class NmapTaskBack(AsyncTaskBack, NmapMixin):
nmap = None
def __init__(self, host, db, args, inqueue, outqueue):
super().__init__(inqueue, outqueue)
self.nmap = NmapProcess(targets=host, options=args)
self.nmap.run()
self.db = db
if self.nmap.is_successful():
parsed = NmapParser.parse(self.nmap.stdout)
self.result = self.get_result(parsed)
self.store(parsed)
self.thread.join()
def get_result(self, report):
result = []
for host in report.hosts:
hostname = ''
if len(host.hostnames):
hostname = host.hostnames.pop()
if host.status != 'up':
continue
services = []
for service in host.services:
services.append({
'port': service.port,
'proto': service.protocol,
'state': service.state,
'version': service.banner,
'service': service.service
})
result.append({hostname: {'services': services}})
return result
def is_running(self):
if self.nmap:
return self.nmap.is_running()
def is_successful(self):
return self.nmap.is_successful()
def finish(self):
self._stop = True
return self.result
def terminate(self):
self.nmap.stop()
def state(self):
state = 'running' if self.nmap.is_running() else 'completed'
return self.nmap.progress, state, self.nmap.command
def __str__(self):
return '{:>4}% {} - {}'.format(
self.nmap.progress, self.nmap.command,
'running' if self.nmap.is_running() else 'completed')
def scanByNmap(self, target, policy):
runtime = 0
try:
nmap_proc = NmapProcess(targets=target,
options=policy,
safe_mode=True)
nmap_proc.run_background()
while nmap_proc.is_running():
if runtime >= self.nmap_timeout:
nmap_proc.stop()
if self.output_mode != "silent":
print self.R + u'\n[x] scan_host {} timeout...'.format(
target) + self.W
break
else:
if self.output_mode != "silent":
sys.stdout.write(
u'\033[1;34m[~] scan_host is {},scan progress is {}%({} sec)\n\033[0m'
.format(target, nmap_proc.progress, runtime))
sys.stdout.flush()
sleep(5)
runtime += 5
if nmap_proc.is_successful() and nmap_proc.stdout:
self.parserReport(nmap_proc.stdout)
except Exception as e:
print e
def collect_service_info(jsondata):
"""
>>> collect_service_info('{"target":"127.0.0.1"}')
扫描主机获取服务信息后通过HTTP API入库
:param jsondata:
:return:
"""
ret = []
jsondata = json.loads(jsondata)
target = jsondata.get("target", "")
options = jsondata.get("options", global_options)
log_states = jsondata.get("log_states", global_log_states)
# 忽略内网IP
ip = IP(target)
if ip.iptype() == "PRIVATE":
return "内网IP"
if target.strip() == "":
return "无IP"
nmap_proc = NmapProcess(targets=str(target),
options=options,
safe_mode=False)
nmap_proc.sudo_run_background() # nmap -O 参数需要root权限
while nmap_proc.is_running():
time.sleep(10)
if nmap_proc.is_successful():
nmap_report = NmapParser.parse(nmap_proc.stdout)
# 开始处理扫描结果
for host in nmap_report.hosts:
# 处理主机开放的服务和端口
for serv in host.services:
serv.address = host.address
serv.endtime = host.endtime
if serv.state in log_states:
service = dict()
service['address'] = serv.address
service['port'] = serv.port
service['service'] = serv.service
service['state'] = serv.state
service['protocol'] = serv.protocol
service['product'] = serv.product if "product" in dir(
serv) else None
service[
'product_version'] = serv.product_version if "product_version" in dir(
serv) else None
service[
'product_extrainfo'] = serv.product_extrainfo if "product_extrainfo" in dir(
serv) else None
# HTTP API保存到远端服务器
CuteApi().post("/api/info/hostserviceinfo/add", service)
ret.append(service)
return json.dumps(ret)
def run_nmscan(pid: int):
"""
When run, queries the process information by the id provided from the database.
Runs the test and returns the ouput of the test to the database
:param pid: Id of process to run
:return: None
"""
process = Process.query.filter_by(id=pid).first()
scan = Scan.query.filter_by(id=process.scan_id).first()
target_obj = Target.query.filter_by(id=scan.target_id).first()
target = target_obj.domain
nm = NmapProcess(targets=target, options="-sV -Pn -f --mtu 64 -p '*' -O")
rc = nm.run_background()
process.status = nm.state
process.progress = nm.progress
process.date_started = datetime.now().isoformat()
scan.date_started = datetime.now().isoformat()
db.session.commit()
if nm.has_failed():
process.output = "nmap scan failed: {0}".format(nm.stderr)
db.session.commit()
return 1
while nm.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nm.etc,
nm.progress))
if int(scan.progress) < int(float(nm.progress)):
process.progress = int(float(nm.progress))
scan.progress = int(float(nm.progress))
db.session.commit()
sleep(5)
process.date_completed = datetime.now().isoformat()
scan.date_completed = datetime.now().isoformat()
if nm.has_failed():
process.status = nm.state
scan.status = nm.state
process.output = str(nm.stderr)
elif nm.is_successful():
process.status = 3
scan.status = 3
scan.progress = 100
nmap_full_output = json.dumps(cb.data(fromstring(str(nm.stdout))))
nmap_output = Nmap.parse_nmap_output(nmap_full_output)
if nmap_output:
process.output = json.dumps(nmap_output)
scan.output = json.dumps(nmap_output)
else:
scan.output = None
db.session.commit()
def do_scan(self):
"""scan start flag"""
if(self._flg_is_scanning != True):
self._flg_is_scanning = True
if(self._flg_scan_finished != False):
self._flg_scan_finished = False
"""运行次数初始化"""
trycnt = 0
while True:
"""运行时间初始化"""
runtime = 0
if trycnt >= self.retrycnt:
print '-' * 50
return 'retry overflow'
try:
nmap_proc = NmapProcess(targets=self.targets,options=self.options,safe_mode=False)
self._flg_is_scanning = True
nmap_proc.run_background()
while(nmap_proc.is_running()):
"""运行超时,结束掉任务,休息1分钟,再重启这个nmap任务"""
if runtime >= self.timeout:
print '-' * 50
print "timeout....terminate it...."
nmap_proc.stop()
"""休眠时间"""
sleep(60)
trycnt += 1
break
else:
print 'running[%ss]:%s' %(runtime,nmap_proc.command)
sleep(5)
runtime += 5
if nmap_proc.is_successful():
"""scan finished flag"""
if(self._flg_is_scanning != False):
self._flg_is_scanning = False
if(self._flg_scan_finished != True):
self._flg_scan_finished = True
print '-' * 50
print nmap_proc.summary
return nmap_proc.stdout
except Exception,e:
print e
trycnt +=1
if trycnt >= retrycnt:
print '-' * 50
print 'retry overflow'
return e
def run(self):
nm = NmapProcess(targets=str(self.artifact['name']), options='-sT -sV -Pn -T5 -p21,22,23,25,80,6667,1337')
nm.run()
if nm.is_successful():
report = NmapParser.parse_fromstring(nm.stdout)
for host in report.hosts:
if host.is_up():
results = {
'ports': host.get_open_ports(),
'services': []
}
for service in host.services:
if service.state == 'open':
serv = {
'banner': service.banner,
'protocol': service.protocol,
'service': service.service,
'port': service.port}
results['services'].append(serv)
if self.artifact['subtype'] == 'ipv4':
results['hostnames'] = host.hostnames
for h in host.hostnames:
self.artifact['children'].append({
'name': h,
'type': 'host',
'subtype': 'fqdn',
'source': 'Nmap'
})
elif self.artifact['subtype'] == 'fqdn':
results['ipv4'] = host.address
self.artifact['children'].append({
'name': host.address,
'type': 'host',
'subtype': 'ipv4',
'source': 'Nmap'
})
self.artifact['data']['nmap'] = results
else:
warning('Nmap scanner failed - no results')
def do_nmap_scan(targets, port):
# 运行次数初始化
trycnt = 0
options = '-sT -P0 -sV -O --script=banner -p T:' + port.strip()
while True:
# 运行时间初始化
runtime = 0
if trycnt >= retrycnt:
print '-' * 50
return 'retry overflow'
try:
nmap_proc = NmapProcess(targets=targets,
options=options,
safe_mode=False,
fqp='/usr/bin/nmap')
nmap_proc.run_background()
while nmap_proc.is_running():
if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务
print '-' * 50
print "* timeout. terminate it..."
nmap_proc.stop()
# 休眠时间
sleep(60)
trycnt += 1
break
else:
print 'running[%ss]:%s' % (runtime, nmap_proc.command)
sleep(5)
runtime += 5
if nmap_proc.is_successful():
print '-' * 50
print nmap_proc.summary
return nmap_proc.stdout
except Exception, e:
# raise e
print e
trycnt += 1
if trycnt >= retrycnt:
print '-' * 50
print '* retry overflow'
return e
def do_nmap_scan(targets, options=global_options):
# 运行次数初始化
trycnt = 0
while True:
# 运行时间初始化
runtime = 0
if trycnt >= retrycnt:
print('-' * 50)
return 'retry overflow'
try:
nmap_proc = NmapProcess(targets=targets,
options=options,
safe_mode=False)
nmap_proc.run_background()
while nmap_proc.is_running():
if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务
print('-' * 50)
print("* timeout. terminate it...")
nmap_proc.stop()
# 休眠时间
sleep(5)
trycnt += 1
break
else:
print('running[%ss]:%s' % (runtime, nmap_proc.command))
sleep(5)
runtime += 5
if nmap_proc.is_successful():
print('-' * 50)
print(nmap_proc.summary)
return nmap_proc.stdout
except Exception as e:
# raise e
print(e)
trycnt += 1
if trycnt >= retrycnt:
print('-' * 50)
print('* retry overflow')
return e
def do_nmap_scan(targets, options=global_options): # 运行次数初始化 trycnt = 0 while True: # 运行时间初始化 runtime = 0 if trycnt >= retrycnt: print '-' * 50 return 'retry overflow' try: nmap_proc = NmapProcess(targets=targets, options=options, safe_mode=False) nmap_proc.run_background() while nmap_proc.is_running(): if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务 print '-' * 50 print "* timeout. terminate it..." nmap_proc.stop() # 休眠时间 sleep(60) trycnt += 1 break else: print 'running[%ss]:%s' % (runtime, nmap_proc.command) sleep(5) runtime += 5 if nmap_proc.is_successful(): print '-' * 50 print nmap_proc.summary return nmap_proc.stdout except Exception, e: # raise e print e trycnt += 1 if trycnt >= retrycnt: print '-' * 50 print '* retry overflow' return e
def test(target):
nm = NmapProcess(targets=target, options="-sV -Pn -f -p '*' -O ")
rc = nm.sudo_run_background()
while nm.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nm.etc,
nm.progress))
sleep(5)
if nm.is_successful():
try:
parsed = NmapParser.parse(nm.stdout)
print(parsed.summary)
output = str(nm.stdout)
print(output)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
else:
out = str(nm.stderr)
print(out)
class NmapAdapter(ToolAdapter):
@log(logger)
def __init__(self, ip, commandline=None):
if self.is_valid_ip(ip):
self.ip = ip
else:
raise ValueError
if commandline:
self.commandline = commandline
else:
self.commandline = '-sV'
self.nmproc = NmapProcess(self.ip, self.commandline)
@log(logger)
def start(self):
logger.info('nmap started on IP {}'.format(self.ip))
rc = self.nmproc.run_background()
if self.nmproc.stderr:
logger.critical('nmap has failed: {0}'.format(self.nmproc.stderr))
print('nmap scan has failed:', self.nmproc.stderr)
def status(self):
if self.nmproc.is_running():
return 'running: {0}%'.format(self.nmproc.progress)
else:
if self.nmproc.has_failed():
return 'failed'
elif self.nmproc.is_successful():
return 'finished (successfully)'
else:
return 'stopped'
@log(logger)
def stop(self):
if self.nmproc.is_running():
self.nmproc.stop()
@log(logger)
def get_result_json(self):
report = None
try:
report = NmapParser.parse(self.nmproc.stdout)
except NmapParserException as e:
logger.critical("Exception raised while parsing scan: {0}".format(
e.msg))
print("Exception raised while parsing scan: {0}".format(e.msg))
return None
report_dict = {}
report_dict['starttime'] = report.started
report_dict['endtime'] = report.endtime
report_dict['host'] = self.ip
host = report.hosts[0]
report_dict['hoststatus'] = host.status
services = []
for serv in host.services:
service = {}
service['port'] = serv.port
service['protocol'] = serv.protocol
service['state'] = serv.state
service['service'] = serv.service
if len(serv.banner):
service['banner'] = serv.banner
if len(serv.cpelist):
cpe = {}
cpe['part'] = serv.cpelist[0].get_part()
cpe['vendor'] = serv.cpelist[0].get_vendor()
cpe['product'] = serv.cpelist[0].get_product()
cpe['version'] = serv.cpelist[0].get_version()
cpe['update'] = serv.cpelist[0].get_update()
cpe['edition'] = serv.cpelist[0].get_edition()
cpe['language'] = serv.cpelist[0].get_language()
service['cpe'] = cpe
services.append(service)
report_dict['services'] = services
json_data = dumps(report_dict)
return json_data
