python3-nmap tutorials a quick introduction

Written by wangolow on May 14, 2020 .

Last update on Dec. 11, 2020.

python3-nmap tutorials a quick introduction

A python 3 library which helps in using nmap port scanner. The way this tools works is by defining each nmap command into a python function making it very easy to use sophisticated nmap commands in other python scripts. For example in nmap if you want to scan for common ports you would to something like this

A python 3 library which helps in using nmap port scanner. The way this tools works is by defining each nmap command into a python function making it very easy to use sophisticated nmap commands in other python scripts. Nmap is a complicated piece of software used for reconnaissance on target networks, over the years new features have been added making it more sophisticated. Nmap is a very large tool, and it has lots of commandline arguments also, still python3-nmap supports custom nmap arguments to be passed.

This python nmap script make using nmap in python very easy and painless. For example in nmap if you want to scan for common ports on a network you would to something like this;


$ nmap your-host.com --top-ports 10

Now in this python3-nmap script you would do something like this to achieve similar experience like the nmap command explained above

   import nmap3
   nmap = nmap3.NmapScanTechniques()
   result = nmap.nmap_tcp_scan("192.168.178.1")

import nmap3
nmap = nmap3.Nmap()
results = nmap.scan_top_ports("your-host.com")
# And you would get your results in js

As you can see how easy it realy is. You will notice each nmap command is defined as a python function/method. this make it easy to remember this in python and easily use them. Again in nmap if you want to use the famous dns-brute script you would do something like this;


$ nmap your-host.com  --script dns-brute.nse

To achieve a similar experience in this python3 script again it's very easy you just do something like this, remember each command is defined as python fuction or method.

import nmap3
nmap = nmap3.Nmap()
results = nmap.nmap_dns_brute_script("your-host.com")

# And you would get your results in json
[
    {
        "address": "mail.your-host.com",
        "hostname": "68.65.122.10"
    },
    {
        "address": "www.your-host.com",
        "hostname": "5.189.129.43"
    }
]

Quick python3-nmap tutorial how to is it

Here is a quick tutorial on how to use this python3-nmap remember Using this scripts is very easy, though it assumes you have nmap already installed, as it is the primary dependence required. Also this tools supports both windows and linux, it's cross platform so to say.

Installation

$ pip3 install python3-nmap
$
# or
$ git clone https://github.com/wangoloj/python3-nmap.git

# Install nmap online

$ apt-get install nmap

# That's all is needed to get started

Something that you should also not is in nmap some commands require root privileges for example the command to identify OS requires root privileges;

$ nmap -O your-host.com

TCP/IP fingerprinting (for OS scan) requires root privileges.
QUITTING!
# Until you sudo

$ sudo nmap -O your-host.com

It is also the same applies to the script to be able to run the os identifier you have to be a super user. Unles you have a work around.

How to use the script to identify OS

import nmap3
nmap = nmap3.Nmap()
os_results = nmap.nmap_os_detection("192.168.178.2") # MOST BE ROOT

[
    {
        "accuracy": "100",
        "cpe": "cpe:/o:linux:linux_kernel:2.6",
        "line": "45249",
        "name": "Linux 2.6.14 - 2.6.34",
        "osclass": {
            "accuracy": "100",
            "osfamily": "Linux",
            "osgen": "2.6.X",
            "type": "general purpose",
            "vendor": "Linux"
        }
    },
    {
        "accuracy": "100",
        "cpe": "cpe:/o:linux:linux_kernel:2.6.17",
        "line": "45775",
        "name": "Linux 2.6.17",
        "osclass": {
            "accuracy": "100",
            "osfamily": "Linux",
            "osgen": "2.6.X",
            "type": "general purpose",
            "vendor": "Linux"
        }
    },
    {
        "accuracy": "100",
        "cpe": "cpe:/o:linux:linux_kernel:2.6.17",
        "line": "45811",
        "name": "Linux 2.6.17 (Mandriva)",
        "osclass": {
            "accuracy": "100",
            "osfamily": "Linux",
            "osgen": "2.6.X",
            "type": "general purpose",
            "vendor": "Linux"
        }
    },
    {
        "accuracy": "100",
        "cpe": "cpe:/o:linux:linux_kernel:3.13",
        "line": "60884",
        "name": "Linux 3.13",
        "osclass": {
            "accuracy": "100",
            "osfamily": "Linux",
            "osgen": "3.X",
            "type": "general purpose",
            "vendor": "Linux"
        }
    }
]

Component of python3-nmap

The script is made of of the following classes, each holding different nmap abilities and scan types. You may not find everything nmap offers here;

Nmap
NmapHostDiscovery
NmapScanTechniques

Identifying Service versions

To identify service version in you can run this kind of command

$ nmap 192.168.178.1  -sV

Now let's look at how to can achive the same in our script

import nmap3
nmap = nmap3.Nmap()
version_result = nmap.nmap_version_detection("your-host.com")

[
    {
        "cpe": [
            {
                "cpe": "cpe:/o:linux:linux_kernel"
            }
        ],
        "port": "80",
        "protocol": "tcp",
        "service": {
            "conf": "10",
            "extrainfo": "Ubuntu",
            "method": "probed",
            "name": "http",
            "ostype": "Linux",
            "product": "nginx",
            "version": "1.14.0"
        }
    },
    {
        "cpe": [
            {
                "cpe": "cpe:/o:linux:linux_kernel"
            }
        ],
        "port": "443",
        "protocol": "tcp",
        "service": {
            "conf": "10",
            "extrainfo": "Ubuntu",
            "method": "probed",
            "name": "http",
            "ostype": "Linux",
            "product": "nginx",
            "tunnel": "ssl",
            "version": "1.14.0"
        }
    },
    {
        "cpe": [
            {
                "cpe": "cpe:/o:linux:linux_kernel"
            }
        ],
        "port": "2000",
        "protocol": "tcp",
        "service": {
            "conf": "10",
            "extrainfo": "Ubuntu Linux; protocol 2.0",
            "method": "probed",
            "name": "ssh",
            "ostype": "Linux",
            "product": "OpenSSH",
            "version": "7.6p1 Ubuntu 4ubuntu0.3"
        }
    }
]

Class Component Nmap available commands

Some of the available commands in the script class Nmap are the following

Nmap top port scan

import nmap3
nmap = nmap3.Nmap()
results = nmap.scan_top_ports("your-host")

Nmap dns.brute.script(to get subdmains)

 import nmap3
 nmap = nmap3.Nmap()
 results = nmap.nmap_dns_brute_script("domain")

Nmap list can

import nmap3
nmap = nmap3.Nmap()
results = nmap.nmap_list_scan("your-host")

Nmap Scanning Techniques

The script offers nmap scan techniques also as python function/methods

nmap_fin_scan

import nmap3
nmap = nmap3.NmapScanTechniques()
result = nmap.nmap_fin_scan("192.168.178.1")

nmap_idle_scan

import nmap3
nmap = nmap3.NmapScanTechniques()
result = nmap.nmap_idle_scan("192.168.178.1")

nmap_ping_scan

   import nmap3
   nmap = nmap3.NmapScanTechniques()
   result = nmap.nmap_ping_scan("192.168.178.1")

nmap_syn_scan

   import nmap3
   nmap = nmap3.NmapScanTechniques()
   result = nmap.nmap_syn_scan("192.168.178.1")

nmap_tcp_scan

   import nmap3
   nmap = nmap3.NmapScanTechniques()
   result = nmap.nmap_tcp_scan("192.168.178.1")

nmap_udp_scan

import nmap3
   nmap = nmap3.NmapScanTechniques()
   result = nmap.nmap_udp_scan("192.168.178.1")

Comments

Comments are closed.