def consume(self, targets):
print(targets)
nm = NmapProcess(targets, options='-v -sn')
rc = nm.run()
try:
parsed = NmapParser.parse(nm.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: %s" % (e.msg))
HOST_UP = 1
HOST_DOWN = 0
scans = Table('host_up', connection=self.dynamo)
with scans.batch_write() as batch:
for host in parsed.hosts:
# Insert into database and delete from queue
if (host.status == 'down'):
status = 0
elif (host.status == 'up'):
status = 1
else:
status = -1
batch.put_item(data={
'ip': host.address,
'status': status,
'datetime': int(time.time())
})
def getC(self,ip=None,config=None):
try:
if ip==None:
ip=self.ip
count={}
ip=ip+"/24"
ops="-open -p%s"
getops=ops%config
nm=NmapProcess(ip,options=getops)
ps=nm.run()
parsed=NmapParser.parse(nm.stdout)
for host in parsed.hosts:
count[host.address]=[host.address]
for serv in host.services:
if len(serv.cpelist)>1:
count[host.address].append(serv.service+":"+str(serv.port)+":"+serv.cpelist[0])
else:
count[host.address].append(serv.service+":"+str(serv.port))
return count
except Exception,e:
print e
return []
def celery_nmap_scan(targets, options):
"""celery_nmap_scan task"""
def status_callback(nmapscan=None):
"""status callback"""
try:
celery_nmap_scan.update_state(state="PROGRESS",
meta={"progress": nmapscan.progress,
"ready": 0,
"etc": nmapscan.etc})
except Exception as e:
print("status_callback error: " + str(e))
# scan is not yet finished (or even started).
# But I need to do this before the NmapProcess is started because
# otherwise other tasks might be queued in front of this!
_nmap_task_id = celery_nmap_scan.request.id
store_nmap_report_meta.apply_async(kwargs={'nmap_task_id': str(_nmap_task_id)})
print("tasks.py: Targets and Options")
print(targets)
print(options)
nm = NmapProcess(targets, options, event_callback=status_callback)
rc = nm.sudo_run()
if rc == 0 and nm.stdout:
r = nm.stdout
else:
r = None
return r
def _process(self, session):
nmproc = NmapProcess("10.0.0.1", "-sT")
parsed = None
rc = nmproc.run()
if rc != 0:
logging.critical("NMAP Scan failed: {0}".format(nmproc.stderr))
try:
parsed = NmapParser.parse(nmproc.stdout)
except NmapParserException as e:
logging.critical("NMAP Parse failed: {0}".format(e.msg))
if parsed is not None:
for host in parsed.hosts:
if len(host.hostnames):
tmp_host = host.hostnames.pop()
else:
tmp_host = host.address
print("Nmap scan report for {0} ({1})".format(tmp_host, host.address))
print("Host is {0}.".format(host.status))
print(" PORT STATE SERVICE")
for serv in host.services:
pserv = "{0:>5s}/{1:3s} {2:12s} {3}".format(
str(serv.port), serv.protocol, serv.state, serv.service
)
if len(serv.banner):
pserv += " ({0})".format(serv.banner)
print(pserv)
def nmap_os_services_scan(self, target, portlist=None, version_intense = 0):
'''
Runs
Arguments:
- ``target``: IP or the range of IPs that need to be tested
- ``portlist``: list of ports, range of ports that need to be tested. They can either be comma separated or separated by hyphen
example: 121,161,240 or 1-100
- ``version_intense``: Version intensity of OS detection
Examples:
| nmap os services scan | target | portlist | version_intense |
'''
target = str(target)
if portlist:
nmap_proc_cmd = "-Pn -sV --version-intensity {0} -p {1}".format(portlist, version_intense)
else:
nmap_proc_cmd = "-Pn -sV --version-intensity {0}".format(portlist)
nmproc = NmapProcess(target, nmap_proc_cmd)
rc = nmproc.run()
if rc != 0:
raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr))
try:
parsed = NmapParser.parse(nmproc.stdout)
print parsed
self.results = parsed
except NmapParserException as ne:
print 'EXCEPTION: Exception in parsing results: {0}'.format(ne.msg)
def nmap_script_scan(self, target, portlist=None, version_intense="0", script_name=None):
'''
Runs nmap with the -sC arg or the --script arg if script_name is provided. Options used are: -sV --version-intensity <default:0> -sC|--script=<script_name>
Arguments:
- ``target``: IP or the range of IPs that need to be tested
- ``portlist``: list of ports, range of ports that need to be tested. They can either be comma separated or separated by hyphen
example: 121,161,240 or 1-100
- ``version_intense``: Version intensity of OS detection
- ``script_name``: Script Name that needs to be referenced
Examples:
| nmap script scan | target | portlist | version_intense | script_name |
'''
target = str(target)
if portlist and script_name:
nmap_proc_cmd = "-Pn -sV --version-intensity {0} --script={1} -p {2}".format(version_intense, script_name, portlist)
elif portlist and not script_name:
nmap_proc_cmd = "-Pn -sV --version-intensity {0} -sC -p {1}".format(version_intense, portlist)
elif script_name and not portlist:
raise Exception('EXCEPTION: If you use specific script, you have to specify a port')
else:
nmap_proc_cmd = "-Pn -sV --version-intensity {0} -sC".format(version_intense)
nmproc = NmapProcess(target, nmap_proc_cmd)
rc = nmproc.run()
if rc != 0:
raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr))
try:
parsed = NmapParser.parse(nmproc.stdout)
print parsed
self.results = parsed
except NmapParserException as ne:
print 'EXCEPTION: Exception in parsing results: {0}'.format(ne.msg)
def celery_nmap_scan(targets, options):
"""celery_nmap_scan task"""
def status_callback(nmapscan=None):
"""status callback"""
try:
current_task.update_state(state="PROGRESS",
meta={"done": nmapscan.progress,
"etc": nmapscan.etc})
except Exception as e:
print("status_callback error: " + str(e))
nm = NmapProcess(targets, options, event_callback=status_callback)
rc = nm.run()
if rc == 0 and nm.stdout:
r = nm.stdout
# scan is finished. Now call task to insert Report into persistent db
celery_nmap_store_report.delay(task_id=celery_nmap_scan.request.id)
else:
r = None
return {"rc": rc, "report": r}
def _update_info(self):
""" Scans the network for devices.
Returns boolean if scanning successful. """
if not self.success_init:
return False
_LOGGER.info("Scanning")
options = "-F --host-timeout 5"
exclude_targets = set()
if self.home_interval:
now = dt_util.now()
for host in self.last_results:
if host.last_update + self.home_interval > now:
exclude_targets.add(host)
if len(exclude_targets) > 0:
target_list = [t.ip for t in exclude_targets]
options += " --exclude {}".format(",".join(target_list))
nmap = NmapProcess(targets=self.hosts, options=options)
nmap.run()
if nmap.rc == 0:
if self._parse_results(nmap.stdout):
self.last_results.extend(exclude_targets)
else:
self.last_results = []
_LOGGER.error(nmap.stderr)
return False
def nmap_scan(hosts):
'''
Do Nmap scan
'''
# -sV is included by default in NmapProcess nmap cmd
# To add more: options = '-T4 -sU -p-'
# hosts = ['192.168.0.1', '192.168.0.2']
#nmap_args = '-T4 -sV -sS -pU:161,137,139'# -sS -sU --top-ports'
nmap_args = '-T4 -sS -sV --max-rtt-timeout 150ms --max-retries 3'
print '[*] Running: nmap {0} -iL <hostlist>'.format(nmap_args)
nmap_proc = NmapProcess(targets=hosts, options=nmap_args)
#rc = nmap_proc.sudo_run()
rc = nmap_proc.sudo_run_background()
while nmap_proc.is_running():
print("[*] Nmap progress: {1}%".format(nmap_proc.etc, nmap_proc.progress))
time.sleep(2)
xml = nmap_proc.stdout
try:
report = NmapParser.parse(nmap_proc.stdout)
except NmapParserException as e:
print 'Exception raised while parsing scan: {0}'.format(e.msg)
sys.exit()
return report
def do_scan(targets,options):
parsed = None
proc = NmapProcess(targets,options)
running = proc.run()
if running != 0:
raise Exception("Scan failed")
return NmapParser.parse(proc.stdout)
def start(self):
''' Start Discovery '''
logs = core.logs.Logger(config=self.config, proc_name="discovery.nmap")
logger = logs.getLogger()
logger = logs.clean_handlers(logger)
logger.info("Starting scan of environment")
try:
nmap = NmapProcess(self.config['discovery']['plugins']['nmap']['target'],
options=self.config['discovery']['plugins']['nmap']['flags'])
except Exception as e:
raise Exception("Failed to execute nmap process: {0}".format(e.message))
up = []
while True:
nmap.run()
nmap_report = NmapParser.parse(nmap.stdout)
for scanned_host in nmap_report.hosts:
if "up" in scanned_host.status and scanned_host.address not in up:
up.append(scanned_host.address)
logger.debug("Found new host: {0}".format(scanned_host.address))
if self.dbc.new_discovery(ip=scanned_host.address):
logger.debug("Added host {0} to discovery queue".format(
scanned_host.address))
else:
logger.debug("Failed to add host {0} to discovery queue".format(
scanned_host.address))
logger.debug("Scanned {0} hosts, {1} found up".format(
len(nmap_report.hosts), len(up)))
time.sleep(self.config['discovery']['plugins']['nmap']['interval'])
return True
def portScan():
global parsed
print"Scanning ports: %s" %ports
nm = NmapProcess(args.target, options="-sS -n -T4 -p%s" %ports)
rc = nm.run()
if rc != 0:
print("nmap scan failed: {0}".format(nm.stderr))
parsed = NmapParser.parse(nm.stdout)
def is_alive(self):
self.alive = False
nmproc = NmapProcess(str(self.ip), '-sn')
rc = nmproc.run()
if rc != 0:
self.has_error("(alive) {}".format(nmproc.stderr))
else:
nmap_report = NmapParser.parse(nmproc.stdout)
self.alive = (nmap_report.hosts[0].status == 'up')
def nmap_scan(targets, options): nm = NmapProcess(targets, options) rc = nm.run() if nm.rc == 0: return nm.stdout else: return nm.stderr
def worker(q, lock, percent, pingtype):
'''
Create Nmap processes to ping sweep each subnet then add a percentage
of the hosts that are up to the master sample list
'''
for netblock in iter(q.get, 'STOP'):
if pingtype == 'portscan':
nmap_args = '--top-ports 5 --max-rtt-timeout 150ms --max-retries 3'
elif pingtype == 'arpscan':
nmap_args = '-T4 -sn --max-rtt-timeout 150ms --max-retries 3'
else:
nmap_args = '-T4 -PE -sn --max-rtt-timeout 150ms --max-retries 3'
print '[*] nmap {0} {1}'.format(nmap_args, netblock)
nmap_proc = NmapProcess(targets=netblock, options=nmap_args)
rc = nmap_proc.run()
xml = nmap_proc.stdout
try:
report = NmapParser.parse(xml)
except NmapParserException as e:
print 'Exception raised while parsing scan: {0}'.format(e.msg)
continue
subnet_hosts_up = []
for host in report.hosts:
if host.is_up():
ip = host.address
hostname = None
if len(host.hostnames) != 0:
hostname = host.hostnames[0]
if pingtype == 'portscan':
for s in host.services:
if re.search('open|filtered', s.state):
subnet_hosts_up.append(ip)
break
else:
subnet_hosts_up.append(ip)
num_hosts = float(len(subnet_hosts_up))
random_sample_num = int(ceil(num_hosts * percent))
sample = []
for i in xrange(random_sample_num):
s = random.choice(subnet_hosts_up)
sample.append(s)
if len(sample) > 0:
print '[+] Random {0}% of live hosts in subnet {1}:'.format(percent*100, netblock)
for ip in sample:
print ' ', ip
if len(sample) > 0:
with lock:
with open('SampleIPs.txt', 'a+') as f:
for ip in sample:
f.write(ip+'\n')
def scan_host(target_host, num_tries):
nm = NmapProcess(target_host, options='-sT -Pn -T3')
cur_try = 0
while cur_try < num_tries:
logger.debug(
"Now running scan attempt #%d for host at %s."
% (cur_try + 1, target_host)
)
result = nm.run_background()
while nm.is_running():
logger.debug(
"Scan running. ETC: %s. DONE: %s."
% (nm.etc, nm.progress)
)
sleep(2)
if nm.rc != 0:
logger.warning(
"Scan #%d for host at %s failed!"
% (cur_try + 1, target_host)
)
cur_try += 1
else:
logger.debug(
"Scan for host at %s succeeded!"
% (target_host,)
)
break
if str(nm.state) != str(nm.DONE):
logger.warning(
"Scan for host at %s failed!"
% (target_host,)
)
return
else:
try:
parsed = NmapParser.parse(nm.stdout)
except NmapParserException as e:
logger.error(
"NmapParserException thrown: %s."
% (e.msg,)
)
host = parsed.hosts[0]
to_return = []
for service in host.services:
to_return.append(
"%s//%s//%s//%s"
% (
host.ipv4,
service.protocol,
str(service.port),
service.state
)
)
return to_return
def do_scan(targets, options, fqp=None):
nm = NmapProcess(targets, options, fqp=fqp)
rc = nm.run()
if rc != 0:
print "nmap scan failed: %s" % (nm.stderr)
try:
parsed = NmapParser.parse(nm.stdout)
except NmapParserException as e:
print "Exception raised while parsing scan: %s" % (e.msg)
return parsed
def do_scan(targets, options):
parsed = None
nmproc = NmapProcess(targets, options)
rc = nmproc.run()
message = ""
if rc != 0:
message = "Tarama yapılırken bir hata oluştu: {0}".format(nmproc.stderr)
try:
parsed = NmapParser.parse(nmproc.stdout)
except NmapParserException as e:
message = "Tarama sonucu parse edilirken bir hata oluştu: {0}".format(e.msg)
return {"message": message, "parsed": parsed}
def startNmap(self):
#start Nmap scan func
self.nmapScan = NmapProcess(self.scanIp,
options='-sV -T4 -A -Pn -p 22-65534')
self.rc = self.nmapScan.run()
if self.nmapScan.rc == 0:
#print self.nmapScan.stdout
return self.nmapScan.stdout
else:
print self.nmapScan.stderr
logging.info('nmap scan error' + self.scanIp)
return False
def performVersionScan(nmapInput, nmapOutput, dbOutputPath):
print(Fore.BLUE + "\n - Starting nmap scan...")
scanner = NmapProcess(
targets=nmapInput,
options=
"--script http-server-header.nse,http-devframework.nse,http-headers -sV -T4 -p80,443 -oX "
+ nmapOutput,
safe_mode=False)
scanner.run()
print(Fore.BLUE + "\n - Finished nmap scan!")
data = parseNmapOutput(nmapOutput, nmapInput)
writeToDatabase(data, dbOutputPath)
def get_hosts_from_scan(self, target, options=''):
nmap_proc = NmapProcess(targets=target, options=options)
nmap_proc.run()
nmap_report_obj = NmapParser.parse(nmap_proc.stdout)
hosts = {}
for host in nmap_report_obj.hosts:
hosts[host.address] = host.status
return hosts
def do_scan(targets, options):
nm = NmapProcess(targets, options)
rc = nm.run()
if rc != 0:
print("nmap scan failed: {0}".format(nm.stderr))
try:
parsed = NmapParser.parse(nm.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
return parsed
def do_scan(targets, options):
nm = NmapProcess(targets, options)
rc = nm.run()
if rc != 0:
print("nmap scan failed: {0}".format(nm.stderr))
try:
parsed = NmapParser.parse(nm.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
return parsed
def do_scan(targets, options, fqp=None):
nm = NmapProcess(targets, options, fqp=fqp)
rc = nm.run()
if rc != 0:
print "nmap scan failed: %s" % (nm.stderr)
try:
parsed = NmapParser.parse(nm.stdout)
except NmapParserException as e:
print "Exception raised while parsing scan: %s" % (e.msg)
return parsed
def udp_scan(ip):
nm = NmapProcess(ip, options="-sU -T4 -p 1-65535")
nm.run()
soup = BeautifulSoup(nm.stdout, "lxml")
ports_xml = soup.find('host').find('ports').find_all('port')
open_ports = []
closed_ports = []
for px in ports_xml:
if px.find('state').get('state') == 'open':
open_ports.append(int(px.get('portid')))
elif px.find('state').get('state') == 'closed':
closed_ports.append(int(px.get('portid')))
return {'open': open_ports, 'closed': closed_ports}
def __init__(self, ip, port, callback, options=None, safemode=False):
if options:
options = "-vvvvv " + options
else:
options = "-vvvvv"
# self.options = "-vv {} -p {} {}".format(self.scantype, port, ip)
self.ip = ip
self.port = port
self.callback = callback
self.nmap_proc = NmapProcess(targets=self.ip,
options=options,
event_callback=self.callback,
safe_mode=safemode)
def nmap_follow_up_scan(hosts, port):
"""
This needs to be reworked. If nmap service scan can't determine the service, i run an nmap scan without service
detection to get the default port. I should just read the IANA ports file instead and grep for the port, or maybe
even the nmap version of the IANA ports list.
:param hosts:
:param port:
:return:
"""
nm = NmapProcess(hosts, options="-Pn -p %d" % port)
rc = nm.run()
nmap_report = NmapParser.parse(nm.stdout)
return nmap_report
def is_port_open(self, port):
nmproc = NmapProcess(str(self.ip), '-p ' + str(port))
rc = nmproc.run()
if rc != 0:
self.has_error("nmap scan failed: {0}".format(nmproc.stderr))
return False
else:
nmap_report = NmapParser.parse(nmproc.stdout)
if nmap_report.hosts[0].status == 'up':
return (nmap_report.hosts[0].services[0].state == 'open')
else:
return False
def nmap_scan(hosts, outfile, add_args):
'''
Do Nmap scan
'''
nmap_args = '-sS -O -T4 -sV -n {} --max-retries 5 -oA {}'.format(
add_args, outfile)
print_info('Running: nmap {}'.format(nmap_args))
nmap_proc = NmapProcess(targets=hosts, options=nmap_args, safe_mode=False)
rc = nmap_proc.sudo_run_background()
nmap_status_printer(nmap_proc)
report = NmapParser.parse_fromfile(os.getcwd() + '/{}.xml'.format(outfile))
return report
def run_scan(target, options, output_filename=None):
nmap_proc = NmapProcess(target, options)
logger.info("Starting nmap scan of {} with options {}".format(target, options))
nmap_proc.run()
logger.info("Completed nmap scan of {} with options {}".format(target, options))
if output_filename is not None:
try:
tree = etree.ElementTree(etree.fromstring(nmap_proc.stdout))
tree.write(output_filename)
except (IOError, etree.ParseError) as e:
return e, 'XMLError'
return nmap_proc.stdout, 'Success'
def tcp_fin_scan(ip):
nm = NmapProcess(ip, options="-sF -T4 -p 1-65535")
nm.run()
soup = BeautifulSoup(nm.stdout, "lxml")
try:
ports_xml = soup.find('host').find('ports').find_all('port')
closed_ports = []
for px in ports_xml:
if px.find('state').get('state') == 'closed':
closed_ports.append(int(px.get('portid')))
return closed_ports
except:
return []
def nmap_scan(ip, options):
parsed = None
nmproc = NmapProcess(ip, options)
rc = nmproc.run()
if rc != 0:
print("nmap scan failed: {0}".format(nmproc.stderr))
try:
parsed = NmapParser.parse(nmproc.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
return parsed
def run_scan_check_blacklist(self, target, options):
nmap_proc = NmapProcess(targets=target, options=options)
nmap_proc.run()
nmap_report_obj = NmapParser.parse(nmap_proc.stdout)
count = 0
for host in nmap_report_obj.hosts:
if host.status == "up" and host.address in self.blacklist:
count = count+1
return count
def _run_scan(self):
nmap_proc = NmapProcess(targets=self._target, options="-Pn -sT -sU -p "+self._port)
nmap_proc.run_background()
while nmap_proc.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(nmap_proc.etc,
nmap_proc.progress))
sleep(2)
if nmap_proc.rc != 0:
print("Nmap scan failed: {0}".format(nmap_proc.stderr))
sys.exit(2)
else:
return nmap_proc
def __do_scan(targets, options):
'''
do scan a target by nmap
'''
parsed = None
nmproc = NmapProcess(targets=targets, options=options)
nmproc.run()
try:
parsed = NmapParser.parse(nmproc.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
return parsed
def scanByNmap(self, target, policy):
runtime = 0
try:
nmap_proc = NmapProcess(targets=target,
options=policy,
safe_mode=True)
nmap_proc.run_background()
while nmap_proc.is_running():
if runtime >= self.nmap_timeout:
nmap_proc.stop()
if self.output_mode != "silent":
print self.R + u'\n[x] scan_host {} timeout...'.format(
target) + self.W
break
else:
if self.output_mode != "silent":
sys.stdout.write(
u'\033[1;34m[~] scan_host is {},scan progress is {}%({} sec)\n\033[0m'
.format(target, nmap_proc.progress, runtime))
sys.stdout.flush()
sleep(5)
runtime += 5
if nmap_proc.is_successful() and nmap_proc.stdout:
self.parserReport(nmap_proc.stdout)
except Exception as e:
print e
def __do_scan(targets, options):
'''
do scan a target by nmap
'''
parsed = None
nmproc = NmapProcess(targets=targets, options=options)
nmproc.run()
try:
parsed = NmapParser.parse(nmproc.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
return parsed
def do_nmap_scan(scan_ip_list, scan_port):
# nmap自定义UA,避免被WAF检测到
nmap_proc = NmapProcess(
scan_ip_list,
options='-sT -sV -p ' + str(scan_port) +
' -script-args http.useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36"'
)
nmap_proc.run()
nmap_repot = NmapParser.parse(nmap_proc.stdout)
for host in nmap_repot.hosts:
for serv in host.services:
if serv.state in global_port_states:
print 'scan_host is %s,scan result is %s|%s|%s|%s|%s'\
% (host.address, str(serv.port), serv.protocol, serv.state, serv.service, serv.banner)
def scanner(target, option, iteration):
nmap = NmapProcess(target, option)
return_code = nmap.run()
#or nmap.run_background()
#or nmap.sudo_ran_background(run_as=root)
if return_code != 0:
print('Scann cannot be completed:{0}', format(nmap.stderr))
try:
parsed = NmapParser(nmap.stdout)
file = open('scan' + str(iteration + '.xml', 'w'))
file.write(parsed)
file.close()
except NmapParserException as e:
print('Parsing error: {0}'.format(e.msg))
def do_scan(targets, options):
parsed = None
nmproc = NmapProcess(targets, options)
rc = nmproc.run()
if rc != 0:
print("Scan Failed: {0}".format(nmproc.stderr))
print(type(nmproc.stdout))
try:
parsed = NmapParser.parse(nmproc.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
return parsed
def scan():
form = IPscannerForm()
if form.validate_on_submit():
ip = form.ip.data
ip = str(ip)
nm1 = NmapProcess(ip, options="-sn")
nm1.run()
parsed = NmapParser.parse(nm1.stdout)
G = nx.Graph()
nm2 = NmapProcess("www.baidu.com", options="--traceroute")
nm2.run()
collection = xml.etree.ElementTree.fromstring(nm2.stdout)
nodes = collection.getiterator("hop")
trace_list = []
pre_node = ''
for node in nodes:
trace_list.append(node.attrib["ipaddr"])
G.add_node(node.attrib["ipaddr"])
if pre_node != '':
G.add_edge(node.attrib["ipaddr"], pre_node)
pre_node = node.attrib["ipaddr"]
for host in parsed.hosts:
if host.is_up():
G.add_node(host.address)
G.add_edge(host.address, trace_list[0])
gra_json = json.dumps(G.adj)
return render_template('result.html', gra_json=gra_json)
return render_template('scan.html', form=form)
def nmap_scan(hosts):
'''
Do Nmap scan
'''
# This is top 1000 tcp + top 50 UDP scan
# Nmap has chosen not to do --top-udp/tcp-ports options due to not wanting to overcomplicate
# the cmd line interface
nmap_args = '-sS -n --max-retries 5 -p 445 -oA smb-scan'
nmap_proc = NmapProcess(targets=hosts, options=nmap_args, safe_mode=False)
rc = nmap_proc.sudo_run_background()
nmap_status_printer(nmap_proc)
report = NmapParser.parse_fromfile(os.getcwd() + '/smb-scan.xml')
return report
def do_scan(ip,argm):
try:
nmap_report = None
nm = NmapProcess(ip, options=argm)
rc = nm.run()
if nm.rc == 0:
nmap_result=nm.stdout
nmap_report = NmapParser.parse_fromstring(nmap_result)
else:
logger.error(nm.stderr)
except Exception as e:
logger.error(e.message)
return nmap_report
def _run_scan(targets, options):
"""Runs a nmap scan with the given options, returns a report for the given
scan.
"""
parsed = None
nmproc = NmapProcess(targets, options)
return_code = nmproc.run()
if return_code == 0:
try:
parsed = NmapParser.parse(nmproc.stdout)
return parsed
except NmapParserException as e:
print "scan failed: {0}".format(nmproc.stderr)
return 1
def ip_info(subnet):
nm = NmapProcess(subnet, options="-Pn -O")
rc = nm.sudo_run()
if nm.rc == 0:
rep = NmapParser.parse(nm.stdout)
for host in rep.hosts:
if host.is_up():
print("IP Address: {0}".format(host.address))
if host.os_fingerprinted:
for osm in host.os.osmatches:
print("OS Type: {0}".format(osm.name))
print ("Last seen timestamp: {0}\n" .format(host.lastboot))
else:
print (nm.stderr)
def nmap_func(res_name):
nm = NmapProcess(res_name, options="-O")
rc = nm.run()
if nm.rc == 0:
bs = BeautifulSoup(nm.stdout, 'lxml')
things=bs.find_all('osmatch')
for i in things:
os_dict=[i['accuracy'], i['name'], i.osclass['osfamily'], i.osclass['vendor'], i.find('cpe').text]
return os_dict
def Scan1(ip):
global ip_info
ports = str(ip_info[ip]).strip('[|]|\'').replace("', '", ',')
nmap_proc = NmapProcess(
ip,
options='-sT -sV -p ' + ports +
' -script-args http.useragent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36"'
)
nmap_proc.run()
nmap_repot = NmapParser.parse(nmap_proc.stdout)
conn = psycopg2.connect(database=database,
host=hhost,
port=dport,
user=user,
password=password)
cur = conn.cursor()
for host in nmap_repot.hosts:
for serv in host.services:
while True:
try:
cur.execute(
"select * from assets where ip='%s' and port='%s'" %
(host.address, str(serv.port)))
tmp = cur.fetchall()
if (len(tmp) == 0):
cur.execute(
"INSERT INTO public.\"assets\"(ip, port, protocol, state, service, banner) values ('%s', '%s', '%s', '%s', '%s', '%s')"
% (host.address, str(serv.port), serv.protocol,
serv.state, serv.service, serv.banner))
else:
cur.excute(
"UPDATE assets SET protocol='%s', state='%s', service='%s', banner='%s' WHERE ip='%s' and port='%s';"
% (serv.protocol, serv.state, serv.service,
serv.banner, host.address, str(serv.port)))
print("%s\t%s\t%s\t%s\t%s\t%s" %
(host.address, str(serv.port), serv.protocol,
serv.state, serv.service, serv.banner))
break
except:
conn = psycopg2.connect(database=database,
host=hhost,
port=dport,
user=user,
password=password)
cur = conn.cursor()
print("retry: %s:%s" % (host.address, str(serv.port)))
conn.commit()
conn.close()
def knockd_test(ip,outfile,start_key,stop_key):
## Baseline Nmap Scan
print "\n[-] Scanning " + ip + " with Nmap, this could take a minute...go get some coffee"
nm = NmapProcess(ip, options="-p 0-65535")
rc = nm.run()
if nm.rc == 0:
before = NmapParser.parse(nm.stdout)
before_ports = before.hosts[0].get_ports()
else:
print nm.stderr
sys.exit()
## Sending Default Knockd Port Knock Sequence with Scapy
print "\n[-] Sending default knockd sequence to " + ip
for x in start_key:
send(IP(dst=ip)/TCP(dport=x),verbose=0)
## Subsequent Nmap Scan
print "\n[-] Scanning again...too soon for more coffee???"
rc = nm.run()
if nm.rc == 0:
after = NmapParser.parse(nm.stdout)
after_ports = after.hosts[0].get_ports()
else:
print nm.stderr
sys.exit()
## Compare Scans to Determine if any Services were Activated
diff = set(after_ports)-set(before_ports)
new_ports = list(diff)
if len(new_ports) > 0:
print "\n[+] " + str(len(new_ports)) + " new port(s) opened..."
for x in new_ports:
print x
print "\nWriting to output file - " + outfile
f = open(outfile,'a')
f.write("Ports opened on " + ip + " - " + str(new_ports) + "\n")
f.close()
## Stopping Activated Services with Default Close Sequence
print "\n[-] Disabling opened service on " + ip + " by sending default close sequence..."
print " *** If you want to manually interact with the service, use the knockd_on-off.py script ***\n"
for x in stop_key:
send(IP(dst=ip)/TCP(dport=x),verbose=0)
elif len(new_ports) == 0:
print "\n[-] No new services opened...\n"
else:
print "\n[-] An error has occurred"
sys.exit()
def knockd_test(ip, outfile, start_key, stop_key):
## Baseline Nmap Scan
print "\n[-] Scanning " + ip + " with Nmap, this could take a minute...go get some coffee"
nm = NmapProcess(ip, options="-p 0-65535")
rc = nm.run()
if nm.rc == 0:
before = NmapParser.parse(nm.stdout)
before_ports = before.hosts[0].get_ports()
else:
print nm.stderr
sys.exit()
## Sending Default Knockd Port Knock Sequence with Scapy
print "\n[-] Sending default knockd sequence to " + ip
for x in start_key:
send(IP(dst=ip) / TCP(dport=x), verbose=0)
## Subsequent Nmap Scan
print "\n[-] Scanning again...too soon for more coffee???"
rc = nm.run()
if nm.rc == 0:
after = NmapParser.parse(nm.stdout)
after_ports = after.hosts[0].get_ports()
else:
print nm.stderr
sys.exit()
## Compare Scans to Determine if any Services were Activated
diff = set(after_ports) - set(before_ports)
new_ports = list(diff)
if len(new_ports) > 0:
print "\n[+] " + str(len(new_ports)) + " new port(s) opened..."
for x in new_ports:
print x
print "\nWriting to output file - " + outfile
f = open(outfile, 'a')
f.write("Ports opened on " + ip + " - " + str(new_ports) + "\n")
f.close()
## Stopping Activated Services with Default Close Sequence
print "\n[-] Disabling opened service on " + ip + " by sending default close sequence..."
print " *** If you want to manually interact with the service, use the knockd_on-off.py script ***\n"
for x in stop_key:
send(IP(dst=ip) / TCP(dport=x), verbose=0)
elif len(new_ports) == 0:
print "\n[-] No new services opened...\n"
else:
print "\n[-] An error has occurred"
sys.exit()
def run(self, target, options, callback):
"""
Executes the scan on a given target.
:param target:
:param options:
:param callback: callback function to report status to the server.
:return: report object
:rtype: `dscan.models.structures.Report`
"""
self.ctarget = (target, options)
nmap_proc = None
try:
options = " ".join([options, f"-oN {self.report_name('nmap')}"])
nmap_proc = NmapProcess(targets=target,
options=options,
safe_mode=False,
event_callback=self.show_status)
log.info("Nmap scan started Sending success status")
callback(Status.SUCCESS)
rc = nmap_proc.run()
if rc == 0:
# after finished encode and hash the contents for transfer.
self.__inc()
data = nmap_proc.stdout.encode("utf-8")
report_file = self.report_name("xml")
with open(self.report_name("xml"), "wb") as rfile:
rfile.write(data)
rfile.flush()
digest = hashlib.sha512(data).hexdigest()
report = Report(len(data), os.path.basename(report_file),
digest)
self.print(target, 100)
return report
else:
callback(Status.FAILED)
log.error(f"Nmap Scan failed {nmap_proc.stderr}")
except Exception as ex:
log.error(f"something went wrong {ex}")
callback(Status.FAILED)
finally:
if nmap_proc:
nmap_proc.stop()
# orthodox fix NmapProcess is leaving subprocess streams open.
subproc = getattr(nmap_proc, "_NmapProcess__nmap_proc")
if subproc:
subproc.stdout.close()
subproc.stderr.close()
def run_nmap_scan(self):
parsed = None
nmap_proc = NmapProcess(targets="10.10.10.3", options="")
nmap_proc.run_background()
while nmap_proc.is_running():
print("Nmap Scan running: ETC: {0} DONE: {1}%".format(
nmap_proc.etc, nmap_proc.progress))
sleep(2)
nmap_report = NmapParser.parse(nmap_proc.stdout)
nmap_results = NmapResults()
nmap_results.add_hosts(nmap_report)
return nmap_results
def celery_nmap_scan(targets, options):
def status_callback(nmapscan=None, data=''):
current_task.update_state(state='PROGRESS',
meta={'done': nmapscan.progress,
'etc': nmapscan.etc})
nm = NmapProcess(targets, options, event_callback=status_callback)
rc = nm.run()
if rc == 0 and nm.stdout:
r = nm.stdout
else:
r = None
return {'rc': rc, 'report': r}
def do_scan(host, options):
# uncomment line below to manually input target IP
#host = input("Enter Target Host Address: ")
parsed = None
nmproc = NmapProcess(host, options)
rc = nmproc.run()
if rc != 0:
print("nmap scan failed: {0}".format(nmproc.stderr))
print(type(nmproc.stdout))
try:
parsed = NmapParser.parse(nmproc.stdout)
except NmapParserException as e:
print("Exception raised while parsing scan: {0}".format(e.msg))
return parsed
def run(self, port, hosts):
print "[*] Probing %d hosts on port %s" % (len(hosts), port)
opts = self.build_nmap_options(port)
nm = NmapProcess(hosts, options=opts, fqp=self._whereis("nmap") )
rc = nm.run()
if nm.rc == 0:
nmap_report = NmapParser.parse(nm.stdout)
for scanned_host in nmap_report.hosts:
if self.is_ipidseq_incremental( scanned_host ):
for open_port in scanned_host.get_open_ports():
self.final_print(scanned_host.ipv4, open_port[0], 'FOUND')
class Mynmap(object):
def __init__(self, scanIp):
self.scanIp = scanIp
def startNmap(self):
self.nmapScan = NmapProcess(self.scanIp, options='-sV -T4 -A -Pn -p 22-65534')
self.rc = self.nmapScan.run()
if self.nmapScan.rc == 0:
#print self.nmapScan.stdout
return self.nmapScan.stdout
else:
print self.nmapScan.stderr
logging.info('nmap scan error'+ self.scanIp)
return False
def startParse(self):
#nmap xml parse func
try:
self.startNmapScan = self.startNmap()
if self.startNmap is not False:
self.parse = NmapParser.parse(self.startNmapScan)
self.nmapScanreport = self.startReport()
else:
sys.exit(0)
except NmapParserException as e:
logging.info(e)
sys.exit(0)
def startReport(self):
self.report = self.parse
if self.report:
for self.host in self.report.hosts:
for self.serv in self.host.services:
if len(self.serv.banner) and self.serv.state == 'open':
scanResult.append((str(self.host.address) + ' ' + '+' + ' ' + 'NmapService: [' +str(self.serv.state) + ' ' + str(self.serv.protocol) + ' ' + "<" + str(self.serv.port) + ">" + ' ' + str(self.serv.service) + ' ' + str(self.serv.banner)) + ']')
else:
if self.serv.state == 'open':
scanResult.append((str(self.host.address) + ' ' + '+' + ' ' + 'NmapService: [' + str(self.serv.state) + ' ' + str(self.serv.protocol) + ' ' + "<" + str(self.serv.port) + ">" + ' ' + str(self.serv.service)) + ']')
def nmap_all_tcp_scan(self, target):
'''
Runs nmap scan against all TCP Ports with version scanning. Options used -Pn -sV -p1-65535
Examples:
| nmap all tcp scan | target |
'''
target = str(target)
nmproc = NmapProcess(target, '-p1-65535 -sV')
rc = nmproc.run()
if rc != 0:
raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr))
try:
parsed = NmapParser.parse(nmproc.stdout)
print parsed
self.results = parsed
except NmapParserException as ne:
print 'EXCEPTION: Exception in Parsing results: {0}'.format(ne.msg)
def nmap_default_scan(self, target):
'''
Runs a basic nmap scan on nmap's default 1024 ports. Performs the scan with -Pn -sS -sV Options
Examples:
| nmap default scan | target |
'''
target = str(target)
nmproc = NmapProcess(target, '-Pn -sS -sV')
rc = nmproc.run()
if rc != 0:
raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr))
try:
parsed = NmapParser.parse(nmproc.stdout)
print parsed
self.results = parsed
except NmapParserException as ne:
print 'EXCEPTION: Exception in Parsing results: {0}'.format(ne.msg)
