-
Notifications
You must be signed in to change notification settings - Fork 6
/
portscan.py
95 lines (91 loc) · 3.57 KB
/
portscan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
'''
builds nmap response
'''
import os
import json
import logging
import subprocess
from .utilities import gen_chainconfig
log = logging.getLogger(__name__)
def portdata(port):
log.info('found open port: %s', str(port['@portid']) + '/' + port['@protocol'])
portinf = {
'port': port['@portid'],
'name': None,
'product': None,
'service': None,
'ostype': None,
'cpe': None,
'banner': None,
'hostprints': [],
'shellauthmethods': []
}
if '@name' in port['service']:
portinf['name'] = port['service']['@name']
if '@product' in port['service']:
portinf['product'] = port['service']['@product']
if '@conf' in port['service']:
portinf['confidence'] = port['service']['@conf']
if '@version' in port['service']:
portinf['version'] = port['service']['@version']
if '@ostype' in port['service']:
portinf['ostype'] = port['service']['@ostype']
if 'cpe' in port['service']:
portinf['cpe'] = port['service']['cpe']
if 'script' in port:
for script in port['script']:
try:
if script['@id'] == 'banner':
portinf['banner'] = script['@output']
elif script['@id'] == 'ssh-hostkey':
for line in script['@output'].splitlines():
if line and not line.isspace():
portinf['hostprints'].append(line.strip())
elif script['@id'] == 'ssh-auth-methods':
if 'publickey' in script['@output']:
portinf['shellauthmethods'].append('publickey')
if 'password' in script['@output']:
portinf['shellauthmethods'].append('password')
if 'keyboard-interactive' in script['@output']:
portinf['shellauthmethods'].append('keyboard-interactive')
except TypeError:
log.debug('failed to parse banner script: %f', TypeError)
log.debug(script)
return portinf
def main(fqdn, useragent, usetor=True, max_scanport=20):
command='\
nmap -sT -PN -n -sV --open -oX - --top-ports %s \
--version-intensity 4 --script ssh-hostkey,ssh-auth-methods,banner \
--script-args http.useragent="%s",ssh_hostkey=sha256,md5 %s | xq' % (max_scanport, useragent, fqdn)
if usetor:
gen_chainconfig()
command = 'proxychains4 -f ../proxychains.conf ' + command
log.debug('commencing portscan on %s', fqdn)
log.debug('command: %s', command)
output = subprocess.run(command, shell=True, capture_output=True, text=True, check=True)
scanout = json.loads(output.stdout)
scanout['args'] = scanout['nmaprun']['@args']
if 'host' not in scanout['nmaprun']:
log.info('no open ports discovered?')
return scanout
portarr = scanout['nmaprun']['host']['ports']['port']
log.debug(scanout['nmaprun']['@args'])
if scanout['nmaprun']['host']['status']['@state'] == 'up':
scanout['ports'] = []
if isinstance(portarr, list):
for port in portarr:
pdata = portdata(port)
log.info(pdata)
scanout['ports'].append(pdata)
else:
pdata = portdata(portarr)
log.info(pdata)
scanout['ports'].append(pdata)
else:
log.info('no open ports discovered?')
log.error(scanout)
scanout['time'] = int(float(scanout['nmaprun']['runstats']['finished']['@elapsed']))
log.debug(scanout)
return scanout