".format(nmproc.stderr)) print(type(nmproc.stdout)) open('sasdsa', 'w').write(nmproc.stdout) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def run_nmap_scan(self, targets, options, scan_id): print ('nmap targets: ' + str(targets) + ' nmap options: '+ str(options)) nmap_proc = NmapProcess(targets=targets, options=options) nmap_proc.run_background() while nmap_proc.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nmap_proc.etc, nmap_proc.progress)) sleep(7) #Store in file file_path = "/root/Desktop/FinalYearProjectRESTAPI/automated_scans/reports/"+str(scan_id)+".xml" file = open(file_path, "w") data = nmap_proc.stdout file.write(data) file.close() print(data) print(type(data)) return file_path
def update_ip(self): # hardcode it because I'm lazy AND it's a little tricky to discover from inside docker subnet = "192.168.7.0/24" nm = NmapProcess(subnet, options="-T5 -n -p 8080 --open --min-parallelism 255") nm.run_background() while nm.is_running(): sleep(0.5) nmap_report = NmapParser.parse(nm.stdout) for host in nmap_report.hosts: print(host.address) rv = requests.get(f"http://{host.address}:8080/api/v1/status") if rv.status_code == 200: if 'BackupBuffer' in rv.json(): print("Found device") self.ip = host.address return print("Unable to find any device") self.ip = None raise Exception("Unable to find device")
def do_nmap_scan(targets, options=NMAP_GLOBAL_OPTIONS): # 运行次数初始化 trycnt = 0 while True: # 运行时间初始化 runtime = 0 if trycnt >= NMAP_RETRYCNT: print "-" * 50 return "retry overflow" try: nmap_proc = NmapProcess(targets=targets, options=options, safe_mode=False) nmap_proc.run_background() while nmap_proc.is_running(): if runtime >= NMAP_TIMEOUT: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务 print "-" * 50 print "* timeout. terminate it..." nmap_proc.stop() # 休眠时间 time.sleep(60) trycnt += 1 break else: print "running[%ss]:%s" % (runtime, nmap_proc.command) time.sleep(5) runtime += 5 if nmap_proc.rc == 0: return nmap_proc.stdout except Exception, e: # raise e print e trycnt += 1 if trycnt >= NMAP_RETRYCNT: print "-" * 50 print "* retry overflow" return e
def nmap_service_scan(host, service, command): port = service.port nm = NmapProcess(host.address, options=command + " -p " + str(port)) # change to sudo_run(run_as='root') to run syn scans nm.run_background() command = nm.get_command_line() print(command) while nm.is_running(): print("Nmap Service Scan running:" + host.address + " : " + str(service.port) + " ETC: {0} DONE: {1}%".format(nm.etc, nm.progress)) sleep(10) nmap_report = NmapParser.parse(nm.stdout) for host_service in nmap_report.hosts: for serv in host_service.services: pserv = "{0:>5s}/{1:3s} {2:12s} {3} ".format( str(serv.port), host.address, serv.protocol, serv.state, serv.service) print(pserv) for result in serv.scripts_results: print(result["output"]) print("\n")
def do_scan(self): """ 对targets进行扫描,并返回探测结果 :param targets: 扫描目标 :param options: 扫描选项 :return: """ nmproc = NmapProcess(self.ip, self.options) nmproc.run_background() # 在后台运行 while nmproc.is_running(): nmaptask = nmproc.current_task if nmaptask: print("Task {0} ({1}): ETC: {2} DONE: {3}%".format( nmaptask.name, nmaptask.status, nmaptask.etc, nmaptask.progress)) sleep(2) self.raw_data = nmproc.stdout # 原始扫描数据 try: self.parsed = NmapParser.parse(nmproc.stdout) # 解析扫描的数据 except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return
class ScanEngine(object): def __init__(self,config): self.engine = NmapProcess(config.targets, config.options) def run(self): """Execute scan""" syslog.syslog("Starting scan") self.engine.run_background() while self.engine.is_running(): time.sleep(15) print "Scan is %s percent complete" % self.engine.progress syslog.syslog("Completed scan") def process(self): """parse and pre-process scan results""" try: self.parsed = NmapParser.parse(self.engine.stdout) syslog.syslog("Processing output") except Exception as e: syslog.syslog("Failed to parse output"+e) for h in self.parsed.hosts: print h.address
def perform_scan(config_file, section, targets, output_dir): # merge targets to create the smallest possible list of CIDR subnets subnets = list() for target in targets: subnets.append(IPNetwork(target)) subnets = cidr_merge(subnets) targets = list() for subnet in subnets: targets.append(str(subnet)) # check if required args declaration is supplied config = ConfigParser.ConfigParser() config.read(config_file) args = config_section_map(config, section)['args'] if not args: error('No \'args\' declaration found in %s' % section) exit() # check for options that will interfere with this script illegal_options = ['-oG', '-oN', '-iL', '-oA', '-oS', '-oX', '--iflist', '--resume', '--stylesheet', '--datadir', '--stats-every'] for option in illegal_options: if option in args: error('\'args\' declaration contains incompatible option \'%s\'' % (section, option)) exit() # store raw nmap output as well raw_file = '%s/%s.nmap' % (output_dir, section) args += ' -oN %s' % raw_file # perform scan info('Starting scan \'%s\'' % section) print(' -> %s' % config_section_map(config, section)['desc']) nmap_proc = NmapProcess(targets=targets, options=args, safe_mode=False) nmap_proc.sudo_run_background() while nmap_proc.is_running(): nmap_task = nmap_proc.current_task if nmap_task: m, s = divmod(int(nmap_task.remaining), 60) h, m = divmod(m, 60) remaining = "%d:%02d:%02d" % (h, m, s) sys.stdout.write( '[+] Task: {0} - ETC: {1} DONE: {2}%' ' \r'.format( nmap_task.name, remaining, nmap_task.progress)) sys.stdout.flush() sleep(1) # save results if nmap_proc.rc == 0: info('%s' % nmap_proc.summary.replace('Nmap done at', 'Scan completed on')) run('chown %s:%s %s' % (os.getuid(), os.getgid(), raw_file), sudo=True) print(" -> Nmap report saved to '%s'" % raw_file) if nmap_proc.stdout: xml_file = '%s/%s.xml' % (output_dir, section) out = open(xml_file, 'w') out.write(nmap_proc.stdout) out.close() print(" -> XML report saved to '%s'" % xml_file) #if nmap_proc.stderr: # err_file = '%s/%s.err' % (output_dir, section) # out = open(err_file, 'w') # out.write(nmap_proc.stderr) # out.close() # print(" -> Standard error output saved to '%s'" % # err_file) else: error('Error occurred:') print(' -> %s' % nmap_proc.stderr.rstrip())
#!/usr/bin/env python from libnmap.process import NmapProcess from time import sleep nmap_proc = NmapProcess(targets="scanme.nmap.org", options="-sT") nmap_proc.run_background() while nmap_proc.is_running(): nmaptask = nmap_proc.current_task if nmaptask: print "Task {0} ({1}): ETC: {2} DONE: {3}%".format(nmaptask.name, nmaptask.status, nmaptask.etc, nmaptask.progress) sleep(0.5) print "rc: {0} output: {1}".format(nmap_proc.rc, nmap_proc.summary) print nmap_proc.stdout