netwatch.py/python-nmap-0.3.4/example.py

161 lines
5.7 KiB
Python
Raw Normal View History

2015-03-27 22:54:25 +00:00
#!/usr/bin/env python
# -*- coding: latin-1 -*-
"""
example.py - 2011.11.09
Author : Alexandre Norman - norman@xael.org
Contributor: Steve 'Ashcrow' Milner - steve@gnulinux.net
Licence : GPL v3 or any later version
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
import sys
import os
import nmap # import nmap.py module
try:
nm = nmap.PortScanner() # instantiate nmap.PortScanner object
except nmap.PortScannerError:
print('Nmap not found', sys.exc_info()[0])
sys.exit(1)
except:
print("Unexpected error:", sys.exc_info()[0])
sys.exit(1)
nm.scan('127.0.0.1', '22-443') # scan host 127.0.0.1, ports from 22 to 443
nm.command_line() # get command line used for the scan : nmap -oX - -p 22-443 127.0.0.1
nm.scaninfo() # get nmap scan informations {'tcp': {'services': '22-443', 'method': 'connect'}}
nm.all_hosts() # get all hosts that were scanned
nm['127.0.0.1'].hostname() # get hostname for host 127.0.0.1
nm['127.0.0.1'].state() # get state of host 127.0.0.1 (up|down|unknown|skipped)
nm['127.0.0.1'].all_protocols() # get all scanned protocols ['tcp', 'udp'] in (ip|tcp|udp|sctp)
if ('tcp' in nm['127.0.0.1']):
list(nm['127.0.0.1']['tcp'].keys()) # get all ports for tcp protocol
nm['127.0.0.1'].all_tcp() # get all ports for tcp protocol (sorted version)
nm['127.0.0.1'].all_udp() # get all ports for udp protocol (sorted version)
nm['127.0.0.1'].all_ip() # get all ports for ip protocol (sorted version)
nm['127.0.0.1'].all_sctp() # get all ports for sctp protocol (sorted version)
if nm['127.0.0.1'].has_tcp(22): # is there any information for port 22/tcp on host 127.0.0.1
nm['127.0.0.1']['tcp'][22] # get infos about port 22 in tcp on host 127.0.0.1
nm['127.0.0.1'].tcp(22) # get infos about port 22 in tcp on host 127.0.0.1
nm['127.0.0.1']['tcp'][22]['state'] # get state of port 22/tcp on host 127.0.0.1 (open
# a more usefull example :
for host in nm.all_hosts():
print('----------------------------------------------------')
print('Host : {0} ({1})'.format(host, nm[host].hostname()))
print('State : {0}'.format(nm[host].state()))
for proto in nm[host].all_protocols():
print('----------')
print('Protocol : {0}'.format(proto))
lport = list(nm[host][proto].keys())
lport.sort()
for port in lport:
print('port : {0}\tstate : {1}'.format(port, nm[host][proto][port]))
print('----------------------------------------------------')
# print result as CSV
print(nm.csv())
print('----------------------------------------------------')
# If you want to do a pingsweep on network 192.168.1.0/24:
nm.scan(hosts='192.168.0.0/24', arguments='-n -sP -PE -PA21,23,80,3389')
hosts_list = [(x, nm[x]['status']['state']) for x in nm.all_hosts()]
for host, status in hosts_list:
print('{0}:{1}'.format(host, status))
print('----------------------------------------------------')
# Asynchronous usage of PortScannerAsync
nma = nmap.PortScannerAsync()
def callback_result(host, scan_result):
print('------------------')
print(host, scan_result)
nma.scan(hosts='192.168.0.0/30', arguments='-sP', callback=callback_result)
while nma.still_scanning():
print("Waiting ...")
nma.wait(2) # you can do whatever you want but I choose to wait after the end of the scan
if (os.getuid() == 0):
print('----------------------------------------------------')
# Os detection (need root privileges)
nm.scan("127.0.0.1", arguments="-O")
if 'osclass' in nm['127.0.0.1']:
for osclass in nm['127.0.0.1']['osclass']:
print('OsClass.type : {0}'.format(osclass['type']))
print('OsClass.vendor : {0}'.format(osclass['vendor']))
print('OsClass.osfamily : {0}'.format(osclass['osfamily']))
print('OsClass.osgen : {0}'.format(osclass['osgen']))
print('OsClass.accuracy : {0}'.format(osclass['accuracy']))
print('')
if 'osmatch' in nm['127.0.0.1']:
for osmatch in nm['127.0.0.1']['osmatch']:
print('OsMatch.name : {0}'.format(osclass['name']))
print('OsMatch.accuracy : {0}'.format(osclass['accuracy']))
print('OsMatch.line : {0}'.format(osclass['line']))
print('')
if 'fingerprint' in nm['127.0.0.1']:
print('Fingerprint : {0}'.format(nm['127.0.0.1']['fingerprint']))
# Vendor list for MAC address
nm.scan('192.168.0.0/24', arguments='-O')
for h in nm.all_hosts():
if 'mac' in nm[h]['addresses']:
print(nm[h]['addresses'], nm[h]['vendor'])
print('----------------------------------------------------')
# Read output captured to a file
# Example : nmap -oX - -p 22-443 -sV 127.0.0.1 > nmap_output.xml
with open("./nmap_output.xml", "r") as fd:
content = fd.read()
nm.analyse_nmap_xml_scan(content)
print(nm.csv())
print('----------------------------------------------------')
# Progressive scan with generator
nm = nmap.PortScannerYield()
for progressive_result in nm.scan('127.0.0.1/24', '22-25'):
print(progressive_result)