def ftp_anon_login(scan_info, url_to_scan): ROOT_DIR = os.path.dirname(os.path.abspath(__file__)) end_name = '.ftp.anon' random_filename = uuid.uuid4().hex output_dir = ROOT_DIR + '/tools_output/' + random_filename + end_name cleanup(output_dir) anonynomus_subprocess = subprocess.run([ 'nmap', '-Pn', '-sV', '-p21', '-vvv', '--script', 'ftp-anon', '-oA', output_dir, url_to_scan ], capture_output=True) with open(output_dir + '.xml') as xml_file: my_dict = xmltodict.parse(xml_file.read()) xml_file.close() json_data = json.dumps(my_dict) json_data = json.loads(json_data) try: message = json_data['nmaprun']['host']['ports']['port']['script'][ '@output'] if "Anonymous FTP login allowed" in message: img_str = image_creator.create_image_from_file(output_dir + '.nmap') add_vuln_to_mongo(scan_info, "ftp_anonymous", message, img_str) except KeyError: message = None cleanup(output_dir) return
def outdated_software(scan_info, url_to_scan): ROOT_DIR = os.path.dirname(os.path.abspath(__file__)) TOOL_DIR = ROOT_DIR + '/tools/nmap/nmap-vulners/vulners.nse' random_filename = uuid.uuid4().hex output_dir = ROOT_DIR + '/tools_output/' + random_filename outdated_software_process = subprocess.run([ 'nmap', '-sV', '-Pn', '-vvv', '--top-ports=500', '--script=' + TOOL_DIR, '-oA', output_dir, url_to_scan ], capture_output=True) with open(output_dir + '.xml') as xml_file: my_dict = xmltodict.parse(xml_file.read()) xml_file.close() json_data = json.dumps(my_dict) json_data = json.loads(json_data) try: #If only 1 port exists, we turn it into a list. We also check if port info exists if not isinstance(json_data['nmaprun']['host']['ports']['port'], list): json_data['nmaprun']['host']['ports']['port'] = [ json_data['nmaprun']['host']['ports']['port'] ] except KeyError: return at_least_one_found = False message = '' for port in json_data['nmaprun']['host']['ports']['port']: #Script with no results if 'script' not in port: continue vulners_found = False #Check if scripts is a list or dict if not isinstance(port['script'], list): port['script'] = [port['script']] for result in port['script']: #Vulners result not founc if 'vulners' in result['@id']: at_least_one_found = True vulners_found = True vulners_message = 'Result: \n' vulners_message += ' ID:%s \n output:%s\n' % ( result['@id'], result['@output']) if not vulners_found: continue message += '---------------\n' message += 'Protocol: %s \n' % port['@protocol'] message += 'Port: %s \n' % port['@portid'] message += 'State: %s \n' % port['state']['@state'] message += 'Service: \n' message += ' Name: %s \n' % port['service']['@name'] message += ' Product: %s \n' % port['service']['@product'] message += ' Version: %s \n' % port['service']['@version'] message += vulners_message if at_least_one_found: img_str = image_creator.create_image_from_file(output_dir + '.nmap') add_vuln_to_mongo(scan_info, 'outdated_software', message, img_str) cleanup(output_dir) return
def ssh_ftp_brute_login(scan_info, url_to_scan, is_ssh): ROOT_DIR = os.path.dirname(os.path.abspath(__file__)) timeout = 'timeout=5s' time_limit = '0' #seconds if is_ssh: brute = ROOT_DIR + '/tools/nmap/server_versions/ssh-brute.nse' port = '-p22' end_name = '.ssh.brute' else: brute = ROOT_DIR + '/tools/nmap/server_versions/ftp-brute.nse' port = '-p21' end_name = '.ftp.brute' users = settings['WORDLIST']['ssh_ftp_user'] password = settings['WORDLIST']['ssh_ftp_pass'] random_filename = uuid.uuid4().hex output_dir = ROOT_DIR + '/tools_output/' + random_filename + end_name cleanup(output_dir) brute_subprocess = subprocess.run([ 'nmap', '-Pn', '-sV', port, '--script', brute, '--script-args', 'userdb=' + users + ',' + 'passdb=' + password + ',' + timeout + ',' + 'brute.delay=' + time_limit + ',' + 'brute.retries=1', '-oA', output_dir, url_to_scan ], capture_output=True) with open(output_dir + '.xml') as xml_file: my_dict = xmltodict.parse(xml_file.read()) xml_file.close() json_data = json.dumps(my_dict) json_data = json.loads(json_data) try: message = json_data['nmaprun']['host']['ports']['port']['script'][ '@output'] if "Valid credentials" in message: name = "ssh_credentials" if is_ssh else "ftp_credentials" img_str = image_creator.create_image_from_file(output_dir + '.nmap') add_vuln_to_mongo(scan_info, name, message, img_str) except KeyError: message = None cleanup(output_dir) return
def basic_scan(scan_info, url_to_scan): plaintext_ports=["21","23","80"] remote_ports=["135","445","513","514","1433","3306","3389"] random_filename = uuid.uuid4().hex ROOT_DIR = os.path.dirname(os.path.abspath(__file__)) output_dir = ROOT_DIR + '/tools_output/'+random_filename basic_scan = subprocess.run(['nmap','-Pn','-sV','-vvv','--top-ports=1000','-oA',output_dir,url_to_scan],capture_output=True) with open(output_dir + '.xml') as xml_file: my_dict = xmltodict.parse(xml_file.read()) xml_file.close() json_data = json.dumps(my_dict) json_data = json.loads(json_data) img_str = image_creator.create_image_from_file(output_dir + '.nmap') try: mongo.add_nmap_information_to_subdomain(scan_info, json_data['nmaprun']['host']['ports']['port']) except KeyError: pass check_ports_and_report(scan_info,plaintext_ports,'plaintext_services',json_data,img_str) check_ports_and_report(scan_info,remote_ports,'unnecessary_services',json_data,img_str) cleanup(output_dir) return