The scanner core

The core section will run the TCP scan using Nmap, then we parse the results, and finally, for all the services that are found, we call the enumerate methods that we talked about previously, as shown in the following list:

  • To execute the TCP scan using Nmap, use the following:
def start_nmap_tcp_scan(ip_address):
    nmap_tcp_command = "nmap -T4 -sS -sV -sC -p- -O --open --osscan-guess --version-all %s" % ip_address
    nmap_tcp_output = execute_cmd ('Nmap TCP Scan', nmap_tcp_command)
    #Parse the nmap scan results
    service_names_list = parse_nmap_output(nmap_tcp_output)
    #Start the enumeration process
    start_enumeration_process(service_names_list,ip_address)
    print_yellow("[!] The Program Scanner Has Finished The Execution (report saved to /reports)")
  • To parse the Nmap output results, use the following:
def parse_nmap_output(nmap_output):
    service_names_list = {}
    nmap_output = nmap_output.split ("
")
    for output_line in nmap_output:
        output_line = output_line.strip ()
        services_list = []
        # if port is opened
        if ("tcp" in output_line) and ("open" in output_line) and not ("Discovered" in output_line):
            # cleanup the spaces
            while "  " in output_line:
                output_line = output_line.replace ("  ", " ")
            # Split the line
            output_line_split = output_line.split (" ")
            # The third part of the split is the service name
            service_name = output_line_split[2]
            # The first part of the split is the port number
            port_number = output_line_split[0]

            # It's time to get the service description
            output_line_split_length = len (output_line_split)
            end_position = output_line_split_length - 1
            current_position = 3
            service_description = ''

            while current_position <= end_position:
                service_description += ' ' + output_line_split[current_position]
                current_position += 1

            # Create the service Object
            service = ServiceDTO (port_number, service_name, service_description)
            # Make sure to add a new service if another one already exists on a different port number
            if service_name in service_names_list:
                # Get the objects that are previously saved
                services_list = service_names_list[service_name]

            services_list.append (service)
            service_names_list[service_name] = services_list

    return service_names_list
  • Start the enumeration process after both the TCP scan and the parsing of the results:
# Start the enumeration process after the TCP scan
def start_enumeration_process(nmap_output_services_list, ip_address):
    enum_output = ''
    for service_name in nmap_output_services_list:
        services = nmap_output_services_list[service_name]
        if service_name == "http":
            for service in services:
                port_number = service.port.split("/")[0]
                enum_output += enum_http(ip_address,port_number)
        elif "ftp" in service_name:
            for service in services:
                port_number = service.port.split ("/")[0]
                enum_output += enum_ftp(ip_address,port_number)

    save_results(enum_output,'./reports', ip_address+".txt")

Again, I invite you to download the source code from GitHub and play with it in your IDE in Kali Linux.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.119.105.239