def _update_info(self): """ Scans the network for devices. Returns boolean if scanning successful. """ if not self.success_init: return False _LOGGER.info("Scanning") options = "-F --host-timeout 5" exclude_targets = set() if self.home_interval: now = dt_util.now() for host in self.last_results: if host.last_update + self.home_interval > now: exclude_targets.add(host) if len(exclude_targets) > 0: target_list = [t.ip for t in exclude_targets] options += " --exclude {}".format(",".join(target_list)) nmap = NmapProcess(targets=self.hosts, options=options) nmap.run() if nmap.rc == 0: if self._parse_results(nmap.stdout): self.last_results.extend(exclude_targets) else: self.last_results = [] _LOGGER.error(nmap.stderr) return False
def start(self): ''' Start Discovery ''' logs = core.logs.Logger(config=self.config, proc_name="discovery.nmap") logger = logs.getLogger() logger = logs.clean_handlers(logger) logger.info("Starting scan of environment") try: nmap = NmapProcess(self.config['discovery']['plugins']['nmap']['target'], options=self.config['discovery']['plugins']['nmap']['flags']) except Exception as e: raise Exception("Failed to execute nmap process: {0}".format(e.message)) up = [] while True: nmap.run() nmap_report = NmapParser.parse(nmap.stdout) for scanned_host in nmap_report.hosts: if "up" in scanned_host.status and scanned_host.address not in up: up.append(scanned_host.address) logger.debug("Found new host: {0}".format(scanned_host.address)) if self.dbc.new_discovery(ip=scanned_host.address): logger.debug("Added host {0} to discovery queue".format( scanned_host.address)) else: logger.debug("Failed to add host {0} to discovery queue".format( scanned_host.address)) logger.debug("Scanned {0} hosts, {1} found up".format( len(nmap_report.hosts), len(up))) time.sleep(self.config['discovery']['plugins']['nmap']['interval']) return True
def __do_scan(targets, options): ''' do scan a target by nmap ''' parsed = None nmproc = NmapProcess(targets=targets, options=options) nmproc.run() try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def knockd_test(ip,outfile,start_key,stop_key): ## Baseline Nmap Scan print "\n[-] Scanning " + ip + " with Nmap, this could take a minute...go get some coffee" nm = NmapProcess(ip, options="-p 0-65535") rc = nm.run() if nm.rc == 0: before = NmapParser.parse(nm.stdout) before_ports = before.hosts[0].get_ports() else: print nm.stderr sys.exit() ## Sending Default Knockd Port Knock Sequence with Scapy print "\n[-] Sending default knockd sequence to " + ip for x in start_key: send(IP(dst=ip)/TCP(dport=x),verbose=0) ## Subsequent Nmap Scan print "\n[-] Scanning again...too soon for more coffee???" rc = nm.run() if nm.rc == 0: after = NmapParser.parse(nm.stdout) after_ports = after.hosts[0].get_ports() else: print nm.stderr sys.exit() ## Compare Scans to Determine if any Services were Activated diff = set(after_ports)-set(before_ports) new_ports = list(diff) if len(new_ports) > 0: print "\n[+] " + str(len(new_ports)) + " new port(s) opened..." for x in new_ports: print x print "\nWriting to output file - " + outfile f = open(outfile,'a') f.write("Ports opened on " + ip + " - " + str(new_ports) + "\n") f.close() ## Stopping Activated Services with Default Close Sequence print "\n[-] Disabling opened service on " + ip + " by sending default close sequence..." print " *** If you want to manually interact with the service, use the knockd_on-off.py script ***\n" for x in stop_key: send(IP(dst=ip)/TCP(dport=x),verbose=0) elif len(new_ports) == 0: print "\n[-] No new services opened...\n" else: print "\n[-] An error has occurred" sys.exit()
def consume(self, targets): print(targets) nm = NmapProcess(targets, options='-v -sn') rc = nm.run() try: parsed = NmapParser.parse(nm.stdout) except NmapParserException as e: print("Exception raised while parsing scan: %s" % (e.msg)) HOST_UP = 1 HOST_DOWN = 0 scans = Table('host_up', connection=self.dynamo) with scans.batch_write() as batch: for host in parsed.hosts: # Insert into database and delete from queue if (host.status == 'down'): status = 0 elif (host.status == 'up'): status = 1 else: status = -1 batch.put_item(data={ 'ip': host.address, 'status': status, 'datetime': int(time.time()) })
def getC(self,ip=None,config=None): try: if ip==None: ip=self.ip count={} ip=ip+"/24" ops="-open -p%s" getops=ops%config nm=NmapProcess(ip,options=getops) ps=nm.run() parsed=NmapParser.parse(nm.stdout) for host in parsed.hosts: count[host.address]=[host.address] for serv in host.services: if len(serv.cpelist)>1: count[host.address].append(serv.service+":"+str(serv.port)+":"+serv.cpelist[0]) else: count[host.address].append(serv.service+":"+str(serv.port)) return count except Exception,e: print e return []
def _process(self, session): nmproc = NmapProcess("10.0.0.1", "-sT") parsed = None rc = nmproc.run() if rc != 0: logging.critical("NMAP Scan failed: {0}".format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: logging.critical("NMAP Parse failed: {0}".format(e.msg)) if parsed is not None: for host in parsed.hosts: if len(host.hostnames): tmp_host = host.hostnames.pop() else: tmp_host = host.address print("Nmap scan report for {0} ({1})".format(tmp_host, host.address)) print("Host is {0}.".format(host.status)) print(" PORT STATE SERVICE") for serv in host.services: pserv = "{0:>5s}/{1:3s} {2:12s} {3}".format( str(serv.port), serv.protocol, serv.state, serv.service ) if len(serv.banner): pserv += " ({0})".format(serv.banner) print(pserv)
def nmap_script_scan(self, target, portlist=None, version_intense="0", script_name=None): ''' Runs nmap with the -sC arg or the --script arg if script_name is provided. Options used are: -sV --version-intensity <default:0> -sC|--script=<script_name> Arguments: - ``target``: IP or the range of IPs that need to be tested - ``portlist``: list of ports, range of ports that need to be tested. They can either be comma separated or separated by hyphen example: 121,161,240 or 1-100 - ``version_intense``: Version intensity of OS detection - ``script_name``: Script Name that needs to be referenced Examples: | nmap script scan | target | portlist | version_intense | script_name | ''' target = str(target) if portlist and script_name: nmap_proc_cmd = "-Pn -sV --version-intensity {0} --script={1} -p {2}".format(version_intense, script_name, portlist) elif portlist and not script_name: nmap_proc_cmd = "-Pn -sV --version-intensity {0} -sC -p {1}".format(version_intense, portlist) elif script_name and not portlist: raise Exception('EXCEPTION: If you use specific script, you have to specify a port') else: nmap_proc_cmd = "-Pn -sV --version-intensity {0} -sC".format(version_intense) nmproc = NmapProcess(target, nmap_proc_cmd) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in parsing results: {0}'.format(ne.msg)
def nmap_os_services_scan(self, target, portlist=None, version_intense = 0): ''' Runs Arguments: - ``target``: IP or the range of IPs that need to be tested - ``portlist``: list of ports, range of ports that need to be tested. They can either be comma separated or separated by hyphen example: 121,161,240 or 1-100 - ``version_intense``: Version intensity of OS detection Examples: | nmap os services scan | target | portlist | version_intense | ''' target = str(target) if portlist: nmap_proc_cmd = "-Pn -sV --version-intensity {0} -p {1}".format(portlist, version_intense) else: nmap_proc_cmd = "-Pn -sV --version-intensity {0}".format(portlist) nmproc = NmapProcess(target, nmap_proc_cmd) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in parsing results: {0}'.format(ne.msg)
def celery_nmap_scan(targets, options): """celery_nmap_scan task""" def status_callback(nmapscan=None): """status callback""" try: current_task.update_state(state="PROGRESS", meta={"done": nmapscan.progress, "etc": nmapscan.etc}) except Exception as e: print("status_callback error: " + str(e)) nm = NmapProcess(targets, options, event_callback=status_callback) rc = nm.run() if rc == 0 and nm.stdout: r = nm.stdout # scan is finished. Now call task to insert Report into persistent db celery_nmap_store_report.delay(task_id=celery_nmap_scan.request.id) else: r = None return {"rc": rc, "report": r}
class Mynmap(object): def __init__(self, scanIp): self.scanIp = scanIp def startNmap(self): self.nmapScan = NmapProcess(self.scanIp, options='-sV -T4 -A -Pn -p 22-65534') self.rc = self.nmapScan.run() if self.nmapScan.rc == 0: #print self.nmapScan.stdout return self.nmapScan.stdout else: print self.nmapScan.stderr logging.info('nmap scan error'+ self.scanIp) return False def startParse(self): #nmap xml parse func try: self.startNmapScan = self.startNmap() if self.startNmap is not False: self.parse = NmapParser.parse(self.startNmapScan) self.nmapScanreport = self.startReport() else: sys.exit(0) except NmapParserException as e: logging.info(e) sys.exit(0) def startReport(self): self.report = self.parse if self.report: for self.host in self.report.hosts: for self.serv in self.host.services: if len(self.serv.banner) and self.serv.state == 'open': scanResult.append((str(self.host.address) + ' ' + '+' + ' ' + 'NmapService: [' +str(self.serv.state) + ' ' + str(self.serv.protocol) + ' ' + "<" + str(self.serv.port) + ">" + ' ' + str(self.serv.service) + ' ' + str(self.serv.banner)) + ']') else: if self.serv.state == 'open': scanResult.append((str(self.host.address) + ' ' + '+' + ' ' + 'NmapService: [' + str(self.serv.state) + ' ' + str(self.serv.protocol) + ' ' + "<" + str(self.serv.port) + ">" + ' ' + str(self.serv.service)) + ']')
def do_scan(targets,options): parsed = None proc = NmapProcess(targets,options) running = proc.run() if running != 0: raise Exception("Scan failed") return NmapParser.parse(proc.stdout)
def portScan(): global parsed print"Scanning ports: %s" %ports nm = NmapProcess(args.target, options="-sS -n -T4 -p%s" %ports) rc = nm.run() if rc != 0: print("nmap scan failed: {0}".format(nm.stderr)) parsed = NmapParser.parse(nm.stdout)
def run(self): nm = NmapProcess(targets=str(self.artifact['name']), options='-sT -sV -Pn -T5 -p21,22,23,25,80,6667,1337') nm.run() if nm.is_successful(): report = NmapParser.parse_fromstring(nm.stdout) for host in report.hosts: if host.is_up(): results = { 'ports': host.get_open_ports(), 'services': [] } for service in host.services: if service.state == 'open': serv = { 'banner': service.banner, 'protocol': service.protocol, 'service': service.service, 'port': service.port} results['services'].append(serv) if self.artifact['subtype'] == 'ipv4': results['hostnames'] = host.hostnames for h in host.hostnames: self.artifact['children'].append({ 'name': h, 'type': 'host', 'subtype': 'fqdn', 'source': 'Nmap' }) elif self.artifact['subtype'] == 'fqdn': results['ipv4'] = host.address self.artifact['children'].append({ 'name': host.address, 'type': 'host', 'subtype': 'ipv4', 'source': 'Nmap' }) self.artifact['data']['nmap'] = results else: warning('Nmap scanner failed - no results')
def is_alive(self): self.alive = False nmproc = NmapProcess(str(self.ip), '-sn') rc = nmproc.run() if rc != 0: self.has_error("(alive) {}".format(nmproc.stderr)) else: nmap_report = NmapParser.parse(nmproc.stdout) self.alive = (nmap_report.hosts[0].status == 'up')
def worker(q, lock, percent, pingtype): ''' Create Nmap processes to ping sweep each subnet then add a percentage of the hosts that are up to the master sample list ''' for netblock in iter(q.get, 'STOP'): if pingtype == 'portscan': nmap_args = '--top-ports 5 --max-rtt-timeout 150ms --max-retries 3' elif pingtype == 'arpscan': nmap_args = '-T4 -sn --max-rtt-timeout 150ms --max-retries 3' else: nmap_args = '-T4 -PE -sn --max-rtt-timeout 150ms --max-retries 3' print '[*] nmap {0} {1}'.format(nmap_args, netblock) nmap_proc = NmapProcess(targets=netblock, options=nmap_args) rc = nmap_proc.run() xml = nmap_proc.stdout try: report = NmapParser.parse(xml) except NmapParserException as e: print 'Exception raised while parsing scan: {0}'.format(e.msg) continue subnet_hosts_up = [] for host in report.hosts: if host.is_up(): ip = host.address hostname = None if len(host.hostnames) != 0: hostname = host.hostnames[0] if pingtype == 'portscan': for s in host.services: if re.search('open|filtered', s.state): subnet_hosts_up.append(ip) break else: subnet_hosts_up.append(ip) num_hosts = float(len(subnet_hosts_up)) random_sample_num = int(ceil(num_hosts * percent)) sample = [] for i in xrange(random_sample_num): s = random.choice(subnet_hosts_up) sample.append(s) if len(sample) > 0: print '[+] Random {0}% of live hosts in subnet {1}:'.format(percent*100, netblock) for ip in sample: print ' ', ip if len(sample) > 0: with lock: with open('SampleIPs.txt', 'a+') as f: for ip in sample: f.write(ip+'\n')
def nmap_scan(targets, options): nm = NmapProcess(targets, options) rc = nm.run() if nm.rc == 0: return nm.stdout else: return nm.stderr
def _update_info(self): """ Scans the network for devices. Returns boolean if scanning successful. """ if not self.success_init: return False with self.lock: _LOGGER.info("Scanning") nmap = NmapProcess(targets=self.hosts, options="-F") nmap.run() if nmap.rc == 0: try: results = NmapParser.parse(nmap.stdout) self.last_results = [] for host in results.hosts: if host.is_up(): if host.hostnames: name = host.hostnames[0] else: name = host.ipv4 if host.mac: mac = host.mac else: mac = _arp(host.ipv4) if mac: device = Device(mac, name) self.last_results.append(device) _LOGGER.info("nmap scan successful") return True except NmapParserException as parse_exc: _LOGGER.error("failed to parse nmap results: %s", parse_exc.msg) self.last_results = [] return False else: self.last_results = [] _LOGGER.error(nmap.stderr) return False
def do_scan(targets, options): nm = NmapProcess(targets, options) rc = nm.run() if rc != 0: print("nmap scan failed: {0}".format(nm.stderr)) try: parsed = NmapParser.parse(nm.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def addHost(): error = None if request.method != 'POST': return redirect(url_for('home')) try: ipaddr = escape(request.form['ipaddr']) flags = escape(request.form['flags']) nm = NmapProcess(ipaddr, options=flags) nm.run() report = NmapParser.parse(nm.stdout) for node in report.hosts: if node.address not in hosts and node.address != localhost: hosts[node.address] = host(host=node, serviceDict=serviceDict, tryFandCConn=args.c, delayFactor=args.d, debug=args.D) for targetHost in hosts.itervalues(): targetHost.startTraffic() return redirect(url_for('home')) except Exception as e: if args.D: print e return redirect(url_for('home'))
class Nmaprunner(object): def __init__(self, ip, port, callback, options=None,safemode=False): if options: options = "-vvvvv "+ options else: options = "-vvvvv" # self.options = "-vv {} -p {} {}".format(self.scantype, port, ip) self.ip = ip self.port = port self.callback = callback self.nmap_proc = NmapProcess(targets=self.ip, options=options, event_callback=self.callback, safe_mode=safemode) def runnmap(self): self.nmap_proc.run() return NmapParser.parse(self.nmap_proc.stdout) def getproc(self): return self.nmap_proc
def do_nmap_scan(target): ## create a transform object transform = MaltegoTransform() ## set the nmap options nm = NmapProcess(targets=target, options="-P0 -sT --host-timeout 3m") ## start the nmap scan nm.run() nmap_report = NmapParser.parse(nm.stdout) """ more info on the nmap object available here: https://libnmap.readthedocs.org/en/latest/process.html """ for host in nmap_report.hosts: for serv in host.services: ## for now we return a shodan service, so we can leverage of off the Shodan API transform.addEntity("Shodan.Service", "%s/%s" % (str(serv.port), serv.service)) print transform.returnOutput()
def do_scan(targets, options): parsed = None nmproc = NmapProcess(targets, options) rc = nmproc.run() message = "" if rc != 0: message = "Tarama yapılırken bir hata oluştu: {0}".format(nmproc.stderr) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: message = "Tarama sonucu parse edilirken bir hata oluştu: {0}".format(e.msg) return {"message": message, "parsed": parsed}
def do_scan(targets, options, fqp=None): nm = NmapProcess(targets, options, fqp=fqp) rc = nm.run() if rc != 0: print "nmap scan failed: %s" % (nm.stderr) try: parsed = NmapParser.parse(nm.stdout) except NmapParserException as e: print "Exception raised while parsing scan: %s" % (e.msg) return parsed
def is_port_open(self, port): nmproc = NmapProcess(str(self.ip), '-p ' + str(port)) rc = nmproc.run() if rc != 0: self.has_error("nmap scan failed: {0}".format(nmproc.stderr)) return False else: nmap_report = NmapParser.parse(nmproc.stdout) if nmap_report.hosts[0].status == 'up': return (nmap_report.hosts[0].services[0].state == 'open') else: return False
def _run_scan(targets, options): """Runs a nmap scan with the given options, returns a report for the given scan. """ parsed = None nmproc = NmapProcess(targets, options) return_code = nmproc.run() if return_code == 0: try: parsed = NmapParser.parse(nmproc.stdout) return parsed except NmapParserException as e: print "scan failed: {0}".format(nmproc.stderr) return 1
class Networks(object): ''' classdocs ''' def __init__(self, targets,options): self.nmap=NmapProcess(targets,options) def run(self): self.nmap.run() def make_report(self): report=NmapParser.parse(self.nmap.stdout) result=[] for host in report.hosts: temp={} print host print host.scripts_results temp['ip']=host.ipv4 print [(service.state,service.port,service.scripts_results) for service in host.services] # for service in host.services: # for k in service.scripts_results: # if k.find('.'): # v=service.scripts_results[k] # del service.scripts_resutls[k] # service.scripts_resutls[k.replace('.','_')]=v # temp['services']=[(service.state,service.port,service.scripts_results)] # result.append(temp) # return result def record_report(self,records,cache,coll): for r in records: doc=cache[r['ip']] doc['service']=r try: coll.save(doc) except: print doc
def celery_nmap_scan(targets, options): def status_callback(nmapscan=None, data=''): current_task.update_state(state='PROGRESS', meta={'done': nmapscan.progress, 'etc': nmapscan.etc}) nm = NmapProcess(targets, options, event_callback=status_callback) rc = nm.run() if rc == 0 and nm.stdout: r = nm.stdout else: r = None return {'rc': rc, 'report': r}
def do_scan(host, options): # uncomment line below to manually input target IP #host = input("Enter Target Host Address: ") parsed = None nmproc = NmapProcess(host, options) rc = nmproc.run() if rc != 0: print("nmap scan failed: {0}".format(nmproc.stderr)) print(type(nmproc.stdout)) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def run(self, port, hosts): print "[*] Probing %d hosts on port %s" % (len(hosts), port) opts = self.build_nmap_options(port) nm = NmapProcess(hosts, options=opts, fqp=self._whereis("nmap") ) rc = nm.run() if nm.rc == 0: nmap_report = NmapParser.parse(nm.stdout) for scanned_host in nmap_report.hosts: if self.is_ipidseq_incremental( scanned_host ): for open_port in scanned_host.get_open_ports(): self.final_print(scanned_host.ipv4, open_port[0], 'FOUND')
def nmap_scan(hosts, output_dir): """ if user chooses to start from an nmap scan, run the scan and then return an nmap_report object :param hosts: :param output_dir: :return: """ print("[+] Kicking off nmap scan. I don't have any feedback working, so just be patient") nm = NmapProcess(hosts, options="-sC -sV -Pn -p1-65535") rc = nm.run() nmap_report = NmapParser.parse(nm.stdout) nmap_xml = output_dir + "/" + hosts.replace("/","_") + "_nmap.xml" f = open(nmap_xml, 'a') f.write(nm.stdout) f.close() print("[+] Nmap scan saved to: {0}".format(nmap_xml)) return nmap_report
def cel_nmap_scan(cmd_name, populated_command, host, config_nmap_options, celery_path, task_id, workspace): """ :param cmd_name: :param populated_command: :param host: :param config_nmap_options: :param celery_path: :param task_id: :param workspace: :return: """ # Without the sleep, some jobs were showing as submitted even though # they were started. Not sure why. #time.sleep(3) path = os.path.abspath( os.path.join(os.path.dirname(os.path.abspath(lib.scan.__file__)), "..")) audit_log = path + "/log/cmdExecutionAudit.log" f = open(audit_log, 'a') start_time = time.time() start_time_int = int(start_time) start_ctime = time.ctime(start_time) start = timer() print(populated_command) print("[+] Kicking off nmap scan for " + host) lib.db.update_task_status_started("STARTED", task_id, 0, start_time_int) nm = NmapProcess(host, options=config_nmap_options) rc = nm.run() nmap_report = NmapParser.parse(nm.stdout) end = timer() end_ctime = time.ctime(end) run_time = end - start db.update_task_status_completed("COMPLETED", task_id, run_time) #f.write("\n" + str(end_ctime) + "," + "CMD COMPLETED" + ","" + str(run_time) + " - " + populated_command + "\n") f.write( str(start_ctime) + "," + str(end_ctime) + "," + str(run_time) + cmd_name + "\n") f.close() lib.csimport.process_nmap_data(nmap_report, workspace) return nmap_report
def nmap_all_tcp_scan(self, target): ''' Runs nmap scan against all TCP Ports with version scanning. Options used -Pn -sV -p1-65535 Examples: | nmap all tcp scan | target | ''' target = str(target) nmproc = NmapProcess(target, '-p1-65535 -sV') rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format( nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in Parsing results: {0}'.format(ne.msg)
def nmap_default_scan(self, target): ''' Runs a basic nmap scan on nmap's default 1024 ports. Performs the scan with -Pn -sS -sV Options Examples: | nmap default scan | target | ''' target = str(target) nmproc = NmapProcess(target, '-Pn -sS -sV') rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format( nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in Parsing results: {0}'.format(ne.msg)
def run_scan2(ip_address): nm = NmapProcess(ip_address, options='-sV') rc = nm.run() # print (nm.stdout) nmap_report = NmapParser.parse(nm.stdout) # print(nmap_report.r) print(nmap_report.id) print(nmap_report.version) print(nmap_report.commandline) print(nmap_report.endtime) print(nmap_report.get_dict()) print(nmap_report.get_raw_data()) print(nmap_report.hosts[0]) # my_host = NmapHost(hostnames=nmap_report.) # print (my_host.address) print(nmap_report.summary)
def scan_ranges(ranges, dns=None): ''' Performs a list scan on the provided ranges and returns an NmapReport object ''' if dns is None: dns = "-sL -R" else: dns = "-sL -R --dns-server " + dns logger.info('DNS Value for scan_ranges: ' + str(dns)) logger.info('Provided Ranges for scan_ranges: ' + str(ranges)) print("Starting nmap scan against: " + ranges) nm = NmapProcess(ranges, options=dns) rc = nm.run() # use the nmap parser to return an object containing all the hosts parsed = NmapParser.parse(nm.stdout) logger.info('Returning {} hosts from scan_ranges'.format(len( parsed.hosts))) return parsed
def do_scan(targets, options): """ :rtype: object """ parsed = None nmproc = NmapProcess(targets, options) rc = nmproc.run() if rc != 0: print("nmap scan failed: {0}".format(nmproc.stderr)) print(type(nmproc.stdout)) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def do_scan(self): """ 对targets进行扫描,并返回探测结果 :param targets: 扫描目标 :param options: 扫描选项 :return: """ nmproc = NmapProcess(self.ip, self.options) rc = nmproc.run() if rc != 0: print("nmap scan failed: {0}".format(nmproc.stderr)) self.raw_data = nmproc.stdout try: self.parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return
def network_host_ip(interface): # interface subnet mask calc subnet = socket.inet_ntoa( fcntl.ioctl(socket.socket(socket.AF_INET, socket.SOCK_DGRAM), 35099, struct.pack('256s', interface))[20:24]) subnet = subnet.split('.') binary_str = '' for octet in subnet: binary_str += bin(int(octet))[2:].zfill(8) subnet = str(len(binary_str.rstrip('0'))) # interface ip calc s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) ip = socket.inet_ntoa( fcntl.ioctl(s.fileno(), 0x8915, struct.pack('256s', interface[:15]))[20:24]) # Network Scan Start parser = None process = NmapProcess(targets=ip + '/' + subnet, options="-sP", event_callback=None, safe_mode=None, fqp=None) rc = process.run() if rc != 0: print("Network Scan Failed") try: parser = NmapParser.parse(process.stdout) except NmapParserException: print("Exception Network Error") up_hosts = [] gateway = get_l_gateway_ip(interface) for host in parser.hosts: if str(host).find('up') is not -1: up_host = re.findall(r'(\[.*\()', str(host))[0].replace('[', '').replace(' (', '') up_hosts.append(up_host) up_hosts.remove(gateway) up_hosts.remove(ip) return ' / '.join(up_hosts)
def do_scan(targets, options): parsed = None nmproc = NmapProcess(targets, options) rc = nmproc.run() if rc != 0: print("nmap scan failed: {0}".format(nmproc.stderr)) print( "nmap_process_command{{version=\"{0}\",targets=\"{1}\",cmdline=\"{2}\"}} {3}" .format(nmproc.version, nmproc.targets, format(nmproc.command.strip()), nmproc.starttime)) try: parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return parsed
def nmap_script_scan(self, target, portlist=None, version_intense="0", script_name=None): ''' Runs nmap with the -sC arg or the --script arg if script_name is provided. Options used are: -sV --version-intensity <default:0> -sC|--script=<script_name> Arguments: - ``target``: IP or the range of IPs that need to be tested - ``portlist``: list of ports, range of ports that need to be tested. They can either be comma separated or separated by hyphen example: 121,161,240 or 1-100 - ``version_intense``: Version intensity of OS detection - ``script_name``: Script Name that needs to be referenced Examples: | nmap script scan | target | portlist | version_intense | script_name | ''' target = str(target) if portlist and script_name: nmap_proc_cmd = "-Pn -sV --version-intensity {0} --script={1} -p {2}".format( version_intense, script_name, portlist) elif portlist and not script_name: nmap_proc_cmd = "-Pn -sV --version-intensity {0} -sC -p {1}".format( version_intense, portlist) elif script_name and not portlist: raise Exception( 'EXCEPTION: If you use specific script, you have to specify a port' ) else: nmap_proc_cmd = "-Pn -sV --version-intensity {0} -sC".format( version_intense) nmproc = NmapProcess(target, nmap_proc_cmd) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format( nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in parsing results: {0}'.format(ne.msg)
def do_scan(self, targets, options='-sV'): info('Starting scaning port') self.result.add_data('port:') try: parsed = None nmproc = NmapProcess(targets, options) rc = nmproc.run() if rc != 0: error("nmap scan failed: {0}".format(nmproc.stderr)) logger.error("nmap scan failed: {0}".format(nmproc.stderr)) parsed = NmapParser.parse(nmproc.stdout) except KeyboardInterrupt: raise KeyboardInterrupt except NmapParserException as e: error("Exception raised while parsing scan: {0}".format(e.msg)) logger.error("Exception raised while parsing scan: {0}".format(e.msg)) sys.exit(0) return parsed
def nmapresolve(): ipcount = len(scope) print stat+"Executing Nmap Reverse Lookup against "+str(ipcount)+" total IPs" print stat+"Breaking IPs into digestible parts (<=4096)" if ipcount > 4096: for part in range(0, ipcount, 4096): nmapscope.append(scope[part:part + 4096]) else: nmapscope.append(scope) nmapcount = len(nmapscope) print stat+"IPs broken into "+str(nmapcount)+" parts" count = 0 for targets in nmapscope: count += 1 try: sys.stdout.write("\r"+stat+"Executing part "+str(count)+" of "+str(nmapcount)) sys.stdout.flush() nmap = NmapProcess(targets, options="-sL -R") rc = nmap.run() resolved = NmapParser.parse(nmap.stdout) for host in resolved.hosts: for hostname in host.hostnames: hostname = hostname.lower() if not re.findall('[0-9]{1,3}?\-[0-9]{1,3}\-[0-9]{1,3}\-[0-9]{1,3}',hostname) and not re.findall('[0-9]{1,3}?\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}',hostname) and 'zayo.com' not in hostname and "ip-addr" not in hostname and "Level3" not in hostname and "in-addr" not in hostname and '.' in hostname: nmaphostnames.append((host.address, hostname)) except (KeyboardInterrupt, SystemExit): goodresp = 0 while goodresp == 0: print "" resp = raw_input(warn+'Interrupt Caught. Want to kill all Nmap? (y) or this part (n): ') if "y" in resp: print warn+"Killing all Nmap parts" return nmaphostnames elif "n" in resp: print stat+"Continuing w/ next part" goodresp = 1 else: print warn+"Invalid Option..." print "" print good+"Nmap lookup complete. Hostnames found: "+str(len(nmaphostnames)) return nmaphostnames
def nmap_default_scan(self, target, file_export = None): ''' Runs a basic nmap scan on nmap's default 1024 ports. Performs the default scan - file_export is an optional param that exports the file to a txt file with the -oN flag Examples: | nmap default scan | target | file_export | ''' target = str(target) if file_export == None: nmproc = NmapProcess(target) else: nmproc = NmapProcess(target, '-oN {0}'.format(file_export), safe_mode=False) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in Parsing results: {0}'.format(ne.msg)
def is_udp_port_open(ip, port): """Check if given UDP port is open""" nmproc = NmapProcess(ip, '-sU -T5 -p ' + str(port)) rc = nmproc.run() if rc != 0: print("Nmap scan failed (check if running as root): {0}".format( nmproc.stderr)) return True try: report = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) return False if len(report.hosts): host = report.hosts[0] if len(host.services): return 'open' in host.services[0].state return False
def nmap_script_scan(self, target, portlist=None, version_intense='0', script_name=None, file_export=None): target = str(target) if portlist and script_name: nmap_proc_cmd = "-Pn -sV --version_intensity {0} --script={1} -p {2}".format( version_intense, script_name, portlist) elif portlist and not script_name: nmap_proc_cmd = "-Pn -sV --version_intensity {0} -sC -p {1}".format( version_intense, portlist) elif script_name and not portlist: raise Exception( "EXCEPTION: If you use specific script, you have to specify a port" ) else: nmap_proc_cmd = "-Pn -sV --version_intensity {0} -sC".format( version_intense) if file_export: nmap_proc_cmd += " -oN {0}".format(file_export) nmproc = NmapProcess(target, nmap_proc_cmd, safe_mode=False) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format( nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print(parsed) self.results = parsed except NmapParserException as ne: print('EXCEPTION: Exception in parsing results: {0}'.format( ne.msg))
def run_nmap(target): targets = [] f = open(target, "r") for line in f.readlines(): ip = line.replace("\n", "") targets.append(ip) f.close() print("Running nmap on target from: " + target) nm = NmapProcess(targets=targets, options="-Pn -p 80,443,8080") rc = nm.run() f = open('portscans/nmap_http2.xml', 'w') if nm.rc == 0: #print(nm.stdout) f.write(nm.stdout) else: #print(nm.stderr) f.write(nm.stderr) f.close() print("Nmap finished.")
def nmap_os_services_scan(self, target, portlist=None, version_intense=0, file_export=None): ''' Runs Arguments: - ``target``: IP or the range of IPs that need to be tested - ``portlist``: list of ports, range of ports that need to be tested. They can either be comma separated or separated by hyphen example: 121,161,240 or 1-100 - ``version_intense``: Version intensity of OS detection - ``file_export``: is an optional param that exports the file to a txt file with the -oN flag Examples: | nmap os services scan | target | portlist | version_intense | file_export | ''' target = str(target) if portlist: nmap_proc_cmd = "-Pn -sV --version-intensity {0} -p {1}".format( version_intense, portlist) else: nmap_proc_cmd = "-Pn -sV --version-intensity {0}".format( version_intense) if file_export: nmap_proc_cmd += " -oN {0}".format(file_export) nmproc = NmapProcess(target, nmap_proc_cmd, safe_mode=False) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format( nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print(parsed) self.results = parsed except NmapParserException as ne: print('EXCEPTION: Exception in parsing results: {0}'.format( ne.msg))
def get_ip_list(): ip_list = [] targets = "192.168.1.0/24" options = "-sP" report = None nmproc = NmapProcess(targets, options) rc = nmproc.run() if rc != 0: print("nmap scan failed: {0}".format(nmproc.stderr)) try: report = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) for host in report.hosts: if host.is_up() and 'B8:27:EB' in host.mac: ip_list.append(host.address) return ip_list
def nmap_all_tcp_scan(self, target, file_export = None): ''' Runs nmap scan against all TCP Ports with version scanning. Options used -Pn -sV -p1-65535 Examples: | nmap default scan | target | file_export | file_export is an optional param that exports the file to a txt file with the -oN flag ''' target = str(target) if file_export == None: nmproc = NmapProcess(target, '-p1-65535 -sV') else: cmd = '-p1-65535 -sV -oN {0}'.format(file_export) nmproc = NmapProcess(target, cmd, safe_mode=False) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in Parsing results: {0}'.format(ne.msg)
def grab_banner_nmap(ip, port): report = None nmproc = NmapProcess(ip, '-sT -sV -Pn -p '+str(port)) rc = nmproc.run() if rc != 0: print("nmap scan failed: {0}".format(nmproc.stderr)) return None #print(type(nmproc.stdout)) try: report = NmapParser.parse(nmproc.stdout) except NmapParserException as e: #print("Exception raised while parsing scan: {0}".format(e.msg)) return None banner = '' if len(report.hosts): host = report.hosts[0] if len(host.services): banner = host.services[0].banner return banner
def nmap_script_scan(self, target, portlist = None, version_instense = "0", script_name = None, file_export = None): ''' Runs nmap with the -sC argument or the --script if script_name is provided Arguments: - ``target`` ... IP or range of IPs that need to be tested - ``portlist`` ... list of ports or range - ``version_intense`` ... version intensity of OS detection - ``script_name`` ... which script to run - ``file_export`` ... whether to use a txt file for output Example: nmap_script_scan <target> <portlist> <version_intense> <script_name> ''' target = str(target) if portlist and script_name: nmap_proc_cmd = "-Pn -sV --version-intensity {0} --script = {1} -p {2}".format(version_intense, script_name, portlist) elif portlist and not script_name: nmap_proc_cmd = "-Pn -sV --version-intensity {0} -sC -p {1}".format(version_intense, portlist) elif script_name and not portlist: raise Exception('EXCEPTION: If you use specific script need to specify a port') else: nmap_proc_cmd = "-Pn -sV --version_intensity {0} -sC".format(version_intense) if file_export: nmap_proc_cmd += " -oN {0}".format(file_export) nmproc = NmapProcess(target, nmap_proc_cmd, safe_mode=False) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format(nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print(parsed) self.results = parsed except NmapParserException as ne: print('EXCEPTION: Exception in parsing results: {0}'.format(ne.msg))
def do_scan(targets): parsed = None nmproc = NmapProcess(targets, "-sV -open -T5 -PE") rc = nmproc.run() if rc != 0: pass try: #20170504 modify /lib/libnmap/parse 84 --> nmap_data = str(nmap_data) bcz nmap_data linux create xml is unicode ,cant be work parsed = NmapParser.parse(nmproc.stdout) except NmapParserException as e: #print("Exception raised while parsing scan: {0}".format(e.msg)) print "nmap error", e if parsed: for host in parsed.hosts: if len(host.hostnames): tmp_host = host.hostnames.pop() else: tmp_host = host.address for serv in host.services: #print tmp_host , host.address, str(serv.port), serv.protocol, serv.state, serv.service to_mysql(tmp_host, host.address, str(serv.port), serv.protocol, serv.service)
def nmap_specific_udp_scan(self, target, portlist, file_export=None): target = str(target) if file_export == None: nmproc = NmapProcess(target, '-p1-65535 -sV') else: cmd = '-sU -sV -p {0} -oN {1}'.format(portlist, file_export) nmprocess = NmapProcess(target, cmd, safe_mode=False) rc = nmprocess.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format( nmprocess.stderr)) try: parsed = NmapParser.parse(nmprocess.stdout) print(parsed) self.results = parsed except NmapParserException as ne: print('EXCEPTION: Exception in parsing results: {0}'.format( ne.msg))
def nmap_specific_udp_scan(self, target, portlist): ''' Runs nmap against specified UDP ports given in the portlist argument. Arguments: - ``target``: IP or the range of IPs that need to be tested - ``portlist``: list of ports, range of ports that need to be tested. They can either be comma separated or separated by hyphen example: 121,161,240 or 1-100 Examples: | nmap specific udp scan | target | portlist | ''' target = str(target) nmap_proc_cmd = "-sU -sV -p {0}".format(portlist) nmproc = NmapProcess(target, nmap_proc_cmd) rc = nmproc.run() if rc != 0: raise Exception('EXCEPTION: nmap scan failed: {0}'.format( nmproc.stderr)) try: parsed = NmapParser.parse(nmproc.stdout) print parsed self.results = parsed except NmapParserException as ne: print 'EXCEPTION: Exception in parsing results: {0}'.format(ne.msg)
def nmap_scan(targets, options): nmap_report = None nmproc = NmapProcess(targets, options) rc = nmproc.run() if rc != 0: print("nmap scan failed: {0}".format(nmproc.stderr)) try: nmap_report = NmapParser.parse(nmproc.stdout) except NmapParserException as e: print("Exception raised while parsing scan: {0}".format(e.msg)) parser.print_help() parser.exit() # Get OS version and search it by sve-search osinfo = {} host = nmap_report.hosts[0] for oscla in host.os.osmatches: serverinfo = oscla.name if (serverinfo): osinfo["name"] = serverinfo[:serverinfo.find(' ')] osinfo["osgen"] = serverinfo[serverinfo.find(' ') + 1:] break osresult = osinfo["name"] + ":" + osinfo["osgen"] if (osresult.find(' ') == -1): command = "/root/cve-search/bin/search.py -p " + osresult + " -o json" print('OS vulnerabilities result:') osfinalresult = os.popen(command) a = list() for l in osfinalresult: a.append(json.loads(l)) if (a != None): for i in a: print(i['id']) else: print('Congratulation! No vulnerabilities found~') else: print("Can't get OS version")
def scanIp(ip, options, scandir='tmp'): #print("Scanning IP: {0}. Nmap options {1}".format(ip, options)) nm = NmapProcess( ip, options=options, ) rc = nm.run() if nm.rc == 0: if 'status state="down"' not in nm.stdout and \ 'reason="host-unreach"' not in nm.stdout and \ 'reason="net-unreaches"' not in nm.stdout: singleHostOut = os.path.join(scandir, ip + '.xml') scanFile = open(singleHostOut, 'w') scanFile.write(nm.stdout) scanFile.close() else: downHostsOut = os.path.join(scandir, 'down-hosts.txt') dHostsFile = open(downHostsOut, 'a') dHostsFile.write(ip + '\n') dHostsFile.close() else: print(nm.stderr)
def getC(self, ip=None, config=None): try: count = {} ops = "-open -p%s" getops = ops % config nm = NmapProcess(ip, options=getops) ps = nm.run() parsed = NmapParser.parse(nm.stdout) for host in parsed.hosts: count[host.address] = [host.address] for serv in host.services: if len(serv.cpelist) > 1: count[host.address].append(serv.service + ":" + str(serv.port) + ":" + serv.cpelist[0]) else: count[host.address].append(serv.service + ":" + str(serv.port)) return count except Exception, e: print e return []
import demistomock as demisto from CommonServerPython import * from libnmap.process import NmapProcess from libnmap.parser import NmapParser from libnmap.reportjson import ReportEncoder if demisto.command() == 'test-module': demisto.results('ok') sys.exit(0) if demisto.command() == 'nmap-scan': nm = NmapProcess(argToList(demisto.args()['targets']), options=demisto.args()['options']) rc = nm.run() if rc != 0: demisto.results({ 'Type': entryTypes['error'], 'ContentsFormat': formats['text'], 'Contents': 'Unable to execute - ' + nm.stderr }) sys.exit(0) r = NmapParser.parse(nm.stdout) md = '## ' + r.summary + '\n' hosts = [] for host in r.hosts: h = {} if len(host.hostnames): tmp_host = host.hostnames.pop() h['Hostname'] = tmp_host else: tmp_host = host.address
import cProfile, pstats, io pr = cProfile.Profile() pr.enable() hostname = "172.22.0.166" import os if (os.system("ping -c 1 -w 1 " + hostname)) == 0: valid = "alive" from libnmap.process import NmapProcess from libnmap.parser import NmapParser nmproc = NmapProcess(hostname, "-sV") rc = nmproc.run() parsed = NmapParser.parse(nmproc.stdout) host = parsed.hosts[0] services = [] status = "Unknown" cracked = False for serv in host.services: services.append(str(serv.port) + "/" + str(serv.service)) if serv.port == 22: import paramiko client = paramiko.client.SSHClient() client.load_system_host_keys() client.set_missing_host_key_policy(paramiko.WarningPolicy) uid_list=["pi","odroid","root","admin"] pwd_list=["raspberry","odroid","root","admin","password"] for uid in uid_list: for pwd in pwd_list: try: if cracked == False: