Tuesday, October 20, 2015

nmap - Storing nmap Scan Information 1 File at a Time

The other day I was faced with a challenge where I needed to store each nmap scan as its own file. I created this quick python script to assist with doing this.


#!/usr/bin/python

import sys
import os
import re

scanFile = 'scan.list'

def selectScan(nList, dList, sIP, eIP):
 file = open('scan.list', 'r')
 for line in file:
  if '#' not in line:
   theList = line.split(',')
   nList.append(theList[0])
   dList.append(theList[1])
   sIP.append(theList[2])
   eIP.append(theList[3].strip()) 
 file.close()
 print
 print "Select which scan you would like to perform:"
 print
 for i in range(0, len(nList)):
  print str(i+1) + ". Scan: " + nList[i] + ", Save to Directory: " + dList[i] + ", Start IP: " + sIP[i] + ", End IP: " + eIP[i]
 print
 scanSelect = raw_input('Select: ') 
 try:
  scanSelect = int(scanSelect)
  scanSelect = scanSelect - 1
 except:
  scanSelect = 9999
 return scanSelect

def ipRangeScan(nList, dList, sIP, eIP):
 dList = dList.strip(' ')
 sIP = sIP.strip(' ')
 eIP = eIP.strip(' ')
 # nmap -sP 172.16.2.1-31 -oN test/test.subnet
 print
 print "Checking to see if the directory exists that we are saving the results to..."
 if not os.path.exists(dList):
  os.mkdir(dList)
 # This only works if the scan encompasses a /24 to a /31 subnet range...  Any subnet larger that a /24 will not work 
 ipScanRange = sIP + '-' + eIP.split('.')[3]
 saveFile = dList + "/" + dList + ".range"
 print "Executing 'nmap -sP " + ipScanRange + " -oN " + saveFile
 execCommand = "nmap -sP " + ipScanRange + " -oN " + saveFile
 c = os.system(execCommand)

def individualIPScan(nList, dList, sIP, eIP):
 dList = dList.strip(' ')
 sIP = sIP.strip(' ')
 eIP = eIP.strip(' ')
 ipList = []
 # nmap -sS -sV -O 172.16.2.1 -oN test/172_16_2_1.nmap
 print
 print "Checking to see if the directory exists that we are saving the results to..."
 if not os.path.exists(dList):
  os.mkdir(dList)
 saveFile = dList + "/" + dList + ".range"
 f = open(saveFile, 'r')
 pattern = re.compile('^.*for\s[0-9]+(?:\.[0-9]+){3}(?:.*$|$)')
 for line in f:
  if pattern.match(line.strip()):
   ip = re.findall(r'[0-9]+(?:\.[0-9]+){3}', line)
   ipList = ipList + ip
 f.close() 
 ipStartRange = int(sIP.split('.')[3])
 ipEndRange = int(eIP.split('.')[3]) + 1     # If you do not add 1 it does not catch the last IP in the range
 for j in range(ipStartRange, ipEndRange):
  currentIP = sIP.split('.')[0] + "." + sIP.split('.')[1] + "." + sIP.split('.')[2] + "." + str(j)
  # Only scan the IP Addresses that were found through the previous scan...
  if currentIP in ipList:
   saveFile = dList + "/" + currentIP.replace('.','_') + ".nmap"
   print "Executing 'nmap -sS -sV -O " + currentIP + " -oN " + saveFile + "'"
   execCommand = "nmap -sS -sV -O " + currentIP + " -oN " + saveFile
   c = os.system(execCommand)
 

def main():
 while True:
  selection = 0
  nameList = []
  dirList = []
  startIP = []
  endIP = []
  selection = selectScan(nameList, dirList, startIP, endIP)
  if ((selection < 9999) and (selection <= (len(nameList)-1))):
   print "You selected to perform the following scan: " + nameList[selection]
   continueScan = raw_input('Run the above selected scan? (y/n): ')
   if (continueScan == 'y' or continueScan == 'Y'):
    ipRangeScan(nameList[selection], dirList[selection], startIP[selection], endIP[selection])
    individualIPScan(nameList[selection], dirList[selection], startIP[selection], endIP[selection])
   else:
    print "Error: The scan was aborted"
    print
  else:
   print "Error: The selection of the scan was incorrect"
   print


if __name__ == "__main__":
    main()



It parses a file like the following to cycle through a variety of scans that you can stage.  To comment out a line in the scan.list file just place a # in the front of the line.  I have not tested this but I believe you can not have spaces in the save to directory.




#Name of Scan, Save to Directory, Start IP Address, End IP Address
Test1, test1, 172.16.2.1, 172.16.2.31
Test2, test2, 172.16.2.32, 172.16.2.63



No comments:

Post a Comment

Test Authentication from Linux Console using python3 pexpect

Working with the IT420 lab, you will discover that we need to discover a vulnerable user account.  The following python3 script uses the pex...