class NmapTaskBack(AsyncTaskBack, NmapMixin): nmap = None def __init__(self, host, db, args, inqueue, outqueue): super().__init__(inqueue, outqueue) self.nmap = NmapProcess(targets=host, options=args) self.nmap.run() self.db = db if self.nmap.is_successful(): parsed = NmapParser.parse(self.nmap.stdout) self.result = self.get_result(parsed) self.store(parsed) self.thread.join() def get_result(self, report): result = [] for host in report.hosts: hostname = '' if len(host.hostnames): hostname = host.hostnames.pop() if host.status != 'up': continue services = [] for service in host.services: services.append({ 'port': service.port, 'proto': service.protocol, 'state': service.state, 'version': service.banner, 'service': service.service }) result.append({hostname: {'services': services}}) return result def is_running(self): if self.nmap: return self.nmap.is_running() def is_successful(self): return self.nmap.is_successful() def finish(self): self._stop = True return self.result def terminate(self): self.nmap.stop() def state(self): state = 'running' if self.nmap.is_running() else 'completed' return self.nmap.progress, state, self.nmap.command def __str__(self): return '{:>4}% {} - {}'.format( self.nmap.progress, self.nmap.command, 'running' if self.nmap.is_running() else 'completed')
def scanByNmap(self, target, policy): runtime = 0 try: nmap_proc = NmapProcess(targets=target, options=policy, safe_mode=True) nmap_proc.run_background() while nmap_proc.is_running(): if runtime >= self.nmap_timeout: nmap_proc.stop() if self.output_mode != "silent": print self.R + u'\n[x] scan_host {} timeout...'.format( target) + self.W break else: if self.output_mode != "silent": sys.stdout.write( u'\033[1;34m[~] scan_host is {},scan progress is {}%({} sec)\n\033[0m' .format(target, nmap_proc.progress, runtime)) sys.stdout.flush() sleep(5) runtime += 5 if nmap_proc.is_successful() and nmap_proc.stdout: self.parserReport(nmap_proc.stdout) except Exception as e: print e
def collect_service_info(jsondata): """ >>> collect_service_info('{"target":"127.0.0.1"}') 扫描主机获取服务信息后通过HTTP API入库 :param jsondata: :return: """ ret = [] jsondata = json.loads(jsondata) target = jsondata.get("target", "") options = jsondata.get("options", global_options) log_states = jsondata.get("log_states", global_log_states) # 忽略内网IP ip = IP(target) if ip.iptype() == "PRIVATE": return "内网IP" if target.strip() == "": return "无IP" nmap_proc = NmapProcess(targets=str(target), options=options, safe_mode=False) nmap_proc.sudo_run_background() # nmap -O 参数需要root权限 while nmap_proc.is_running(): time.sleep(10) if nmap_proc.is_successful(): nmap_report = NmapParser.parse(nmap_proc.stdout) # 开始处理扫描结果 for host in nmap_report.hosts: # 处理主机开放的服务和端口 for serv in host.services: serv.address = host.address serv.endtime = host.endtime if serv.state in log_states: service = dict() service['address'] = serv.address service['port'] = serv.port service['service'] = serv.service service['state'] = serv.state service['protocol'] = serv.protocol service['product'] = serv.product if "product" in dir( serv) else None service[ 'product_version'] = serv.product_version if "product_version" in dir( serv) else None service[ 'product_extrainfo'] = serv.product_extrainfo if "product_extrainfo" in dir( serv) else None # HTTP API保存到远端服务器 CuteApi().post("/api/info/hostserviceinfo/add", service) ret.append(service) return json.dumps(ret)
def run_nmscan(pid: int): """ When run, queries the process information by the id provided from the database. Runs the test and returns the ouput of the test to the database :param pid: Id of process to run :return: None """ process = Process.query.filter_by(id=pid).first() scan = Scan.query.filter_by(id=process.scan_id).first() target_obj = Target.query.filter_by(id=scan.target_id).first() target = target_obj.domain nm = NmapProcess(targets=target, options="-sV -Pn -f --mtu 64 -p '*' -O") rc = nm.run_background() process.status = nm.state process.progress = nm.progress process.date_started = datetime.now().isoformat() scan.date_started = datetime.now().isoformat() db.session.commit() if nm.has_failed(): process.output = "nmap scan failed: {0}".format(nm.stderr) db.session.commit() return 1 while nm.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nm.etc, nm.progress)) if int(scan.progress) < int(float(nm.progress)): process.progress = int(float(nm.progress)) scan.progress = int(float(nm.progress)) db.session.commit() sleep(5) process.date_completed = datetime.now().isoformat() scan.date_completed = datetime.now().isoformat() if nm.has_failed(): process.status = nm.state scan.status = nm.state process.output = str(nm.stderr) elif nm.is_successful(): process.status = 3 scan.status = 3 scan.progress = 100 nmap_full_output = json.dumps(cb.data(fromstring(str(nm.stdout)))) nmap_output = Nmap.parse_nmap_output(nmap_full_output) if nmap_output: process.output = json.dumps(nmap_output) scan.output = json.dumps(nmap_output) else: scan.output = None db.session.commit()
def do_scan(self): """scan start flag""" if(self._flg_is_scanning != True): self._flg_is_scanning = True if(self._flg_scan_finished != False): self._flg_scan_finished = False """运行次数初始化""" trycnt = 0 while True: """运行时间初始化""" runtime = 0 if trycnt >= self.retrycnt: print '-' * 50 return 'retry overflow' try: nmap_proc = NmapProcess(targets=self.targets,options=self.options,safe_mode=False) self._flg_is_scanning = True nmap_proc.run_background() while(nmap_proc.is_running()): """运行超时,结束掉任务,休息1分钟,再重启这个nmap任务""" if runtime >= self.timeout: print '-' * 50 print "timeout....terminate it...." nmap_proc.stop() """休眠时间""" sleep(60) trycnt += 1 break else: print 'running[%ss]:%s' %(runtime,nmap_proc.command) sleep(5) runtime += 5 if nmap_proc.is_successful(): """scan finished flag""" if(self._flg_is_scanning != False): self._flg_is_scanning = False if(self._flg_scan_finished != True): self._flg_scan_finished = True print '-' * 50 print nmap_proc.summary return nmap_proc.stdout except Exception,e: print e trycnt +=1 if trycnt >= retrycnt: print '-' * 50 print 'retry overflow' return e
def run(self): nm = NmapProcess(targets=str(self.artifact['name']), options='-sT -sV -Pn -T5 -p21,22,23,25,80,6667,1337') nm.run() if nm.is_successful(): report = NmapParser.parse_fromstring(nm.stdout) for host in report.hosts: if host.is_up(): results = { 'ports': host.get_open_ports(), 'services': [] } for service in host.services: if service.state == 'open': serv = { 'banner': service.banner, 'protocol': service.protocol, 'service': service.service, 'port': service.port} results['services'].append(serv) if self.artifact['subtype'] == 'ipv4': results['hostnames'] = host.hostnames for h in host.hostnames: self.artifact['children'].append({ 'name': h, 'type': 'host', 'subtype': 'fqdn', 'source': 'Nmap' }) elif self.artifact['subtype'] == 'fqdn': results['ipv4'] = host.address self.artifact['children'].append({ 'name': host.address, 'type': 'host', 'subtype': 'ipv4', 'source': 'Nmap' }) self.artifact['data']['nmap'] = results else: warning('Nmap scanner failed - no results')
def do_nmap_scan(targets, port): # 运行次数初始化 trycnt = 0 options = '-sT -P0 -sV -O --script=banner -p T:' + port.strip() while True: # 运行时间初始化 runtime = 0 if trycnt >= retrycnt: print '-' * 50 return 'retry overflow' try: nmap_proc = NmapProcess(targets=targets, options=options, safe_mode=False, fqp='/usr/bin/nmap') nmap_proc.run_background() while nmap_proc.is_running(): if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务 print '-' * 50 print "* timeout. terminate it..." nmap_proc.stop() # 休眠时间 sleep(60) trycnt += 1 break else: print 'running[%ss]:%s' % (runtime, nmap_proc.command) sleep(5) runtime += 5 if nmap_proc.is_successful(): print '-' * 50 print nmap_proc.summary return nmap_proc.stdout except Exception, e: # raise e print e trycnt += 1 if trycnt >= retrycnt: print '-' * 50 print '* retry overflow' return e
def do_nmap_scan(targets, options=global_options): # 运行次数初始化 trycnt = 0 while True: # 运行时间初始化 runtime = 0 if trycnt >= retrycnt: print('-' * 50) return 'retry overflow' try: nmap_proc = NmapProcess(targets=targets, options=options, safe_mode=False) nmap_proc.run_background() while nmap_proc.is_running(): if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务 print('-' * 50) print("* timeout. terminate it...") nmap_proc.stop() # 休眠时间 sleep(5) trycnt += 1 break else: print('running[%ss]:%s' % (runtime, nmap_proc.command)) sleep(5) runtime += 5 if nmap_proc.is_successful(): print('-' * 50) print(nmap_proc.summary) return nmap_proc.stdout except Exception as e: # raise e print(e) trycnt += 1 if trycnt >= retrycnt: print('-' * 50) print('* retry overflow') return e
def do_nmap_scan(targets, options=global_options): # 运行次数初始化 trycnt = 0 while True: # 运行时间初始化 runtime = 0 if trycnt >= retrycnt: print '-' * 50 return 'retry overflow' try: nmap_proc = NmapProcess(targets=targets, options=options, safe_mode=False) nmap_proc.run_background() while nmap_proc.is_running(): if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务 print '-' * 50 print "* timeout. terminate it..." nmap_proc.stop() # 休眠时间 sleep(60) trycnt += 1 break else: print 'running[%ss]:%s' % (runtime, nmap_proc.command) sleep(5) runtime += 5 if nmap_proc.is_successful(): print '-' * 50 print nmap_proc.summary return nmap_proc.stdout except Exception, e: # raise e print e trycnt += 1 if trycnt >= retrycnt: print '-' * 50 print '* retry overflow' return e
def test(target): nm = NmapProcess(targets=target, options="-sV -Pn -f -p '*' -O ") rc = nm.sudo_run_background() while nm.is_running(): print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nm.etc, nm.progress)) sleep(5) if nm.is_successful(): try: parsed = NmapParser.parse(nm.stdout) print(parsed.summary) output = str(nm.stdout) print(output) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) else: out = str(nm.stderr) print(out)
class NmapAdapter(ToolAdapter): @log(logger) def __init__(self, ip, commandline=None): if self.is_valid_ip(ip): self.ip = ip else: raise ValueError if commandline: self.commandline = commandline else: self.commandline = '-sV' self.nmproc = NmapProcess(self.ip, self.commandline) @log(logger) def start(self): logger.info('nmap started on IP {}'.format(self.ip)) rc = self.nmproc.run_background() if self.nmproc.stderr: logger.critical('nmap has failed: {0}'.format(self.nmproc.stderr)) print('nmap scan has failed:', self.nmproc.stderr) def status(self): if self.nmproc.is_running(): return 'running: {0}%'.format(self.nmproc.progress) else: if self.nmproc.has_failed(): return 'failed' elif self.nmproc.is_successful(): return 'finished (successfully)' else: return 'stopped' @log(logger) def stop(self): if self.nmproc.is_running(): self.nmproc.stop() @log(logger) def get_result_json(self): report = None try: report = NmapParser.parse(self.nmproc.stdout) except NmapParserException as e: logger.critical("Exception raised while parsing scan: {0}".format( e.msg)) print("Exception raised while parsing scan: {0}".format(e.msg)) return None report_dict = {} report_dict['starttime'] = report.started report_dict['endtime'] = report.endtime report_dict['host'] = self.ip host = report.hosts[0] report_dict['hoststatus'] = host.status services = [] for serv in host.services: service = {} service['port'] = serv.port service['protocol'] = serv.protocol service['state'] = serv.state service['service'] = serv.service if len(serv.banner): service['banner'] = serv.banner if len(serv.cpelist): cpe = {} cpe['part'] = serv.cpelist[0].get_part() cpe['vendor'] = serv.cpelist[0].get_vendor() cpe['product'] = serv.cpelist[0].get_product() cpe['version'] = serv.cpelist[0].get_version() cpe['update'] = serv.cpelist[0].get_update() cpe['edition'] = serv.cpelist[0].get_edition() cpe['language'] = serv.cpelist[0].get_language() service['cpe'] = cpe services.append(service) report_dict['services'] = services json_data = dumps(report_dict) return json_data