def nmap_dns_brute_script(self,
target,
dns_brute="--script dns-brute.nse"):
"""
Perform nmap scan using the dns-brute script
:param: target can be IP or domain
:param: default is the default top port
nmap -oX - nmmapper.com --script dns-brute.nse
"""
self.target = target
parser = NmapCommandParser(None)
dns_brute_args = "{target} {default}".format(target=target,
default=dns_brute)
dns_brute_command = self.default_command() + dns_brute_args
dns_brute_shlex = shlex.split(
dns_brute_command) # prepare it for popen
# Run the command and get the output
output = self.run_command(dns_brute_shlex)
# Begin parsing the xml response
xml_root = self.get_xml_et(output)
subdomains = parser.filter_subdomains(xml_root)
return subdomains
def scan_top_ports(self, host, default=10, args=None):
"""
Perform nmap's top ports scan
:param: host can be IP or domain
:param: default is the default top port
This top port requires root previledges
"""
parser = NmapCommandParser(None)
if(default > self.maxport):
raise ValueError("Port can not be greater than default 65389")
self.host = host
if(args):
assert(isinstance(args, str)), "Expected string got {0} instead".format(type(args))
top_port_args = " {host} --top-ports {default}".format(host=host, default=default)
scan_command = self.default_command() + top_port_args
if(args):
scan_command += " {0}".format(args)
scan_shlex = shlex.split(scan_command)
# Run the command and get the output
output = self.run_command(scan_shlex)
if not output:
# Probaby and error was raise
raise ValueError("Unable to perform requested command")
# Begin parsing the xml response
xml_root = self.get_xml_et(output)
self.top_ports = parser.filter_top_ports(xml_root)
return self.top_ports
def __init__(self, path=None):
super(NmapHostDiscovery, self).__init__(path=path)
self.port_scan_only = "-Pn"
self.no_port_scan = "-sn"
self.arp_discovery = "-PR"
self.disable_dns = "-n"
self.parser = NmapCommandParser(None)
def __init__(self, path=None):
super(NmapScanTechniques, self).__init__(path=path)
self.sync_scan = "-sS"
self.tcp_connt = "-sT"
self.fin_scan = "-sF"
self.ping_scan = "-sP"
self.idle_scan = "-sL"
self.udp_scan = "-sU"
self.parser = NmapCommandParser(None)
def __init__(self, path=None):
"""
Module initialization
:param path: Path where nmap is installed on a user system. On linux system it's typically on /usr/bin/nmap.
"""
self.nmaptool = path if path else get_nmap_path()
self.default_args = "{nmap} {outarg} - "
self.maxport = 65389
self.target = ""
self.top_ports = dict()
self.parser = NmapCommandParser(None)
def nmap_ping_scan(self, host):
"""
Scan host using nmaps' ping scan
@cmd nmap -sP 192.168.178.1
"""
ping_scan = " {host} {default}".format(host=host, default=self.ping_scan)
ping_scan_command = self.default_command() + ping_scan
ping_scan_shlex = shlex.split(ping_scan_command) # prepare it
parser = NmapCommandParser(None)
output = self.run_command(ping_scan_shlex)
xml_root = self.get_xml_et(output)
ping_results = parser.parse_nmap_pingscan(xml_root)
return ping_results
def nmap_idle_scan(self, host):
"""
Using nmap idle_scan
@cmd nmap -sL 192.168.178.1
"""
idle_scan = " {host} {default}".format(host=host, default=self.idle_scan)
idle_scan_command = self.default_command() + idle_scan
idle_scan_shlex = shlex.split(idle_scan_command) # prepare it
parser = NmapCommandParser(None)
# Use the ping scan parser
output = self.run_command(idle_scan_shlex)
xml_root = self.get_xml_et(output)
idle_results = parser.parse_nmap_pingscan(xml_root)
return idle_results
def nmap_fin_scan(self, host):
"""
Perform scan using nmap's fin scan
@cmd nmap -sF 192.168.178.1
"""
fin_scan = " {host} {default}".format(host=host, default=self.fin_scan)
fin_scan_command = self.default_command() + fin_scan
fin_scan_shlex = shlex.split(fin_scan_command) # prepare it
parser = NmapCommandParser(None)
# Use the ping scan parser
output = self.run_command(fin_scan_shlex)
xml_root = self.get_xml_et(output)
fin_results = parser.parse_nmap_idlescan(xml_root)
return fin_results
def nmap_subnet_scan(self, subnet, arg="-p-"): # requires root
"""
nmap -oX - nmmapper.com --script dns-brute.nse
NOTE: Requires root
"""
self.host = subnet
parser = NmapCommandParser(None)
command_args = "{host} {default}".format(host=subnet, default=arg)
command = self.default_command() + command_args
dns_brute_shlex = shlex.split(command) # prepare it for popen
output = self.run_command(dns_brute_shlex)
xml_root = self.get_xml_et(output)
host_discovered = parser.parse_nmap_subnetscan(xml_root)
return host_discovered
def nmap_list_scan(self, subnet, arg="-sL"): # requires root
"""
The list scan is a degenerate form of host discovery that simply lists each host of the network(s)
specified, without sending any packets to the target hosts.
NOTE: /usr/bin/nmap -oX - 192.168.178.1/24 -sL
"""
self.host = subnet
parser = NmapCommandParser(None)
command_args = "{host} {default}".format(host=subnet, default=arg)
command = self.default_command() + command_args
dns_brute_shlex = shlex.split(command) # prepare it for popen
output = self.run_command(dns_brute_shlex)
xml_root = self.get_xml_et(output)
host_discovered = parser.parse_nmap_listscan(xml_root)
return host_discovered
def nmap_syn_scan(self, host, args=None):
"""
Perform syn scan on this given
host
@cmd nmap -sS 192.168.178.1
"""
parser = NmapCommandParser(None)
sync_scan = " {host} {default}".format(host=host, default=self.sync_scan)
sync_scan_command = self.default_command() + sync_scan
if(args):
sync_scan_command += " {0}".format(args)
sync_scan_shlex = shlex.split(sync_scan_command) # prepare it
# Use the top_port_parser
output = self.run_command(sync_scan_shlex)
xml_root = self.get_xml_et(output)
self.top_ports = parser.filter_top_ports(xml_root)
return self.top_ports
def nmap_disable_dns(self, host, args=None):
"""
Scan host using the nmap tcp connect
@cmd nmap -PR 192.168.178.1
"""
parser = NmapCommandParser(None)
if(args):
assert(isinstance(args, str)), "Expected string got {0} instead".format(type(args))
scancommand = " {host} {default}".format(host=host, default=self.arp_discovery)
scan_command = self.default_command() + scancommand
if(args):
scan_command += " {0}".format(args)
scan_shlex = shlex.split(scan_command) # prepare it
# Use the top_port_parser
output = self.run_command(scan_shlex)
xml_root = self.get_xml_et(output)
tcp_results = parser.filter_top_ports(xml_root)
return tcp_results