def os_fingerprint(self, timestamp): IPChecks = network() for i in host_current.select(host_current.hostIP, host_current.hostname).where( host_current.scanTime == timestamp): host_id = host_current.get(host_current.hostname == i.hostname).id print bcolors.OKBLUE + 'Trying to discover OS for ' + i.hostname + '....' + bcolors.ENDC hostOS = IPChecks.os_match(i.hostIP, 'lan') if hostOS[1] == '0': print bcolors.OKGREEN + 'Identified ' + i.hostname + ' as ' + hostOS[ 0] + bcolors.ENDC os_match.create(hostID=host_id, os=hostOS[0], confidence='100', scanTime=timestamp) elif hostOS[0] == 'Unknown': print bcolors.OKGREEN + 'Unable to identify OS for ' + i.hostname + bcolors.ENDC else: print bcolors.OKGREEN + 'Identified ' + i.hostname + ' as ' + hostOS[ 0] + ' with a confidence of ' + hostOS[ 1] + '%' + bcolors.ENDC os_match.create(hostID=host_id, os=hostOS[0], confidence=hostOS[1], scanTime=timestamp)
def os_fingerprint(self, timestamp): IPChecks = network() for i in host_current.select(host_current.hostIP, host_current.hostname).where(host_current.scanTime == timestamp): host_id = host_current.get(host_current.hostname == i.hostname).id print bcolors.OKBLUE + 'Trying to discover OS for ' + i.hostname + '....' + bcolors.ENDC hostOS = IPChecks.os_match(i.hostIP, 'lan') if hostOS[1] == '0': print bcolors.OKGREEN + 'Identified ' + i.hostname + ' as ' + hostOS[0] + bcolors.ENDC os_match.create(hostID=host_id, os=hostOS[0], confidence='100', scanTime=timestamp) elif hostOS[0] == 'Unknown': print bcolors.OKGREEN + 'Unable to identify OS for ' + i.hostname + bcolors.ENDC else: print bcolors.OKGREEN + 'Identified ' + i.hostname + ' as ' + hostOS[0] + ' with a confidence of ' + hostOS[1] + '%' + bcolors.ENDC os_match.create(hostID=host_id, os=hostOS[0], confidence=hostOS[1], scanTime=timestamp)
def main(): try: # Output the latest scan in JSON format def create_json_report(): print 'Creating report..' results = dict() for i in host_current.select(host_current.id, host_current.hostIP, host_current.hostname).where(host_current.scanTime == timestamp): os = os_match.get(os_match.hostID == i.id, os_match.scanTime == timestamp) results[i.hostname] = {'ip' : i.hostIP, 'os' : {'type' : os.os, 'confidence': os.confidence}} results[i.hostname].update({'scan':{}}) for portresults in services.select(services.hostID, services.portID).where(services.scanTime == timestamp).where(services.hostID == i.id): results[i.hostname]['scan'].update({ portresults.portID : { 'description' : ports.get(ports.port == portresults.portID).description }}) return json.dumps(results, indent=2) # Set primary interface name variable primaryIf='eth0' # Create network checking object IPChecks = network() # Set current IP address variable currentIP = commands.getoutput("/sbin/ifconfig").split("\n")[1].split()[1][5:] # Set current IP range in CIDR format variable currentRange = str(IPNetwork(currentIP + "/" + str(IPChecks.getBits(IPChecks.get_netmask(primaryIf)))).network) + "/" + str(IPChecks.getBits(IPChecks.get_netmask(primaryIf))) # Set current time variable timestamp = int(time.time()) print bcolors.OKGREEN print " _____ _ __ __ " print " / ____| | | \/ | " print " | (___ | |_ ___ _ __ _ __ ___ | \ / | __ _ _ __ " print " \___ \| __/ _ \| '__| '_ ` _ \| |\/| |/ _` | '_ \ " print " ____) | || (_) | | | | | | | | | | | (_| | |_) | " print " |_____/ \__\___/|_| |_| |_| |_|_| |_|\__,_| .__/ " print bcolors.OKBLUE + " Network Mapping and Discovery " + bcolors.OKGREEN + " | | " print bcolors.OKBLUE + " Simon Beattie // @Si_Bt // 2013 " + bcolors.OKGREEN + " |_| " print bcolors.ENDC # If no arguements have been passed, exit program if not (args.target or args.port or args.os or args.auto): print "Type stormmapper.py --help for options" print os.unlink(pidfile) quit() # Create current scan object current_scan = scanners() # Set time of last scan ran maxTime = [] for i in host_current.select(host_current.scanTime): maxTime.append(i.scanTime) lastScan = max(maxTime) # Run automatic scan on current IP range (this is usually triggered by web/AutoScanCron.php if args.auto: current_scan.discovery_scan(currentRange,timestamp) current_scan.port_scan(timestamp) current_scan.os_fingerprint(timestamp) print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC # Run discovery scan on specified range (CIDR), or ip address if args.target: current_scan.discovery_scan(args.target,timestamp) print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC # Run port-scan on all targets added or updated in last discovery scan if args.port: current_scan.port_scan(lastScan) print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC # Run operating system scan on all targets added or updated in last discovery scan if args.os: current_scan.os_fingerprint(lastScan) print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC # Output the latest scan in JSON format if args.output: print create_json_report() #Cleanup pid file os.unlink(pidfile) # Capture exits and errors except KeyboardInterrupt: print "Shutdown requested.. exiting" os.unlink(pidfile) except Exception: logging.exception('StormMapper Error') print "An error has occurred - Check the logs!" os.unlink(pidfile)
def discovery_scanner(host, scan_result): IPChecks = network() primaryIf='eth0' currentIP = commands.getoutput("/sbin/ifconfig").split("\n")[1].split()[1][5:] currentCIDR = IPChecks.getBits(IPChecks.get_netmask(primaryIf)) currentPreRange = currentIP + "/" + str(currentCIDR) ip2 = IPNetwork(currentPreRange) currentRange = str(ip2.network) + "/" + str(currentCIDR) addMac = True added = False try: scan_result['scan'][host]['status']['state'] == 'up' except: pass else: if IPChecks.subnetCheck(host, currentRange) == True: macEnable = True try: ms=IPChecks.getMac(host) macsuffix='-' + ms[12:] except: macsuffix='' #Check if hostname has been found hostnametemp = scan_result['scan'][host]['hostname'] if (hostnametemp == "" or hostnametemp == "UNKNOWN"): try: hostnameNice = socket.gethostbyaddr(host)[0] + macsuffix except: hostnameNice = host + macsuffix else: hostnameNice = scan_result['scan'][host]['hostname'] + macsuffix else: #Check if hostname has been found macEnable = False hostnametemp = scan_result['scan'][host]['hostname'] if (hostnametemp == "" or hostnametemp == "UNKNOWN"): try: hostnameNice = socket.gethostbyaddr(host)[0] + '- remote' except: hostnameNice = host + '- remote' else: hostnameNice = scan_result['scan'][host]['hostname'] + '- remote' for i in host_current.select().where(host_current.hostname == hostnameNice): #If the hostname is there, but IP has changed... if i.hostname == hostnameNice and i.hostIP != host: hostUpdate = host_current.update(hostIP=host, scanTime=timestamp).where(host_current.hostname == hostnameNice) hostUpdate.execute() print bcolors.OKBLUE + 'Existing Host Updated' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )' added = True #If the hostname and IP address match elif i.hostname == hostnameNice and i.hostIP == host: print bcolors.OKGREEN + 'Existing Host Found' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )' hostUpdate = host_current.update(scanTime=timestamp).where(host_current.hostname == hostnameNice) hostUpdate.execute() added = True #If the hostname is not in the list at all if added == True: pass else: host_current.create(hostname=hostnameNice, hostIP=host, scanTime=timestamp) print bcolors.WARNING + 'New Host Found' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )' if macEnable == True: macAddress=IPChecks.getMac(host) if macAddress: for m in mac_address.select().where(mac_address.hostname == hostnameNice): if m.macAddr == macAddress: addMac = False pass if addMac == True: mac_address.create( hostname=hostnameNice, macAddr=macAddress, scanTime=timestamp, ) print bcolors.OKGREEN + 'MAC address stored ' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + macAddress + ' )'
def discovery_scanner(host, scan_result): IPChecks = network() primaryIf = 'eth0' currentIP = commands.getoutput("/sbin/ifconfig").split( "\n")[1].split()[1][5:] currentCIDR = IPChecks.getBits(IPChecks.get_netmask(primaryIf)) currentPreRange = currentIP + "/" + str(currentCIDR) ip2 = IPNetwork(currentPreRange) currentRange = str(ip2.network) + "/" + str(currentCIDR) addMac = True added = False try: scan_result['scan'][host]['status']['state'] == 'up' except: pass else: if IPChecks.subnetCheck(host, currentRange) == True: macEnable = True try: ms = IPChecks.getMac(host) macsuffix = '-' + ms[12:] except: macsuffix = '' #Check if hostname has been found hostnametemp = scan_result['scan'][host]['hostname'] if (hostnametemp == "" or hostnametemp == "UNKNOWN"): try: hostnameNice = socket.gethostbyaddr( host)[0] + macsuffix except: hostnameNice = host + macsuffix else: hostnameNice = scan_result['scan'][host][ 'hostname'] + macsuffix else: #Check if hostname has been found macEnable = False hostnametemp = scan_result['scan'][host]['hostname'] if (hostnametemp == "" or hostnametemp == "UNKNOWN"): try: hostnameNice = socket.gethostbyaddr( host)[0] + '- remote' except: hostnameNice = host + '- remote' else: hostnameNice = scan_result['scan'][host][ 'hostname'] + '- remote' for i in host_current.select().where( host_current.hostname == hostnameNice): #If the hostname is there, but IP has changed... if i.hostname == hostnameNice and i.hostIP != host: hostUpdate = host_current.update( hostIP=host, scanTime=timestamp).where( host_current.hostname == hostnameNice) hostUpdate.execute() print bcolors.OKBLUE + 'Existing Host Updated' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )' added = True #If the hostname and IP address match elif i.hostname == hostnameNice and i.hostIP == host: print bcolors.OKGREEN + 'Existing Host Found' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )' hostUpdate = host_current.update( scanTime=timestamp).where( host_current.hostname == hostnameNice) hostUpdate.execute() added = True #If the hostname is not in the list at all if added == True: pass else: host_current.create(hostname=hostnameNice, hostIP=host, scanTime=timestamp) print bcolors.WARNING + 'New Host Found' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + host + ' )' if macEnable == True: macAddress = IPChecks.getMac(host) if macAddress: for m in mac_address.select().where( mac_address.hostname == hostnameNice): if m.macAddr == macAddress: addMac = False pass if addMac == True: mac_address.create( hostname=hostnameNice, macAddr=macAddress, scanTime=timestamp, ) print bcolors.OKGREEN + 'MAC address stored ' + bcolors.ENDC + '( ' + hostnameNice + ' - ' + macAddress + ' )'
def main(): try: # Output the latest scan in JSON format def create_json_report(): print 'Creating report..' results = dict() for i in host_current.select( host_current.id, host_current.hostIP, host_current.hostname).where( host_current.scanTime == timestamp): os = os_match.get(os_match.hostID == i.id, os_match.scanTime == timestamp) results[i.hostname] = { 'ip': i.hostIP, 'os': { 'type': os.os, 'confidence': os.confidence } } results[i.hostname].update({'scan': {}}) for portresults in services.select( services.hostID, services.portID).where( services.scanTime == timestamp).where( services.hostID == i.id): results[i.hostname]['scan'].update({ portresults.portID: { 'description': ports.get( ports.port == portresults.portID).description } }) return json.dumps(results, indent=2) # Set primary interface name variable primaryIf = 'eth0' # Create network checking object IPChecks = network() # Set current IP address variable currentIP = commands.getoutput("/sbin/ifconfig").split( "\n")[1].split()[1][5:] # Set current IP range in CIDR format variable currentRange = str( IPNetwork(currentIP + "/" + str(IPChecks.getBits(IPChecks.get_netmask(primaryIf)))). network) + "/" + str( IPChecks.getBits(IPChecks.get_netmask(primaryIf))) # Set current time variable timestamp = int(time.time()) print bcolors.OKGREEN print " _____ _ __ __ " print " / ____| | | \/ | " print " | (___ | |_ ___ _ __ _ __ ___ | \ / | __ _ _ __ " print " \___ \| __/ _ \| '__| '_ ` _ \| |\/| |/ _` | '_ \ " print " ____) | || (_) | | | | | | | | | | | (_| | |_) | " print " |_____/ \__\___/|_| |_| |_| |_|_| |_|\__,_| .__/ " print bcolors.OKBLUE + " Network Mapping and Discovery " + bcolors.OKGREEN + " | | " print bcolors.OKBLUE + " Simon Beattie // @Si_Bt // 2013 " + bcolors.OKGREEN + " |_| " print bcolors.ENDC # If no arguements have been passed, exit program if not (args.target or args.port or args.os or args.auto): print "Type stormmapper.py --help for options" print os.unlink(pidfile) quit() # Create current scan object current_scan = scanners() # Set time of last scan ran maxTime = [] for i in host_current.select(host_current.scanTime): maxTime.append(i.scanTime) lastScan = max(maxTime) # Run automatic scan on current IP range (this is usually triggered by web/AutoScanCron.php if args.auto: current_scan.discovery_scan(currentRange, timestamp) current_scan.port_scan(timestamp) current_scan.os_fingerprint(timestamp) print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC # Run discovery scan on specified range (CIDR), or ip address if args.target: current_scan.discovery_scan(args.target, timestamp) print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC # Run port-scan on all targets added or updated in last discovery scan if args.port: current_scan.port_scan(lastScan) print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC # Run operating system scan on all targets added or updated in last discovery scan if args.os: current_scan.os_fingerprint(lastScan) print bcolors.OKGREEN + "Scan Completed!" + bcolors.ENDC # Output the latest scan in JSON format if args.output: print create_json_report() #Cleanup pid file os.unlink(pidfile) # Capture exits and errors except KeyboardInterrupt: print "Shutdown requested.. exiting" os.unlink(pidfile) except Exception: logging.exception('StormMapper Error') print "An error has occurred - Check the logs!" os.unlink(pidfile)