Reconnoitre icon indicating copy to clipboard operation
Reconnoitre copied to clipboard

Published 20 hours ago verified publisher icon codingo

Move NMap Commands to config.json

Open codingo opened this issue 7 years ago • 0 comments

The nmap commands used by a services scan are currently housed within ./reconnoitre/service_scan.py, at time of raising issue on lines 15 (quickscan) and 28/31 (long UDP/TCP scans with DNS servers found), 37,40 (UDP/TCP no DNS found).

In long form:

    print("[+] Starting quick nmap scan for %s" % (ip_address))
    QUICKSCAN = "nmap -sC -sV %s -oA '%s/%s.quick'" % (ip_address, output_directory, ip_address)
    quickresults = subprocess.check_output(QUICKSCAN, shell=True).decode("utf-8")

    write_recommendations(quickresults, ip_address, output_directory)
    print("[*] TCP quick scans completed for %s" % ip_address)

    if (quick):
        return

    if dns_server:
        print("[+] Starting detailed TCP%s nmap scans for %s using DNS Server %s" % (
            ("" if no_udp_service_scan is True else "/UDP"), ip_address, dns_server))
        print("[+] Using DNS server %s" % (dns_server))
        TCPSCAN = "nmap -vv -Pn -sS -A -sC -p- -T 3 -script-args=unsafe=1 " \
                  "--dns-servers %s -oN '%s/%s.nmap' -oX '%s/%s_nmap_scan_import.xml' %s" % (
                        dns_server, output_directory, ip_address, output_directory, ip_address, ip_address)
        UDPSCAN = "nmap -vv -Pn -A -sC -sU -T 4 --top-ports 200 --max-retries 0 " \
                  "--dns-servers %s -oN '%s/%sU.nmap' -oX '%s/%sU_nmap_scan_import.xml' %s" % (
                        dns_server, output_directory, ip_address, output_directory, ip_address, ip_address)
    else:
        print("[+] Starting detailed TCP%s nmap scans for %s" % (
            ("" if no_udp_service_scan is True else "/UDP"), ip_address))
        TCPSCAN = "nmap -vv -Pn -sS -A -sC -p- -T 3 " \
                  "-script-args=unsafe=1 -n %s -oN '%s/%s.nmap' -oX '%s/%s_nmap_scan_import.xml' %s" % (
                    dns_server, output_directory, ip_address, output_directory, ip_address, ip_address)
        UDPSCAN = "nmap -sC -sV -sU %s -oA '%s/%s-udp'" % (ip_address, output_directory, ip_address)

Ideally, these should be moved into config.json and the hardcoding removed to allow users to more easily change the commands to something more fit for their purpose.

This shouldn't conflict with the code in write_recommendations() within the same file as this code is specifically referencing to the services object:

                    for entry in j["services"][service]["output"]:
                        f.write("   [*] " + entry["description"] + "\n")

                        for cmd in entry["commands"]:
                            f.write(
                                ("      [=] " + cmd + "\n") % {"ip": ip_address, "port": port, "outputdir": outputdir})

codingo avatar Oct 18 '18 13:10 codingo