class NmapTaskBack(AsyncTaskBack, NmapMixin):
nmap = None
def __init__(self, host, db, args, inqueue, outqueue):
super().__init__(inqueue, outqueue)
self.nmap = NmapProcess(targets=host, options=args)
self.nmap.run()
self.db = db
if self.nmap.is_successful():
parsed = NmapParser.parse(self.nmap.stdout)
self.result = self.get_result(parsed)
self.store(parsed)
self.thread.join()
def get_result(self, report):
result = []
for host in report.hosts:
hostname = ''
if len(host.hostnames):
hostname = host.hostnames.pop()
if host.status != 'up':
continue
services = []
for service in host.services:
services.append({
'port': service.port,
'proto': service.protocol,
'state': service.state,
'version': service.banner,
'service': service.service
})
result.append({hostname: {'services': services}})
return result
def is_running(self):
if self.nmap:
return self.nmap.is_running()
def is_successful(self):
return self.nmap.is_successful()
def finish(self):
self._stop = True
return self.result
def terminate(self):
self.nmap.stop()
def state(self):
state = 'running' if self.nmap.is_running() else 'completed'
return self.nmap.progress, state, self.nmap.command
def __str__(self):
return '{:>4}% {} - {}'.format(
self.nmap.progress, self.nmap.command,
'running' if self.nmap.is_running() else 'completed')
def do_scan(self, target, options="-n -sS --host-timeout 600 --open"):
# 记录结果
db = DB()
nmproc = NmapProcess(target, options)
nmproc.run_background()
while nmproc.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(
nmproc.etc, nmproc.progress))
time.sleep(2)
print("rc: {0} output: {1}".format(nmproc.rc, nmproc.summary))
try:
# 创建文件名
md5 = hashlib.md5()
md5.update(target)
hash = md5.hexdigest()
# with(open("data/nmap/" + hash + ".xml", "w")) as f:
# f.write(nmproc.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
# 扫描完成,解析结果
print {"status": 1, "result": hash}
db.Nmap.update_one({"target": target},
{"$set": {
"status": 1,
"result": hash
}})
def nmap_scan(hosts):
'''
Do Nmap scan
'''
# -sV is included by default in NmapProcess nmap cmd
# To add more: options = '-T4 -sU -p-'
# hosts = ['192.168.0.1', '192.168.0.2']
#nmap_args = '-T4 -sV -sS -pU:161,137,139'# -sS -sU --top-ports'
nmap_args = '-T4 -sS -sV --max-rtt-timeout 100ms --max-retries 3'
print '[*] Running: nmap {0} -iL <hostlist>'.format(nmap_args)
nmap_proc = NmapProcess(targets=hosts, options=nmap_args)
#rc = nmap_proc.sudo_run()
rc = nmap_proc.sudo_run_background()
while nmap_proc.is_running():
print("[*] Nmap progress: {1}%".format(nmap_proc.etc, nmap_proc.progress))
time.sleep(2)
xml = nmap_proc.stdout
try:
report = NmapParser.parse(nmap_proc.stdout)
except NmapParserException as e:
print 'Exception raised while parsing scan: {0}'.format(e.msg)
sys.exit()
return report
def nmap_scan(targets):
# Nmap scan with service detection (-sV), script scanning (-sC) on all
# ports (-p-) and agressive timing (-T4)
nmap_proc = NmapProcess(targets,
options='-sV -sC -p- -T4',
safe_mode=False)
nmap_proc.run_background()
# Checks nmap progress every 30 seconds
print('Nmap start at {0}'.format(datetime.today().ctime()))
while nmap_proc.is_running():
nmaptask = nmap_proc.current_task
if nmaptask:
print("Task {0} {1} ({2}): Progress: {3}%".format(
len(nmap_proc.tasks) + 1, nmaptask.name, nmaptask.status,
nmaptask.progress))
sleep(30)
print(nmap_proc.summary)
try:
report = NmapParser.parse(nmap_proc.stdout)
except NmapParserException as e:
print('Exception raised while parsing scan: {0}'.format(e.msg))
if report.hosts_total == 0:
print('No hosts discovered')
sys.exit()
return report
def nmap_scan(hosts):
'''
Do Nmap scan
'''
# -sV is included by default in NmapProcess nmap cmd
# To add more: options = '-T4 -sU -p-'
# hosts = ['192.168.0.1', '192.168.0.2']
#nmap_args = '-T4 -sV -sS -pU:161,137,139'# -sS -sU --top-ports'
nmap_args = '-T4 -sS -sV --max-rtt-timeout 150ms --max-retries 3'
print '[*] Running: nmap {0} -iL <hostlist>'.format(nmap_args)
nmap_proc = NmapProcess(targets=hosts, options=nmap_args)
#rc = nmap_proc.sudo_run()
rc = nmap_proc.sudo_run_background()
while nmap_proc.is_running():
print("[*] Nmap progress: {1}%".format(nmap_proc.etc, nmap_proc.progress))
time.sleep(2)
xml = nmap_proc.stdout
try:
report = NmapParser.parse(nmap_proc.stdout)
except NmapParserException as e:
print 'Exception raised while parsing scan: {0}'.format(e.msg)
sys.exit()
return report
def scanByNmap(self, target, policy):
runtime = 0
try:
nmap_proc = NmapProcess(targets=target,
options=policy,
safe_mode=True)
nmap_proc.run_background()
while nmap_proc.is_running():
if runtime >= self.nmap_timeout:
nmap_proc.stop()
if self.output_mode != "silent":
print self.R + u'\n[x] scan_host {} timeout...'.format(
target) + self.W
break
else:
if self.output_mode != "silent":
sys.stdout.write(
u'\033[1;34m[~] scan_host is {},scan progress is {}%({} sec)\n\033[0m'
.format(target, nmap_proc.progress, runtime))
sys.stdout.flush()
sleep(5)
runtime += 5
if nmap_proc.is_successful() and nmap_proc.stdout:
self.parserReport(nmap_proc.stdout)
except Exception as e:
print e
def udp_scan(self, udp_start, udp_end):
'''
udp端口扫描
:param udp_start:
:param udp_end:
:return: json
'''
nmap_proc = NmapProcess(targets=self.ip,
options='-sU -e ' + str(self.iface) + ' -p ' +
str(udp_start) + "-" + str(udp_end))
nmap_proc.run_background()
while nmap_proc.is_running() and stop == 0:
current = float(nmap_proc.progress) * self.udp_total * 0.01
self.udp_done.put(current)
time.sleep(3) # 3秒更新一次百分比
if stop == 1:
return
ScanEngine = nmap.PortScanner()
res = ScanEngine.analyse_nmap_xml_scan(nmap_proc.stdout)
udp_ports = []
if dict(res)['scan'] and res:
ret = dict(res)['scan'][self.ip]
if 'udp' in ret:
udp_ports = ret['udp']
for port in udp_ports:
if str(udp_ports[port]['name']) and 'open' in str(
udp_ports[port]["state"]):
self.result.put({
"ip": self.ip,
"port": str(port),
"protocol": "UDP",
"service": str(udp_ports[port]['name']),
"state": str(udp_ports[port]["state"])
})
self.udp_done.put(self.udp_total)
def run_nmap_scan(scan_targets, scan_options):
'''
Accepts scan targets and scan options for NmapProcess and launches scan
Prints scan status updates and summary to stdout
Returns NmapProcess object for further use
TODO - catch keyboard interrupts and kill tasks so we can exit gracefully!
nmap_proc.stop does not appear to fully kill threads in script scans
so program will continue to execute but leaves an orphaned nmap process
'''
status_update_interval = 5
#Check for sudo and disable scan options that require root
if os.getuid() != 0:
logging.warn(
"Certain nmap scans require root privileges (SYN, UDP, ICMP, etc)..."
)
logging.warn(
"Disabling incompatible scan types and OS / service version detection options if enabled"
)
scan_options = scan_options.replace("-sS", "-sT")
scan_options = scan_options.replace("-sU", "")
scan_options = scan_options.replace("-sP", "")
scan_options = scan_options.replace("-sn", "")
scan_options = scan_options.replace("-sV", "")
scan_options = scan_options.replace("-O", "")
nmap_proc = NmapProcess(targets=scan_targets, options=scan_options)
print "Running scan command:\n" + nmap_proc.command
nmap_proc.run_background()
while nmap_proc.is_running():
try:
time.sleep(status_update_interval)
if nmap_proc.progress > 0:
#Nmap only updates ETC periodically and will sometimes return a result that is behind current system time
etctime = datetime.datetime.fromtimestamp(int(nmap_proc.etc))
systime = datetime.datetime.now().replace(microsecond=0)
if etctime < systime:
etctime = systime
timeleft = etctime - systime
print("{0} Timing: About {1}% done; ETC: {2} ({3} remaining)".
format(nmap_proc.current_task.name, nmap_proc.progress,
etctime, timeleft))
except KeyboardInterrupt:
print "Keyboard Interrupt - Killing Current Nmap Scan!"
nmap_proc.stop()
if nmap_proc.rc == 0:
print nmap_proc.summary + "\n"
else:
print nmap_proc.stderr + "\n"
return nmap_proc
def collect_service_info(jsondata):
"""
>>> collect_service_info('{"target":"127.0.0.1"}')
扫描主机获取服务信息后通过HTTP API入库
:param jsondata:
:return:
"""
ret = []
jsondata = json.loads(jsondata)
target = jsondata.get("target", "")
options = jsondata.get("options", global_options)
log_states = jsondata.get("log_states", global_log_states)
# 忽略内网IP
ip = IP(target)
if ip.iptype() == "PRIVATE":
return "内网IP"
if target.strip() == "":
return "无IP"
nmap_proc = NmapProcess(targets=str(target),
options=options,
safe_mode=False)
nmap_proc.sudo_run_background() # nmap -O 参数需要root权限
while nmap_proc.is_running():
time.sleep(10)
if nmap_proc.is_successful():
nmap_report = NmapParser.parse(nmap_proc.stdout)
# 开始处理扫描结果
for host in nmap_report.hosts:
# 处理主机开放的服务和端口
for serv in host.services:
serv.address = host.address
serv.endtime = host.endtime
if serv.state in log_states:
service = dict()
service['address'] = serv.address
service['port'] = serv.port
service['service'] = serv.service
service['state'] = serv.state
service['protocol'] = serv.protocol
service['product'] = serv.product if "product" in dir(
serv) else None
service[
'product_version'] = serv.product_version if "product_version" in dir(
serv) else None
service[
'product_extrainfo'] = serv.product_extrainfo if "product_extrainfo" in dir(
serv) else None
# HTTP API保存到远端服务器
CuteApi().post("/api/info/hostserviceinfo/add", service)
ret.append(service)
return json.dumps(ret)
def scan_host(target_host, num_tries):
nm = NmapProcess(target_host, options='-sT -Pn -T3')
cur_try = 0
while cur_try < num_tries:
logger.debug(
"Now running scan attempt #%d for host at %s."
% (cur_try + 1, target_host)
)
result = nm.run_background()
while nm.is_running():
logger.debug(
"Scan running. ETC: %s. DONE: %s."
% (nm.etc, nm.progress)
)
sleep(2)
if nm.rc != 0:
logger.warning(
"Scan #%d for host at %s failed!"
% (cur_try + 1, target_host)
)
cur_try += 1
else:
logger.debug(
"Scan for host at %s succeeded!"
% (target_host,)
)
break
if str(nm.state) != str(nm.DONE):
logger.warning(
"Scan for host at %s failed!"
% (target_host,)
)
return
else:
try:
parsed = NmapParser.parse(nm.stdout)
except NmapParserException as e:
logger.error(
"NmapParserException thrown: %s."
% (e.msg,)
)
host = parsed.hosts[0]
to_return = []
for service in host.services:
to_return.append(
"%s//%s//%s//%s"
% (
host.ipv4,
service.protocol,
str(service.port),
service.state
)
)
return to_return
def _run_scan(self):
nmap_proc = NmapProcess(targets=self._target, options="-Pn -sT -sU -p "+self._port)
nmap_proc.run_background()
while nmap_proc.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nmap_proc.etc,
nmap_proc.progress))
sleep(2)
if nmap_proc.rc != 0:
print("Nmap scan failed: {0}".format(nmap_proc.stderr))
sys.exit(2)
else:
return nmap_proc
def run_nmscan(pid: int):
"""
When run, queries the process information by the id provided from the database.
Runs the test and returns the ouput of the test to the database
:param pid: Id of process to run
:return: None
"""
process = Process.query.filter_by(id=pid).first()
scan = Scan.query.filter_by(id=process.scan_id).first()
target_obj = Target.query.filter_by(id=scan.target_id).first()
target = target_obj.domain
nm = NmapProcess(targets=target, options="-sV -Pn -f --mtu 64 -p '*' -O")
rc = nm.run_background()
process.status = nm.state
process.progress = nm.progress
process.date_started = datetime.now().isoformat()
scan.date_started = datetime.now().isoformat()
db.session.commit()
if nm.has_failed():
process.output = "nmap scan failed: {0}".format(nm.stderr)
db.session.commit()
return 1
while nm.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nm.etc,
nm.progress))
if int(scan.progress) < int(float(nm.progress)):
process.progress = int(float(nm.progress))
scan.progress = int(float(nm.progress))
db.session.commit()
sleep(5)
process.date_completed = datetime.now().isoformat()
scan.date_completed = datetime.now().isoformat()
if nm.has_failed():
process.status = nm.state
scan.status = nm.state
process.output = str(nm.stderr)
elif nm.is_successful():
process.status = 3
scan.status = 3
scan.progress = 100
nmap_full_output = json.dumps(cb.data(fromstring(str(nm.stdout))))
nmap_output = Nmap.parse_nmap_output(nmap_full_output)
if nmap_output:
process.output = json.dumps(nmap_output)
scan.output = json.dumps(nmap_output)
else:
scan.output = None
db.session.commit()
def run_nmap_scan(scan_targets, scan_options):
'''
Accepts scan targets and scan options for NmapProcess and launches scan
Prints scan status updates and summary to stdout
Returns NmapProcess object for further use
TODO - catch keyboard interrupts and kill tasks so we can exit gracefully!
nmap_proc.stop does not appear to fully kill threads in script scans
so program will continue to execute but leaves an orphaned nmap process
'''
status_update_interval = 5
#Check for sudo and disable scan options that require root
if os.getuid()!=0:
logging.warn("Certain nmap scans require root privileges (SYN, UDP, ICMP, etc)...")
logging.warn("Disabling incompatible scan types and OS / service version detection options if enabled")
scan_options = scan_options.replace("-sS", "-sT")
scan_options = scan_options.replace("-sU", "")
scan_options = scan_options.replace("-sP", "")
scan_options = scan_options.replace("-sn", "")
scan_options = scan_options.replace("-sV", "")
scan_options = scan_options.replace("-O", "")
nmap_proc = NmapProcess(targets=scan_targets, options=scan_options)
print "Running scan command:\n"+nmap_proc.command
nmap_proc.run_background()
while nmap_proc.is_running():
try:
time.sleep(status_update_interval)
if nmap_proc.progress > 0:
#Nmap only updates ETC periodically and will sometimes return a result that is behind current system time
etctime = datetime.datetime.fromtimestamp(int(nmap_proc.etc))
systime = datetime.datetime.now().replace(microsecond=0)
if etctime < systime:
etctime = systime
timeleft = etctime - systime
print("{0} Timing: About {1}% done; ETC: {2} ({3} remaining)".format(nmap_proc.current_task.name, nmap_proc.progress, etctime, timeleft))
except KeyboardInterrupt:
print "Keyboard Interrupt - Killing Current Nmap Scan!"
nmap_proc.stop()
if nmap_proc.rc == 0:
print nmap_proc.summary + "\n"
else:
print nmap_proc.stderr + "\n"
return nmap_proc
def do_scan(self):
"""scan start flag"""
if(self._flg_is_scanning != True):
self._flg_is_scanning = True
if(self._flg_scan_finished != False):
self._flg_scan_finished = False
"""运行次数初始化"""
trycnt = 0
while True:
"""运行时间初始化"""
runtime = 0
if trycnt >= self.retrycnt:
print '-' * 50
return 'retry overflow'
try:
nmap_proc = NmapProcess(targets=self.targets,options=self.options,safe_mode=False)
self._flg_is_scanning = True
nmap_proc.run_background()
while(nmap_proc.is_running()):
"""运行超时,结束掉任务,休息1分钟,再重启这个nmap任务"""
if runtime >= self.timeout:
print '-' * 50
print "timeout....terminate it...."
nmap_proc.stop()
"""休眠时间"""
sleep(60)
trycnt += 1
break
else:
print 'running[%ss]:%s' %(runtime,nmap_proc.command)
sleep(5)
runtime += 5
if nmap_proc.is_successful():
"""scan finished flag"""
if(self._flg_is_scanning != False):
self._flg_is_scanning = False
if(self._flg_scan_finished != True):
self._flg_scan_finished = True
print '-' * 50
print nmap_proc.summary
return nmap_proc.stdout
except Exception,e:
print e
trycnt +=1
if trycnt >= retrycnt:
print '-' * 50
print 'retry overflow'
return e
def run_nmap_scan(self):
parsed = None
nmap_proc = NmapProcess(targets="10.10.10.3", options="")
nmap_proc.run_background()
while nmap_proc.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(
nmap_proc.etc, nmap_proc.progress))
sleep(2)
nmap_report = NmapParser.parse(nmap_proc.stdout)
nmap_results = NmapResults()
nmap_results.add_hosts(nmap_report)
return nmap_results
def nmap_scan(ip,ports,taskid):
nmapscan.objects.create(ip=ip,task_id=taskid)
result = nmapscan.objects.get(task_id=taskid)
nmap_proc = NmapProcess(targets=ip, options='-sV -p '+ports)
nmap_proc.run_background()
while nmap_proc.is_running():
result.rate = str(nmap_proc.progress)
result.save()
time.sleep(2) # 两秒更新一次百分比
result.endtime = timezone.now()
result.save()
nm = nmap.PortScanner()
print(nm.analyse_nmap_xml_scan(nmap_proc.stdout))
def do_scan(targets, options):
parsed = None
nmap_proc = NmapProcess(targets="scanme.nmap.org",
options="-sS -sV -sC -O -nvvv -T4 -Pn")
nmap_proc.run_background()
while nmap_proc.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(
nmap_proc.etc, nmap_proc.progress))
sleep(2)
print("rc: {0} output: {1}".format(nmap_proc.rc, nmap_proc.summary))
try:
parsed = NmapParser.parse(nmap_proc.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
return parsed
def default_scan(target_path):
# config parameters
sleep_interval = 10
# start scan
target_list = read_targets(target_path)
# heavy scan
# nmap_proc = NmapProcess(targets=target_list, options="-sS -n -PE -PP -PM -PO -PS21,22,23,25,80,113,31339 -PA80,"
# "113,443,10042 -O -T4 -p-")
# light scan
nmap_proc = NmapProcess(
targets=target_list,
options="-PE -PP -PM -PO -PS21,22,23,25,80,113,31339 -PA80,"
"113,443,10042 -O -T4")
# debug info
print("scan target:")
print(target_list)
print("command:")
print(nmap_proc.command)
nmap_proc.run_background()
while nmap_proc.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(
nmap_proc.etc, nmap_proc.progress))
time.sleep(sleep_interval)
print("rc: {0} output: {1}".format(nmap_proc.rc, nmap_proc.summary))
# save to file
time_label = time.strftime("%Y%m%d%H%M%S", time.localtime())
with open('nmap_scan_' + time_label + '.xml', 'w') as f:
f.write(nmap_proc.stdout)
f.close()
try:
nmap_report = NmapParser.parse(nmap_proc.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
return None
print_scan(nmap_report)
return nmap_report
def do_nmap_scan(targets, port):
# 运行次数初始化
trycnt = 0
options = '-sT -P0 -sV -O --script=banner -p T:' + port.strip()
while True:
# 运行时间初始化
runtime = 0
if trycnt >= retrycnt:
print '-' * 50
return 'retry overflow'
try:
nmap_proc = NmapProcess(targets=targets,
options=options,
safe_mode=False,
fqp='/usr/bin/nmap')
nmap_proc.run_background()
while nmap_proc.is_running():
if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务
print '-' * 50
print "* timeout. terminate it..."
nmap_proc.stop()
# 休眠时间
sleep(60)
trycnt += 1
break
else:
print 'running[%ss]:%s' % (runtime, nmap_proc.command)
sleep(5)
runtime += 5
if nmap_proc.is_successful():
print '-' * 50
print nmap_proc.summary
return nmap_proc.stdout
except Exception, e:
# raise e
print e
trycnt += 1
if trycnt >= retrycnt:
print '-' * 50
print '* retry overflow'
return e
def do_scan(targets, options):
parsed = None
nmproc = NmapProcess(targets, options)
#rc = nmproc.run()
rc = nmproc.run_background()
while nmproc.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nmproc.etc,nmproc.progress))
sleep(2)
#print(type(nmproc.stdout))
file = open(output_name+'.xml','w')
file.write(nmproc.stdout)
file.close()
try:
parsed = NmapParser.parse(nmproc.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
return parsed
def nmap_scan(target, commands):
nm = NmapProcess(target, commands)
#change to sudo_run(run_as='root') to run syn scans
nm.run_background()
command = nm.get_command_line()
print(command)
while nm.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(
nm.etc, nm.progress))
sleep(1)
nmap_report = NmapParser.parse(nm.stdout)
for host in nmap_report.hosts:
if host.status == 'up':
for serv in host.services:
# if serv.port == 'open':
service_check(host, serv)
print("Primary Scan Completed \n")
def nmap_scan(ip,ports,taskid):
scanIP.objects.get_or_create(ip=ip,task_id=taskid,scantime=datetime.datetime.now())
scan_ip_info.objects.filter(ipfor_id=scanIP.objects.get(ip=ip).id).delete()
result = scanIP.objects.get(ip=ip)
nmap_proc = NmapProcess(targets=ip, options='-sV -p '+ports)
nmap_proc.run_background()
while nmap_proc.is_running():
result.rate = str(nmap_proc.progress)
result.save()
time.sleep(2) # 两秒更新一次百分比
result.rate = str(nmap_proc.progress)
result.endtime = datetime.datetime.now()
result.save()
nm = nmap.PortScanner()
nmrs = nm.analyse_nmap_xml_scan(nmap_proc.stdout)
for port,v in nmrs['scan'][ip]['tcp'].items():
scan_ip_info.objects.get_or_create(port=port,name=v['name'],state=v['state'],product=v['product']+' '+v['version'],cpe=v['cpe'],ipfor_id=scanIP.objects.get(ip=ip).id)
def nmap_scan(hosts):
'''
Do Nmap scan
'''
# This is top 1000 tcp + top 50 UDP scan
# Nmap has chosen not to do --top-udp/tcp-ports options due to not wanting to overcomplicate
# the cmd line interface
nmap_args = '-sSUV -v --reason -T4 --max-retries 3 --max-rtt-timeout 150ms -pT:1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389,U:53,67-69,111,123,135,137-139,161-162,445,500,514,520,631,998,1434,1701,1900,4500,5353,49152,49154 -oA pm-nmap'
print '[*] Running nmap'
nmap_proc = NmapProcess(targets=hosts, options=nmap_args, safe_mode=False)
rc = nmap_proc.sudo_run_background()
while nmap_proc.is_running():
print("[*] Nmap running...")
time.sleep(30)
report = NmapParser.parse_fromfile('pm-nmap.xml')
return report
def do_nmap_scan(targets, options=global_options):
# 运行次数初始化
trycnt = 0
while True:
# 运行时间初始化
runtime = 0
if trycnt >= retrycnt:
print('-' * 50)
return 'retry overflow'
try:
nmap_proc = NmapProcess(targets=targets,
options=options,
safe_mode=False)
nmap_proc.run_background()
while nmap_proc.is_running():
if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务
print('-' * 50)
print("* timeout. terminate it...")
nmap_proc.stop()
# 休眠时间
sleep(5)
trycnt += 1
break
else:
print('running[%ss]:%s' % (runtime, nmap_proc.command))
sleep(5)
runtime += 5
if nmap_proc.is_successful():
print('-' * 50)
print(nmap_proc.summary)
return nmap_proc.stdout
except Exception as e:
# raise e
print(e)
trycnt += 1
if trycnt >= retrycnt:
print('-' * 50)
print('* retry overflow')
return e
def nmap_scan(self, target: Dict[str, str]) -> None:
"""
Nmap scan task. Handles one Nmap process to scan the provided host(s) or range(s).
Updates the host database when finished; may push status updates if invoked from web context.
:param target: Target hosts or ranges in a format suitable for Nmap.
"""
storage.incr('scan_in_progress')
options = Discovery.get_setting('scan_options')
ports = Discovery.get_setting('ports')
if ports:
options += ' -p' + ports
nm = NmapProcess(target['range'], options=options)
nm.run_background()
while nm.is_running():
self.update_state(state="PROGRESS",
meta={
'progress': nm.progress,
'target': target['name']
})
sleep(2)
try:
report = NmapParser.parse(nm.stdout)
except NmapParserException as e:
print(e)
h = [(host.address, {
str(p[0]): host.get_service(*p).get_dict()
for p in host.get_open_ports()
}) for host in report.hosts if host.is_up()]
hosts = {
host[0]: {
'ports': host[1],
'target': target['name']
}
for host in h
}
update_hosts(hosts)
storage.set('last_nmap_scan', int(time()))
if scan_in_progress() > 0:
storage.decr('scan_in_progress')
self.update_state(state="RESULTS",
meta={
'hosts': h,
'target': target['name']
})
def do_scan(targets, options):
parsed = None
nmproc = NmapProcess(targets, options)
rc = nmproc.run_background()
while nmproc.is_running():
print("Nmap Scan is running: ETC: {0} DONE: {1}%".format(nmproc.etc, nmproc.progress))
sleep(2)
print("rc: {0} output: {1}".format(nmproc.rc, nmproc.summary))
if rc != 0:
print("nmap scan failed: {0}".format(nmproc.stderr))
print(type(nmproc.stdout))
try:
parsed = NmapParser.parse(nmproc.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
return parsed
def scan_background(targets,options='-O -sV'):
'''
后台执行扫描,带进度输出
:param targets:扫描的目标,可以是List集合对象也,可以是以逗号分隔的目标集合。如"baidu.com" ,["baidu.com","qq.com"] ,"baidu.com,qq.com"
:param options:扫描参数,同namp一致。
:return:成功返回扫描结果Dict对象,否则返回None
'''
try:
nmapProcess=NmapProcess(targets=targets,options=options)
nmapProcess.run_background()
while nmapProcess.is_running():
print("[*]Nmap Scan running: ETC: {0} DONE: {1}%".format(nmapProcess.etc,nmapProcess.progress))
sleep(1)
results=NmapParser.parse_fromstring(nmapProcess.stdout)
jsonData=json.loads(json.dumps(results,cls=ReportEncoder))
return jsonData
except Exception as e:
logging.error("Nmap scan error:{}".format(e))
return None
def do_nmap_scan(targets, options=global_options): # 运行次数初始化 trycnt = 0 while True: # 运行时间初始化 runtime = 0 if trycnt >= retrycnt: print '-' * 50 return 'retry overflow' try: nmap_proc = NmapProcess(targets=targets, options=options, safe_mode=False) nmap_proc.run_background() while nmap_proc.is_running(): if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务 print '-' * 50 print "* timeout. terminate it..." nmap_proc.stop() # 休眠时间 sleep(60) trycnt += 1 break else: print 'running[%ss]:%s' % (runtime, nmap_proc.command) sleep(5) runtime += 5 if nmap_proc.is_successful(): print '-' * 50 print nmap_proc.summary return nmap_proc.stdout except Exception, e: # raise e print e trycnt += 1 if trycnt >= retrycnt: print '-' * 50 print '* retry overflow' return e
def test(target):
nm = NmapProcess(targets=target, options="-sV -Pn -f -p '*' -O ")
rc = nm.sudo_run_background()
while nm.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nm.etc,
nm.progress))
sleep(5)
if nm.is_successful():
try:
parsed = NmapParser.parse(nm.stdout)
print(parsed.summary)
output = str(nm.stdout)
print(output)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
else:
out = str(nm.stderr)
print(out)
def do_scan(targets, options):
parsed = None
nmproc = NmapProcess(targets, options)
rc = nmproc.run_background()
while nmproc.is_running():
print("Nmap Scan is running: ETC: {0} DONE: {1}%".format(
nmproc.etc, nmproc.progress))
sleep(2)
print("rc: {0} output: {1}".format(nmproc.rc, nmproc.summary))
if rc != 0:
print("nmap scan failed: {0}".format(nmproc.stderr))
print(type(nmproc.stdout))
try:
parsed = NmapParser.parse(nmproc.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
return parsed
def run(self):
options = '-sT -sU -p{} -v -O'.format(','.join(self.ports))
logger.debug('Ip scan options: {!r}, ip_ranges: {}'.format(
options, self.ip_ranges))
nmp_proc = NmapProcess(self.ip_ranges, options)
nmp_proc.run_background()
while nmp_proc.is_running():
self.progress = float(nmp_proc.progress)
log = {'progress': self.progress, 'log': ''}
self._log(log)
time.sleep(self.loop_time)
if nmp_proc.rc == 0:
stdout = nmp_proc.stdout
self._result(stdout)
else:
sys.stderr.write(nmp_proc.stdout)
sys.stderr.close()
sys.exit(2)
def do_scan(targets, options):
parsed = None
nmproc = NmapProcess(targets, options)
nmproc.run_background()
while nmproc.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(
nmproc.etc, nmproc.progress))
time.sleep(2)
rc = nmproc.rc
if rc != 0:
print("nmap scan failed: {0}".format(nmproc.stderr))
print(type(nmproc.stdout))
open('sasdsa', 'w').write(nmproc.stdout)
try:
parsed = NmapParser.parse(nmproc.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
return parsed
def run_nmap_scan(self, targets, options, scan_id):
print ('nmap targets: ' + str(targets) + ' nmap options: '+ str(options))
nmap_proc = NmapProcess(targets=targets, options=options)
nmap_proc.run_background()
while nmap_proc.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nmap_proc.etc, nmap_proc.progress))
sleep(7)
#Store in file
file_path = "/root/Desktop/FinalYearProjectRESTAPI/automated_scans/reports/"+str(scan_id)+".xml"
file = open(file_path, "w")
data = nmap_proc.stdout
file.write(data)
file.close()
print(data)
print(type(data))
return file_path
def update_ip(self):
# hardcode it because I'm lazy AND it's a little tricky to discover from inside docker
subnet = "192.168.7.0/24"
nm = NmapProcess(subnet,
options="-T5 -n -p 8080 --open --min-parallelism 255")
nm.run_background()
while nm.is_running():
sleep(0.5)
nmap_report = NmapParser.parse(nm.stdout)
for host in nmap_report.hosts:
print(host.address)
rv = requests.get(f"http://{host.address}:8080/api/v1/status")
if rv.status_code == 200:
if 'BackupBuffer' in rv.json():
print("Found device")
self.ip = host.address
return
print("Unable to find any device")
self.ip = None
raise Exception("Unable to find device")
def do_nmap_scan(targets, options=NMAP_GLOBAL_OPTIONS):
# 运行次数初始化
trycnt = 0
while True:
# 运行时间初始化
runtime = 0
if trycnt >= NMAP_RETRYCNT:
print "-" * 50
return "retry overflow"
try:
nmap_proc = NmapProcess(targets=targets, options=options, safe_mode=False)
nmap_proc.run_background()
while nmap_proc.is_running():
if runtime >= NMAP_TIMEOUT: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务
print "-" * 50
print "* timeout. terminate it..."
nmap_proc.stop()
# 休眠时间
time.sleep(60)
trycnt += 1
break
else:
print "running[%ss]:%s" % (runtime, nmap_proc.command)
time.sleep(5)
runtime += 5
if nmap_proc.rc == 0:
return nmap_proc.stdout
except Exception, e:
# raise e
print e
trycnt += 1
if trycnt >= NMAP_RETRYCNT:
print "-" * 50
print "* retry overflow"
return e
def nmap_service_scan(host, service, command):
port = service.port
nm = NmapProcess(host.address, options=command + " -p " + str(port))
# change to sudo_run(run_as='root') to run syn scans
nm.run_background()
command = nm.get_command_line()
print(command)
while nm.is_running():
print("Nmap Service Scan running:" + host.address + " : " +
str(service.port) +
" ETC: {0} DONE: {1}%".format(nm.etc, nm.progress))
sleep(10)
nmap_report = NmapParser.parse(nm.stdout)
for host_service in nmap_report.hosts:
for serv in host_service.services:
pserv = "{0:>5s}/{1:3s} {2:12s} {3} ".format(
str(serv.port), host.address, serv.protocol, serv.state,
serv.service)
print(pserv)
for result in serv.scripts_results:
print(result["output"])
print("\n")
def do_scan(self):
"""
对targets进行扫描,并返回探测结果
:param targets: 扫描目标
:param options: 扫描选项
:return:
"""
nmproc = NmapProcess(self.ip, self.options)
nmproc.run_background() # 在后台运行
while nmproc.is_running():
nmaptask = nmproc.current_task
if nmaptask:
print("Task {0} ({1}): ETC: {2} DONE: {3}%".format(
nmaptask.name, nmaptask.status, nmaptask.etc,
nmaptask.progress))
sleep(2)
self.raw_data = nmproc.stdout # 原始扫描数据
try:
self.parsed = NmapParser.parse(nmproc.stdout) # 解析扫描的数据
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
return
class ScanEngine(object):
def __init__(self,config):
self.engine = NmapProcess(config.targets, config.options)
def run(self):
"""Execute scan"""
syslog.syslog("Starting scan")
self.engine.run_background()
while self.engine.is_running():
time.sleep(15)
print "Scan is %s percent complete" % self.engine.progress
syslog.syslog("Completed scan")
def process(self):
"""parse and pre-process scan results"""
try:
self.parsed = NmapParser.parse(self.engine.stdout)
syslog.syslog("Processing output")
except Exception as e:
syslog.syslog("Failed to parse output"+e)
for h in self.parsed.hosts:
print h.address
def perform_scan(config_file, section, targets, output_dir):
# merge targets to create the smallest possible list of CIDR subnets
subnets = list()
for target in targets:
subnets.append(IPNetwork(target))
subnets = cidr_merge(subnets)
targets = list()
for subnet in subnets:
targets.append(str(subnet))
# check if required args declaration is supplied
config = ConfigParser.ConfigParser()
config.read(config_file)
args = config_section_map(config, section)['args']
if not args:
error('No \'args\' declaration found in %s' % section)
exit()
# check for options that will interfere with this script
illegal_options = ['-oG', '-oN', '-iL', '-oA', '-oS', '-oX', '--iflist',
'--resume', '--stylesheet', '--datadir', '--stats-every']
for option in illegal_options:
if option in args:
error('\'args\' declaration contains incompatible option \'%s\'' %
(section, option))
exit()
# store raw nmap output as well
raw_file = '%s/%s.nmap' % (output_dir, section)
args += ' -oN %s' % raw_file
# perform scan
info('Starting scan \'%s\'' % section)
print(' -> %s' % config_section_map(config, section)['desc'])
nmap_proc = NmapProcess(targets=targets, options=args, safe_mode=False)
nmap_proc.sudo_run_background()
while nmap_proc.is_running():
nmap_task = nmap_proc.current_task
if nmap_task:
m, s = divmod(int(nmap_task.remaining), 60)
h, m = divmod(m, 60)
remaining = "%d:%02d:%02d" % (h, m, s)
sys.stdout.write(
'[+] Task: {0} - ETC: {1} DONE: {2}%'
' \r'.format(
nmap_task.name,
remaining,
nmap_task.progress))
sys.stdout.flush()
sleep(1)
# save results
if nmap_proc.rc == 0:
info('%s' % nmap_proc.summary.replace('Nmap done at',
'Scan completed on'))
run('chown %s:%s %s' % (os.getuid(), os.getgid(), raw_file), sudo=True)
print(" -> Nmap report saved to '%s'" % raw_file)
if nmap_proc.stdout:
xml_file = '%s/%s.xml' % (output_dir, section)
out = open(xml_file, 'w')
out.write(nmap_proc.stdout)
out.close()
print(" -> XML report saved to '%s'" % xml_file)
#if nmap_proc.stderr:
# err_file = '%s/%s.err' % (output_dir, section)
# out = open(err_file, 'w')
# out.write(nmap_proc.stderr)
# out.close()
# print(" -> Standard error output saved to '%s'" %
# err_file)
else:
error('Error occurred:')
print(' -> %s' % nmap_proc.stderr.rstrip())
#!/usr/bin/env python
from libnmap.process import NmapProcess
from time import sleep
nmap_proc = NmapProcess(targets="scanme.nmap.org", options="-sT")
nmap_proc.run_background()
while nmap_proc.is_running():
nmaptask = nmap_proc.current_task
if nmaptask:
print "Task {0} ({1}): ETC: {2} DONE: {3}%".format(nmaptask.name,
nmaptask.status,
nmaptask.etc,
nmaptask.progress)
sleep(0.5)
print "rc: {0} output: {1}".format(nmap_proc.rc, nmap_proc.summary)
print nmap_proc.stdout
