def snmp_scans(self): print( f"[+] Performing SNMP scans for {self.target_hosts} to {self.output_directory}" ) print( f"\t[>] Performing snmpwalk on public tree for: {self.target_hosts} - Checking for System Processes" ) SCAN = ( f"snmpwalk -c public -v1 {self.target_hosts} 1.3.6.1.2.1.25.1.6.0 > '{self.output_directory}/{self.target_hosts}/systemprocesses.txt'" ) run_scan(SCAN, stderr=subprocess.STDOUT) print("[+] Completed SNMP scans for %s" % (self.target_hosts))
def nmap_scan(ip_address, output_directory, dns_server, quick, no_udp_service_scan): ip_address = ip_address.strip() print("[+] Starting quick nmap scan for %s" % (ip_address)) flags = get_config_options('nmap', 'quickscan') QUICKSCAN = f"nmap {flags} {ip_address} -oA '{output_directory}/{ip_address}.quick'" quickresults = run_scan(QUICKSCAN) write_recommendations(quickresults, ip_address, output_directory) print("[*] TCP quick scans completed for %s" % ip_address) if (quick): return if dns_server: print("[+] Starting detailed TCP%s nmap scans for " "%s using DNS Server %s" % (("" if no_udp_service_scan is True else "/UDP"), ip_address, dns_server)) print("[+] Using DNS server %s" % (dns_server)) flags = get_config_options("nmap", "tcpscan") TCPSCAN = f"nmap {flags} --dns-servers {dns_server} -oN\ '{output_directory}/{ip_address}.nmap' -oX\ '{output_directory}/{ip_address}_nmap_scan_import.xml' {ip_address}" flags = get_config_options("nmap", "dnsudpscan") UDPSCAN = f"nmap {flags} \ --dns-servers {dns_server} -oN '{output_directory}/{ip_address}U.nmap' \ -oX '{output_directory}/{ip_address}U_nmap_scan_import.xml' {ip_address}" else: print("[+] Starting detailed TCP%s nmap scans for %s" % (("" if no_udp_service_scan is True else "/UDP"), ip_address)) flags = get_config_options("nmap", "tcpscan") TCPSCAN = f"nmap {flags} -oN\ '{output_directory}/{ip_address}.nmap' -oX\ '{output_directory}/{ip_address}_nmap_scan_import.xml' {ip_address}" flags = get_config_options("nmap", "udpscan") UDPSCAN = f"nmap {flags} {ip_address} -oA '{output_directory}/{ip_address}-udp'" udpresult = "" if no_udp_service_scan is True else run_scan(UDPSCAN) tcpresults = run_scan(TCPSCAN) write_recommendations(tcpresults + udpresult, ip_address, output_directory) print("[*] TCP%s scans completed for %s" % (("" if no_udp_service_scan is True else "/UDP"), ip_address))
def snmp_scans(ip_address, output_directory): print("[+] Performing SNMP scans for %s to %s" % (ip_address, output_directory)) print(" [>] Performing snmpwalk on public tree for:" " %s - Checking for System Processes" % (ip_address)) SCAN = ("snmpwalk -c public -v1 %s " "1.3.6.1.2.1.25.1.6.0 > '%s%s-systemprocesses.txt'" % (ip_address, output_directory, ip_address)) try: run_scan(SCAN, stderr=subprocess.STDOUT) except Exception: print("[+] No Response from %s" % ip_address) except subprocess.CalledProcessError: print("[+] Subprocess failure during scan of %s" % ip_address) print("[+] Completed SNMP scans for %s" % (ip_address))
def nmap_scan(self): print(f"[+] Starting quick nmap scan for {self.target_hosts}") flags = FileHelper.get_config_options('nmap', 'quickscan') QUICKSCAN = f"nmap {flags} {self.target_hosts} -oA '{self.nmap_directory}.quick'" quickresults = run_scan(QUICKSCAN) FileHelper.write_recommendations(quickresults, self.target_hosts, self.output_directory) print(f"[*] TCP quick scans completed for {self.target_hosts}") if (self.quick): return if self.dns_server: print( f"[+] Starting detailed TCP{('' if self.no_udp_service_scan is True else '/UDP')} nmap scans for {self.target_hosts} using DNS Server {self.dns_server}" ) print("[+] Using DNS server %s" % (self.dns_server)) flags = FileHelper.get_config_options("nmap", "tcpscan") TCPSCAN = f"nmap {flags} --dns-servers {self.dns_server} -oN '{self.nmap_directory}.nmap' -oX '{self.nmap_directory}/scan_import.xml' {self.target_hosts}" flags = FileHelper.get_config_options("nmap", "dnsudpscan") UDPSCAN = f"nmap {flags} --dns-servers {self.dns_server} -oN '{self.nmap_directory}U.nmap' -oX '{self.nmap_directory}/UDP_scan_import.xml' {self.target_hosts}" else: print( f"[+] Starting detailed TCP{('' if self.no_udp_service_scan is True else '/UDP')} nmap scans for {self.target_hosts}" ) flags = FileHelper.get_config_options("nmap", "tcpscan") TCPSCAN = f"nmap {flags} -oN '{self.nmap_directory}.nmap' -oX '{self.nmap_directory}/scan_import.xml' {self.target_hosts}" flags = FileHelper.get_config_options("nmap", "udpscan") UDPSCAN = f"nmap {flags} {self.target_hosts} -oA '{self.nmap_directory}-udp'" if self.no_udp_service_scan: udpresult = "" else: udpresult = run_scan(UDPSCAN) tcpresults = run_scan(TCPSCAN) FileHelper.write_recommendations(tcpresults + udpresult, self.target_hosts, self.output_directory) print( f"[*] TCP{('' if self.no_udp_service_scan is True else '/UDP')} scans completed for {self.target_hosts}" )
def find_dns(self): FileHelper.check_directory(output_directory=self.output_directory) output_file = open(self.output_file, 'w') output_targets = open(self.output_targets, 'w') targets = FileHelper.load_targets(self.target_hosts, self.output_directory, self.quiet) FileHelper.check_file(targets) try: target_file = open(targets, 'r') print("[*] Loaded targets from: %s" % targets) except FileExistsError as err: print("[!] Unable to load: %s" % targets) raise err print("[*] Loaded targets from: %s" % targets) print("[+] Enumerating TCP port 53 over targets to find dns servers") for ip_address in target_file: self.hostcount += 1 ip_address = ip_address.strip() ip_address = ip_address.rstrip() print(" [>] Testing %s for DNS" % ip_address) DNSSCAN = "nmap -n -sV -Pn -vv -p53 %s" % (ip_address) results = run_scan(DNSSCAN) lines = results.split("\n") for line in lines: line = line.strip() line = line.rstrip() if (("53/tcp" in line) and ("open" in line) and ("Discovered" not in line)): print(" [=] Found DNS service running on: %s" % (ip_address)) output_file.write( "[*] Found DNS service running on: %s\n" % (ip_address)) output_file.write(" [>] %s\n" % (line)) output_targets.write("%s\n" % (ip_address)) self.dns_server_list.append(ip_address) self.dnscount += 1 print("[*] Found %s DNS servers within %s hosts" % (str(self.dnscount), str(self.hostcount))) output_file.close() output_targets.close() target_file.close() return '' if len(self.dns_server_list) == 0 else ','.join( self.dns_server_list)
def find_dns(target_hosts, output_directory, quiet): check_directory(output_directory) dns_server_list = [] results = 0 hostcount = 0 dnscount = 0 output_file = open(output_directory + "/DNS-Detailed.txt", 'w') output_targets = open(output_directory + "/DNS-targets.txt", 'w') targets = load_targets(target_hosts, output_directory, quiet) target_file = open(targets, 'r') print("[*] Loaded targets from: %s" % targets) print("[+] Enumerating TCP port 53 over targets to find dns servers") for ip_address in target_file: hostcount += 1 ip_address = ip_address.strip() ip_address = ip_address.rstrip() print(" [>] Testing %s for DNS" % ip_address) DNSSCAN = "nmap -n -sV -Pn -vv -p53 %s" % (ip_address) results = run_scan(DNSSCAN) lines = results.split("\n") for line in lines: line = line.strip() line = line.rstrip() if (("53/tcp" in line) and ("open" in line) and ("Discovered" not in line)): print(" [=] Found DNS service running on: %s" % (ip_address)) output_file.write("[*] Found DNS service running on: %s\n" % (ip_address)) output_file.write(" [>] %s\n" % (line)) output_targets.write("%s\n" % (ip_address)) dns_server_list.append(ip_address) dnscount += 1 print("[*] Found %s DNS servers within %s hosts" % (str(dnscount), str(hostcount))) output_file.close() output_targets.close() return '' if len(dns_server_list) == 0 else ','.join(dns_server_list)
def hostname_scan(target_hosts, output_directory, quiet): check_directory(output_directory) output_file = output_directory + "/hostnames.txt" f = open(output_file, 'w') print("[+] Writing hostnames to: %s" % output_file) hostnames = 0 SWEEP = '' if (os.path.isfile(target_hosts)): SWEEP = "nbtscan -q -f %s" % (target_hosts) else: SWEEP = "nbtscan -q %s" % (target_hosts) results = run_scan(SWEEP) lines = results.split("\n") for line in lines: line = line.strip() line = line.rstrip() # Final line is blank which causes list index issues if we don't # continue past it. if " " not in line: continue while " " in line: line = line.replace(" ", " ") ip_address = line.split(" ")[0] host = line.split(" ")[1] if (hostnames > 0): f.write('\n') print(" [>] Discovered hostname: %s (%s)" % (host, ip_address)) f.write("%s - %s" % (host, ip_address)) hostnames += 1 print("[*] Found %s hostnames." % (hostnames)) print("[*] Created hostname list %s" % (output_file)) f.close()
def call_nmap_sweep(target_hosts): SWEEP = "nmap -n -sP %s" % (target_hosts) results = run_scan(SWEEP) lines = str(results).split("\n") return lines
def call_nmap_sweep(self): SWEEP = "nmap -n -sP %s" % (self.target_hosts) results = run_scan(SWEEP) self.nmap_lines = str(results).split("\n")