def scanByNmap(self, target, policy):
runtime = 0
try:
nmap_proc = NmapProcess(targets=target,
options=policy,
safe_mode=True)
nmap_proc.run_background()
while nmap_proc.is_running():
if runtime >= self.nmap_timeout:
nmap_proc.stop()
if self.output_mode != "silent":
print self.R + u'\n[x] scan_host {} timeout...'.format(
target) + self.W
break
else:
if self.output_mode != "silent":
sys.stdout.write(
u'\033[1;34m[~] scan_host is {},scan progress is {}%({} sec)\n\033[0m'
.format(target, nmap_proc.progress, runtime))
sys.stdout.flush()
sleep(5)
runtime += 5
if nmap_proc.is_successful() and nmap_proc.stdout:
self.parserReport(nmap_proc.stdout)
except Exception as e:
print e
class NmapTaskBack(AsyncTaskBack, NmapMixin):
nmap = None
def __init__(self, host, db, args, inqueue, outqueue):
super().__init__(inqueue, outqueue)
self.nmap = NmapProcess(targets=host, options=args)
self.nmap.run()
self.db = db
if self.nmap.is_successful():
parsed = NmapParser.parse(self.nmap.stdout)
self.result = self.get_result(parsed)
self.store(parsed)
self.thread.join()
def get_result(self, report):
result = []
for host in report.hosts:
hostname = ''
if len(host.hostnames):
hostname = host.hostnames.pop()
if host.status != 'up':
continue
services = []
for service in host.services:
services.append({
'port': service.port,
'proto': service.protocol,
'state': service.state,
'version': service.banner,
'service': service.service
})
result.append({hostname: {'services': services}})
return result
def is_running(self):
if self.nmap:
return self.nmap.is_running()
def is_successful(self):
return self.nmap.is_successful()
def finish(self):
self._stop = True
return self.result
def terminate(self):
self.nmap.stop()
def state(self):
state = 'running' if self.nmap.is_running() else 'completed'
return self.nmap.progress, state, self.nmap.command
def __str__(self):
return '{:>4}% {} - {}'.format(
self.nmap.progress, self.nmap.command,
'running' if self.nmap.is_running() else 'completed')
def run_nmap_scan(scan_targets, scan_options):
'''
Accepts scan targets and scan options for NmapProcess and launches scan
Prints scan status updates and summary to stdout
Returns NmapProcess object for further use
TODO - catch keyboard interrupts and kill tasks so we can exit gracefully!
nmap_proc.stop does not appear to fully kill threads in script scans
so program will continue to execute but leaves an orphaned nmap process
'''
status_update_interval = 5
#Check for sudo and disable scan options that require root
if os.getuid() != 0:
logging.warn(
"Certain nmap scans require root privileges (SYN, UDP, ICMP, etc)..."
)
logging.warn(
"Disabling incompatible scan types and OS / service version detection options if enabled"
)
scan_options = scan_options.replace("-sS", "-sT")
scan_options = scan_options.replace("-sU", "")
scan_options = scan_options.replace("-sP", "")
scan_options = scan_options.replace("-sn", "")
scan_options = scan_options.replace("-sV", "")
scan_options = scan_options.replace("-O", "")
nmap_proc = NmapProcess(targets=scan_targets, options=scan_options)
print "Running scan command:\n" + nmap_proc.command
nmap_proc.run_background()
while nmap_proc.is_running():
try:
time.sleep(status_update_interval)
if nmap_proc.progress > 0:
#Nmap only updates ETC periodically and will sometimes return a result that is behind current system time
etctime = datetime.datetime.fromtimestamp(int(nmap_proc.etc))
systime = datetime.datetime.now().replace(microsecond=0)
if etctime < systime:
etctime = systime
timeleft = etctime - systime
print("{0} Timing: About {1}% done; ETC: {2} ({3} remaining)".
format(nmap_proc.current_task.name, nmap_proc.progress,
etctime, timeleft))
except KeyboardInterrupt:
print "Keyboard Interrupt - Killing Current Nmap Scan!"
nmap_proc.stop()
if nmap_proc.rc == 0:
print nmap_proc.summary + "\n"
else:
print nmap_proc.stderr + "\n"
return nmap_proc
def run_nmap_scan(scan_targets, scan_options):
'''
Accepts scan targets and scan options for NmapProcess and launches scan
Prints scan status updates and summary to stdout
Returns NmapProcess object for further use
TODO - catch keyboard interrupts and kill tasks so we can exit gracefully!
nmap_proc.stop does not appear to fully kill threads in script scans
so program will continue to execute but leaves an orphaned nmap process
'''
status_update_interval = 5
#Check for sudo and disable scan options that require root
if os.getuid()!=0:
logging.warn("Certain nmap scans require root privileges (SYN, UDP, ICMP, etc)...")
logging.warn("Disabling incompatible scan types and OS / service version detection options if enabled")
scan_options = scan_options.replace("-sS", "-sT")
scan_options = scan_options.replace("-sU", "")
scan_options = scan_options.replace("-sP", "")
scan_options = scan_options.replace("-sn", "")
scan_options = scan_options.replace("-sV", "")
scan_options = scan_options.replace("-O", "")
nmap_proc = NmapProcess(targets=scan_targets, options=scan_options)
print "Running scan command:\n"+nmap_proc.command
nmap_proc.run_background()
while nmap_proc.is_running():
try:
time.sleep(status_update_interval)
if nmap_proc.progress > 0:
#Nmap only updates ETC periodically and will sometimes return a result that is behind current system time
etctime = datetime.datetime.fromtimestamp(int(nmap_proc.etc))
systime = datetime.datetime.now().replace(microsecond=0)
if etctime < systime:
etctime = systime
timeleft = etctime - systime
print("{0} Timing: About {1}% done; ETC: {2} ({3} remaining)".format(nmap_proc.current_task.name, nmap_proc.progress, etctime, timeleft))
except KeyboardInterrupt:
print "Keyboard Interrupt - Killing Current Nmap Scan!"
nmap_proc.stop()
if nmap_proc.rc == 0:
print nmap_proc.summary + "\n"
else:
print nmap_proc.stderr + "\n"
return nmap_proc
def do_scan(self):
"""scan start flag"""
if(self._flg_is_scanning != True):
self._flg_is_scanning = True
if(self._flg_scan_finished != False):
self._flg_scan_finished = False
"""运行次数初始化"""
trycnt = 0
while True:
"""运行时间初始化"""
runtime = 0
if trycnt >= self.retrycnt:
print '-' * 50
return 'retry overflow'
try:
nmap_proc = NmapProcess(targets=self.targets,options=self.options,safe_mode=False)
self._flg_is_scanning = True
nmap_proc.run_background()
while(nmap_proc.is_running()):
"""运行超时,结束掉任务,休息1分钟,再重启这个nmap任务"""
if runtime >= self.timeout:
print '-' * 50
print "timeout....terminate it...."
nmap_proc.stop()
"""休眠时间"""
sleep(60)
trycnt += 1
break
else:
print 'running[%ss]:%s' %(runtime,nmap_proc.command)
sleep(5)
runtime += 5
if nmap_proc.is_successful():
"""scan finished flag"""
if(self._flg_is_scanning != False):
self._flg_is_scanning = False
if(self._flg_scan_finished != True):
self._flg_scan_finished = True
print '-' * 50
print nmap_proc.summary
return nmap_proc.stdout
except Exception,e:
print e
trycnt +=1
if trycnt >= retrycnt:
print '-' * 50
print 'retry overflow'
return e
def run(self, target, options, callback):
"""
Executes the scan on a given target.
:param target:
:param options:
:param callback: callback function to report status to the server.
:return: report object
:rtype: `dscan.models.structures.Report`
"""
self.ctarget = (target, options)
nmap_proc = None
try:
options = " ".join([options, f"-oN {self.report_name('nmap')}"])
nmap_proc = NmapProcess(targets=target,
options=options,
safe_mode=False,
event_callback=self.show_status)
log.info("Nmap scan started Sending success status")
callback(Status.SUCCESS)
rc = nmap_proc.run()
if rc == 0:
# after finished encode and hash the contents for transfer.
self.__inc()
data = nmap_proc.stdout.encode("utf-8")
report_file = self.report_name("xml")
with open(self.report_name("xml"), "wb") as rfile:
rfile.write(data)
rfile.flush()
digest = hashlib.sha512(data).hexdigest()
report = Report(len(data), os.path.basename(report_file),
digest)
self.print(target, 100)
return report
else:
callback(Status.FAILED)
log.error(f"Nmap Scan failed {nmap_proc.stderr}")
except Exception as ex:
log.error(f"something went wrong {ex}")
callback(Status.FAILED)
finally:
if nmap_proc:
nmap_proc.stop()
# orthodox fix NmapProcess is leaving subprocess streams open.
subproc = getattr(nmap_proc, "_NmapProcess__nmap_proc")
if subproc:
subproc.stdout.close()
subproc.stderr.close()
def do_nmap_scan(targets, port):
# 运行次数初始化
trycnt = 0
options = '-sT -P0 -sV -O --script=banner -p T:' + port.strip()
while True:
# 运行时间初始化
runtime = 0
if trycnt >= retrycnt:
print '-' * 50
return 'retry overflow'
try:
nmap_proc = NmapProcess(targets=targets,
options=options,
safe_mode=False,
fqp='/usr/bin/nmap')
nmap_proc.run_background()
while nmap_proc.is_running():
if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务
print '-' * 50
print "* timeout. terminate it..."
nmap_proc.stop()
# 休眠时间
sleep(60)
trycnt += 1
break
else:
print 'running[%ss]:%s' % (runtime, nmap_proc.command)
sleep(5)
runtime += 5
if nmap_proc.is_successful():
print '-' * 50
print nmap_proc.summary
return nmap_proc.stdout
except Exception, e:
# raise e
print e
trycnt += 1
if trycnt >= retrycnt:
print '-' * 50
print '* retry overflow'
return e
def do_nmap_scan(targets, options=global_options):
# 运行次数初始化
trycnt = 0
while True:
# 运行时间初始化
runtime = 0
if trycnt >= retrycnt:
print('-' * 50)
return 'retry overflow'
try:
nmap_proc = NmapProcess(targets=targets,
options=options,
safe_mode=False)
nmap_proc.run_background()
while nmap_proc.is_running():
if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务
print('-' * 50)
print("* timeout. terminate it...")
nmap_proc.stop()
# 休眠时间
sleep(5)
trycnt += 1
break
else:
print('running[%ss]:%s' % (runtime, nmap_proc.command))
sleep(5)
runtime += 5
if nmap_proc.is_successful():
print('-' * 50)
print(nmap_proc.summary)
return nmap_proc.stdout
except Exception as e:
# raise e
print(e)
trycnt += 1
if trycnt >= retrycnt:
print('-' * 50)
print('* retry overflow')
return e
def do_nmap_scan(targets, options=global_options): # 运行次数初始化 trycnt = 0 while True: # 运行时间初始化 runtime = 0 if trycnt >= retrycnt: print '-' * 50 return 'retry overflow' try: nmap_proc = NmapProcess(targets=targets, options=options, safe_mode=False) nmap_proc.run_background() while nmap_proc.is_running(): if runtime >= timeout: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务 print '-' * 50 print "* timeout. terminate it..." nmap_proc.stop() # 休眠时间 sleep(60) trycnt += 1 break else: print 'running[%ss]:%s' % (runtime, nmap_proc.command) sleep(5) runtime += 5 if nmap_proc.is_successful(): print '-' * 50 print nmap_proc.summary return nmap_proc.stdout except Exception, e: # raise e print e trycnt += 1 if trycnt >= retrycnt: print '-' * 50 print '* retry overflow' return e
def do_nmap_scan(targets, options=NMAP_GLOBAL_OPTIONS):
# 运行次数初始化
trycnt = 0
while True:
# 运行时间初始化
runtime = 0
if trycnt >= NMAP_RETRYCNT:
print "-" * 50
return "retry overflow"
try:
nmap_proc = NmapProcess(targets=targets, options=options, safe_mode=False)
nmap_proc.run_background()
while nmap_proc.is_running():
if runtime >= NMAP_TIMEOUT: # 运行超时,结束掉任务,休息1分钟, 再重启这个nmap任务
print "-" * 50
print "* timeout. terminate it..."
nmap_proc.stop()
# 休眠时间
time.sleep(60)
trycnt += 1
break
else:
print "running[%ss]:%s" % (runtime, nmap_proc.command)
time.sleep(5)
runtime += 5
if nmap_proc.rc == 0:
return nmap_proc.stdout
except Exception, e:
# raise e
print e
trycnt += 1
if trycnt >= NMAP_RETRYCNT:
print "-" * 50
print "* retry overflow"
return e
#!/usr/bin/env python
from libnmap.process import NmapProcess
from time import sleep
nmap_proc = NmapProcess(targets="scanme.nmap.org", options="-sV")
nmap_proc.run_background()
while nmap_proc.is_running():
nmaptask = nmap_proc.current_task
if nmaptask:
print("Task {0} ({1}): ETC: {2} DONE: {3}%".format(nmaptask.name,
nmaptask.status,
nmaptask.etc,
nmaptask.progress))
sleep(3)
nmap_proc.stop()
print("rc: {0} output: {1}".format(nmap_proc.rc, nmap_proc.summary))
print(nmap_proc.stdout)
print(nmap_proc.stderr)
class NmapAdapter(ToolAdapter):
@log(logger)
def __init__(self, ip, commandline=None):
if self.is_valid_ip(ip):
self.ip = ip
else:
raise ValueError
if commandline:
self.commandline = commandline
else:
self.commandline = '-sV'
self.nmproc = NmapProcess(self.ip, self.commandline)
@log(logger)
def start(self):
logger.info('nmap started on IP {}'.format(self.ip))
rc = self.nmproc.run_background()
if self.nmproc.stderr:
logger.critical('nmap has failed: {0}'.format(self.nmproc.stderr))
print('nmap scan has failed:', self.nmproc.stderr)
def status(self):
if self.nmproc.is_running():
return 'running: {0}%'.format(self.nmproc.progress)
else:
if self.nmproc.has_failed():
return 'failed'
elif self.nmproc.is_successful():
return 'finished (successfully)'
else:
return 'stopped'
@log(logger)
def stop(self):
if self.nmproc.is_running():
self.nmproc.stop()
@log(logger)
def get_result_json(self):
report = None
try:
report = NmapParser.parse(self.nmproc.stdout)
except NmapParserException as e:
logger.critical("Exception raised while parsing scan: {0}".format(
e.msg))
print("Exception raised while parsing scan: {0}".format(e.msg))
return None
report_dict = {}
report_dict['starttime'] = report.started
report_dict['endtime'] = report.endtime
report_dict['host'] = self.ip
host = report.hosts[0]
report_dict['hoststatus'] = host.status
services = []
for serv in host.services:
service = {}
service['port'] = serv.port
service['protocol'] = serv.protocol
service['state'] = serv.state
service['service'] = serv.service
if len(serv.banner):
service['banner'] = serv.banner
if len(serv.cpelist):
cpe = {}
cpe['part'] = serv.cpelist[0].get_part()
cpe['vendor'] = serv.cpelist[0].get_vendor()
cpe['product'] = serv.cpelist[0].get_product()
cpe['version'] = serv.cpelist[0].get_version()
cpe['update'] = serv.cpelist[0].get_update()
cpe['edition'] = serv.cpelist[0].get_edition()
cpe['language'] = serv.cpelist[0].get_language()
service['cpe'] = cpe
services.append(service)
report_dict['services'] = services
json_data = dumps(report_dict)
return json_data
#!/usr/bin/env python
from libnmap.process import NmapProcess
from time import sleep
nmap_proc = NmapProcess(targets="scanme.nmap.org", options="-sV")
nmap_proc.run_background()
while nmap_proc.is_running():
nmaptask = nmap_proc.current_task
if nmaptask:
print("Task {0} ({1}): ETC: {2} DONE: {3}%".format(
nmaptask.name, nmaptask.status, nmaptask.etc, nmaptask.progress))
sleep(3)
nmap_proc.stop()
print("rc: {0} output: {1}".format(nmap_proc.rc, nmap_proc.summary))
print(nmap_proc.stdout)
print(nmap_proc.stderr)