def snmp_walk(target_hosts, output_directory, quiet): check_directory(output_directory) if(valid_ip(target_hosts)): target_ip(target_hosts, output_directory, quiet) else: target_file(target_hosts, output_directory, quiet)
def snmp_walk(target_hosts, output_directory, quiet): check_directory(output_directory) if (valid_ip(target_hosts)): target_ip(target_hosts, output_directory, quiet) else: target_file(target_hosts, output_directory, quiet)
def service_scan(target_hosts, output_directory, dns_server, quiet, quick): check_directory(output_directory) if (valid_ip(target_hosts)): target_ip(target_hosts, output_directory, dns_server, quiet, quick) else: target_file(target_hosts, output_directory, dns_server, quiet, quick)
def service_scan(target_hosts, output_directory, dns_server, quiet, quick, no_udp_service_scan): check_directory(output_directory) if(valid_ip(target_hosts)): target_ip(target_hosts, output_directory, dns_server, quiet, quick, no_udp_service_scan) else: target_file(target_hosts, output_directory, dns_server, quiet, quick, no_udp_service_scan)
def ping_sweeper(target_hosts, output_directory, quiet): check_directory(output_directory) output_file = output_directory + "/targets.txt" print("[+] Writing discovered targets to: %s" % output_file) live_hosts = 0 f = open(output_file, 'w') print("[+] Performing ping sweep over %s" % target_hosts) SWEEP = "nmap -n -sP %s" % (target_hosts) results = subprocess.check_output(SWEEP, shell=True) lines = results.split("\n") for line in lines: line = line.strip() line = line.rstrip() if ("Nmap scan report for" in line): ip_address = line.split(" ")[4] if (live_hosts > 0): f.write('\n') f.write("%s" % (ip_address)) print(" [>] Discovered host: %s" % (ip_address)) live_hosts += 1 print("[*] Found %s live hosts" % (live_hosts)) print("[*] Created target list %s" % (output_file)) f.close()
def enum4linux(output_directory): check_directory(output_directory) hostnames = 0 SWEEP = '' ips = list() print(os.path.join(output_directory, 'unicornscan_details_tcp.txt')) if (os.path.isfile( os.path.join(output_directory, 'unicornscan_details_tcp.txt'))): with open( os.path.join(output_directory, 'unicornscan_details_tcp.txt'), 'r') as f: for line in f: #TCP open 139 netbios-ssn 10.11.1.5 line = line.strip().split('\t') print(line) if ('TCP open' in line[0]) and ('139' in line[1]): ips.append(line[3]) else: return print(ips) #p=subprocess.Popen(['md5sum',file],stdout=logfile) #p.wait() for ip in ips: with open( os.path.join(output_directory, ip, 'scans', 'enum4linux.txt'), 'w') as f: p = subprocess.Popen(['enum4linux', '-a', ip], stdout=f) p.wait() '''
def target_file(target_hosts, output_directory, quiet): targets = load_targets(target_hosts, output_directory, quiet) target_file = open(targets, "r") try: target_file = open(targets, 'r') print("[*] Loaded targets from: %s" % (targets)) except: print("[!] Unable to load: %s" % targets) for ip_address in target_file: ip_address = ip_address.strip() ip_address = ip_address.rstrip() snmp_directory = output_directory + '/' + ip_address + "/scans/snmp" check_directory(snmp_directory) jobs = [] p = multiprocessing.Process(target=snmp_scans, args=(ip_address, snmp_directory)) jobs.append(p) p.start() target_file.close()
def ping_sweeper(target_hosts, output_directory, quiet): check_directory(output_directory) output_file = output_directory + "/targets.txt" print("[+] Writing targets to: %s" % output_file) live_hosts = 0 f = open(output_file, 'w') print("[+] Performing ping sweep over %s" % target_hosts) SWEEP = "nmap -n -sP %s" % (target_hosts) results = subprocess.check_output(SWEEP, shell=True) lines = results.split("\n") for line in lines: line = line.strip() line = line.rstrip() if ("Nmap scan report for" in line): ip_address = line.split(" ")[4] if (live_hosts > 0): f.write('\n') f.write("%s" % (ip_address)) print(" [>] Discovered host: %s" % (ip_address)) live_hosts += 1 print("[*] Found %s live hosts" % (live_hosts)) print("[*] Created target list %s" % (output_file)) f.close()
def target_ip(target_hosts, output_directory, quiet): print("[*] Loaded single target: %s" % target_hosts) target_hosts = target_hosts.strip() snmp_directory = output_directory + '/' + target_hosts + '/scans/snmp/' check_directory(snmp_directory) jobs = [] p = multiprocessing.Process(target=snmp_scans, args=(target_hosts, snmp_directory)) jobs.append(p) p.start()
def target_ip(target_hosts, output_directory, quiet): print("[*] Loaded single target: %s" % target_hosts) target_hosts = target_hosts.strip() snmp_directory = output_directory + '/' + target_hosts+ '/scans/snmp/' check_directory(snmp_directory) jobs = [] p = multiprocessing.Process(target=snmp_scans, args=(target_hosts, snmp_directory)) jobs.append(p) p.start()
def arp_scan(target_hosts, output_directory, quiet, interface): check_directory(output_directory) hostnames = 0 SWEEP = '' if (os.path.isfile(target_hosts)): if (interface): SWEEP = "arp-scan --interface=%s -f %s" % (interface, target_hosts) else: SWEEP = "arp-scan -f %s" % (target_hosts) else: if ("-" in target_hosts): start_ip = target_hosts.split("-")[0] end = int(target_hosts.split("-")[1]) base_ip = start_ip[:start_ip.rfind(".")] start = int(start_ip[start_ip.rfind(".") + 1:]) target_hosts = start_ip + '-' + base_ip + '.' + str(end) if (interface): SWEEP = "arp-scan --interface=%s %s" % (interface, target_hosts) else: SWEEP = "arp-scan %s" % (target_hosts) results = "" results = subprocess.check_output(SWEEP, shell=True).decode("utf-8") lines = results.split("\n") with open(output_directory + "/arp_details.txt", 'w') as f, open(output_directory + "/arp_targets.txt", 'w') as t: print("[+] Writing hostnames to: %s" % (f.name)) for line in lines: line = line.strip() line = line.rstrip() if ('\t' in line): #print(line) ip_address = line.split("\t")[0] mac = line.split("\t")[1] make = line.split("\t")[2] if (hostnames > 0): f.write('\n') t.write('\n') print(" [>] Discovered live IP: %s (%s - %s)" % (ip_address, mac, make)) f.write("%s %s %s" % (ip_address, mac, make)) t.write("%s" % (ip_address)) hostnames += 1 print("[*] Found %s IPs that respond to ARP." % (hostnames)) print("[*] Created ARP lists %s and %s" % (f.name, t.name))
def find_dns(target_hosts, output_directory, quiet): check_directory(output_directory) results = 0 hostcount = 0 dnscount = 0 output_file = open(output_directory + "/DNS-Detailed.txt", 'w') output_targets = open(output_directory + "DNS-targets.txt", 'w') targets = load_targets(target_hosts, output_directory, quiet) target_file = open(targets, 'r') print("[*] Loaded targets from: %s" % targets) print("[*] Enumerating TCP port 53 over targets to find dns-servers") for ip_address in target_file: host_count += 1 ip_address = ip_address.strip() ip_address = ip_address.rstrip() print(" [<] Testing %s for DNS" % ip_address) DNSSCAN = "nmap -n -sV -Pn -vv -p53 %s" % (ip_address) results = subprocess.check_output(DNSSCAN, shell=True).decode("utf-8") lines = results.slit("\n") for line in lines: line = line.strip() line = line.rstrip() if ("53/tcp" in line) and ("open" in line): print(" [=] Found DNS service running on: %s" % (ip_address)) output_file.write("[*] Found DNS service running on: %s\n" % (ip_address)) output_file.write(" [>] %s\n" % (line)) output_targets.write("%s" % (ip_address)) dnscount += 1 print("[*] Found %s DNS servers within %s hosts" % (str(dnscount), str(hostcount))) output_file.close() output_targets.close()
def ping_sweeper(target_hosts, output_directory, quiet): check_directory(output_directory) output_file = output_directory + "/targets.txt" print("[+] Performing ping sweep over %s" % target_hosts) lines = call_nmap_sweep(target_hosts) live_hosts = parse_nmap_output_for_live_hosts(lines) write_live_hosts_list_to_file(output_file, live_hosts) for ip_address in live_hosts: print(" [>] Discovered host: %s" % (ip_address)) print("[*] Found %s live hosts" % (len(live_hosts))) print("[*] Created target list %s" % (output_file))
def hostname_scan(target_hosts, output_directory, quiet): check_directory(output_directory) output_file = output_directory + "hostnames.txt" f = open(output_file, 'w') print("[+] Writing hostnames to: %s" % (output_file)) hostnames = 0 SWEEP = '' if (os.path.isfile(target_hosts)): SWEEP = "nbtscan -q -f %s" % (target_hosts) else: SWEEP = "nbtscan -q %s" % (target_hosts) results = subprocess.check_output(SWEEP, shell=True).decode("utf-8") lines = results.split("\n") for line in lines: line = line.strip() line = line.rstrip() # Final line is blank which causes list index issues if we don't continue if not " " in line: continue while " " in line: line = line.replace(" ", " ") ip_address = line.split(" ")[0] host = line.split(" ")[1] if (hostnames > 0): f.write("\n") print(" [>] Discovered hostname: %s (%s)" % (hostname, ip_address) ) f.write("%s - %s" % (hostname, ip_address)) hostnames += 1 print("[*] Found %s hostnames." % str(hostnames)) print("[*] Created hostname list %s" % (output_file)) f.close()
def hostname_scan(target_hosts, output_directory, quiet): check_directory(output_directory) output_file = output_directory + "/hostnames.txt" f = open(output_file, 'w') print("[+] Writing hostnames to: %s" % output_file) hostnames = 0 SWEEP = '' if(os.path.isfile(target_hosts)): SWEEP = "nbtscan -q -f %s" % (target_hosts) else: SWEEP = "nbtscan -q %s" % (target_hosts) results = subprocess.check_output(SWEEP, shell=True) lines = results.split("\n") for line in lines: line = line.strip() line = line.rstrip() # Final line is blank which causes list index issues if we don't # continue past it. if not " " in line: continue while " " in line: line = line.replace(" ", " "); ip_address = line.split(" ")[0] host = line.split(" ")[1] if (hostnames > 0): f.write('\n') print(" [>] Discovered hostname: %s (%s)" % (host, ip_address)) f.write("%s - %s" % (host, ip_address)) hostnames += 1 print("[*] Found %s hostnames." % (hostnames)) print("[*] Created hostname list %s" % (output_file)) f.close()
def target_file(target_hosts, output_directory, quiet): targets = load_targets(target_hosts, output_directory, quiet) target_file = open(targets, 'r') try: target_file = open(targets, 'r') print("[*] Loaded targets from: %s" % targets) except: print("[!] Unable to load: %s" % targets) for ip_address in target_file: ip_address = ip_address.strip() snmp_directory = output_directory + '/' + ip_address+ '/scans/snmp/' check_directory(snmp_directory) jobs = [] p = multiprocessing.Process(target=snmp_scans, args=(ip_address, snmp_directory)) jobs.append(p) p.start() target_file.close()
def find_dns(target_hosts, output_directory, quiet): check_directory(output_directory) results = 0 hostcount = 0 dnscount = 0 output_file = open(output_directory + "/DNS-Detailed.txt", 'w') output_targets = open(output_directory + "/DNS-targets.txt", 'w') targets = load_targets(target_hosts, output_directory, quiet) target_file = open(targets, 'r') print("[*] Loaded targets from: %s" % targets) print("[+] Enumerating TCP port 53 over targets to find dns servers") for ip_address in target_file: hostcount += 1 ip_address = ip_address.strip() ip_address = ip_address.rstrip() print(" [>] Testing %s for DNS" % ip_address) DNSSCAN = "nmap -n -sV -Pn -vv -p53 %s" % (ip_address) results = subprocess.check_output(DNSSCAN, shell=True) lines = results.split("\n") for line in lines: line = line.strip() line = line.rstrip() if ("53/tcp" in line) and ("open" in line): print(" [=] Found DNS service running on: %s" % (ip_address)) output_file.write("[*] Found DNS service running on: %s\n" % (ip_address)) output_file.write(" [>] %s\n" % (line)) output_targets.write("%s" % (ip_address)) dnscount += 1 print("[*] Found %s DNS servers within %s hosts" % (str(dnscount), str(hostcount))) output_file.close() output_targets.close()
def hostname_scan(target_hosts, output_directory, quiet, dns_server): check_directory(output_directory) #f_net = open(output_directory + "/hostnames_netbios.txt", 'w') #f_dns = open(output_directory + "/hostnames_dns.txt", 'w') #print("[+] Writing hostnames to: %s" % output_file) hostnames = 0 SWEEP = '' if (os.path.isfile(target_hosts)): SWEEP = "nbtscan -q -f %s" % (target_hosts) else: SWEEP = "nbtscan -q %s" % (target_hosts) results = "" results = subprocess.check_output(SWEEP, shell=True).decode("utf-8") lines = results.split("\n") with open(output_directory + "/hostnames_netbios.txt", 'w') as f: print("[+] Writing hostnames to: %s" % (f.name)) for line in lines: line = line.strip() line = line.rstrip() # Final line is blank which causes list index issues if we don't # continue past it. if not " " in line: continue while " " in line: line = line.replace(" ", " ") ip_address = line.split(" ")[0] host = line.split(" ")[1] if (hostnames > 0): f.write('\n') print(" [>] Discovered hostname: %s (%s)" % (host, ip_address)) f.write("%s - %s" % (host, ip_address)) hostnames += 1 print("[*] Found %s NETBIOS hostnames." % (hostnames)) print("[*] Created hostname list %s" % (f.name)) hostnames = 0 SWEEP = '' results = "" ips = list() if (os.path.isfile(target_hosts)): with open(target_hosts, 'r') as f: for line in f: ips.append(line.strip()) else: if "-" in target_hosts: start_ip = target_hosts.split("-")[0] end = int(target_hosts.split("-")[1]) base_ip = start_ip[:start_ip.rfind(".")] start = int(start_ip[start_ip.rfind(".") + 1:]) for i in range(start, end): ips.append(base_ip + "." + str(i)) else: ips.append(target_hosts) #print(dns_server) if (dns_server != False): dns_server = dns_server elif (os.path.isfile(output_directory + "/dns_servers_targets.txt")): with open(output_directory + "/dns_servers_targets.txt", 'r') as f: dns_server = f.readline().strip() else: print( "[*] dns_servers_targets.txt missing, run with --dns option first, or specify DNS server with --dns-server" ) return for ip in ips: ip = ip.strip() SWEEP = "nslookup %s %s" % (ip, dns_server) try: results = results + subprocess.check_output( SWEEP, shell=True).decode("utf-8") except subprocess.CalledProcessError as e: continue #ignore exit codes lines = results.split("\n") with open(output_directory + "/hostnames_dns.txt", 'w') as f, open(output_directory + "/hostnames_dns_targets.txt", 'w') as t: print("[+] Writing hostnames to: %s" % (f.name)) for line in lines: line = line.strip() line = line.rstrip() if "in-addr.arpa" in line: line2 = line.replace(".in-addr.arpa name = ", " ") #print(line2) line2 = '.'.join(reversed(line2.split(' ')[0].split( '.'))) + ' ' + line2.split(' ')[1][:-1] #print(line2) print(" [>] Discovered hostname: %s" % (line2)) f.write("%s" % (line2.strip())) t.write("%s" % (line2.strip().split(' ')[0])) if (hostnames > 0): f.write('\n') t.write('\n') hostnames += 1 print("[*] Found %s DNS hostnames." % (hostnames)) print("[*] Created hostname list %s" % (f.name))
def unicorn_scan(target_hosts, output_directory, quiet, interface, pps): check_directory(output_directory) hostnames = 0 SWEEP = '' ips = list() if (os.path.isfile(target_hosts)): with open(target_hosts, 'r') as f: for line in f: ips.append(line.strip()) if (interface): SWEEP = "unicornscan -R 1 --pps %s --interface=%s" % (pps, interface) else: SWEEP = "unicornscan -R 1 --pps %s" % (pps) else: if ("-" in target_hosts): start_ip = target_hosts.split("-")[0] end = int(target_hosts.split("-")[1]) base_ip = start_ip[:start_ip.rfind(".")] start = int(start_ip[start_ip.rfind(".") + 1:]) for i in range(start, end): ips.append(base_ip + "." + str(i)) #print(ips) elif ('/' in target_hosts): #in case we need to change later ips.append(target_hosts) else: ips.append(target_hosts) if (interface): SWEEP = "unicornscan -R 1 --pps %s --interface=%s" % (pps, interface) else: SWEEP = "unicornscan -R 1 --pps %s" % (pps) ports_tcp = set() ports_udp = set() with open(output_directory + "/unicornscan_details_tcp.txt", 'w') as t, open( output_directory + "/unicornscan_details_udp.txt", 'w') as u: print("[+] Writing unicornscan results to: %s and %s" % (t.name, u.name)) for ip in ips: results_tcp = "" results_udp = "" hostnames_t = 0 hostnames_u = 0 SWEEP_t = SWEEP + ' -mT ' + ip + ':a' #scan all TCP ports with SYN print(SWEEP_t) results_tcp = subprocess.check_output(SWEEP_t, shell=True).decode("utf-8") lines_t = results_tcp.split("\n") for line in lines_t: #TCP open epmap[ 135] from 10.11.1.5 ttl 128 #TCP open netbios-ssn[ 139] from 10.11.1.5 ttl 128 #TCP open microsoft-ds[ 445] from 10.11.1.5 ttl 128 line = line.split('\t') #line = line.strip() #line = line.rstrip() #line = line.split('\t') if (len(line) is 4): protocol = line[0].strip().rstrip() service = line[1].split('[')[0].strip().rstrip() port = line[1].split('[')[1][:-1].strip().rstrip() ip_address = line[3].split(' ')[1].strip().rstrip() #if (hostnames_t > 0): # t.write('\n') #tp.write(',') print(" [>] Discovered open port: %s\t%s\t%s\t%s" % (protocol, port, service, ip_address)) t.write("%s\t%s\t%s\t%s\n" % (protocol, port, service, ip_address)) #write full details ports_tcp.add(port) hostnames_t += 1 print("[*] Found %s open TCP ports on %s" % (hostnames_t, ip)) SWEEP_u = SWEEP + ' -mU ' + ip + ':a' #scan all UDP ports print(SWEEP_u) results_udp = subprocess.check_output(SWEEP_u, shell=True).decode("utf-8") lines_u = results_udp.split("\n") for line in lines_u: #TCP open epmap[ 135] from 10.11.1.5 ttl 128 #TCP open netbios-ssn[ 139] from 10.11.1.5 ttl 128 #TCP open microsoft-ds[ 445] from 10.11.1.5 ttl 128 line = line.split('\t') #line = line.strip() #line = line.rstrip() #line = line.split('\t') if (len(line) is 4): protocol = line[0].strip().rstrip() service = line[1].split('[')[0].strip().rstrip() port = line[1].split('[')[1][:-1].strip().rstrip() ip_address = line[3].split(' ')[1].strip().rstrip() #if (hostnames_u > 0): # u.write('\n') # up.write(',') print(" [>] Discovered open port: %s\t%s\t%s\t%s" % (protocol, port, service, ip_address)) u.write("%s\t%s\t%s\t%s\n" % (protocol, port, service, ip_address)) #up.write("%s" % (port)) #write just open port ports_udp.add(port) hostnames_u += 1 print("[*] Found %s open UDP ports on %s" % (hostnames_u, ip)) print("[*] Created unicornscan lists %s and %s" % (t.name, u.name)) with open(os.path.join(output_directory, "unicornscan_ports_tcp.txt"), 'w') as tp, open( os.path.join(output_directory, "unicornscan_ports_udp.txt"), 'w') as up: print(ports_tcp) print('\n') ports_tcp = ','.join(ports_tcp) print(ports_tcp) print(ports_udp) ports_udp = ','.join(ports_udp) print(ports_udp) tp.write(str(ports_tcp)) up.write(str(ports_udp))