コード例 #1
0
ファイル: smbScanner.py プロジェクト: saularraffi/Net-Enum
    def __init__(self, target, port=139):

        # consider implementing multiple port numbers (ex. 139,445)

        self.target = target
        self.port = port
        self.nmap = Nmap(self.target, str(self.port))
コード例 #2
0
def initialNmapScan(ip, ports='1-1024'):
    nmap = Nmap(ip, ports)
    serviceScan = nmap.tcpVersionScan()
    openPorts = {'tcp': nmap.getOpenTcpPorts()}
    os = nmap.getOs()

    services = {}
    ports = []

    for port in openPorts['tcp']:
        ports.append(port)
        serviceName = serviceScan[port]['name']
        serviceProduct = serviceScan[port]['product']
        serviceVersion = serviceScan[port]['version']
        state = serviceScan[port]['state']

        services[port] = {
            'name': serviceName,
            'product': serviceProduct,
            'version': serviceVersion,
            'state': state
        }

    scanResults = {'ports': ports, 'services': services, 'os': os}
    return scanResults
コード例 #3
0
class FtpScanner:
    def __init__(self, target, port=21):
        self.target = target
        self.port = port
        self.nmap = Nmap(target, str(self.port))

    def nmapScripts(self,
                    scriptList=[
                        'ftp-anon.nse', 'ftp-syst.nse', 'tftp-enum.nse'
                    ]):
        print(self.nmap.scripts(self.port, scriptList))
        return self.nmap.scripts(self.port, scriptList)

    def checkAnonymousLogin(self):
        scanResult = self.nmap.customCommand('--script=ftp-anon.nse -p ' +
                                             str(self.port))
        return scanResult['scan'][self.target]['tcp'][
            self.port]['script']['ftp-anon']

    def getFiles(self, username='******', password=''):
        ftp = FTP(self.target)

        try:
            ftp.login(user=username, passwd=password)
            print('Login successful')
            files = ftp.nlst()

            for file in files:
                print(file)
        except:
            print('Login failed')

    def getBanner(self):
        try:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.connect((self.target, self.port))
            response = s.recv(1024)
            s.close()
            return response

        except:
            print(
                colored('\n[-] Nework error with grabbing FTP banner\n',
                        'red'))
            return None
コード例 #4
0
class SmtpScanner():
    def __init__(self, target, port=25):
        self.target = target
        self.port = port
        self.nmap = Nmap(target, str(self.port))

    def nmapScripts(self,
                    scriptList=['smtp-enum-users.nse', 'smtp-brute.nse']):
        return self.nmap.scripts(self.port, scriptList)

    def userVrfyBruteForce(
            self, wordlist='/usr/share/wordlists/metasploit/unix_users.txt'):
        try:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.connect((self.target, self.port))
            s.recv(1024)

            validUsers = []

            userWordlist = open(wordlist, 'r')

            counter = 0

            for user in userWordlist:
                s.send('VRFY ' + user.strip() + '\n')
                response = s.recv(1024)

                if response.split(' ')[0] != '550':
                    validUsers.append(user)

                counter = counter + 1
                if counter % 20 == 0:
                    s.close()
                    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                    s.connect((self.target, self.port))
                    s.recv(1024)

            s.close()

            return validUsers

        except:
            print(
                colored('\n[-] Network error connecting to SMTP server\n',
                        'red'))
            return None

    def getBanner(self):
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.connect((self.target, self.port))
        response = s.recv(1024)
        s.close()
        return response
コード例 #5
0
ファイル: mysqlScanner.py プロジェクト: saularraffi/Net-Enum
class MysqlScanner():
    def __init__(self, target, port=3306):
        self.target = target
        self.port = port
        self.nmap = Nmap(target, str(self.port))

    def nmapScripts(self,
                    scriptList=[
                        'mysql-audit.nse', 'mysql-databases.nse',
                        'mysql-dump-hashes.nse', 'mysql-empty-password.nse',
                        'mysql-enum.nse', 'mysql-info.nse', 'mysql-query.nse',
                        'mysql-users.nse', 'mysql-variables.nse'
                    ]):
        return self.nmap.scripts(self.port, scriptList)
コード例 #6
0
class MysqlScanner():
    def __init__(self, target, port=3306):
        self.target = target
        self.port = port
        self.nmap = Nmap(target, str(self.port))

    def nmapScripts(self,
                    scriptList=[
                        'mysql-audit.nse', 'mysql-databases.nse',
                        'mysql-dump-hashes.nse', 'mysql-empty-password.nse',
                        'mysql-enum.nse', 'mysql-info.nse', 'mysql-query.nse',
                        'mysql-users.nse', 'mysql-variables.nse'
                    ]):
        return self.nmap.scripts(self.port, scriptList)

    def getBanner(self):
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.connect((self.target, self.port))
        response = s.recv(1024)
        s.close()
        return response

    def runCommand(self, username='', password='', command=''):
        if command[-1:] != ';':
            command = command + ';'

        if password == '':
            cmd = 'mysql --user={} --host={} --execute="{}"'.format(
                username, self.target, command)
        else:
            cmd = 'mysql --user={} --password={} --host={} --execute="{}"'.format(
                username, password, self.target, command)

        result = subprocess.Popen(cmd,
                                  stdout=subprocess.PIPE,
                                  stdin=subprocess.PIPE,
                                  shell=True).communicate()
        return result[0]
コード例 #7
0
def nmapVulnScan(ip, portList):
    nmap = Nmap(ip)
    scanResults = {'vuln-scan': nmap.vulnScan(portList)}
    return scanResults
コード例 #8
0
def nmapVulnScan(ip, ports='1-1024'):
    nmap = Nmap(ip)
    scanResults = {'vuln-scan': nmap.vulnScan(ports)}
    return scanResults
コード例 #9
0
 def __init__(self, target, port=21):
     self.target = target
     self.port = port
     self.nmap = Nmap(target, str(self.port))
コード例 #10
0
ファイル: main.py プロジェクト: saularraffi/Net-Enum
                    '--target',
                    type=str,
                    help='specify the target IP address',
                    required=True)
parser.add_argument('-p', '--ports', type=str, help='specify port range')

args = parser.parse_args()
target = args.target
portRange = args.ports if args.ports != None else '1-1024'

print('Target: ' + target)
print('Ports: ' + portRange)

# ============================== setup nmap ==============================

nmap = Nmap(target, portRange)

services = nmap.tcpVersionScan()

# ============================== service scan ==============================

printHeader('Service Scan')

httpPorts = []

print('  Port       State    Service, Product, Version')
print('  ------------------------------------')

for port in nmap.getOpenTcpPorts():
    serviceName = services[port]['name']
    serviceProduct = services[port]['product']
コード例 #11
0
ファイル: smbScanner.py プロジェクト: saularraffi/Net-Enum
class SmbScanner():
    def __init__(self, target, port=139):

        # consider implementing multiple port numbers (ex. 139,445)

        self.target = target
        self.port = port
        self.nmap = Nmap(self.target, str(self.port))

    def nmapScripts(self, scriptList=['smb-enum-users']):
        return self.nmap.scripts(self.port, scriptList)

    def checkAnonymousLogin(self):
        smbConnect = SMBConnection('', '', '', '', use_ntlm_v2=True)
        return smbConnect.connect(str(self.target), self.port)

    def listShares(self, username='', password=''):
        smbConnect = SMBConnection(username,
                                   password,
                                   '',
                                   '',
                                   use_ntlm_v2=True)
        smbConnect.connect(str(self.target), self.port)
        shareObjs = smbConnect.listShares()
        shares = {}

        for share in shareObjs:
            if self.listFiles(share.name):
                shares[share.name] = True
            else:
                shares[share.name] = False

        return shares

    def listFiles(self, share, username='', password=''):
        try:
            smbConnect = SMBConnection(username,
                                       password,
                                       '',
                                       '',
                                       use_ntlm_v2=True)
            smbConnect.connect(str(self.target), self.port)
            sharedFiles = smbConnect.listPath(share, '/')

            files = {}

            for file in sharedFiles:
                if file.isDirectory:
                    files[str(file.filename)] = 'd'
                else:
                    files[str(file.filename)] = 'f'

            files.pop('.', None)
            files.pop('..', None)

            return {share: files}

        except:
            print(
                colored(
                    '\n[-] Network error connecting to SMB share: {}\n'.format(
                        share), 'red'))
            return None

    def mountShare(self, share, username='', password='', smbVers='1.0'):
        if username == '' and password == '':
            if not os.path.isdir('mounts/smb'):
                os.system('mkdir mounts/smb')

            if os.path.isdir('mounts/smb/{}'.format(share)):
                os.system('umount -l mounts/smb/{}'.format(share))
            else:
                os.system('mkdir mounts/smb/{}'.format(share))

            mountCommand = 'mount -t cifs //{}/{}/ mounts/smb/{} -o guest,vers={}'.format(
                self.target, share, share, smbVers)
            os.system(mountCommand)

        else:
            print(
                colored(
                    '\n[-] Cannot mount SMB share ({}), anonymous login not permitted\n'
                    .format(share), 'red'))

    def unmountShare(self, share):
        if os.path.isdir('mounts/smb/{}'.format(share)):
            os.system('umount -l mounts/smb/{}'.format(share))