def addHosts(self, targetHosts, runHostDiscovery, runStagedNmap, nmapSpeed, scanMode, nmapOptions = []):
if targetHosts == '':
log.info('No hosts entered..')
return
runningFolder = self.logic.activeProject.properties.runningFolder
if scanMode == 'Easy':
if runStagedNmap:
log.info(" nmap speed is " + str(nmapSpeed))
self.runStagedNmap(targetHosts, runHostDiscovery, nmapSpeed)
elif runHostDiscovery:
outputfile = getNmapRunningFolder(runningFolder) + "/" + getTimestamp() + '-host-discover'
command = f"nmap -n -sV -O --version-light -T{str(nmapSpeed)} {targetHosts} -oA {outputfile}"
log.info("Running {command}".format(command=command))
self.runCommand('nmap', 'nmap (discovery)', targetHosts, '', '', command, getTimestamp(True),
outputfile, self.view.createNewTabForHost(str(targetHosts), 'nmap (discovery)', True))
else:
outputfile = getNmapRunningFolder(runningFolder) + "/" + getTimestamp() + '-nmap-list'
command = "nmap -n -sL -T" + str(nmapSpeed) + " " + targetHosts + " -oA " + outputfile
self.runCommand('nmap', 'nmap (list)', targetHosts, '', '', command, getTimestamp(True),
outputfile,
self.view.createNewTabForHost(str(targetHosts), 'nmap (list)', True))
elif scanMode == 'Hard':
outputfile = getNmapRunningFolder(runningFolder) + "/" + getTimestamp() + '-nmap-custom'
nmapOptionsString = ' '.join(nmapOptions)
nmapOptionsString = nmapOptionsString + " -T" + str(nmapSpeed)
command = "nmap " + nmapOptionsString + " " + targetHosts + " -oA " + outputfile
self.runCommand('nmap', 'nmap (custom ' + nmapOptionsString + ')', targetHosts, '', '', command,
getTimestamp(True), outputfile,
self.view.createNewTabForHost(
str(targetHosts), 'nmap (custom ' + nmapOptionsString + ')',
True))
def runStagedNmap(self, targetHosts, discovery=True, stage=1, stop=False):
log.info("runStagedNmap called for stage {0}".format(str(stage)))
runningFolder = self.logic.activeProject.properties.runningFolder
if not stop:
textbox = self.view.createNewTabForHost(
str(targetHosts), 'nmap (stage ' + str(stage) + ')', True)
outputfile = getNmapRunningFolder(
runningFolder) + "/" + getTimestamp() + '-nmapstage' + str(
stage)
if stage == 1: # webservers/proxies
ports = self.settings.tools_nmap_stage1_ports
elif stage == 2: # juicy stuff that we could enumerate + db
ports = self.settings.tools_nmap_stage2_ports
elif stage == 4: # bruteforceable protocols + portmapper + nfs
ports = self.settings.tools_nmap_stage4_ports
elif stage == 5: # first 30000 ports except ones above
ports = self.settings.tools_nmap_stage5_ports
else: # last 35535 ports
ports = self.settings.tools_nmap_stage6_ports
command = "nmap "
if not discovery: # is it with/without host discovery?
command += "-Pn "
command += "-T4 -sV "
if not stage == 1 and not stage == 3:
command += "-n " # only do DNS resolution on first stage
if os.geteuid() == 0: # if we are root we can run SYN + UDP scans
command += "-sSU "
if stage == 2:
command += '-O ' # only check for OS once to save time and only if we are root otherwise it fail
else:
command += '-sT '
if stage != 3:
command += '-p ' + ports + ' ' + targetHosts + ' -oA ' + outputfile
else:
command = 'nmap -sV --script=./scripts/nmap/vulners.nse -vvvv ' + targetHosts + ' -oA ' + outputfile
self.runCommand('nmap',
'nmap (stage ' + str(stage) + ')',
str(targetHosts),
'',
'',
command,
getTimestamp(True),
outputfile,
textbox,
discovery=discovery,
stage=stage,
stop=stop)
def createNewProject(self, projectType: str, isTemp: bool) -> Project:
database = self.__createDatabase()
workingDirectory = self.shell.get_current_working_directory()
# to store tool output of finished processes
outputFolder = self.shell.create_temporary_directory(
prefix="legion-", suffix="-tool-output", directory="./tmp/")
# to store tool output of running processes
runningFolder = self.shell.create_temporary_directory(
prefix="legion-", suffix="-running", directory="./tmp/")
self.shell.create_directory_recursively(
f"{outputFolder}/screenshots") # to store screenshots
self.shell.create_directory_recursively(
getNmapRunningFolder(runningFolder)) # to store nmap output
self.shell.create_directory_recursively(
f"{runningFolder}/hydra") # to store hydra output
self.shell.create_directory_recursively(
f"{runningFolder}/dnsmap") # to store dnsmap output
(usernameWordList, passwordWordList
) = self.__createUsernameAndPasswordWordLists(outputFolder)
repositoryContainer = self.repositoryFactory.buildRepositories(
database)
projectName = database.name
projectProperties = ProjectProperties(projectName,
workingDirectory,
projectType,
isTemp,
outputFolder,
runningFolder,
usernameWordList,
passwordWordList,
storeWordListsOnExit=True)
return Project(projectProperties, repositoryContainer, database)
def test_getNmapRunningFolder_ReturnsProperNmapPathWithinAnActiveProject(self):
self.assertEqual(getNmapRunningFolder("some-folder"), "some-folder/nmap")