def parseNMap(file=None, string=None): try: if file: report = NmapParser.parse_fromfile(file) if string: report = NmapParser.parse_fromstring(string) except: exit("Invalid Nmap xml!") systems = [] for h in report.hosts: system = {'mac':h.mac, 'ip':h.address, 'status':h.status, 'hostnames': h.hostnames, 'vendor':h.vendor, 'distance':h.distance} cpeList = [] for c in h.os_match_probabilities(): for x in c.get_cpe(): cpeList.append(x) cpeList=list(set(cpeList)) if len(cpeList)>0: system['osDetect']=cpeList services = [] for s in h.services: service={'port':s.port, 'banner':s.banner, 'protocol':s.protocol, 'name':s.service, 'state':s.state, 'reason':s.reason} if s.cpelist: service['cpe'] = s.cpelist[0].cpestring services.append(service) system['services']=services systems.append(system) return systems
def _parseNMap(self, data): try: report = NmapParser.parse_fromstring(data) except Exception as e: print(e) raise(Exception) systems = [] for h in report.hosts: system = {'mac':h.mac, 'ip':h.address, 'status':h.status, 'hostnames': h.hostnames, 'vendor':h.vendor, 'distance':h.distance} cpeList = [] for c in h.os_match_probabilities(): for x in c.get_cpe(): cpeList.append(x) cpeList=list(set(cpeList)) if len(cpeList)>0: system['cpes']=cpeList services = [] for s in h.services: service={'port':s.port, 'banner':s.banner, 'protocol':s.protocol, 'name':s.service, 'state':s.state, 'reason':s.reason} if s.cpelist: service['cpe'] = s.cpelist[0].cpestring services.append(service) system['services']=services systems.append(system) scan={"systems":systems, "scan": {"time": report.endtime, "type": report._nmaprun["args"]}} return scan
def get_report_from_async_result(cls, task_id): """This classmethod gets a NmapReport object by the task_id. The NmapReport is constructed on demand from the AsyncResult object. This can only produce a valid result if the Celery Task is finished already. Args: cls (cls): The class itself (not an instance) task_id (str): task_id Note: This currently is a Sub-Class of NmapReport. Maybe this can be done more transparently (what's with super?). TODO Returns: NmapReport object """ try: _resultdict = celery_pipe.AsyncResult(task_id).result _resultxml = _resultdict['report'] _report = NmapParser.parse_fromstring(_resultxml) return _report except NmapParserException as e: print e return None
def save_report(cls, task_id=None): """This method stores a new NmapReportMeta to db Call this method right after the Celery Task is finished. It will * get a NmapTask object (by the task_id) from db * get the task result and create NmapReport object from result string * save that NmapReport to * update the NmapTask completed (+ c_status) field in the db to 1 * save the newly create NmapReportMeta object to db Args: task_id (str): The task_id as a string (e.g faef323-afec3-a...) Returns: NmapReportMeta Raises: MultipleObjectsReturned - if task_id is not unique (should never be the case) DoesNotExist - if task_id does not have a corresponding NmapTask in db TODO: or is it ObjectDoesNotExist Examples: """ _nmap_task = NmapTask.objects.get(task_id=task_id) _status = NmapTask.get_tasks_status_as_dict(task_id=task_id)[0]['status'] _result = str(_nmap_task.get_task_result()) try: _nmap_report = NmapParser.parse_fromstring(_result) if isinstance(_nmap_report, NmapReport): print("Debug: NmapReport:") print(_nmap_report) else: print("Error: Did not produce a valid NmapReport!") except Exception as err: print("Parse Report - Something went wrong: " + str(err)) _nmap_task.completed = 1 _nmap_task.completed_status = _status _nmap_task.save() report_meta = NmapReportMeta(task_id=_nmap_task.task_id, task_comment=_nmap_task.comment, task_created=_nmap_task.created, report_stored=1, report=_result, user=User.objects.get(id=_nmap_task.user_id), org_unit=OrgUnit.objects.get(id=_nmap_task.org_unit_id)) report_meta.save() """ # call Address.discover which discovers and stores addresses r = Address.discover_from_report(report_id=_id) """ return report_meta
def parse_nmap_results(joblog=None, results=None): """ Post-processor for parsing out nmap results in xml format. """ from scanner.models import ScanResult log = logging.getLogger(__name__) log.debug("Called {}".format(__name__)) if results is None and joblog is None: log.error("No results or joblog passed.") return False elif results is None: results = joblog.stdout try: report = NmapParser.parse_fromstring(results) except NmapParserException as e: log.error("Invalid nmap xml passed. JobLog ID: {}. {}".format( str(joblog.id), e)) return False start_time = datetime.fromtimestamp(report.started) end_time = datetime.fromtimestamp(report.endtime) joblog.start_time = start_time joblog.end_time = end_time joblog.save() for host in report.hosts: host_data = {} host_data.update({ "ip": host.address, "mac": host.mac, "hostname": host.hostnames, "joblog": joblog, "scan": joblog.job.scan, "start_time": start_time, "end_time": end_time }) if host.os_fingerprinted: host_data.update({"os": host.os}) all_results = [] for service in host.services: if service.state != "filtered": result = ScanResult(**host_data) for field in [ f.name for f in ScanResult._meta.get_fields() if f.name != "id" ]: if hasattr(service, field): setattr(result, field, getattr(service, field)) all_results.append(result) ScanResult.objects.bulk_create(all_results) return True
def get_nmap_report_by_task_id(cls, nmap_task_id, user_obj=None): if user_obj: orgunits = user_obj.orgunit_set.all() queryset = NmapReportMeta.objects.filter(org_unit__in=orgunits) else: queryset = NmapReportMeta.objects.all() _nrm = queryset.get(task_id=nmap_task_id) return NmapParser.parse_fromstring(str(_nrm.report))
def get_report(cls, task_id): _report = None if isinstance(task_id, str) or isinstance(task_id, unicode): try: _resultdict = celery_pipe.AsyncResult(task_id).result _resultxml = _resultdict['report'] _report = NmapParser.parse_fromstring(_resultxml) except NmapParserException: pass return _report
def nmap_smb_vulnscan(): """ Scans available smb services in the database for smb signing and ms17-010. """ service_search = ServiceSearch() services = service_search.get_services(ports=['445'], tags=['!smb_vulnscan'], up=True) services = [service for service in services] service_dict = {} for service in services: service.add_tag('smb_vulnscan') service_dict[str(service.address)] = service nmap_args = "-Pn -n --disable-arp-ping --script smb-security-mode.nse,smb-vuln-ms17-010.nse -p 445".split( " ") if services: result = nmap(nmap_args, [str(s.address) for s in services]) parser = NmapParser() report = parser.parse_fromstring(result) smb_signing = 0 ms17 = 0 for nmap_host in report.hosts: for script_result in nmap_host.scripts_results: script_result = script_result.get('elements', {}) service = service_dict[str(nmap_host.address)] if script_result.get('message_signing', '') == 'disabled': print_success("({}) SMB Signing disabled".format( nmap_host.address)) service.add_tag('smb_signing_disabled') smb_signing += 1 if script_result.get('CVE-2017-0143', {}).get('state', '') == 'VULNERABLE': print_success("({}) Vulnerable for MS17-010".format( nmap_host.address)) service.add_tag('MS17-010') ms17 += 1 service.update(tags=service.tags) print_notification( "Completed, 'smb_signing_disabled' tag added to systems with smb signing disabled, 'MS17-010' tag added to systems that did not apply MS17-010." ) stats = { 'smb_signing': smb_signing, 'MS17_010': ms17, 'scanned_services': len(services) } Logger().log( 'smb_vulnscan', 'Scanned {} smb services for vulnerabilities'.format( len(services)), stats) else: print_notification("No services found to scan.")
def import_nmap(result, tag, check_function=all_hosts, import_services=False): """ Imports the given nmap result. """ host_search = HostSearch(arguments=False) service_search = ServiceSearch() parser = NmapParser() report = parser.parse_fromstring(result) imported_hosts = 0 imported_services = 0 for nmap_host in report.hosts: if check_function(nmap_host): imported_hosts += 1 host = host_search.id_to_object(nmap_host.address) host.status = nmap_host.status host.add_tag(tag) if nmap_host.os_fingerprinted: host.os = nmap_host.os_fingerprint if nmap_host.hostnames: host.hostname.extend(nmap_host.hostnames) if import_services: for service in nmap_host.services: imported_services += 1 serv = Service(**service.get_dict()) serv.address = nmap_host.address service_id = service_search.object_to_id(serv) if service_id: # Existing object, save the banner and script results. serv_old = Service.get(service_id) if service.banner: serv_old.banner = service.banner # TODO implement # if service.script_results: # serv_old.script_results.extend(service.script_results) serv_old.save() else: # New object serv.address = nmap_host.address serv.save() if service.state == 'open': host.open_ports.append(service.port) if service.state == 'closed': host.closed_ports.append(service.port) if service.state == 'filtered': host.filtered_ports.append(service.port) host.save() if imported_hosts: print_success("Imported {} hosts, with tag {}".format( imported_hosts, tag)) else: print_error("No hosts found") return {'hosts': imported_hosts, 'services': imported_services}
def parse(datastring): NmapParser.parse_fromstring(datastring) retval = [] portcount = 0 rep = NmapParser.parse_fromfile('Linux_int.xml') for _host in rep.hosts: host = ', '.join(_host.hostnames) ip = (_host.address) # print the "_host.os_fingerprinted" host_string = ip for osmatch in _host.os.osmatches: os = osmatch.name accuracy = osmatch.accuracy # print "os.splitlines()[0:1]" for services in _host.services: portcount = portcount + 1 print services.port, services.protocol, services.state, services.service server_address = (host_string, services.port) return (ip, os, portcount)
def do_scan(ip,argm): try: nmap_report = None nm = NmapProcess(ip, options=argm) rc = nm.run() if nm.rc == 0: nmap_result=nm.stdout nmap_report = NmapParser.parse_fromstring(nmap_result) else: logger.error(nm.stderr) except Exception as e: logger.error(e.message) return nmap_report
def launch(self, arguments=''): """ launches nmap scan :return: nmap report as object type NmapObject """ nm = nmap.PortScanner() self.config() #get ip and ports for scan if arguments == '': nm.scan(self.external_address, self.target_ports) else: nm.scan(self.external_address, self.target_ports, arguments=arguments) print(nm.command_line()) result = nm.get_nmap_last_output() nm_report = NmapParser.parse_fromstring(result) self.write_result(nm_report) return result
def scan(targets,options='-O -sV'): ''' 执行扫描 :param targets:扫描的目标,可以是List集合对象也,可以是以逗号分隔的目标集合。如"baidu.com" ,["baidu.com","qq.com"] ,"baidu.com,qq.com" :param options:扫描参数,同namp一致。 :return:成功返回扫描结果Dict对象,否则返回None ''' try: nmapProcess=NmapProcess(targets=targets,options=options) nmapProcess.run() results = NmapParser.parse_fromstring(nmapProcess.stdout) jsonData = json.loads(json.dumps(results, cls=ReportEncoder)) return jsonData except Exception as e: logging.error("Nmap scan error:{}".format(e)) return None
def analyse_nmap_xml_scan(self, nmap_xml_output=None, nmap_err='', nmap_err_keep_trace='', nmap_warn_keep_trace=''): try: report = NmapParser.parse_fromstring(nmap_xml_output) report.__dict__['errors'] = nmap_err_keep_trace report.__dict__['warnings'] = nmap_warn_keep_trace return report except Exception: if len(nmap_err) > 0: raise NmapError(nmap_err) else: raise NmapError(nmap_xml_output)
def save_report_from_import(cls, xml_str=None, comment=None, user=None, org_unit=None): """This method stores a new NmapReportMeta to db Args: xml_str (str): comment (str): user (User obj): org_unit (OrgUnit obj(: Returns: NmapReportMeta """ fake_task_id = uuid.uuid4() try: _nmap_report = NmapParser.parse_fromstring(xml_str) if isinstance(_nmap_report, NmapReport): #print("Debug: NmapReport:") #print(_nmap_report) pass else: print("Error: Did not produce a valid NmapReport!") raise Exception( "Parse Report - Did not produce a valid NmapReport!") except Exception as err: raise Exception( "Parse Report - Something went wrong: {0}".format(err)) report_meta = NmapReportMeta(task_id=fake_task_id, task_comment=comment, task_created=timezone.now(), report_stored=1, report=xml_str, user=user, org_unit=org_unit) report_meta.save() return report_meta
def callback_success(results): parser_result = NmapParser.parse_fromstring(results[0].get('result')) for host in parser_result.hosts: services = [] for service in host.services: if service.state == 'open': services.append({ 'host_ip': host.address, 'port': service.port, 'protocol': service.protocol, 'tunnel': service.tunnel, 'name': service.service_dict.get('name'), 'cpe': ' '.join(service.service_dict.get('cpelist', [])), 'info': { 'status': service.state, 'banner': service.banner, 'fingerprint': service.servicefp[:500], 'product': service.service_dict.get('product'), 'version': service.service_dict.get('version'), 'extra': service.service_dict.get('extrainfo'), } }) try: os_match = host.os_match_probabilities()[0] except Exception as e: os_match = None with db.auto_commit(): item = Host.get_item_by_ip(host.address) if item: item.update( service_count=len(services), cpe=' '.join(os_match.get_cpe()) if os_match else '', info={ 'status': host.status, 'hostname': ' '.join(host.hostnames), 'system': os_match.name if os_match else '', 'mac': host.mac, 'accuracy': os_match.accuracy if os_match else 0, 'fingerprint': host.os_fingerprint[:500] }, services=services)
def os_discovery(): """ Performs os (and domain) discovery of smb hosts. """ hs = HostSearch() hosts = hs.get_hosts(ports=[445], tags=['!nmap_os']) # TODO fix filter for emtpy fields. hosts = [host for host in hosts if not host.os] host_dict = {} for host in hosts: host_dict[str(host.address)] = host arguments = "--script smb-os-discovery.nse -p 445 -Pn -n --disable-arp-ping".split( ' ') if len(hosts): count = 0 print_notification("Checking OS of {} systems".format(len(hosts))) result = nmap(arguments, [str(h.address) for h in hosts]) parser = NmapParser() report = parser.parse_fromstring(result) for nmap_host in report.hosts: for script_result in nmap_host.scripts_results: script_result = script_result.get('elements', {}) host = host_dict[str(nmap_host.address)] if 'fqdn' in script_result: host.hostname.append(script_result['fqdn']) if 'os' in script_result: count += 1 host.os = script_result['os'] host_dict[str(nmap_host.address)] = host for host in hosts: host.add_tag('nmap_os') host.save() print_notification("Done, found the os of {} systems".format(count)) else: print_notification("No systems found to be checked.")
def save_report_from_import(cls, xml_str=None, comment=None, user=None, org_unit=None): """This method stores a new NmapReportMeta to db Args: xml_str (str): comment (str): user (User obj): org_unit (OrgUnit obj(: Returns: NmapReportMeta """ fake_task_id = uuid.uuid4() try: _nmap_report = NmapParser.parse_fromstring(xml_str) if isinstance(_nmap_report, NmapReport): #print("Debug: NmapReport:") #print(_nmap_report) pass else: print("Error: Did not produce a valid NmapReport!") raise Exception("Parse Report - Did not produce a valid NmapReport!") except Exception as err: raise Exception("Parse Report - Something went wrong: {0}".format(err)) report_meta = NmapReportMeta(task_id=fake_task_id, task_comment=comment, task_created=timezone.now(), report_stored=1, report=xml_str, user=user, org_unit=org_unit) report_meta.save() return report_meta
def run(self): nm = NmapProcess(targets=str(self.artifact['name']), options='-sT -sV -Pn -T5 -p21,22,23,25,80,6667,1337') nm.run() if nm.is_successful(): report = NmapParser.parse_fromstring(nm.stdout) for host in report.hosts: if host.is_up(): results = { 'ports': host.get_open_ports(), 'services': [] } for service in host.services: if service.state == 'open': serv = { 'banner': service.banner, 'protocol': service.protocol, 'service': service.service, 'port': service.port} results['services'].append(serv) if self.artifact['subtype'] == 'ipv4': results['hostnames'] = host.hostnames for h in host.hostnames: self.artifact['children'].append({ 'name': h, 'type': 'host', 'subtype': 'fqdn', 'source': 'Nmap' }) elif self.artifact['subtype'] == 'fqdn': results['ipv4'] = host.address self.artifact['children'].append({ 'name': host.address, 'type': 'host', 'subtype': 'ipv4', 'source': 'Nmap' }) self.artifact['data']['nmap'] = results else: warning('Nmap scanner failed - no results')
def nmap_report(report_id): _report = None if report_id is not None: try: _resultdict = celery_pipe.AsyncResult(report_id).result _resultxml = _resultdict['report'] _resultxml = _resultxml.encode('ascii', 'ignore') _report = NmapParser.parse_fromstring(_resultxml) except NmapParserException: pass _nmap_report = '' _nmap_report += 'Starting Nmap {0} ( http://nmap.org ) at {1}\n'.format(_report.version, _report.started) for host in _report.hosts: if len(host.hostnames): tmp_host = host.hostnames.pop() else: tmp_host = host.address _nmap_report += 'Nmap scan report for {0} ({1})\n'.format(tmp_host, host.address) _nmap_report += 'Host is {0}.\n'.format(host.status) _nmap_report += ' PORT STATE SERVICE\n' for serv in host.services: pserv = '{0:>5s}/{1:3s} {2:12s} {3}'.format( str(serv.port), serv.protocol, serv.state, serv.service) if len(serv.banner): pserv += ' ({0})\n'.format(serv.banner) else: pserv += '\n' _nmap_report += pserv for script_out in host.scripts_results: _nmap_report += "Output of {0}: {1}\n".format(script_out['id'], script_out['output']) _nmap_report += 'Fingerprints: ' + '{0}\n'.format(host.os).replace('Fingerprints:', '') _nmap_report += 'Uptime: {0}\n'.format(host.uptime) response_content = { 'data': _nmap_report } return jsonify(response_content)
def get_all_reports(cls, tasks=None): taskList = [] try: if tasks is not None: for a in tasks: a = str(a) if isinstance(a, str) or isinstance(a, unicode): try: _resultdict = celery_pipe.AsyncResult(a).result _resultxml = _resultdict['report'] _reportA = NmapParser.parse_fromstring(_resultxml) taskList.append(_reportA) except NmapParserException: pass except NmapParserException: pass print taskList print "Printed reports" return taskList
def scan_background(targets,options='-O -sV'): ''' 后台执行扫描,带进度输出 :param targets:扫描的目标,可以是List集合对象也,可以是以逗号分隔的目标集合。如"baidu.com" ,["baidu.com","qq.com"] ,"baidu.com,qq.com" :param options:扫描参数,同namp一致。 :return:成功返回扫描结果Dict对象,否则返回None ''' try: nmapProcess=NmapProcess(targets=targets,options=options) nmapProcess.run_background() while nmapProcess.is_running(): print("[*]Nmap Scan running: ETC: {0} DONE: {1}%".format(nmapProcess.etc,nmapProcess.progress)) sleep(1) results=NmapParser.parse_fromstring(nmapProcess.stdout) jsonData=json.loads(json.dumps(results,cls=ReportEncoder)) return jsonData except Exception as e: logging.error("Nmap scan error:{}".format(e)) return None
def inventory(self): inventory = {} inventory["hosts"] = {} inventory["portmap"] = {} #prepare alldata = self.get_all_xml() for i in alldata: try: nmap_report = NmapParser.parse_fromstring(str(i['data'])) #print json.dumps(nmap_report, cls=ReportEncoder, indent=4) if nmap_report: for nmap_host in nmap_report.hosts: self.process_host(inventory, nmap_host, i['id']) except: print "ERROR: processing failed" raise self.inventory_postprocess(inventory) return inventory
def parse_port_from_nmap_lcx(path): with open(path) as fp: return [h for x in fp.read().split('<!-- Split By Infinite bGN4 -->') for h in NmapParser.parse_fromstring(x.strip()).hosts]
def save_report(cls, task_id=None): """This method stores a new NmapReportMeta to db Call this method right after the Celery Task is finished. It will * get a NmapTask object (by the task_id) from db * get the task result and create NmapReport object from result string * save that NmapReport to * update the NmapTask completed (+ c_status) field in the db to 1 * save the newly create NmapReportMeta object to db Args: task_id (str): The task_id as a string (e.g faef323-afec3-a...) Returns: NmapReportMeta Raises: MultipleObjectsReturned - if task_id is not unique (should never be the case) DoesNotExist - if task_id does not have a corresponding NmapTask in db TODO: or is it ObjectDoesNotExist Examples: """ _nmap_task = NmapTask.objects.get(task_id=task_id) _status = NmapTask.get_tasks_status_as_dict( task_id=task_id)[0]['status'] _result = str(_nmap_task.get_task_result()) try: _nmap_report = NmapParser.parse_fromstring(_result) if isinstance(_nmap_report, NmapReport): print("Debug: NmapReport:") print(_nmap_report) else: print("Error: Did not produce a valid NmapReport!") except Exception as err: print("Parse Report - Something went wrong: " + str(err)) _nmap_task.completed = 1 _nmap_task.completed_status = _status _nmap_task.save() report_meta = NmapReportMeta( task_id=_nmap_task.task_id, task_comment=_nmap_task.comment, task_created=_nmap_task.created, report_stored=1, report=_result, user=User.objects.get(id=_nmap_task.user_id), org_unit=OrgUnit.objects.get(id=_nmap_task.org_unit_id)) report_meta.save() """ # call Address.discover which discovers and stores addresses r = Address.discover_from_report(report_id=_id) """ return report_meta
def parse(data): try: return NmapParser.parse_fromstring(data, incomplete=True) except: return NmapParser.parse_fromstring(data)
def _nmap_results_parser(in_results: str) -> List[SecurityResult]: nmap_report = NmapParser.parse_fromstring(in_results) PLUGINS_VULN_CATEGORY = [ "afp-path-vuln", "broadcast-avahi-dos", "clamav-exec", "distcc-cve2004-2687", "dns-update", "firewall-bypass", "ftp-libopie", "ftp-proftpd-backdoor", "ftp-vsftpd-backdoor", "ftp-vuln-cve2010-4221", "http-adobe-coldfusion-apsa1301", "http-aspnet-debug", "http-avaya-ipoffice-users", "http-awstatstotals-exec", "http-axis2-dir-traversal", "http-cookie-flags", "http-cross-domain-policy", "http-csrf", "http-dlink-backdoor", "http-dombased-xss", "http-enum", "http-fileupload-exploiter", "http-frontpage-login", "http-git", "http-huawei-hg5xx-vuln", "http-iis-webdav-vuln", "http-internal-ip-disclosure", "http-litespeed-sourcecode-download", "http-majordomo2-dir-traversal", "http-method-tamper", "http-passwd", "http-phpmyadmin-dir-traversal", "http-phpself-xss", "http-shellshock", "http-slowloris-check", "http-sql-injection", "http-stored-xss", "http-tplink-dir-traversal", "http-trace", "http-vmware-path-vuln", "http-vuln-cve2006-3392", "http-vuln-cve2010-0738", "http-vuln-cve2010-2861", "http-vuln-cve2011-3192", "http-vuln-cve2011-3368", "http-vuln-cve2012-1823", "http-vuln-cve2013-0156", "http-vuln-cve2013-6786", "http-vuln-cve2013-7091", "http-vuln-cve2014-2126", "http-vuln-cve2014-2127", "http-vuln-cve2014-2128", "http-vuln-cve2014-2129", "http-vuln-cve2014-3704", "http-vuln-cve2014-8877", "http-vuln-cve2015-1427", "http-vuln-cve2015-1635", "http-vuln-cve2017-5638", "http-vuln-misfortune-cookie", "http-vuln-wnr1000-creds", "http-wordpress-users", "ipmi-cipher-zero", "irc-botnet-channels", "irc-unrealircd-backdoor", "mysql-vuln-cve2012-2122", "netbus-auth-bypass", "qconn-exec", "rdp-vuln-ms12-020", "realvnc-auth-bypass", "rmi-vuln-classloader", "samba-vuln-cve-2012-1182", "smb-vuln-conficker", "smb-vuln-cve2009-3103", "smb-vuln-ms06-025", "smb-vuln-ms07-029", "smb-vuln-ms08-067", "smb-vuln-ms10-054", "smb-vuln-ms10-061", "smb-vuln-regsvc-dos", "smtp-vuln-cve2010-4344", "smtp-vuln-cve2011-1720", "smtp-vuln-cve2011-1764", "ssl-ccs-injection", "ssl-cert-intaddr", "ssl-dh-params", "ssl-heartbleed", "ssl-known-key", "ssl-poodle", "sslv2-drown", "supermicro-ipmi-conf", "tls-ticketbleed", "wdb-version" ] results = [] for scanned_hosts in nmap_report.hosts: for service in scanned_hosts.services: if service.scripts_results: for script in service.scripts_results: # # Determinate the level # # Search for 'vuln' category or any similar keywork if script.get("id") in PLUGINS_VULN_CATEGORY: level = "critical" else: level = "informational" results.append(SecurityResult( 'nmap', service.port, tool_plugin_name=script.get('id'), tool_version=nmap_report.version, level=level, log=script.get('output'), vulnerability_type='net', port_proto=service.protocol)) else: results.append(SecurityResult( 'nmap', service.port, tool_version=nmap_report.version, level="none", log=service.banner, vulnerability_type='net', port_proto=service.protocol)) return results
def new_scan(self): nm = NmapProcess(self.ip_range, options="-sP") rc = nm.run() return NmapParser.parse_fromstring(nm.stdout)
def test_parser_generic(self): plist = NmapParser.parse_fromstring(self.ports_string) for p in plist: print p
def ProjectNoteUpload(request, project_id): data = '' # Output scan in normal, XML, s|<rIpt kIddi3, and Grepable format, respectively, to the given filename. import_types = ['Plain Text', 'Nmap'] data_structures = ['Raw Note Data', 'Folder Structure'] #notes = Note.objects.filter(project=project_id) notes = TreeNodeChoiceField(queryset=Note.objects.filter( project=project_id)) if request.method == 'POST' and request.FILES['myfile']: myfile = request.FILES['myfile'] rawdata = myfile.read().decode('utf-8') import_type = request.POST.get('import_type') structure = request.POST.get('structure') parentid = request.POST.get('parentid') if (parentid == ''): parentid = None else: parentid = Note.objects.get(id=parentid) if (import_type == 'Plain Text' and structure == 'Raw Note Data'): data = "Importing... " + str(myfile) newnote = Note(title=str(myfile), note="<br />".join(rawdata.split("\n")), project=Project.objects.get(id=project_id), parent=parentid) newnote.save() elif (import_type == 'Nmap' and structure == 'Raw Note Data'): data = "Importing... " + str(myfile) newnote = Note(title=str(myfile), note="<pre>" + rawdata + "</pre>", project=Project.objects.get(id=project_id), parent=parentid) newnote.save() elif (import_type == 'Nmap' and structure == 'Folder Structure'): nmap_report = NmapParser.parse_fromstring(rawdata) data += "Nmap scan summary: {0}\n\n".format(nmap_report.summary) with transaction.atomic(): for host in nmap_report.hosts: data += "Importing " + host.address + "\n" note = '' if len(host.hostnames) > 0: note = "Hostnames: " + ", ".join(host.hostnames) + "\n" if host.mac != '': note += "MAC Address: " + host.mac + "\n" if host.vendor != '': note += "Vendor: " + host.vendor + "\n" if host.os_fingerprinted: note += "Operating System: " + str( host.os_match_probabilities()[0]) + "\n" if len(host.scripts_results) > 0: note += "Scripts:\n" for script in host.scripts_results: note += str(script) + "\n" note += "Serivices:\n" for service in host.services: note += str(service.port) + "/" + str( service.protocol) + " " + service.state + "\n" if len(service.scripts_results) > 0: for scripts in service.scripts_results: note += scripts['id'] + ":\n" note += str(scripts['output']) + "\n" #data += "======================\n" + note + "=======================\n" newhost = Note(project=Project.objects.get(id=project_id), title=host.address, note="<br />".join(note.split("\n")), parent=parentid) newhost.save() data += "Ports " + ', '.join( str(i[0]) + "/" + i[1] for i in host.get_ports()) + "\n\n" for service in host.services: title = str( service.port ) + "/" + service.protocol + " " + service.service note = service.banner if len(service.scripts_results) > 0: for scripts in service.scripts_results: note += scripts['id'] + ":\n" note += str(scripts['output']) + "\n" #for port in host.get_ports(): # service = host.get_service(port[0], port[1]) # title = str(port[0]) + "/" + port[1] + " " + str(service.service) + "\n" data += service.banner + "\n" newport = Note( project=Project.objects.get(id=project_id), title=title, note="<br />".join(note.split("\n")), parent=newhost) newport.save() else: data = "Unable to import:\n" + rawdata context = { 'project_id': project_id, 'import_types': import_types, 'data_structures': data_structures, 'notes': notes, 'data': data } return render(request, 'note/upload.html', context)
for nse_item in nmap_service.scripts_results: jnse = {} for skey in service_keys: jnse[skey] = getattr(nmap_service, skey) jnse['type'] = 'nse-script' jnse['service'] = nse_item['id'] jnse['service-data'] = nse_item['output'] ritems.append(jnse) return ritems def mycallback(nmaptask): nmaptask = nmap_proc.current_task #if nmaptask: #print("Task {0} ({1}): ETC: {2} DONE: {3}%".format(nmaptask.name,nmaptask.status,nmaptask.etc,nmaptask.progress)) nmap_proc = NmapProcess(targets="192.168.56.0/24", options="-n -sV -T5 -A --max-retries 1", event_callback=mycallback) nmap_proc.run() nmap_report = NmapParser.parse_fromstring(nmap_proc.stdout) if nmap_report: rep_date = datetime.fromtimestamp(int(nmap_report.started)) index = "nmap-{0}".format(rep_date.strftime('%Y-%m-%d')) db = Elasticsearch([{'host': '192.168.56.101', 'port': 9200, 'send_get_body_as':'POST' } ]) j = store_report(nmap_report, db, index)