def nmap_ping_scan(self, host):
"""
Scan host using nmaps' ping scan
@cmd nmap -sP 192.168.178.1
"""
ping_scan = " {host} {default}".format(host=host, default=self.ping_scan)
ping_scan_command = self.default_command() + ping_scan
ping_scan_shlex = shlex.split(ping_scan_command) # prepare it
parser = NmapCommandParser(None)
output = self.run_command(ping_scan_shlex)
xml_root = self.get_xml_et(output)
ping_results = parser.parse_nmap_pingscan(xml_root)
return ping_results
def nmap_idle_scan(self, host):
"""
Using nmap idle_scan
@cmd nmap -sL 192.168.178.1
"""
idle_scan = " {host} {default}".format(host=host, default=self.idle_scan)
idle_scan_command = self.default_command() + idle_scan
idle_scan_shlex = shlex.split(idle_scan_command) # prepare it
parser = NmapCommandParser(None)
# Use the ping scan parser
output = self.run_command(idle_scan_shlex)
xml_root = self.get_xml_et(output)
idle_results = parser.parse_nmap_pingscan(xml_root)
return idle_results
class NmapScanTechniques(Nmap):
"""
Extends Nmap to include nmap commands
with different scan techniques
This scan techniques include
1) TCP SYN Scan (-sS)
2) TCP connect() scan (-sT)
3) FIN Scan (-sF)
4) Ping Scan (-sP)
5) Idle Scan (-sI)
"""
def __init__(self, path=None):
super(NmapScanTechniques, self).__init__(path=path)
self.sync_scan = "-sS"
self.tcp_connt = "-sT"
self.fin_scan = "-sF"
self.ping_scan = "-sP"
self.idle_scan = "-sL"
self.udp_scan = "-sU"
self.parser = NmapCommandParser(None)
# Unique method for repetitive tasks - Use of 'target' variable instead of 'host' or 'subnet' - no need to make difference between 2 strings that are used for the same purpose. Creating a scan template as a switcher
def scan_command(self, scan_type, target, args):
def tpl(i):
scan_template = {
1:self.fin_scan,
2:self.sync_scan,
3:self.tcp_connt,
4:self.ping_scan,
5:self.idle_scan,
6:self.udp_scan
}
return scan_template.get(i)
for i in range (1, 7):
if scan_type == tpl(i):
scan = " {target} {default}".format(target=target, default=scan_type)
scan_type_command = self.default_command() + scan
if(args):
scan_type_command += " {0}".format(args)
scan_shlex = shlex.split(scan_type_command)
# Use the ping scan parser
output = self.run_command(scan_shlex)
xml_root = self.get_xml_et(output)
return xml_root
def nmap_fin_scan(self, target, args=None):
"""
Perform scan using nmap's fin scan
@cmd nmap -sF 192.168.178.1
"""
self.require_root()
xml_root = self.scan_command(self.fin_scan, target=target, args=args)
fin_results = self.parser.parse_nmap_idlescan(xml_root)
return fin_results
def nmap_syn_scan(self, target, args=None):
"""
Perform syn scan on this given
target
@cmd nmap -sS 192.168.178.1
"""
self.require_root()
xml_root = self.scan_command(self.sync_scan, target=target, args=args)
# Use the top_port_parser
self.top_ports = self.parser.filter_top_ports(xml_root)
return self.top_ports
def nmap_tcp_scan(self, target, args=None):
"""
Scan target using the nmap tcp connect
@cmd nmap -sT 192.168.178.1
"""
if(args):
assert(isinstance(args, str)), "Expected string got {0} instead".format(type(args))
xml_root = self.scan_command(self.tcp_connt, target=target, args=args)
tcp_results = self.parser.filter_top_ports(xml_root)
return tcp_results
def nmap_udp_scan(self, target, args=None):
"""
Scan target using the nmap tcp connect
@cmd nmap -sU 192.168.178.1
"""
self.require_root()
if(args):
assert(isinstance(args, str)), "Expected string got {0} instead".format(type(args))
xml_root = self.scan_command(self.udp_scan, target=target, args=args)
tcp_results = self.parser.filter_top_ports(xml_root)
return tcp_results
def nmap_ping_scan(self, target, args=None):
"""
Scan target using nmaps' ping scan
@cmd nmap -sP 192.168.178.1
"""
xml_root = self.scan_command(self.ping_scan, target=target, args=args)
ping_results = self.parser.parse_nmap_pingscan(xml_root)
return ping_results
def nmap_idle_scan(self, target, args=None):
"""
Using nmap idle_scan
@cmd nmap -sL 192.168.178.1
"""
xml_root = self.scan_command(self.idle_scan, target=target, args=args)
idle_results = self.parser.parse_nmap_pingscan(xml_root)
return idle_results
