def os_fingerprint(self, timestamp):
IPChecks = network()
for i in host_current.select(host_current.hostIP,
host_current.hostname).where(
host_current.scanTime == timestamp):
host_id = host_current.get(host_current.hostname == i.hostname).id
print bcolors.OKBLUE + 'Trying to discover OS for ' + i.hostname + '....' + bcolors.ENDC
hostOS = IPChecks.os_match(i.hostIP, 'lan')
if hostOS[1] == '0':
print bcolors.OKGREEN + 'Identified ' + i.hostname + ' as ' + hostOS[
0] + bcolors.ENDC
os_match.create(hostID=host_id,
os=hostOS[0],
confidence='100',
scanTime=timestamp)
elif hostOS[0] == 'Unknown':
print bcolors.OKGREEN + 'Unable to identify OS for ' + i.hostname + bcolors.ENDC
else:
print bcolors.OKGREEN + 'Identified ' + i.hostname + ' as ' + hostOS[
0] + ' with a confidence of ' + hostOS[
1] + '%' + bcolors.ENDC
os_match.create(hostID=host_id,
os=hostOS[0],
confidence=hostOS[1],
scanTime=timestamp)
def os_fingerprint(self, timestamp):
IPChecks = network()
for i in host_current.select(host_current.hostIP, host_current.hostname).where(host_current.scanTime == timestamp):
host_id = host_current.get(host_current.hostname == i.hostname).id
print bcolors.OKBLUE + 'Trying to discover OS for ' + i.hostname + '....' + bcolors.ENDC
hostOS = IPChecks.os_match(i.hostIP, 'lan')
if hostOS[1] == '0':
print bcolors.OKGREEN + 'Identified ' + i.hostname + ' as ' + hostOS[0] + bcolors.ENDC
os_match.create(hostID=host_id, os=hostOS[0], confidence='100', scanTime=timestamp)
elif hostOS[0] == 'Unknown':
print bcolors.OKGREEN + 'Unable to identify OS for ' + i.hostname + bcolors.ENDC
else:
print bcolors.OKGREEN + 'Identified ' + i.hostname + ' as ' + hostOS[0] + ' with a confidence of ' + hostOS[1] + '%' + bcolors.ENDC
os_match.create(hostID=host_id, os=hostOS[0], confidence=hostOS[1], scanTime=timestamp)
def main():
try:
# Output the latest scan in JSON format
def create_json_report():
print 'Creating report..'
results = dict()
for i in host_current.select(host_current.id, host_current.hostIP, host_current.hostname).where(host_current.scanTime == timestamp):
os = os_match.get(os_match.hostID == i.id, os_match.scanTime == timestamp)
results[i.hostname] = {'ip' : i.hostIP, 'os' : {'type' : os.os, 'confidence': os.confidence}}
results[i.hostname].update({'scan':{}})
for portresults in services.select(services.hostID, services.portID).where(services.scanTime == timestamp).where(services.hostID == i.id):
results[i.hostname]['scan'].update({ portresults.portID : { 'description' : ports.get(ports.port == portresults.portID).description }})
return json.dumps(results, indent=2)
# Set primary interface name variable
primaryIf='eth0'
# Create network checking object
IPChecks = network()
# Set current IP address variable
currentIP = commands.getoutput("/sbin/ifconfig").split("\n")[1].split()[1][5:]
# Set current IP range in CIDR format variable
currentRange = str(IPNetwork(currentIP + "/" + str(IPChecks.getBits(IPChecks.get_netmask(primaryIf)))).network) + "/" + str(IPChecks.getBits(IPChecks.get_netmask(primaryIf)))
# Set current time variable
timestamp = int(time.time())
print bcolors.OKGREEN
print " _____ _ __ __ "
print " / ____| | | \/ | "
print " | (___ | |_ ___ _ __ _ __ ___ | \ / | __ _ _ __ "
print " \___ \| __/ _ \| '__| '_ ` _ \| |\/| |/ _` | '_ \ "
print " ____) | || (_) | | | | | | | | | | | (_| | |_) | "
print " |_____/ \__\___/|_| |_| |_| |_|_| |_|\__,_| .__/ "
print bcolors.OKBLUE + " Network Mapping and Discovery " + bcolors.OKGREEN + " | | "
print bcolors.OKBLUE + " Simon Beattie // @Si_Bt // 2013 " + bcolors.OKGREEN + " |_| "
print bcolors.ENDC
# If no arguements have been passed, exit program
if not (args.target or args.port or args.os or args.auto):
print "Type stormmapper.py --help for options"
print
os.unlink(pidfile)
quit()
# Create current scan object
current_scan = scanners()
# Set time of last scan ran
maxTime = []
for i in host_current.select(host_current.scanTime):
maxTime.append(i.scanTime)
lastScan = max(maxTime)
# Run automatic scan on current IP range (this is usually triggered by web/AutoScanCron.php
if args.auto:
current_scan.discovery_scan(currentRange,timestamp)
current_scan.port_scan(timestamp)
current_scan.os_fingerprint(timestamp)
print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC
# Run discovery scan on specified range (CIDR), or ip address
if args.target:
current_scan.discovery_scan(args.target,timestamp)
print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC
# Run port-scan on all targets added or updated in last discovery scan
if args.port:
current_scan.port_scan(lastScan)
print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC
# Run operating system scan on all targets added or updated in last discovery scan
if args.os:
current_scan.os_fingerprint(lastScan)
print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC
# Output the latest scan in JSON format
if args.output:
print create_json_report()
#Cleanup pid file
os.unlink(pidfile)
# Capture exits and errors
except KeyboardInterrupt:
print "Shutdown requested.. exiting"
os.unlink(pidfile)
except Exception:
logging.exception('StormMapper Error')
print "An error has occurred - Check the logs!"
os.unlink(pidfile)
def discovery_scanner(host, scan_result):
IPChecks = network()
primaryIf='eth0'
currentIP = commands.getoutput("/sbin/ifconfig").split("\n")[1].split()[1][5:]
currentCIDR = IPChecks.getBits(IPChecks.get_netmask(primaryIf))
currentPreRange = currentIP + "/" + str(currentCIDR)
ip2 = IPNetwork(currentPreRange)
currentRange = str(ip2.network) + "/" + str(currentCIDR)
addMac = True
added = False
try:
scan_result['scan'][host]['status']['state'] == 'up'
except:
pass
else:
if IPChecks.subnetCheck(host, currentRange) == True:
macEnable = True
try:
ms=IPChecks.getMac(host)
macsuffix='-' + ms[12:]
except:
macsuffix=''
#Check if hostname has been found
hostnametemp = scan_result['scan'][host]['hostname']
if (hostnametemp == "" or hostnametemp == "UNKNOWN"):
try:
hostnameNice = socket.gethostbyaddr(host)[0] + macsuffix
except:
hostnameNice = host + macsuffix
else:
hostnameNice = scan_result['scan'][host]['hostname'] + macsuffix
else:
#Check if hostname has been found
macEnable = False
hostnametemp = scan_result['scan'][host]['hostname']
if (hostnametemp == "" or hostnametemp == "UNKNOWN"):
try:
hostnameNice = socket.gethostbyaddr(host)[0] + '- remote'
except:
hostnameNice = host + '- remote'
else:
hostnameNice = scan_result['scan'][host]['hostname'] + '- remote'
for i in host_current.select().where(host_current.hostname == hostnameNice):
#If the hostname is there, but IP has changed...
if i.hostname == hostnameNice and i.hostIP != host:
hostUpdate = host_current.update(hostIP=host, scanTime=timestamp).where(host_current.hostname == hostnameNice)
hostUpdate.execute()
print bcolors.OKBLUE + 'Existing Host Updated' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )'
added = True
#If the hostname and IP address match
elif i.hostname == hostnameNice and i.hostIP == host:
print bcolors.OKGREEN + 'Existing Host Found' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )'
hostUpdate = host_current.update(scanTime=timestamp).where(host_current.hostname == hostnameNice)
hostUpdate.execute()
added = True
#If the hostname is not in the list at all
if added == True:
pass
else:
host_current.create(hostname=hostnameNice, hostIP=host, scanTime=timestamp)
print bcolors.WARNING + 'New Host Found' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )'
if macEnable == True:
macAddress=IPChecks.getMac(host)
if macAddress:
for m in mac_address.select().where(mac_address.hostname == hostnameNice):
if m.macAddr == macAddress:
addMac = False
pass
if addMac == True:
mac_address.create(
hostname=hostnameNice,
macAddr=macAddress,
scanTime=timestamp,
)
print bcolors.OKGREEN + 'MAC address stored ' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + macAddress + ' )'
def discovery_scanner(host, scan_result):
IPChecks = network()
primaryIf = 'eth0'
currentIP = commands.getoutput("/sbin/ifconfig").split(
"\n")[1].split()[1][5:]
currentCIDR = IPChecks.getBits(IPChecks.get_netmask(primaryIf))
currentPreRange = currentIP + "/" + str(currentCIDR)
ip2 = IPNetwork(currentPreRange)
currentRange = str(ip2.network) + "/" + str(currentCIDR)
addMac = True
added = False
try:
scan_result['scan'][host]['status']['state'] == 'up'
except:
pass
else:
if IPChecks.subnetCheck(host, currentRange) == True:
macEnable = True
try:
ms = IPChecks.getMac(host)
macsuffix = '-' + ms[12:]
except:
macsuffix = ''
#Check if hostname has been found
hostnametemp = scan_result['scan'][host]['hostname']
if (hostnametemp == "" or hostnametemp == "UNKNOWN"):
try:
hostnameNice = socket.gethostbyaddr(
host)[0] + macsuffix
except:
hostnameNice = host + macsuffix
else:
hostnameNice = scan_result['scan'][host][
'hostname'] + macsuffix
else:
#Check if hostname has been found
macEnable = False
hostnametemp = scan_result['scan'][host]['hostname']
if (hostnametemp == "" or hostnametemp == "UNKNOWN"):
try:
hostnameNice = socket.gethostbyaddr(
host)[0] + '- remote'
except:
hostnameNice = host + '- remote'
else:
hostnameNice = scan_result['scan'][host][
'hostname'] + '- remote'
for i in host_current.select().where(
host_current.hostname == hostnameNice):
#If the hostname is there, but IP has changed...
if i.hostname == hostnameNice and i.hostIP != host:
hostUpdate = host_current.update(
hostIP=host, scanTime=timestamp).where(
host_current.hostname == hostnameNice)
hostUpdate.execute()
print bcolors.OKBLUE + 'Existing Host Updated' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )'
added = True
#If the hostname and IP address match
elif i.hostname == hostnameNice and i.hostIP == host:
print bcolors.OKGREEN + 'Existing Host Found' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )'
hostUpdate = host_current.update(
scanTime=timestamp).where(
host_current.hostname == hostnameNice)
hostUpdate.execute()
added = True
#If the hostname is not in the list at all
if added == True:
pass
else:
host_current.create(hostname=hostnameNice,
hostIP=host,
scanTime=timestamp)
print bcolors.WARNING + 'New Host Found' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )'
if macEnable == True:
macAddress = IPChecks.getMac(host)
if macAddress:
for m in mac_address.select().where(
mac_address.hostname == hostnameNice):
if m.macAddr == macAddress:
addMac = False
pass
if addMac == True:
mac_address.create(
hostname=hostnameNice,
macAddr=macAddress,
scanTime=timestamp,
)
print bcolors.OKGREEN + 'MAC address stored ' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + macAddress + ' )'
def main():
try:
# Output the latest scan in JSON format
def create_json_report():
print 'Creating report..'
results = dict()
for i in host_current.select(
host_current.id, host_current.hostIP,
host_current.hostname).where(
host_current.scanTime == timestamp):
os = os_match.get(os_match.hostID == i.id,
os_match.scanTime == timestamp)
results[i.hostname] = {
'ip': i.hostIP,
'os': {
'type': os.os,
'confidence': os.confidence
}
}
results[i.hostname].update({'scan': {}})
for portresults in services.select(
services.hostID, services.portID).where(
services.scanTime == timestamp).where(
services.hostID == i.id):
results[i.hostname]['scan'].update({
portresults.portID: {
'description':
ports.get(
ports.port == portresults.portID).description
}
})
return json.dumps(results, indent=2)
# Set primary interface name variable
primaryIf = 'eth0'
# Create network checking object
IPChecks = network()
# Set current IP address variable
currentIP = commands.getoutput("/sbin/ifconfig").split(
"\n")[1].split()[1][5:]
# Set current IP range in CIDR format variable
currentRange = str(
IPNetwork(currentIP + "/" +
str(IPChecks.getBits(IPChecks.get_netmask(primaryIf)))).
network) + "/" + str(
IPChecks.getBits(IPChecks.get_netmask(primaryIf)))
# Set current time variable
timestamp = int(time.time())
print bcolors.OKGREEN
print " _____ _ __ __ "
print " / ____| | | \/ | "
print " | (___ | |_ ___ _ __ _ __ ___ | \ / | __ _ _ __ "
print " \___ \| __/ _ \| '__| '_ ` _ \| |\/| |/ _` | '_ \ "
print " ____) | || (_) | | | | | | | | | | | (_| | |_) | "
print " |_____/ \__\___/|_| |_| |_| |_|_| |_|\__,_| .__/ "
print bcolors.OKBLUE + " Network Mapping and Discovery " + bcolors.OKGREEN + " | | "
print bcolors.OKBLUE + " Simon Beattie // @Si_Bt // 2013 " + bcolors.OKGREEN + " |_| "
print bcolors.ENDC
# If no arguements have been passed, exit program
if not (args.target or args.port or args.os or args.auto):
print "Type stormmapper.py --help for options"
print
os.unlink(pidfile)
quit()
# Create current scan object
current_scan = scanners()
# Set time of last scan ran
maxTime = []
for i in host_current.select(host_current.scanTime):
maxTime.append(i.scanTime)
lastScan = max(maxTime)
# Run automatic scan on current IP range (this is usually triggered by web/AutoScanCron.php
if args.auto:
current_scan.discovery_scan(currentRange, timestamp)
current_scan.port_scan(timestamp)
current_scan.os_fingerprint(timestamp)
print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC
# Run discovery scan on specified range (CIDR), or ip address
if args.target:
current_scan.discovery_scan(args.target, timestamp)
print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC
# Run port-scan on all targets added or updated in last discovery scan
if args.port:
current_scan.port_scan(lastScan)
print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC
# Run operating system scan on all targets added or updated in last discovery scan
if args.os:
current_scan.os_fingerprint(lastScan)
print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC
# Output the latest scan in JSON format
if args.output:
print create_json_report()
#Cleanup pid file
os.unlink(pidfile)
# Capture exits and errors
except KeyboardInterrupt:
print "Shutdown requested.. exiting"
os.unlink(pidfile)
except Exception:
logging.exception('StormMapper Error')
print "An error has occurred - Check the logs!"
os.unlink(pidfile)