def nmap_scan(ip, fileHandle, tcp=True, top1024=True): """Portscan a host nmap options: -v: verbose -A: Enable OS detection, version detection, script scanning, and traceroute -n: Do not resolve symbolic names (i.e. no dns lookups) """ ports = "1-1024" if not top1024: ports = "1-65535" if tcp: start = timer() out, err = common.runCommand(["nmap", "-v", "-n", "-A", "-p", "%s"%ports, "-sV", ip]) end = timer() fileHandle.write("%s seconds to complete.\n"%(end-start)) fileHandle.write("===STD OUT===\n") fileHandle.write(out) fileHandle.write("\n===STD ERR===\n") fileHandle.write(err) return out else: start = timer() out, err = common.runCommand(["nmap", "-v", "-n", "-p", "%s"%ports, "-sU", ip]) end = timer() fileHandle.write("%s seconds to complete.\n"%(end-start)) fileHandle.write("===STD OUT===\n") fileHandle.write(out) fileHandle.write("\n===STD ERR===\n") fileHandle.write(err) return out
def extract_details(ip, fileHandle, password): fileHandle.write("===SNMPWALK===\n") start = timer() #enumerate windows users out, err = common.runCommand(["snmpwalk", "-c", password, "-v1", ip, "1.3.6.1.4.1.77.1.2.25"]) out2 = "Windows Users\n" out2 += out err2 = err #enumerate running windows processes out, err = common.runCommand(["snmpwalk", "-c", password, "-v1", ip, "1.3.6.1.2.1.25.4.2.1.2"]) out2 += "Running Windows Processes\n" out2 += out err2 += err #enumerate open tcp ports out, err = common.runCommand(["snmpwalk", "-c", password, "-v1", ip, "1.3.6.1.2.1.6.13.1.3"]) out2 += "Open TCP Ports\n" out2 += out err2 += err #enumerate installed software out, err = common.runCommand(["snmpwalk", "-c", password, "-v1", ip, "1.3.6.1.2.1.25.6.3.1.2"]) out2 += "Installed Software\n" out2 += out err2 += err end = timer() fileHandle.write("%s seconds to complete.\n"%(end-start)) fileHandle.write("===STD OUT===\n") fileHandle.write(out2) fileHandle.write("\n===STD ERR===\n") fileHandle.write(err2)
def doSMBscans(ip, outputDir): """NSE Scan a host with SMB nmap options: --script: Run nmap scripts """ smbFile = "%s-%s" % (ip, SMB_FILE) f = open(os.path.join(outputDir, smbFile), 'w') now = datetime.datetime.now() f.write("%s\n" % str(now)) #Nmap f.write("===NMAP NSE===\n") start = timer() out, err = common.runCommand([ "nmap", "-v", "-sV", "-p %s" % ",".join(common.SMB_PORTS), "--script", "*smb*.nse", ip ]) end = timer() f.write("%s seconds to complete.\n" % (end - start)) f.write("===STD OUT===\n") f.write(out) f.write("\n===STD ERR===\n") f.write(err) #nbtscan f.write("===NBTSCAN===") start = timer() out, err = common.runCommand(["nbtscan", "-r", ip]) end = timer() f.write("%s seconds to complete.\n" % (end - start)) f.write("===STD OUT===\n") f.write(out) f.write("\n===STD ERR===\n") f.write(err) #enum4linux f.write("===enum4linux===") start = timer() out, err = common.runCommand(["enum4linux", "-a", ip]) end = timer() f.write("%s seconds to complete.\n" % (end - start)) f.write("===STD OUT===\n") f.write(out) f.write("\n===STD ERR===\n") f.write(err) f.close() return out
def onetwopunch_scan(ip, fileHandle, tcp=False): """Portscan a host onetwopunch options: -t: target list is saved in /tmp/target.txt -p: port range is all or just tcp -i tap0: Make sure you direct it out the right interface -A: Enable OS detection, version detection, script scanning, and traceroute """ ports = "all" if tcp: ports = "tcp" tmp = open("/tmp/target.txt", 'w') tmp.write("%s\n"%ip); tmp.close(); start = timer() out, err = common.runCommand([ONE_TWO_PUNCH_LOC, "-t", "/tmp/target.txt", "-p", "%s"%ports, "-i", "tap0", "-n", "-A"]) end = timer() fileHandle.write("%s seconds to complete.\n"%(end-start)) fileHandle.write("===STD OUT===\n") fileHandle.write(out) fileHandle.write("\n===STD ERR===\n") fileHandle.write(err) return out
def ping(ip, outputDir): """Ping a host Ping Options: -c 5: Send 5 packets -n: Do not resolve symbolic names (i.e. no dns lookups) Pings a host 5 times, saves results to file, and then returns if ping was successful """ pingFile = "%s-%s"%(args.ip, PING_FILE) f = open(os.path.join(outputDir, pingFile), 'w') now = datetime.datetime.now() f.write("%s\n"%str(now)) start = timer() out, err = common.runCommand(["ping", "-c", "5", "-n", ip]) end = timer() f.write("%s seconds to complete.\n"%(end-start)) f.write("===STD OUT===\n") f.write(out) f.write("\n===STD ERR===\n") f.write(err) f.close() res = re.search("[0-5]{1} received", out) if res: received = int(re.search("[0-5]{1}", res.group(0)).group(0)) if received > 0: return True return False
def dirb_scan(ip, fileHandle): fileHandle.write("===dirb===\n") start = timer() out, err = common.runCommand(["dirb", "http://%s/"%ip, "/root/SecLists/Discovery/Web-Content/big.txt", "-r"]) end = timer() fileHandle.write("%s seconds to complete.\n"%(end-start)) fileHandle.write("===STD OUT===\n") fileHandle.write(out) fileHandle.write("\n===STD ERR===\n") fileHandle.write(err)
def curl_grab(ip, fileHandle): fileHandle.write("===CURL===\n") start = timer() out, err = common.runCommand(["curl", "-v", ip]) end = timer() fileHandle.write("%s seconds to complete.\n"%(end-start)) fileHandle.write("===STD OUT===\n") fileHandle.write(out) fileHandle.write("\n===STD ERR===\n") fileHandle.write(err)
def nmap_nse_scan(ip, fileHandle): #Nmap fileHandle.write("===NMAP NSE===\n") start = timer() out, err = common.runCommand(["nmap", "-v", "-sV", "-p %s"%common.SNMP_PORT, "--script", "*snmp*.nse", ip]) end = timer() fileHandle.write("%s seconds to complete.\n"%(end-start)) fileHandle.write("===STD OUT===\n") fileHandle.write(out) fileHandle.write("\n===STD ERR===\n") fileHandle.write(err)
def nmap_nse_scan(ip, fileHandle): """NSE Scan a host with HTTP nmap options: --script: Run nmap scripts """ #Nmap fileHandle.write("===NMAP NSE===\n") start = timer() out, err = common.runCommand(["nmap", "-v", "-sV", "-p 80,443", "--script", "*http*.nse", ip]) end = timer() fileHandle.write("%s seconds to complete.\n"%(end-start)) fileHandle.write("===STD OUT===\n") fileHandle.write(out) fileHandle.write("\n===STD ERR===\n") fileHandle.write(err)
def hydra_scan(ip, fileHandle): #Nmap fileHandle.write("===HYDRA===\n") start = timer() out, err = common.runCommand(["hydra", "-P", "/root/SecLists/Discovery/SNMP/common-snmp-community-strings.txt", "-v", ip, "-f", "snmp"]) end = timer() fileHandle.write("%s seconds to complete.\n"%(end-start)) fileHandle.write("===STD OUT===\n") fileHandle.write(out) fileHandle.write("\n===STD ERR===\n") fileHandle.write(err) PW_REG = "password: [\S]*" res = re.findall(PW_REG, out) if res: for pw in res: return pw.split(" ")[1]
def nmap_nse_scan(ip, fileHandle): """NSE Scan a host with smtp nmap options: --script: Run nmap scripts """ #nmap NSE fileHandle.write("===nmap NSE===\n") start = timer() out, err = common.runCommand([ "nmap", "-v", "-sV", "-p %s" % common, SMTP_PORT, "--script", "*smtp*.nse", ip ]) end = timer() fileHandle.write("%s seconds to complete.\n" % (end - start)) fileHandle.write("===STD OUT===\n") fileHandle.write(out) fileHandle.write("\n===STD ERR===\n") fileHandle.write(err)
def onesixtyone_scan(ip, fileHandle): tmp = open("/tmp/target.txt", 'w') tmp.write("%s\n"%ip); tmp.close(); #onesixtyone fileHandle.write("===onesixtyone===\n") start = timer() out, err = common.runCommand([ONE_SIXTY_ONE_LOC, "-c", "/root/SecLists/Discovery/SNMP/common-snmp-community-strings.txt", "-i", "/tmp/target.txt"]) end = timer() fileHandle.write("%s seconds to complete.\n"%(end-start)) fileHandle.write("===STD OUT===\n") fileHandle.write(out) fileHandle.write("\n===STD ERR===\n") fileHandle.write(err) PW_REG = "\[.*\]" for pw in re.findall(PW_REG, out): return pw