def snmp_walk(target_hosts, output_directory, quiet):
check_directory(output_directory)
if (valid_ip(target_hosts)):
target_ip(target_hosts, output_directory, quiet)
else:
target_file(target_hosts, output_directory, quiet)
def service_scan(target_hosts, output_directory, dns_server, quiet, quick,
no_udp_service_scan):
check_directory(output_directory)
if (valid_ip(target_hosts)):
target_ip(target_hosts, output_directory, dns_server, quiet, quick,
no_udp_service_scan)
else:
target_file(target_hosts, output_directory, dns_server, quiet, quick,
no_udp_service_scan)
def target_ip(target_hosts, output_directory, quiet):
print("[*] Loaded single target: %s" % target_hosts)
target_hosts = target_hosts.strip()
snmp_directory = output_directory + '/' + target_hosts + '/scans/snmp/'
check_directory(snmp_directory)
jobs = []
p = multiprocessing.Process(target=snmp_scans,
args=(target_hosts, snmp_directory))
jobs.append(p)
p.start()
def ping_sweeper(target_hosts, output_directory, quiet):
check_directory(output_directory)
output_file = output_directory + "/targets.txt"
print("[+] Performing ping sweep over %s" % target_hosts)
lines = call_nmap_sweep(target_hosts)
live_hosts = parse_nmap_output_for_live_hosts(lines)
write_live_hosts_list_to_file(output_file, live_hosts)
for ip_address in live_hosts:
print(" [>] Discovered host: %s" % (ip_address))
print("[*] Found %s live hosts" % (len(live_hosts)))
print("[*] Created target list %s" % (output_file))
def find_dns(target_hosts, output_directory, quiet):
check_directory(output_directory)
dns_server_list = []
results = 0
hostcount = 0
dnscount = 0
output_file = open(output_directory + "/DNS-Detailed.txt", 'w')
output_targets = open(output_directory + "/DNS-targets.txt", 'w')
targets = load_targets(target_hosts, output_directory, quiet)
target_file = open(targets, 'r')
print("[*] Loaded targets from: %s" % targets)
print("[+] Enumerating TCP port 53 over targets to find dns servers")
for ip_address in target_file:
hostcount += 1
ip_address = ip_address.strip()
ip_address = ip_address.rstrip()
print(" [>] Testing %s for DNS" % ip_address)
DNSSCAN = "nmap -n -sV -Pn -vv -p53 %s" % (ip_address)
results = subprocess.check_output(DNSSCAN, shell=True, text=True)
lines = results.split("\n")
for line in lines:
line = line.strip()
line = line.rstrip()
if (("53/tcp" in line) and ("open" in line)
and ("Discovered" not in line)):
print(" [=] Found DNS service running on: %s" %
(ip_address))
output_file.write("[*] Found DNS service running on: %s\n" %
(ip_address))
output_file.write(" [>] %s\n" % (line))
output_targets.write("%s\n" % (ip_address))
dns_server_list.append(ip_address)
dnscount += 1
print("[*] Found %s DNS servers within %s hosts" %
(str(dnscount), str(hostcount)))
output_file.close()
output_targets.close()
return '' if len(dns_server_list) == 0 else ','.join(dns_server_list)
def hostname_scan(target_hosts, output_directory, quiet):
check_directory(output_directory)
output_file = output_directory + "/hostnames.txt"
f = open(output_file, 'w')
print("[+] Writing hostnames to: %s" % output_file)
hostnames = 0
SWEEP = ''
if (os.path.isfile(target_hosts)):
SWEEP = "nbtscan -q -f %s" % (target_hosts)
else:
SWEEP = "nbtscan -q %s" % (target_hosts)
results = run_scan(SWEEP)
lines = results.split("\n")
for line in lines:
line = line.strip()
line = line.rstrip()
# Final line is blank which causes list index issues if we don't
# continue past it.
if " " not in line:
continue
while " " in line:
line = line.replace(" ", " ")
ip_address = line.split(" ")[0]
host = line.split(" ")[1]
if (hostnames > 0):
f.write('\n')
print(" [>] Discovered hostname: %s (%s)" % (host, ip_address))
f.write("%s - %s" % (host, ip_address))
hostnames += 1
print("[*] Found %s hostnames." % (hostnames))
print("[*] Created hostname list %s" % (output_file))
f.close()
def target_file(target_hosts, output_directory, quiet):
targets = load_targets(target_hosts, output_directory, quiet)
target_file = open(targets, 'r')
try:
target_file = open(targets, 'r')
print("[*] Loaded targets from: %s" % targets)
except Exception:
print("[!] Unable to load: %s" % targets)
for ip_address in target_file:
ip_address = ip_address.strip()
snmp_directory = output_directory + '/' + ip_address + '/scans/snmp/'
check_directory(snmp_directory)
jobs = []
p = multiprocessing.Process(target=snmp_scans,
args=(ip_address, snmp_directory))
jobs.append(p)
p.start()
target_file.close()
