def scanHost(network_prefix): nm = nmap.PortScannerYield() # for rawRes in nm.scan(hosts=network_prefix, ports = portarguments='-sS'): for rawRes in nm.scan(network_prefix, arguments="-sS"): if 'error' in rawRes[1]['nmap']['scaninfo']: print(rawRes[1]['nmap']['scaninfo']['error'][0]) return None for k,v in rawRes[1]['scan'].items(): try: for port, info in v['tcp'].items(): if info['state'] == 'open': # print('port {} is open'.format(port)) print('tcp/{}'.format(port)) print('state:{}'.format(info['state'])) print('name:{}'.format(info['name'])) print('\n',end='') except: pass try: for port, info in v['udp'].items(): if info['state'] == 'open': print('udp/{}'.format(port)) print('state:{}'.format(info['state'])) print('name:{}'.format(info['name'])) print('\n',end='') except: pass
def port_scan(target_host, target_port): nm = nmap.PortScannerYield() for result in nm.scan(hosts=target_host, ports=target_port, arguments='-T4 -A -v -Pn '): host_status=result[1]['scan'][target_host]['status']['state'] if host_status!="down": port_status=result[1]['scan'][target_host]['tcp'][int(target_port)]['state'] print("++++++ "+target_port+" 端口状态:" + port_status) else: continue
def check_admin_ports(self, target_list, ports_to_scan): """Scans for a live host and for any open common admin ports defined in the configuration file. If an open port is found, it instantiates a class for that host and records all the open ports. Ports list as argument needed to have the whitespace stripped between each port, otherwise the NMAP command is not constructed properly. Args: target_list (str): file name of the target list to be used. ports_to_scan (list): list of ports to scan. Returns: bool: True for success, False otherwise. """ try: scanner = nmap.PortScannerYield() # defines port scanner function print("[*] checking for open admin ports...") targets = '-iL ' + os.path.join(self.default_filepath, "targets", str(target_list).strip('[]')) ports = ' -Pn -p ' + str(ports_to_scan).strip('[]').replace( ' ', '') total_hosts = self.calculate_total_number_of_hosts(target_list) counter = 0 for host in scanner.scan(hosts=targets, arguments=ports): # Nmap scan command counter += 1 percentage = float(counter) / float(total_hosts) * 100.0 percentage = int(percentage) sys.stdout.write('\r') sys.stdout.write("[%-100s] %d%% Currently on %s" % ('=' * percentage, percentage, host[0])) sys.stdout.flush() # hosts_list = [(x, scanner[x]['status']['state']) for x in scanner.all_hosts()] # for host, status in hosts_list: try: ports = host[1]['scan'][host[0]]['tcp'].keys( ) # retrieves tcp port results from scan for port in ports: port_state = host[1]['scan'][host[0]]['tcp'][port][ 'state'] # defines port state variable if port_state == 'open': self.create_new_vulnerable_host(host, ports) break except KeyError: return False return True # except scanner.PortScannerError as error: # print "[!] Error running port scanner, check target list path." # logging.exception("{0}\t{1}".format(service, error)) # exit(0) except Exception as error: logging.exception( "Port Scanner threw the following: {0}".format(error)) return False except KeyboardInterrupt: exit(0)
def ip_scan(target_hosts): nm = nmap.PortScannerYield() for result in nm.scan(hosts=target_hosts,arguments='-T4 -A -v -Pn '): ip=result[0] host_status=result[1]['scan'][ip]['status']['state'] if host_status!="down": try: ports= dict(result[1]['scan'][ip]['tcp']) for port in ports.keys(): print("++++++发现端口"+str(port)+",状态:" +result[1]['scan'][ip]['tcp'][port]['state']) except: continue else: continue
def check_admin_ports(self, target_list, ports_to_scan): """Scans for a live host and for any open common admin ports defined in the configuration file. If an open port is found, it instantiates a class for that host and records all the open ports. Tests all live host for open 'admin' ports Changed to let NMAP handling the threading. Had implemented threading, but threading NMAP, which is threaded seems to add complications. New implementation is very fast and almost no issues. Ports list as argument needed to have the whitespace stripped between each port, otherwise the NMAP command is not constructed properly. """ service = "admin_port_scanner" try: scanner = nmap.PortScannerYield() # defines port scanner function print("[*] checking for open admin ports...") targets = '-iL ' + os.path.join(self.default_filepath, "targets", str(target_list).strip('[]')) ports = ' -Pn -p ' + str(ports_to_scan).strip('[]').replace( ' ', '') total_hosts = self.calculate_total_number_of_hosts(target_list) counter = 0 for host in scanner.scan(hosts=targets, arguments=ports): # Nmap scan command counter += 1 percentage = float(counter) / float(total_hosts) * 100.0 percentage = int(percentage) sys.stdout.write('\r') sys.stdout.write("[%-100s] %d%% Currently on %s" % ('=' * percentage, percentage, host[0])) sys.stdout.flush() # hosts_list = [(x, scanner[x]['status']['state']) for x in scanner.all_hosts()] # for host, status in hosts_list: try: ports = host[1]['scan'][host[0]]['tcp'].viewitems( ) # retrieves tcp port results from scan self.create_new_vulnerable_host(host, ports) except KeyError: continue # except scanner.PortScannerError as error: # print "[!] Error running port scanner, check target list path." # logging.exception("{0}\t{1}".format(service, error)) # exit(0) except Exception as error: logging.exception("{0}\t{1}".format(service, error)) except KeyboardInterrupt: exit(0)
def scan(network_host): print("debug:scan") nm = nmap.PortScannerYield() port_str = "1-1023" port_get = port_Entered.get() if port_get != '' and int(port_get) >= 0 and int(port_get) <= 65535: port_str = port_get try: print("debug:start scan") for scan_result in nm.scan(hosts=network_host, arguments='-sT -p ' + port_str): global tab3_port_number global tab3_port_list_tree results = scan_result[1] for port in results['scan'][network_host]['tcp']: tab3_port_list_tree.insert("", 'end', tab3_port_number, text=tab3_port_number, values=(tab3_port_number, network_host, port, results['scan'][network_host]['tcp'][port]['state'])) tab3_port_list_tree.update_idletasks() # 更新列表,不需要修改 tab3_port_number += 1 print("debug:finish scan") except: print("debug:可能被防火墙过滤")
if 'fingerprint' in nm['127.0.0.1']: print('Fingerprint : {0}'.format(nm['127.0.0.1']['fingerprint'])) # Vendor list for MAC address print('scanning localnet') nm.scan('192.168.0.0/24', arguments='-O') for h in nm.all_hosts(): print(h) if 'mac' in nm[h]['addresses']: print(nm[h]['addresses'], nm[h]['vendor']) print('----------------------------------------------------') # Read output captured to a file # Example : nmap -oX - -p 22-443 -sV 71.59.0.201 > nmap_output.xml with open("./nmap_output.xml", "r") as fd: content = fd.read() nm.analyse_nmap_xml_scan(content) print(nm.csv()) print('----------------------------------------------------') # Progressive scan with generator nm = nmap.PortScannerYield() for progressive_result in nm.scan('127.0.0.1', '22-25'): print(progressive_result)