-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcore.py
122 lines (96 loc) · 4.51 KB
/
core.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
from multiprocessing import Process
import socket
import subprocess
def staged_nmap(arguments, output_file):
# parse args
ip_address = arguments.host
min_rate = arguments.min_rate
max_rate = arguments.max_rate
print("[+] Using min,max rate of %s,%s" % (min_rate, max_rate))
print()
"""
Stage 1: Open Port Scan For Common TCP Ports + Light Version Detection
"""
print("[+] Starting quick nmap scan for %s" % ip_address)
QUICKSCAN = "nmap -Pn -sV --version-light --min-rate=%s --max-rate=%s %s" % (min_rate, max_rate, ip_address)
quickresults = subprocess.check_output(QUICKSCAN, shell=True).decode("utf-8")
# parse ports only
ports = [_ for _ in quickresults.split() if '/tcp' in _]
# parse ports and services
quickresults = '\n| '.join( quickresults.split('\n')[4:-4] )
quickresults = '\n%s\n\\%s...\n' % (quickresults, "_" * 16)
print("[*] TCP quick scans completed for %s" % ip_address)
print("[*] Total number of ports discovered for TCP: %d" % len(ports))
print(quickresults)
"""
Stage 2: Open Port Scan For All 65535 TCP Ports
"""
print("[+] Starting full port scan for TCP (range: 1-65535)")
FULLTCP = "nmap -Pn -p- -T4 --min-rate=%s --max-rate=%s %s" % (min_rate, max_rate, ip_address)
fulltcp_results = subprocess.check_output(FULLTCP, shell=True).decode("utf-8")
# parse ports and append
for _ in fulltcp_results.split():
if '/tcp' in _:
ports.append(_)
ports = list(set(ports))
portlist = ",".join([p.rstrip("/tcp") for p in ports])
print("[*] TCP full port scan completed")
print("[*] Total number of ports discovered for TCP: %d" % len(ports))
"""
Stage 3: Run Default NSE Scripts + Version Detection Against Ports Found From Stage 2
"""
output_file.append(f"TCP port scan result for {ip_address}:\n")
if len(ports) > 0:
print("[+] Starting service enumeration for TCP ports: %s" % portlist)
ENUMTCP = "nmap -Pn -p '%s' -sC -sV --min-rate=%s --max-rate=%s %s" % (portlist, min_rate, max_rate, ip_address)
enumtcp_results = subprocess.check_output(ENUMTCP, shell=True).decode("utf-8")
# parse nmap enum output
enumtcp_results = '\n| '.join(
[ _ for _ in enumtcp_results.split('\n')[4:-4] if " closed " not in _ ])
enumtcp_results = '\n%s\n\\%s...\n' % (enumtcp_results, "_" * 64)
print("[*] Enumeration for TCP ports finished")
print(enumtcp_results)
output_file.append(enumtcp_results)
output_file.append("\n\n")
else:
print("[-] Skipping TCP service enumeration due to no open ports found")
"""
Stage 4: Open Port Scan For All 65535 UDP Ports
"""
print("[+] Starting full port scan for UDP (range: 1-65535)")
FULLUDP = "nmap -Pn -p- -sU -T4 --min-rate=%s --max-rate=%s %s" % (min_rate, max_rate, ip_address)
fulludp_results = subprocess.check_output(FULLUDP, shell=True).decode("utf-8")
# parse udp ports
udp_ports = []
for _ in fulludp_results.split():
if '/udp' in _:
udp_ports.append(_)
udp_ports = list(set(udp_ports))
udp_portlist = ",".join([p.rstrip("/udp") for p in udp_ports])
print("[*] UDP full port scan completed")
print("[*] Total number of ports discovered for UDP: %d" % len(udp_ports))
"""
Stage 5: Run Default NSE Scripts + Version Detection Against Ports Found From Stage 5
"""
output_file.append(f"UDP port scan result for {ip_address}:\n")
if len(udp_ports) > 0:
print("[+] Starting service enumeration for UDP ports: %s" % udp_portlist)
ENUMUDP = "nmap -Pn -p '%s' -sU -sC -sV --min-rate=%s --max-rate=%s %s" % (udp_portlist, min_rate, max_rate, ip_address)
enumudp_results = subprocess.check_output(ENUMUDP, shell=True).decode("utf-8")
# parse nmap enum output
enumudp_results = '\n| '.join(
[ _ for _ in enumudp_results.split('\n')[4:-3] if " closed " not in _ ])
enumudp_results = '\n%s\n\\%s...\n' % (enumudp_results, "_" * 64)
print("[*] Enumeration for UDP ports finished")
print(enumudp_results)
output_file.append(enumudp_results)
else:
print("[-] Skipping UDP service enumeration due to no open ports found")
print()
print("[*] Portscan finished.")
def port_scan(host, output_file):
# this list will come handy for managing multiple active scanners in future updates
jobs = []
p = Process(target=staged_nmap, args=(host,output_file,))
jobs.append(p)
p.start()