class Scanner(object):
"""
Simplified nmap scanning and retrieval of MAC addresses
"""
def __init__(self, ip=get_ip()):
self.ip = ip
self.nmap = PortScanner()
self.scanned = False
self.unknown = 0
self.known = 0
self.total = 0
self.previous_total = 0
self.previous_mac_vendors = []
self.mac_vendors = None
def scan(self):
self.previous_mac_vendors = self.mac_vendors
self.simple_scan()
self.scanned = True
self.total = self._connections()
self.mac_vendors = self._mac_vendors()
self.known = len(self.mac_vendors)
self.unknown = self.total - self.known
def simple_scan(self):
self.nmap.scan(hosts=self.ip + '/24',
arguments='-n -sn -PE -PA21,23,80,3389')
def _mac_vendors(self):
if not self.scanned:
self.simple_scan()
hosts = self.nmap.all_hosts()
macs = {host: self.nmap[host]['addresses'].get('mac', None)
for host in hosts}
mac_vendors = [(host, mac, vendor) for host in hosts
for mac, vendor in self.nmap[host]['vendor'].items()]
logger.debug("Scanner._mac_vendors() - macs: %s\n mac_vendors: %s"
% (macs, mac_vendors))
# nmap often doesn't produce current device MAC address
if not macs[self.ip]:
mac_vendors.append((self.ip, ":".join(re.findall('..', '%012x'
% get_mac())).upper(), None))
return mac_vendors
def _connections(self):
try:
return int(self.nmap.scanstats()['uphosts'])
except AssertionError:
self.simple_scan()
return self._connections()
def get_mac_vendors_json(self):
if not self.scanned:
self.scan()
return json.dumps(self.mac_vendors)
def run(self, params={}):
hosts_to_scan = params.get("hosts")
ports_to_scan = params.get("ports")
nmap_args = params.get("arguments")
sudo = params.get("sudo") # defaulted to False
if not len(ports_to_scan):
ports_to_scan = None
if not len(nmap_args):
nmap_args = None
scanner = PortScanner()
try:
scanner.scan(hosts=hosts_to_scan,
ports=ports_to_scan,
arguments=nmap_args,
sudo=sudo)
except PortScannerError as e:
self.logger.error("An error occurred: %s" % e)
else:
scanned_hosts = scanner.all_hosts() # grab hosts that were scanned
results = list(map(lambda host: scanner[host],
scanned_hosts)) # create list of scan results
results = komand.helper.clean(results)
return {"result": results}
def check_passive_port_task(request, module_key):
module = Module.objects.get(id=module_key)
debug(module, ("begin",))
events = ModuleEvent.objects.filter(module=module).filter(back_at=None)
portscanner = PortScanner()
result = None
try:
if not module.check_port:
raise Exception("Improperly configured")
portscanner.scan(arguments = NMAP_ARGS, ports=str(module.check_port), hosts=module.host.encode('ascii','ignore'))
now = datetime.datetime.now()
host = portscanner.all_hosts()[0]
if 'open' == portscanner[host]['tcp'][module.check_port]['state']:
debug(module, "Port open")
for event in events:
event.back_at = now
event.save()
debug(module,"Site is back online %s" % module.name)
else:
if not events:
_create_new_event(module, "off-line", now, None, "Port is closed")
except KeyError, e:
pass
def run(self):
"""Scan the network for MAC addresses and keep tabs on which devices
are present or have left"""
nm = PortScanner()
while self.running:
# Decrement all hosts
for mac in self.macs:
if self.macs[mac] > 0:
self.macs[mac] -= 1;
nm.scan(hosts = self.local_net, arguments = self.nmap_args)
# Mark each host found as present unless it is not tracked
for host in nm.all_hosts():
try:
mac = nm[host]['addresses']['mac']
if mac in self.macs:
self.macs[mac] = self.timeout + 1 # Immediately decremented
except KeyError:
# nmap didn't get the MAC?
# Just ignore it I guess
pass
def sort_alive_hosts(self) -> None:
"""
Make fast pingscan for all hosts to check
if it needed to be scanned with TLS-Scanner
(reject all offline hosts)
:return: None
"""
nm = PortScanner()
online_hosts = self._remove_already_scanned_hosts(self.hosts)
online_hosts = self.sort_hosts_by_product(online_hosts)
hosts_ip = list(online_hosts.keys())
groups = self._grouper(self.n, hosts_ip)
groups = [list(group) for group in groups]
groups_len = len(groups)
for index, group in enumerate(groups):
print(f"│ Do pingscan for {self.n} hosts ({index}/{groups_len})")
group_ips = [ip for ip in group if ip]
hosts_in_nmap_format = " ".join(group_ips)
nm.scan(
hosts=hosts_in_nmap_format,
arguments=DefaultTlsScannerValues.NMAP_PING_SCAN_ARGS,
)
results = nm.all_hosts()
alive_hosts_group = [
ip for ip in results if nm[ip]["status"]["state"] == "up"
]
groups[index] = alive_hosts_group
print(f"└ Done pingscan for {len(hosts_ip)} hosts")
groups_flat = [host for group in groups for host in group]
self.alive_hosts = groups_flat
self._set_ping_status()
def run(self):
try:
from nmap import __version__
except ImportError:
from nmap import __version__
self.__communicate.finishScan.emit([])
return
from nmap import PortScanner
self.__targets = []
nm = PortScanner()
host = self.__host
arguments = self.__arguments
nm.scan(host, arguments=arguments)
for host in nm.all_hosts():
for proto in nm[host].all_protocols():
ports = list(nm[host][proto].keys())
ports.sort()
for port in ports:
target = Target(protocol=proto,
port=port,
name=nm[host][proto][port]['name'],
state=nm[host][proto][port]['state'],
product=nm[host][proto][port]['product'],
info=nm[host][proto][port]['extrainfo'],
version=nm[host][proto][port]['version'])
self.__targets.append(target)
self.__communicate.finishScan.emit(self.__targets)
def main(argv):
iprange = None
try:
opts, args = getopt.gnu_getopt(argv,"i:",["iprange="])
except getopt.GetoptError:
print sys.argv[0]+' -i <iprange>'
sys.exit(2)
for opt, arg in opts:
if opt == '-h':
print sys.argv[0]+' -i <iprange>'
sys.exit()
elif opt in ("-i", "--iprange"):
iprange = arg
if iprange is None:
print sys.argv[0]+' -i <iprange>'
sys.exit()
scan_port = int(cfg.getConfigValue('pdu', 'scan_port'))
snmp_port = int(cfg.getConfigValue('pdu', 'snmp_port'))
ro_community = cfg.getConfigValue('pdu', 'ro_community')
rw_community = cfg.getConfigValue('pdu', 'rw_community')
dccode = cfg.getConfigValue('pdu', 'dccode')
url = '%s/pdu/update' % cfg.getConfigValue('pdu', 'api_base')
nm = PortScanner()
nm.scan(hosts=iprange, arguments='-n -p %s' % (scan_port))
for host in nm.all_hosts():
state = nm[host]['tcp'][scan_port]['state']
t = Thread(target=probePdu, args=(host, state, snmp_port, ro_community, rw_community, dccode, url))
t.start()
class NmapParser(TestPlugin):
def __init__(self):
self.tool_name = "nmap"
super(NmapParser, self).__init__("nmap")
self.nm = PortScanner()
self.hosts = None
self.ports = None
self.argments = "-sV"
self.resultparser = ResultPlugin()
def args_status(self):
print "hosts:", self.hosts, "\n"
print "ports:", self.ports, "\n"
print "argments:", self.argments, "\n"
def start_scan(self):
if self.hosts is not None:
self.nm.scan(self.hosts, arguments=self.argments)
if self.ports is not None:
self.nm.scan(self.hosts, self.ports, arguments=self.argments)
else:
print "please set hosts"
def scan_result(self):
if self.hosts is not None and self.nm.all_hosts():
return self.nm[self.hosts]
def run(self):
super(NmapParser, self).run()
print "scanning .................\n", "please wait!\n"
self.start_scan()
def status(self):
self.args_status()
def result(self):
if self.scan_result() is not None:
self.resultparser.set_hostname(self.scan_result().hostname())
self.resultparser.set_state(self.scan_result().state())
self.resultparser.set_address(self.hosts)
self.resultparser.set_openports(self.scan_result().all_tcp())
if u"tcp" in self.scan_result():
self.resultparser.set_servers(self.scan_result()[u"tcp"])
print "hostname:", self.resultparser.get_hostname
print "address:", self.resultparser.get_address
print "state is :", self.resultparser.get_state
print "open ports:", self.resultparser.get_openports
print "servers:", self.resultparser.get_servers, "\n"
def set_arg(self, arg1, arg2):
if arg1 == "hosts":
self.hosts = arg2
elif arg1 == "ports":
self.ports = arg2
elif arg1 == "argments":
self.argments = arg2
class NmapConnector:
@exception_handler(expected_exception=NmapConnectorInitError)
def __init__(self):
self.nm = PortScanner()
self.results: dict = {}
def check_ip_v6(self, host: str):
if "IPv6Address" in str(type(ip_address(host))):
return True
@exception_handler(expected_exception=NmapConnectorScanError)
def scan(self,
host: str,
arguments: str = "",
ports: str = "",
sudo: bool = False) -> None:
# Add special Nmap key to scan ipv6 hosts
if self.check_ip_v6(host):
arguments += " -6"
# If user wants to scan for top-ports,
# let's remove other ports from nmap scan
if "top-ports" in arguments:
self.nm.scan(hosts=host, arguments=arguments, sudo=sudo)
# Else if user doesn't want scan for top-ports,
# let's scan with defined ports
elif arguments and ports:
self.nm.scan(hosts=host,
arguments=arguments,
ports=ports,
sudo=sudo)
# Else if ports are not defined, let's
# scan with default ports
elif arguments:
self.nm.scan(hosts=host, arguments=arguments, sudo=sudo)
# If arguments are not setted too, make
# simple scan
else:
self.nm.scan(hosts=host, sudo=sudo)
self.results = {host: self.nm[host] for host in self.nm.all_hosts()}
@exception_handler(expected_exception=NmapConnectorGetResultsError)
def get_results(self) -> dict:
return self.results
@exception_handler(expected_exception=NmapConnectorGetResultsCountError)
def get_results_count(self) -> int:
return len(self.results)
def get_devices(self):
'''Return a list
Creates a list of items that contain device information
'''
if len(self.ip) >= 1:
network_to_scan = self.ip + '/24'
else:
network_to_scan = self.ip_default + '/24'
p_scanner = PortScanner()
print('Scanning {}...'.format(network_to_scan))
p_scanner.scan(hosts=network_to_scan, arguments='-sn')
device_list = [(device, p_scanner[device])
for device in p_scanner.all_hosts()]
return device_list
def scan(self, bot, update, args):
chat_id = update.message.chat_id
from_user = update.message.from_user.username
parser = ArgumentParser(prog='nmap_plugin')
parser.add_argument('-host', required=True)
parser.add_argument('-ports', required=False, default=None)
parser.add_argument('-all', required=False, default=False, type=bool)
parser.add_argument('-raw', required=False, default=None)
try:
p = parser.parse_args(args)
for param in vars(p):
if self.__check_for_idiot_friends(getattr(p, param)):
bot.sendMessage(
chat_id,
text='{} you are a funny guy... but go to try to be an h4x0r somewhere else.'.format(from_user)
)
if from_user == 'dzonerzy':
bot.sendMessage(chat_id,
text='Amico del jaguaro... Ti fo un rutto ne `i viso che ti fo diventa` bello!'
)
return
except ArgumentError:
bot.sendMessage(chat_id, text="Wrong parameters passed.")
return
arguments = '-sV'
if p.all is True:
arguments = '-A'
bot.sendMessage(chat_id, text="Command accepted, running nmap against: {}".format(p.host))
nm = PortScanner()
nm.scan(hosts=p.host, ports=p.ports, arguments=arguments)
msg = ''
for host in nm.all_hosts():
msg = '----------------------------------------------------\n'
msg += 'Host: {} ({})\n'.format(host, nm[host].hostname())
msg += 'State: {}\n'.format(nm[host].state())
for proto in nm[host].all_protocols():
msg += 'Protocol : {}\n'.format(proto)
lport = nm[host][proto].keys()
lport.sort()
for port in lport:
msg += '\tport : {}\tstate : {}\n'.format(port, nm[host][proto][port]['state'])
msg = 'Empty response object received.' if msg == '' else msg
bot.sendMessage(chat_id, text=msg)
class NmapParser(ScanPlugin):
def __init__(self):
self.tool_name = "nmap"
super(NmapParser, self).__init__("nmap")
self.nm = PortScanner()
self.hosts = None
self.ports = None
self.arguments = "-sV"
self.resultparser = ResultPlugin()
def start_scan(self):
if self.hosts is not None:
self.nm.scan(self.hosts, arguments=self.arguments)
if self.ports is not None:
self.nm.scan(self.hosts, self.ports, arguments=self.arguments)
else:
print 'please set hosts'
def scan_result(self):
if self.hosts is not None and self.nm.all_hosts():
return self.nm[self.hosts]
def run(self, status):
if status and len(status) == 3:
self.hosts = status['hosts']
self.ports = status['ports']
self.arguments = status['arguments']
super(NmapParser, self).run(status)
print "scanning .................\n", "please wait!\n"
self.start_scan()
def status(self):
return {"hosts": self.hosts, "ports": self.ports, "arguments": self.arguments}
def result(self):
if self.scan_result() is not None:
self.resultparser.set_hostname(self.scan_result().hostname())
self.resultparser.set_state(self.scan_result().state())
self.resultparser.set_address(self.hosts)
self.resultparser.set_openports(self.scan_result().all_tcp())
if u'tcp' in self.scan_result():
self.resultparser.set_servers(self.scan_result()[u'tcp'])
self.resultparser.log_result()
return self.scan_result()
def host_discovery(network_address):
"""
Tramite il modulo nmap viene effettuata una ricerca degli host
attivi in rete. Ritorna una lista degli host attivi in rete.
"""
scanner = PortScanner()
if network_address:
print("Searching for hosts on %s..." % network_address)
scanner.scan(hosts=network_address, arguments='-sP')
iplist = [ip for ip in scanner.all_hosts() if scanner[ip].state() == 'up']
print("Found %s host(s)" % len(iplist))
print(iplist)
return iplist
def scan(self, network):
'''Scan a network.
:param network: a valid network, like 10.0.0.0/8
:return: a list of tuples like [('10.0.0.1','Gateway'),...].
'''
hosts = []
nm = PortScanner()
nm.scan(network, arguments=self.nmap_args)
for host in nm.all_hosts():
address = nm[host]['addresses']['ipv4']
try:
description = self.get_description(
address, nm[host]['hostnames'][0]['name'],
nm[host]['osmatch'][0]['osclass'][0]['cpe'])
except (KeyError, AttributeError, IndexError, NotImplementedError):
description = self.unknown
hosts.append((address, description))
return hosts
def __scan_network(self,what_device,all_devices):
#here the actual network scan is done
print("Scanning your network, please wait...\n")
nm = PortScanner()
nm.scan(hosts= self.config["DEFAULT"]["ip_range_to_scan"] , arguments="-sP")
host_list = nm.all_hosts()
#scans the network for all for all the configured devices
#please note: here we handle list of lists
if all_devices:
for sublist in self.devices[0]:
ip_found = []
for current_mac in sublist:
for host in host_list:
if "mac" not in nm[host]["addresses"]:
#if there is no MAC address
continue
else:
mac_str = nm[host]['addresses']['mac']
mac_str = mac_str[:-9] #we keep only the first part of the MAC address
if current_mac == mac_str:
ip_found.append(nm[host]["addresses"]["ipv4"])
self.devices[3].append(ip_found)
#scans the network for only a specific type of device
else:
self.protocol_single_device = self.devices[2][what_device]
for current_mac in self.devices[0][what_device]:
for host in host_list:
if "mac" not in nm[host]["addresses"]:
#if there is no MAC address
continue
else:
mac_str = nm[host]['addresses']['mac']
mac_str = mac_str[:-9] #we keep only the first part of the MAC address
if current_mac == mac_str:
self.devices[3].append(nm[host]["addresses"]["ipv4"])
def main():
target_spec = parse_args()
# Stealth scan, OS scan, and MAC resolution require superuser priveleges
elevate(graphical=False, show_console=False)
# Enable p0f passive scan while nmap is scanning
with P0f_client("p0f.socket") as p0f_client:
nm = PortScanner()
# If no target spec specified, detect subnet automatically
if target_spec is None:
target_spec = get_network_parameters()
print("Using automatic target_spec: ", target_spec)
# Invoke nmap scanner
print("Starting scan")
try:
nm.scan(target_spec,
arguments="-sS -sU -p 22 -sV -O -T4 --script=banner")
except KeyboardInterrupt as e:
print("nmap scan interrupted.")
# Process hosts
hosts = dict()
for host in nm.all_hosts():
try:
hosts[host] = Host(host, nm, p0f_client)
except Exception as e:
print("Error parsing host ", host, " ", e)
raise e # TODO - REMOVE
print(len(hosts), " hosts scanned with target spec: ", target_spec)
# Create XML output
xml = XML(hosts)
with open("host_report.xml", "w") as out_file:
out_file.write(xml.get_xml())
def host_discovery(network_address):
"""
Tramite il modulo nmap viene effettuata una ricerca degli host
attivi in rete. Ritorna una lista degli host attivi in rete.
"""
scanner = PortScanner()
if network_address:
print("Searching for hosts on %s..." % network_address)
scanner.scan(hosts=network_address, arguments='-sP')
iplist = [ip for ip in scanner.all_hosts()
if scanner[ip].state() == 'up']
print("Found %s host(s)" % len(iplist))
print(iplist)
return iplist
# print("\nScanning all hosts in subnet using port 22")
# nm.scan("192.168.254.0/24", arguments="-p 22 --open")
# print("--- iterating hosts with open port 22 (ssh)")
# for host in nm.all_hosts():
# print("--- --- ", host)
#
# print("\nScanning all hosts in subnet using port 80")
# nm.scan("192.168.254.0/24", arguments="-p 80 --open")
# print("--- iterating hosts with open port 80 (http)")
# for host in nm.all_hosts():
# print("--- --- ", host)
print("\nScanning all hosts in subnet using ICMP")
nm.scan("192.168.254.0/24", arguments="-PE")
print("--- iterating hosts responding to ICMP echo")
for host in nm.all_hosts():
print("--- --- ", host)
def discovered_host(found_host, scan_result):
if scan_result['nmap']['scanstats']['uphosts'] == '1':
print(
f"--- --- found host: {found_host} scan: {scan_result['nmap']['scanstats']}"
)
nma = PortScannerAsync()
print("\nScanning all hosts in subnet using ICMP with callback")
nma.scan("192.168.254.0/24", arguments="-PE", callback=discovered_host)
print("--- iterating hosts responding to ICMP echo")
while nma.still_scanning():
class NmapConnector:
@exception_handler(expected_exception=NmapConnectorInitError)
def __init__(self):
self.nm = PortScanner()
self.results: dict = {}
@staticmethod
def check_ip_v6(host: str):
"""
Check if presented IP address is IPv6 (not IPv4 as expected)
:param host: IP address of some host
:return: bool answer to question "Is host address are IPv6?"
"""
if "IPv6Address" in str(type(ip_address(host))):
return True
@exception_handler(expected_exception=NmapConnectorScanError)
def scan(
self, host: str, arguments: str = "", ports: str = "", sudo: bool = False
) -> None:
"""
The most basic Nmap caller. This is the "lowest" function in terms
of Grinder Framework, all calls here are going to python-nmap
library. In this function we just puts right arguments, parameters
and other things to call Nmap.
:param host: ip of the host to scan
:param arguments: arguments for Nmap
:param ports: ports to scan with Nmap
:param sudo: is sudo required to Nmap scan?
:return: None
"""
# Add special Nmap key to scan ipv6 hosts
if self.check_ip_v6(host):
arguments += " -6"
# If user wants to scan for top-ports,
# let's remove other ports from nmap scan
if "top-ports" in arguments:
self.nm.scan(hosts=host, arguments=arguments, sudo=sudo)
# Else if user doesn't want scan for top-ports,
# let's scan with defined ports
elif arguments and ports:
self.nm.scan(hosts=host, arguments=arguments, ports=ports, sudo=sudo)
# Else if ports are not defined, let's
# scan with default ports
elif arguments:
self.nm.scan(hosts=host, arguments=arguments, sudo=sudo)
# Else if arguments are not defined, let's
# scan with default arguments
elif ports:
self.nm.scan(hosts=host, arguments="", ports=ports, sudo=sudo)
# If arguments are not set too, make
# simple scan
else:
self.nm.scan(hosts=host, arguments="", sudo=sudo)
self.results = {host: self.nm[host] for host in self.nm.all_hosts()}
@exception_handler(expected_exception=NmapConnectorGetResultsError)
def get_results(self) -> dict:
"""
Return Nmap scan results
:return: dictionary with results {host: info}
"""
return self.results
@exception_handler(expected_exception=NmapConnectorGetResultsCountError)
def get_results_count(self) -> int:
"""
Return quantity of results
:return: quantity of results
"""
return len(self.results)
def find_ips_on_network(network):
ps = PortScanner()
ps.scan(hosts=network, arguments="-sn")
ips_on_network = [(host, ps[host]["status"]["state"]) for host in ps.all_hosts()]
return ips_on_network
class NetworkScanner(PortScanner):
def __init__(self):
self.ports = []
self.network_speed = '4'
self.nmap_args = '-sV'
self.ports_name = []
self.port_of_intrest = []
self.protocols = []
self.products = []
self.flags = []
self.results = []
self.service_detected = []
self.service_identified = []
self.unknown_ports = list()
self.time_frame = '25'
self.Web_Port = False
self.nm = PortScanner()
def set_target(self, target):
self.target = target
self.verbos = False
def run_networkscanner(self):
print(COLOR.INF, "NMAP Port/Service/Version Scan Started", COLOR.END)
#spinner.start()
args = '-T' + self.network_speed + " " + self.nmap_args
self.nm.scan(self.target, arguments=args)
for host in self.nm.all_hosts():
self.hosts = self.nm[host].hostname()
for Protocol in self.nm[host].all_protocols():
self.protocols.append(Protocol)
for Port in self.nm[host][Protocol].keys():
#print(Port , "is Open")
self.ports.append(Port)
self.ports_name.append(
str(self.nm[host][Protocol][Port]['name'].lower()))
self.products.append(
self.nm[host][Protocol][Port]['product'])
self.results.append([
Port, self.nm[host][Protocol][Port]['name'],
self.nm[host][Protocol][Port]['product'],
self.nm[host][Protocol][Port]['version']
])
if (self.nm[host][Protocol][Port]['product'] != ''):
if (self.nm[host][Protocol][Port]['version'] != ''):
self.service_identified.append([
self.nm[host][Protocol][Port]['product'],
self.nm[host][Protocol][Port]['version']
])
else:
self.service_detected.append(
[self.nm[host][Protocol][Port]['product']])
#spinner.stop()
if len(self.service_detected) > 0:
print(COLOR.GRE, "FOLLOWING SERVICE DETECTED WITHOUT VERSION",
COLOR.END)
print(COLOR.RED, self.service_detected, COLOR.END)
if len(self.service_identified) > 0:
print(COLOR.GRE, "FOLLOWING SERVICE DETECTED WITH VERSION :D",
COLOR.END)
print(COLOR.RED, self.service_identified, COLOR.END)
if self.verbos is True:
print('[VERBOS] [PROTOCOLS]', self.protocols)
print('[VERBOS] [PORT NAMES / PORT NUMBER] ',
(self.ports_name, self.ports))
print('[VERBOS] [PRODUCTS]', self.products)
print('[VERBOS] [ALL RESULTS]', self.results)
def run_portvulnscanner(self, Target=None, ports=None):
if ports is None:
try:
ports = self.ports
except:
pass
for Port in ports:
if Port in [21]:
print(COLOR.YEL, "[NMAP] Port Idetified As", Port, COLOR.END)
elif Port in [22]:
print(COLOR.INF, "Port Idetified As", Port, COLOR.END)
self.Port_ssh(Port, Target)
elif Port in [23]:
print(COLOR.INF, "Port Idetified As", Port, COLOR.END)
elif Port in [25]:
print(COLOR.INF, "Port Idetified As", Port, COLOR.END)
elif Port in [53]:
print(COLOR.INF, "Port Idetified As", Port, COLOR.END)
elif Port in [143]:
print(COLOR.INF, "Port Idetified As", Port, COLOR.END)
elif Port in [443]:
print(COLOR.YEL, "[NMAP] Port Idetified As", Port, COLOR.END)
self.Port_ssl(Port, Target)
self.WebPort = True
elif Port in [135, 137, 139, 445]:
print(COLOR.YEL, "[NMAP] Port Idetified As", Port, COLOR.END)
Port_smb(Port, Target)
else:
if Port in [80, 8080, 8081, 8081]:
print(COLOR.YEL, "[NMAP] Port Idetified As", Port,
COLOR.END)
self.WebPort = True
self.Port_web(Port)
else:
self.unknown_ports.append(Port)
print(COLOR.RED, "[NMAP] Port Idetified As", Port,
COLOR.END)
def Port_ssh(self, Port):
pass
def Port_web(self, port, target=None):
port_arg = '-p' + str(port)
if target is None:
target = self.target
PowerExecute([
"Nmap Script Apache Axis2", 'nmap ' + port_arg +
' --script http-axis2-dir-traversal -Pn' + " " + target,
['credentials found'], 'in'
])
PowerExecute([
"Nmap Script File Upload Exploiter", 'nnmap ' + port_arg +
' --script http-fileupload-exploiter.nse -Pn' + " " + target,
['Successfully'], 'in'
])
def Port_ssl(self, port, target=None):
port_arg = '-p' + str(port)
if target is None:
target = self.target
' + " " + self.time_frame + " " + '
PowerExecute([
"Nmap Script Heartbleed", 'nmap -v' + " " + port_arg + " " +
'--script ssl-heartbleed --script-timeout ' + " " +
self.time_frame + " " + '-Pn' + " " + target, ['VULNERABLE'], 'in'
])
PowerExecute([
"Nmap Script Poodle", 'nmap -v' + " " + port_arg + " " +
'--script ssl-poodle --script-timeout ' + " " + self.time_frame +
" " + '-Pn' + " " + target, ['VULNERABLE'], 'in'
])
PowerExecute([
"Nmap Script ciphers", 'nmap -v' + " " + port_arg + " " +
'--script ssl-poodle --script ssl-enum-ciphers ' + " " +
self.time_frame + " " + '-Pn' + " " + target, ['VULNERABLE'], 'in'
])
PowerExecute([
"Nmap Script ccs-injection", 'nmap -v' + " " + port_arg + " " +
'--script ssl-ccs-injection --script-timeout ' + " " +
self.time_frame + " " + '-Pn' + ' ' + target, ['VULNERABLE'], 'in'
])
PowerExecute([
"map Script Diffie-Hellman parameter detection", 'nmap -v' + " " +
port_arg + " " + '--script ssl-dh-params --script-timeout ' + " " +
self.time_frame + " " + '-Pn' + ' ' + target, ['VULNERABLE'], 'in'
])
def Port_smb(self, port, target=None):
port_arg = '-p' + str(port)
PowerExecute([
"Nmap Script http-asp.net-debug", 'nmap ' + " " + port_arg + " " +
' --script http-aspnet-debug --script-timeout ' + " " +
self.time_frame + " " + ' -T4 -Pn' + " " + target, ['enabled'],
'in'
])
PowerExecute([
"Nmap Script stuxnet-detect", 'nmap ' + " " + port_arg + " " +
' --script stuxnet-detect --script-timeout ' + " " +
self.time_frame + " " + ' -Pn' + " " + target, ['INFECTED'], 'in'
])