def target_ip(self):
print(f"[*] Loaded single target: {self.target_hosts}")
FileHelper.check_directory(output_directory=self.snmp_directory)
jobs = []
p = multiprocessing.Process(target=SnmpWalk.snmp_scans)
jobs.append(p)
p.start()
def test_write_recommendations(self):
FileHelper.write_recommendations(results=self.SAMPLE_NMAP,
ip_address=self.HOST,
outputdir=self.OUTPUT_DIR)
res_dir = f'{self.OUTPUT_DIR}/{self.HOST}'
self.assertTrue(os.path.exists(f'{res_dir}_findings.txt'))
os.remove(f'{res_dir}_findings.txt')
def test_expand_targets(self):
FileHelper.expand_targets(target_hosts=self.IP_RANGE,
output_directory=self.OUTPUT_DIR)
self.assertTrue(os.path.exists(f'{self.OUTPUT_DIR}/targets.txt'))
self.assertTrue(os.path.isfile(f'{self.OUTPUT_DIR}/targets.txt'))
os.remove(f'{self.OUTPUT_DIR}/targets.txt')
def snmp_walk(self):
FileHelper.check_directory(output_directory=self.output_directory)
if (self.valid_ip(self.target_hosts)):
self.target_ip()
else:
self.target_file()
def test_make_file(self):
if os.path.exists(self.OUTPUT_FILE):
os.remove(self.OUTPUT_FILE)
FileHelper.make_file(self.OUTPUT_FILE)
self.assertIsNotNone(self.OUTPUT_FILE)
self.assertTrue(os.path.exists(self.OUTPUT_FILE))
self.assertTrue(os.path.isfile(self.OUTPUT_FILE))
os.remove(self.OUTPUT_FILE)
def target_ip(self):
print(f"[*] Loaded single target: {self.target_hosts}")
target_hosts = self.target_hosts.strip()
FileHelper.create_dir_structure(target_hosts, self.output_directory)
FileHelper.check_directory(output_directory=self.nmap_directory)
jobs = []
p = multiprocessing.Process(target=self.nmap_scan)
jobs.append(p)
p.start()
def test_check_directory(self):
res = FileHelper.check_directory(output_directory=self.OUTPUT_DIR)
self.assertIsNotNone(res)
self.assertTrue(os.path.exists(res))
self.assertTrue(os.path.isdir(res))
self.assertFalse(os.path.exists(self.INVALID_DIR))
res2 = FileHelper.check_directory(output_directory=self.INVALID_DIR)
self.assertTrue(os.path.exists(res2))
self.assertTrue(os.path.isdir(res2))
os.rmdir(res2)
def __init__(self, target_hosts, output_directory, dns_server, quiet,
quick, no_udp_service_scan):
self.target_hosts = target_hosts
self.output_directory = output_directory
self.dns_server = dns_server
self.quiet = quiet
self.quick = quick
self.no_udp_service_scan = no_udp_service_scan
self.nmap_directory = f"{self.output_directory}/{self.target_hosts}/scans"
FileHelper.create_dir_structure(target_hosts, self.output_directory)
def test_make_directory(self):
if os.path.exists(self.NEW_DIR):
os.rmdir(self.NEW_DIR)
FileHelper.make_directory(output_directory=self.NEW_DIR)
self.assertTrue(os.path.exists(self.NEW_DIR))
self.assertTrue(os.path.isdir(self.NEW_DIR))
self.assertRaises(FileExistsError,
FileHelper.make_directory,
output_directory=self.NEW_DIR)
os.rmdir(self.NEW_DIR)
def ping_sweeper(self):
FileHelper.check_directory(output_directory=self.output_directory)
print("[+] Performing ping sweep over %s" % self.target_hosts)
self.call_nmap_sweep()
self.parse_nmap_output_for_live_hosts()
self.write_live_hosts_list_to_file()
for ip_address in self.live_hosts:
print(" [>] Discovered host: %s" % (ip_address))
print("[*] Found %s live hosts" % (len(self.live_hosts)))
print("[*] Created target list %s" % (self.output_file))
def find_dns(self):
FileHelper.check_directory(output_directory=self.output_directory)
output_file = open(self.output_file, 'w')
output_targets = open(self.output_targets, 'w')
targets = FileHelper.load_targets(self.target_hosts,
self.output_directory, self.quiet)
FileHelper.check_file(targets)
try:
target_file = open(targets, 'r')
print("[*] Loaded targets from: %s" % targets)
except FileExistsError as err:
print("[!] Unable to load: %s" % targets)
raise err
print("[*] Loaded targets from: %s" % targets)
print("[+] Enumerating TCP port 53 over targets to find dns servers")
for ip_address in target_file:
self.hostcount += 1
ip_address = ip_address.strip()
ip_address = ip_address.rstrip()
print(" [>] Testing %s for DNS" % ip_address)
DNSSCAN = "nmap -n -sV -Pn -vv -p53 %s" % (ip_address)
results = run_scan(DNSSCAN)
lines = results.split("\n")
for line in lines:
line = line.strip()
line = line.rstrip()
if (("53/tcp" in line) and ("open" in line)
and ("Discovered" not in line)):
print(" [=] Found DNS service running on: %s" %
(ip_address))
output_file.write(
"[*] Found DNS service running on: %s\n" %
(ip_address))
output_file.write(" [>] %s\n" % (line))
output_targets.write("%s\n" % (ip_address))
self.dns_server_list.append(ip_address)
self.dnscount += 1
print("[*] Found %s DNS servers within %s hosts" %
(str(self.dnscount), str(self.hostcount)))
output_file.close()
output_targets.close()
target_file.close()
return '' if len(self.dns_server_list) == 0 else ','.join(
self.dns_server_list)
def hostname_scan(self):
FileHelper.check_directory(self.output_directory)
FileHelper.check_file(self.output_file)
f = open(self.output_file, 'w')
print("[+] Writing hostnames to: %s" % self.output_file)
SWEEP = ''
if (os.path.isfile(self.target_hosts)):
SWEEP = "nbtscan -q -f %s" % (self.target_hosts)
else:
SWEEP = "nbtscan -q %s" % (self.target_hosts)
results = run_scan(SWEEP)
lines = results.split("\n")
for line in lines:
line = line.strip()
line = line.rstrip()
# Final line is blank which causes list index issues if we don't
# continue past it.
if " " not in line:
continue
while " " in line:
line = line.replace(" ", " ")
ip_address = line.split(" ")[0]
host = line.split(" ")[1]
if (self.hostnames > 0):
f.write('\n')
print(" [>] Discovered hostname: %s (%s)" % (host, ip_address))
f.write("%s - %s" % (host, ip_address))
self.hostnames += 1
print("[*] Found %s hostnames." % (self.hostnames))
print("[*] Created hostname list %s" % (self.output_file))
f.close()
def test_create_dir_structure(self):
FileHelper.create_dir_structure(ip_address=self.HOST,
output_directory=self.OUTPUT_DIR)
res_dir = f'{self.OUTPUT_DIR}/{self.HOST}'
self.assertTrue(os.path.exists(res_dir))
self.assertTrue(os.path.isdir(res_dir))
self.assertTrue(os.path.exists(f'{res_dir}/proof.txt'))
self.assertTrue(os.path.isfile(f'{res_dir}/proof.txt'))
self.assertTrue(os.path.exists(f'{res_dir}/exploit'))
self.assertTrue(os.path.isdir(f'{res_dir}/exploit'))
self.assertTrue(os.path.exists(f'{res_dir}/loot'))
self.assertTrue(os.path.isdir(f'{res_dir}/loot'))
self.assertTrue(os.path.exists(f'{res_dir}/scans'))
self.assertTrue(os.path.isdir(f'{res_dir}/scans'))
# remove the added directories
os.remove(f'{res_dir}/proof.txt')
os.rmdir(f'{res_dir}/exploit/')
os.rmdir(f'{res_dir}/loot/')
os.rmdir(f'{res_dir}/scans/')
os.rmdir(f'{res_dir}/')
def nmap_scan(self):
print(f"[+] Starting quick nmap scan for {self.target_hosts}")
flags = FileHelper.get_config_options('nmap', 'quickscan')
QUICKSCAN = f"nmap {flags} {self.target_hosts} -oA '{self.nmap_directory}.quick'"
quickresults = run_scan(QUICKSCAN)
FileHelper.write_recommendations(quickresults, self.target_hosts,
self.output_directory)
print(f"[*] TCP quick scans completed for {self.target_hosts}")
if (self.quick):
return
if self.dns_server:
print(
f"[+] Starting detailed TCP{('' if self.no_udp_service_scan is True else '/UDP')} nmap scans for {self.target_hosts} using DNS Server {self.dns_server}"
)
print("[+] Using DNS server %s" % (self.dns_server))
flags = FileHelper.get_config_options("nmap", "tcpscan")
TCPSCAN = f"nmap {flags} --dns-servers {self.dns_server} -oN '{self.nmap_directory}.nmap' -oX '{self.nmap_directory}/scan_import.xml' {self.target_hosts}"
flags = FileHelper.get_config_options("nmap", "dnsudpscan")
UDPSCAN = f"nmap {flags} --dns-servers {self.dns_server} -oN '{self.nmap_directory}U.nmap' -oX '{self.nmap_directory}/UDP_scan_import.xml' {self.target_hosts}"
else:
print(
f"[+] Starting detailed TCP{('' if self.no_udp_service_scan is True else '/UDP')} nmap scans for {self.target_hosts}"
)
flags = FileHelper.get_config_options("nmap", "tcpscan")
TCPSCAN = f"nmap {flags} -oN '{self.nmap_directory}.nmap' -oX '{self.nmap_directory}/scan_import.xml' {self.target_hosts}"
flags = FileHelper.get_config_options("nmap", "udpscan")
UDPSCAN = f"nmap {flags} {self.target_hosts} -oA '{self.nmap_directory}-udp'"
if self.no_udp_service_scan:
udpresult = ""
else:
udpresult = run_scan(UDPSCAN)
tcpresults = run_scan(TCPSCAN)
FileHelper.write_recommendations(tcpresults + udpresult,
self.target_hosts,
self.output_directory)
print(
f"[*] TCP{('' if self.no_udp_service_scan is True else '/UDP')} scans completed for {self.target_hosts}"
)
def target_file(self):
targets = FileHelper.load_targets(self.target_hosts,
self.output_directory, self.quiet)
FileHelper.check_file(targets)
try:
target_file = open(targets, 'r')
print(f"[*] Loaded targets from: {targets}")
except FileNotFoundError as err:
print(f"[!] Unable to load: {targets}")
raise err
for ip_address in target_file:
ip_address = ip_address.strip()
snmp_directory = f"{self.output_directory}/{ip_address}/scans/snmp/"
FileHelper.check_directory(output_directory=snmp_directory)
jobs = []
p = multiprocessing.Process(target=SnmpWalk.snmp_scans)
jobs.append(p)
p.start()
target_file.close()
def target_file(self):
targets = FileHelper.load_targets(self.target_hosts,
self.output_directory, self.quiet)
FileHelper.check_file(targets)
try:
target_file = open(targets, 'r')
print(f"[*] Loaded targets from: {targets}")
except FileExistsError as err:
print(f"[!] Unable to load: {targets}")
raise err
for ip_address in target_file:
ip_address = ip_address.strip()
FileHelper.create_dir_structure(ip_address, self.output_directory)
nmap_directory = f"{self.output_directory}/{ip_address}/scans"
FileHelper.check_directory(output_directory=nmap_directory)
jobs = []
p = multiprocessing.Process(target=self.nmap_scan)
jobs.append(p)
p.start()
target_file.close()
def test_get_config_options(self):
flags = ['nmap', 'quickscan']
res = FileHelper.get_config_options(*flags)
self.assertIsNotNone(res)
self.assertEqual(res, '-sC -sV -Pn --disable-arp-ping')
def test_check_file(self):
res = FileHelper.check_file(self.OUTPUT_FILE)
self.assertIsNotNone(res)
self.assertTrue(os.path.exists(res))
self.assertTrue(os.path.isfile(res))
os.remove(self.OUTPUT_FILE)
def test_load_targets(self):
res = FileHelper.load_targets(target_hosts=self.HOST,
output_directory=self.OUTPUT_DIR,
quiet=False)
self.assertEqual(res, f'{self.OUTPUT_DIR}/targets.txt')