Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move NMap Commands to config.json #74

Open
codingo opened this issue Oct 18, 2018 · 0 comments
Open

Move NMap Commands to config.json #74

codingo opened this issue Oct 18, 2018 · 0 comments
Labels
hacktoberfest help wanted

Comments

@codingo
Copy link
Owner

codingo commented Oct 18, 2018
edited

The nmap commands used by a services scan are currently housed within ./reconnoitre/service_scan.py, at time of raising issue on lines 15 (quickscan) and 28/31 (long UDP/TCP scans with DNS servers found), 37,40 (UDP/TCP no DNS found).

In long form:

    print("[+] Starting quick nmap scan for %s" % (ip_address))
    QUICKSCAN = "nmap -sC -sV %s -oA '%s/%s.quick'" % (ip_address, output_directory, ip_address)
    quickresults = subprocess.check_output(QUICKSCAN, shell=True).decode("utf-8")

    write_recommendations(quickresults, ip_address, output_directory)
    print("[*] TCP quick scans completed for %s" % ip_address)

    if (quick):
        return

    if dns_server:
        print("[+] Starting detailed TCP%s nmap scans for %s using DNS Server %s" % (
            ("" if no_udp_service_scan is True else "/UDP"), ip_address, dns_server))
        print("[+] Using DNS server %s" % (dns_server))
        TCPSCAN = "nmap -vv -Pn -sS -A -sC -p- -T 3 -script-args=unsafe=1 " \
                  "--dns-servers %s -oN '%s/%s.nmap' -oX '%s/%s_nmap_scan_import.xml' %s" % (
                        dns_server, output_directory, ip_address, output_directory, ip_address, ip_address)
        UDPSCAN = "nmap -vv -Pn -A -sC -sU -T 4 --top-ports 200 --max-retries 0 " \
                  "--dns-servers %s -oN '%s/%sU.nmap' -oX '%s/%sU_nmap_scan_import.xml' %s" % (
                        dns_server, output_directory, ip_address, output_directory, ip_address, ip_address)
    else:
        print("[+] Starting detailed TCP%s nmap scans for %s" % (
            ("" if no_udp_service_scan is True else "/UDP"), ip_address))
        TCPSCAN = "nmap -vv -Pn -sS -A -sC -p- -T 3 " \
                  "-script-args=unsafe=1 -n %s -oN '%s/%s.nmap' -oX '%s/%s_nmap_scan_import.xml' %s" % (
                    dns_server, output_directory, ip_address, output_directory, ip_address, ip_address)
        UDPSCAN = "nmap -sC -sV -sU %s -oA '%s/%s-udp'" % (ip_address, output_directory, ip_address)

Ideally, these should be moved into config.json and the hardcoding removed to allow users to more easily change the commands to something more fit for their purpose.

This shouldn't conflict with the code in write_recommendations() within the same file as this code is specifically referencing to the services object:

                    for entry in j["services"][service]["output"]:
                        f.write("   [*] " + entry["description"] + "\n")

                        for cmd in entry["commands"]:
                            f.write(
                                ("      [=] " + cmd + "\n") % {"ip": ip_address, "port": port, "outputdir": outputdir})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
hacktoberfest help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@codingo