A python 3 library which helps in using nmap port scanner. The way this tools works is by defining each nmap command into a python function making it very easy to use sophisticated nmap commands in other python scripts. Nmap is a complicated piece of software used for reconnaissance on target networks, over the years new features have been added making it more sophisticated. Nmap is a very large tool, and it has lots of commandline arguments also, still python3-nmap supports custom nmap arguments to be passed.
This python nmap script make using nmap in python very easy and painless. For example in nmap if you want to scan for common ports on a network you would to something like this;
$ nmap your-host.com --top-ports 10
Now in this python3-nmap script you would do something like this to achieve similar experience like the nmap command explained above
import nmap3
nmap = nmap3.NmapScanTechniques()
result = nmap.nmap_tcp_scan("192.168.178.1")
import nmap3
nmap = nmap3.Nmap()
results = nmap.scan_top_ports("your-host.com")
# And you would get your results in js
As you can see how easy it realy is. You will notice each nmap command is defined as a python function/method. this make it easy to remember this in python and easily use them. Again in nmap if you want to use the famous dns-brute script you would do something like this;
$ nmap your-host.com --script dns-brute.nse
To achieve a similar experience in this python3 script again it's very easy you just do something like this, remember each command is defined as python fuction or method.
import nmap3
nmap = nmap3.Nmap()
results = nmap.nmap_dns_brute_script("your-host.com")
# And you would get your results in json
[
{
"address": "mail.your-host.com",
"hostname": "68.65.122.10"
},
{
"address": "www.your-host.com",
"hostname": "5.189.129.43"
}
]
Quick python3-nmap tutorial how to is it
Here is a quick tutorial on how to use this python3-nmap remember Using this scripts is very easy, though it assumes you have nmap already installed, as it is the primary dependence required. Also this tools supports both windows and linux, it's cross platform so to say.
Installation
$ pip3 install python3-nmap
$
# or
$ git clone https://github.com/wangoloj/python3-nmap.git
# Install nmap online
$ apt-get install nmap
# That's all is needed to get started
Something that you should also not is in nmap some commands require root privileges for example the command to identify OS requires root privileges;
$ nmap -O your-host.com
TCP/IP fingerprinting (for OS scan) requires root privileges.
QUITTING!
# Until you sudo
$ sudo nmap -O your-host.com
It is also the same applies to the script to be able to run the os identifier you have to be a super user. Unles you have a work around.
How to use the script to identify OS
import nmap3
nmap = nmap3.Nmap()
os_results = nmap.nmap_os_detection("192.168.178.2") # MOST BE ROOT
[
{
"accuracy": "100",
"cpe": "cpe:/o:linux:linux_kernel:2.6",
"line": "45249",
"name": "Linux 2.6.14 - 2.6.34",
"osclass": {
"accuracy": "100",
"osfamily": "Linux",
"osgen": "2.6.X",
"type": "general purpose",
"vendor": "Linux"
}
},
{
"accuracy": "100",
"cpe": "cpe:/o:linux:linux_kernel:2.6.17",
"line": "45775",
"name": "Linux 2.6.17",
"osclass": {
"accuracy": "100",
"osfamily": "Linux",
"osgen": "2.6.X",
"type": "general purpose",
"vendor": "Linux"
}
},
{
"accuracy": "100",
"cpe": "cpe:/o:linux:linux_kernel:2.6.17",
"line": "45811",
"name": "Linux 2.6.17 (Mandriva)",
"osclass": {
"accuracy": "100",
"osfamily": "Linux",
"osgen": "2.6.X",
"type": "general purpose",
"vendor": "Linux"
}
},
{
"accuracy": "100",
"cpe": "cpe:/o:linux:linux_kernel:3.13",
"line": "60884",
"name": "Linux 3.13",
"osclass": {
"accuracy": "100",
"osfamily": "Linux",
"osgen": "3.X",
"type": "general purpose",
"vendor": "Linux"
}
}
]
Component of python3-nmap
The script is made of of the following classes, each holding different nmap abilities and scan types. You may not find everything nmap offers here;
- Nmap
- NmapHostDiscovery
- NmapScanTechniques
Identifying Service versions
To identify service version in you can run this kind of command
$ nmap 192.168.178.1 -sV
Now let's look at how to can achive the same in our script
import nmap3
nmap = nmap3.Nmap()
version_result = nmap.nmap_version_detection("your-host.com")
[
{
"cpe": [
{
"cpe": "cpe:/o:linux:linux_kernel"
}
],
"port": "80",
"protocol": "tcp",
"service": {
"conf": "10",
"extrainfo": "Ubuntu",
"method": "probed",
"name": "http",
"ostype": "Linux",
"product": "nginx",
"version": "1.14.0"
}
},
{
"cpe": [
{
"cpe": "cpe:/o:linux:linux_kernel"
}
],
"port": "443",
"protocol": "tcp",
"service": {
"conf": "10",
"extrainfo": "Ubuntu",
"method": "probed",
"name": "http",
"ostype": "Linux",
"product": "nginx",
"tunnel": "ssl",
"version": "1.14.0"
}
},
{
"cpe": [
{
"cpe": "cpe:/o:linux:linux_kernel"
}
],
"port": "2000",
"protocol": "tcp",
"service": {
"conf": "10",
"extrainfo": "Ubuntu Linux; protocol 2.0",
"method": "probed",
"name": "ssh",
"ostype": "Linux",
"product": "OpenSSH",
"version": "7.6p1 Ubuntu 4ubuntu0.3"
}
}
]
Class Component Nmap available commands
Some of the available commands in the script class Nmap are the following
- Nmap top port scan
import nmap3 nmap = nmap3.Nmap() results = nmap.scan_top_ports("your-host")
- Nmap dns.brute.script(to get subdmains)
import nmap3 nmap = nmap3.Nmap() results = nmap.nmap_dns_brute_script("domain")
- Nmap list can
import nmap3 nmap = nmap3.Nmap() results = nmap.nmap_list_scan("your-host")
Nmap Scanning Techniques
The script offers nmap scan techniques also as python function/methods
-
nmap_fin_scan
import nmap3 nmap = nmap3.NmapScanTechniques() result = nmap.nmap_fin_scan("192.168.178.1")
-
nmap_idle_scan
import nmap3
nmap = nmap3.NmapScanTechniques()
result = nmap.nmap_idle_scan("192.168.178.1")
- nmap_ping_scan
import nmap3
nmap = nmap3.NmapScanTechniques()
result = nmap.nmap_ping_scan("192.168.178.1")
- nmap_syn_scan
import nmap3
nmap = nmap3.NmapScanTechniques()
result = nmap.nmap_syn_scan("192.168.178.1")
- nmap_tcp_scan
import nmap3
nmap = nmap3.NmapScanTechniques()
result = nmap.nmap_tcp_scan("192.168.178.1")
- nmap_udp_scan
import nmap3
nmap = nmap3.NmapScanTechniques()
result = nmap.nmap_udp_scan("192.168.178.1")
Comments
Comments are closed.