def all_scan(host, path):
proc = NmapProcess(host,
options='-A --version-all -p- -oN ' + path +
'.txt -oX ' + path + '.xml',
safe_mode=False)
proc.sudo_run()
report = NmapParser.parse_fromfile(path + '.xml')
return report.hosts[0]
def celery_nmap_scan(targets, options):
def status_callback(nmapscan=None, data=''):
current_task.update_state(state='PROGRESS',
meta={
'done': nmapscan.progress,
'etc': nmapscan.etc
})
if '/' in targets:
if isinstance(targets, unicode):
_network = ipaddress.ip_network(targets)
else:
_network = ipaddress.ip_network(targets.encode('unicode'))
targets = [str(ip) for ip in _network.hosts()]
else:
targets = targets.encode('ascii', 'ignore')
nm = NmapProcess(targets, options, event_callback=status_callback)
rc = nm.sudo_run()
if rc == 0 and nm.stdout:
r = nm.stdout
else:
r = nm.stderr
return {'rc': rc, 'report': r}
def celery_nmap_scan(targets, options):
"""celery_nmap_scan task"""
def status_callback(nmapscan=None):
"""status callback"""
try:
celery_nmap_scan.update_state(state="PROGRESS",
meta={"progress": nmapscan.progress,
"ready": 0,
"etc": nmapscan.etc})
except Exception as e:
print("status_callback error: " + str(e))
# scan is not yet finished (or even started).
# But I need to do this before the NmapProcess is started because
# otherwise other tasks might be queued in front of this!
_nmap_task_id = celery_nmap_scan.request.id
store_nmap_report_meta.apply_async(kwargs={'nmap_task_id': str(_nmap_task_id)})
print("tasks.py: Targets and Options")
print(targets)
print(options)
nm = NmapProcess(targets, options, event_callback=status_callback)
rc = nm.sudo_run()
if rc == 0 and nm.stdout:
r = nm.stdout
else:
r = None
return r
def ip_info(subnet):
nm = NmapProcess(subnet, options="-Pn -O")
rc = nm.sudo_run()
if nm.rc == 0:
rep = NmapParser.parse(nm.stdout)
for host in rep.hosts:
if host.is_up():
print("IP Address: {0}".format(host.address))
if host.os_fingerprinted:
for osm in host.os.osmatches:
print("OS Type: {0}".format(osm.name))
print ("Last seen timestamp: {0}\n" .format(host.lastboot))
else:
print (nm.stderr)
def run(self):
"""
This is the mainloop of the process manager.
It will go over the ip address given and preform an initial host discovery, after that it will run deeper
level scans of the network starting with the hosts found in the first scan. It will then move onto the remaining
hosts.
:return: True/False/None based on if the process failed to complete
"""
_exit = self.exit
_is_empty = False
_jobs = []
_uncommon_ports = sorted(set(range(65535)) - KNPORTS.as_nums())
_uncommon_ports = ["{}-{}".format(*i) if i[0] != str(i[1]) else i[0] for i in KNPORTS.group(_uncommon_ports)]
try:
self.database.open_db()
self.__load_options()
def job(item, opt_override=""):
if type(item) is list:
ipv4 = NProcess(options=self.options if not opt_override else opt_override)
ipv6 = NProcess(options="{} {}".format("-6", self.options if not opt_override else opt_override))
ipv4.targets.pop() # removes the default target list
ipv6.targets.pop()
for h_ip in item:
if h_ip.ipv4():
ipv4.targets.append(str(h_ip.ipv4()))
else:
ipv6.targets.append(str(h_ip.ipv6()))
if ipv4.targets:
_jobs.append(ipv4)
_jobs[-1].run_background()
if ipv6.targets:
_jobs.append(ipv6)
_jobs[-1].run_background()
else:
if item.ipv4():
_jobs.append(
NProcess(str(item.ipv4()), options=self.options if not opt_override else opt_override))
else:
_jobs.append(NProcess(str(item.ipv6()), options="{} {}".
format("-6", self.options if not opt_override else opt_override)))
_jobs[-1].run_background()
def process_jobs():
for ind, proc in enumerate(_jobs):
if proc.has_terminated():
if proc.rc != 0:
print("nmap scan failed: {0}".format(proc.stderr))
if __DEBUG__: self.to_file(proc.stdout)
try:
parsed = NmapParser.parse(proc.stdout)
if __DEBUG__: print(parsed.summary)
for host in parsed.hosts:
print("Saving {} to database.".format(host.address))
self.database.add_ip_scan(ipaddr=host.address, port_data=host.get_open_ports(),
e_time=parsed.elapsed, command=proc.command,
raw_data=host.get_dict(), _raw=proc.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
self.database.commit()
del _jobs[ind]
break
# preform 1st level scan
if __DEBUG__: print("Initial Scan")
init_discovery = set()
while self._init_host_scan:
try:
_ip = IPNetwork(self._init_host_scan.pop())
self._scanned_hosts.append(_ip.ipv4() if _ip.ipv4 else _ip.ipv6)
if _ip.ipv4():
_h = NProcess(list("%s" % i for i in _ip.ipv4()), options="-sn")
else:
_h = NProcess(list("%s" % i for i in _ip.ipv6()), options="-sn -6")
_h.sudo_run()
_p = NmapParser.parse(_h.stdout)
for _host in _p.hosts:
if _host.is_up():
init_discovery.add(_host.ipv4 if _host.ipv4 else _host.ipv6)
else:
self._add_host("med", _host.ipv4 if _host.ipv4 else _host.ipv6, 32)
except NmapParserException:
pass
# preform 2nd level scan, will only be preformed on init hosts found
if __DEBUG__: print("Secondary Scans")
_knports = ",".join(
["{}-{}".format(*i) if i[0] != i[1] else str(i[0]) for i in KNPORTS.group(list(KNPORTS.as_nums()))])
for _ip in init_discovery:
for opt in self.__scan_options:
job(IPAddress(_ip), opt_override="{} -p {} {}".format(opt, _knports, self.options))
# all code beyond this point will take a very long time to execute
if __DEBUG__: print("Primary Scans")
if __DEBUG__: print(self.hosts_to_scan)
while 1:
if _exit.kill:
for _index, _j in enumerate(_jobs):
_jobs[_index].stop()
return False
if len(_jobs) < self.max_workers and not _is_empty:
ip_group = []
while len(ip_group) < self.__max_host_scan and not _is_empty:
try:
# job(self.hosts_to_scan['high'].pop())
ip_group.append(self.hosts_to_scan['high'].pop())
except KeyError as e1:
try:
# job(self.hosts_to_scan['med'].pop())
ip_group.append(self.hosts_to_scan['med'].pop())
except KeyError as e2:
try:
# job(self.hosts_to_scan['low'].pop())
ip_group.append(self.hosts_to_scan['low'].pop())
except KeyError as e3:
_is_empty = True
for opt in self.__scan_options:
job(ip_group, opt_override="{} -p {} {}".format(opt, _knports, self.options))
process_jobs()
if len(_jobs) == 0:
break
except Exception as error:
print("Failed: {}\t {}\n Cleaning up processes".format(Exception, error))
traceback.print_tb(error.__traceback__)
for _index, _j in enumerate(_jobs):
try:
_jobs[_index].stop()
except Exception as err:
print("Failed to stop {}\t{}".format(Exception, err))
print("Killing all nmap process!")
system('killall -9 nmap')
system('killall -9 python')
system('killall -9 python3')
print("Killall command for nmap process sent")
finally:
print("Job Failed with kill signal.")
return False
# Time to run the uncommon ports, this will take a HUGE amount of time
print("Final Scan\nThis Scan will take a very long time\n")
_jobs = []
while self._scanned_hosts:
__ip = self._scanned_hosts.pop()
for opt in self.__scan_options:
job(__ip, opt_override="{} -p {} {}".
format(opt, ",".join(_uncommon_ports), self.options))
while 1:
if _exit.kill:
try:
for _index, _j in enumerate(_jobs):
_jobs[_index].stop()
except PermissionError:
return False
finally:
print("Job Failed with kill signal.")
return False
process_jobs()
if len(_jobs) == 0:
break
self.database.close_db()
recently_down = [host['ip'] for host in recently_down]
up = {"$expr": {"$eq": [{"$arrayElemAt": ["$timeline.up", -1]}, True]}}
recently_up = ips.find({"$and": [recently_set, up]})
recently_up = [host['ip'] for host in recently_up]
# pp.pprint(recently_down)
# pp.pprint(recently_up)
# pp.pprint(IP_set)
up_hosts = set()
writes = []
nmap_options = f'--send-ip -PE -PS{ports} -PA{ports} -sn -PP -n'
nm = NmapProcess(list(IP_set), nmap_options, fqp='/snap/bin/nmap')
nm.sudo_run()
print(nm.stderr)
report = NmapParser.parse(nm.stdout)
up_hosts = [
host.ipv4 for host in report.hosts
if host.is_up() and host.ipv4 not in recently_up
]
down_hosts = [
host.ipv4 for host in report.hosts
if not host.is_up() and host.ipv4 not in recently_down
]
for host in up_hosts:
filter = {"ip": {"$eq": host}}
