Skip to main content

Python3-nmap converts Nmap commands into python3 methods making it very easy to use nmap in any of your python pentesting projects

Project description

python3-nmap

A python 3 library which helps in using nmap port scanner. The way this tools works is by defining each nmap command into a python function making it very easy to use sophisticated nmap commands in other python scripts. Nmap is a complicated piece of software used for reconnaissance on target networks, over the years new features have been added making it more sophisticated.

With this python3-nmap we make using nmap in python very easy and painless

For example in nmap if you want to scan for common ports you would to something like this

$ nmap your-host.com --top-ports 10

But in this python3-nmap script you would do something like this

import nmap3
nmap = nmap3.Nmap()
results = nmap.scan_top_ports("your-host.com")
# And you would get your results in json

You will notice each nmap command is defined as a python function/method. this make it easy to remember this in python and easily use them.

Again in nmap if you want to use the famous dns-brute script you would do something like this

$ nmap your-host.com  --script dns-brute.nse

But in this python3 script again it's very easy you just do something like this

import nmap3
nmap = nmap3.Nmap()
results = nmap.nmap_dns_brute_script("your-host.com")

# And you would get your results in json
[
    {
        "address": "mail.your-host.com",
        "hostname": "68.65.122.10"
    },
    {
        "address": "www.your-host.com",
        "hostname": "5.189.129.43"
    }
]

How to use python3-nmap

Using this scripts is very easy, though it assumes you have nmap already installed, as it is the primary dependence required. Also this tools supports both windows and linux, it's cross platform so to say.

Installation

$ git clone https://github.com/wangoloj/python3-nmap.git

$ pip3 install -r requirements.txt

# Install nmap online

$ apt-get install nmap

# That's all is needed to get started

In nmap some commands require root privileges for example the command to identify OS requires root privileges;

$ nmap -O your-host.com

TCP/IP fingerprinting (for OS scan) requires root privileges.
QUITTING!
# Until you sudo

$ sudo nmap -O your-host.com

The same applies to the script to be able to run the os identifier you have to be a super user.

How to use the script to identify OS

import nmap3
nmap = nmap3.Nmap()
os_results = nmap.nmap_os_detection("192.168.178.2") # MOST BE ROOT
[
    {
        "accuracy": "100",
        "cpe": "cpe:/o:linux:linux_kernel:2.6",
        "line": "45249",
        "name": "Linux 2.6.14 - 2.6.34",
        "osclass": {
            "accuracy": "100",
            "osfamily": "Linux",
            "osgen": "2.6.X",
            "type": "general purpose",
            "vendor": "Linux"
        }
    },
    {
        "accuracy": "100",
        "cpe": "cpe:/o:linux:linux_kernel:2.6.17",
        "line": "45775",
        "name": "Linux 2.6.17",
        "osclass": {
            "accuracy": "100",
            "osfamily": "Linux",
            "osgen": "2.6.X",
            "type": "general purpose",
            "vendor": "Linux"
        }
    },
    {
        "accuracy": "100",
        "cpe": "cpe:/o:linux:linux_kernel:2.6.17",
        "line": "45811",
        "name": "Linux 2.6.17 (Mandriva)",
        "osclass": {
            "accuracy": "100",
            "osfamily": "Linux",
            "osgen": "2.6.X",
            "type": "general purpose",
            "vendor": "Linux"
        }
    },
    {
        "accuracy": "100",
        "cpe": "cpe:/o:linux:linux_kernel:3.13",
        "line": "60884",
        "name": "Linux 3.13",
        "osclass": {
            "accuracy": "100",
            "osfamily": "Linux",
            "osgen": "3.X",
            "type": "general purpose",
            "vendor": "Linux"
        }
    }
]

Class components of python3-nmap

The script is made of up the following classes, each holding different nmap abilities and scan types.

  • Nmap
  • NmapHostDiscovery
  • NmapScanTechniques

Identifying service version

In nmap if you want to identify versions you would run this kind of command

$ nmap 192.168.178.1  -sV

In this python script you would do something like this

import nmap3
nmap = nmap3.Nmap()
version_result = nmap.nmap_version_detection("your-host.com")
[
    {
        "cpe": [
            {
                "cpe": "cpe:/o:linux:linux_kernel"
            }
        ],
        "port": "80",
        "protocol": "tcp",
        "service": {
            "conf": "10",
            "extrainfo": "Ubuntu",
            "method": "probed",
            "name": "http",
            "ostype": "Linux",
            "product": "nginx",
            "version": "1.14.0"
        }
    },
    {
        "cpe": [
            {
                "cpe": "cpe:/o:linux:linux_kernel"
            }
        ],
        "port": "443",
        "protocol": "tcp",
        "service": {
            "conf": "10",
            "extrainfo": "Ubuntu",
            "method": "probed",
            "name": "http",
            "ostype": "Linux",
            "product": "nginx",
            "tunnel": "ssl",
            "version": "1.14.0"
        }
    },
    {
        "cpe": [
            {
                "cpe": "cpe:/o:linux:linux_kernel"
            }
        ],
        "port": "2000",
        "protocol": "tcp",
        "service": {
            "conf": "10",
            "extrainfo": "Ubuntu Linux; protocol 2.0",
            "method": "probed",
            "name": "ssh",
            "ostype": "Linux",
            "product": "OpenSSH",
            "version": "7.6p1 Ubuntu 4ubuntu0.3"
        }
    }
]

Nmap commands available

The following nmaps commands have been added to the following scripts

  • get Nmap version details
    import nmap3
    nmap = nmap3.Nmap()
    results = nmap.nmap_version()
    
  • Nmap top port scan
    import nmap3
    nmap = nmap3.Nmap()
    results = nmap.scan_top_ports("your-host")
    
  • Nmap Dns-brute-script( to get subdomains )
   import nmap3
   nmap = nmap3.Nmap()
   results = nmap.nmap_dns_brute_script("domain")
  • Nmap list scan
   import nmap3
   nmap = nmap3.Nmap()
   results = nmap.nmap_list_scan("your-host")
  • Nmap Os detection
  import nmap3
  nmap = nmap3.Nmap()
  results = nmap.nmap_os_detection("your-host");
  • Nmap subnet scan
   import nmap3
   nmap = nmap3.Nmap()
   results = nmap.nmap_subnet_scan("your-host") #Must be root
  • Nmap version detection
   import nmap3
   nmap = nmap3.Nmap()
   results = nmap.nmap_version_detection("your-host") # Must be root

Nmap Scanning Techniques

The script offers nmap scan techniques also as python function/methods

  • nmap_fin_scan

    import nmap3
    nmap = nmap3.NmapScanTechniques()
    result = nmap.nmap_fin_scan("192.168.178.1")
    
  • nmap_idle_scan

   import nmap3
   nmap = nmap3.NmapScanTechniques()
   result = nmap.nmap_idle_scan("192.168.178.1")
  • nmap_ping_scan
   import nmap3
   nmap = nmap3.NmapScanTechniques()
   result = nmap.nmap_ping_scan("192.168.178.1")
  • nmap_syn_scan
   import nmap3
   nmap = nmap3.NmapScanTechniques()
   result = nmap.nmap_syn_scan("192.168.178.1")
  • nmap_tcp_scan
   import nmap3
   nmap = nmap3.NmapScanTechniques()
   result = nmap.nmap_tcp_scan("192.168.178.1")
  • nmap_udp_scan
   import nmap3
   nmap = nmap3.NmapScanTechniques()
   result = nmap.nmap_udp_scan("192.168.178.1")

Supporting the nmap host discovery

The script also offers support for map Added Nmap Host discovery techniques still as python function/methods

  • Only port scan (-Pn)
  • Only host discover (-sn)
  • Arp discovery on a local network (-PR)
  • Disable DNS resolution (-n)

NmapHostDiscovery

  • def nmap_portscan_only(self, host, args=None)
   import nmap3
   nmap = nmap3.NmapHostDiscovery()
   results = nmap.nmap_portscan_only("your-host")
  • def nmap_no_portscan(self, host, args=None):
   import nmap3
   nmap = nmap3.NmapHostDiscovery()
   results = nmap.nmap_no_portscan("your-host")
  • def nmap_arp_discovery(self, host, args=None):
  import nmap3
  nmap = nmap3.NmapHostDiscovery()
  results = nmap.nmap_arp_discovery("your-host")
  • def nmap_disable_dns(self, host, args=None):
  import nmap3
  nmap = nmap3.NmapHostDiscovery()
  results = nmap.nmap_disable_dns("your-host")

Nmap is a large tool, as you can see python3-nmap provides only things what you could say commonly used nmap features.

Using custom nmap command line arguments.

As we said, the script defines each set of nmap command as python function/methods. You can also pass arguments to those methods/function thus extending your capabilities for example. Let's say we want to scan top ports but also perform version detection .

   import nmap3
   nmap = nmap3.Nmap()
   results = nmap.scan_top_ports("host", args="-sV")

Using the nmap vulners script to identify vulnerabilities (CVE's)

You scan the the target IP using version detection ('-sV') to get the service and, the script performs a lookup in the CVE database. The nmap vulners script is part of the default Nmap installation, so you shouldn't need to install any other packages.

   import nmap3
   nmap = nmap3.Nmap()
   ressults = nmap_version_detection("host", args="--script vulners --script-args mincvss+5.0")

Cross-Selling

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

python3-nmap-1.5.2.tar.gz (14.6 kB view details)

Uploaded Source

Built Distributions

python3_nmap-1.5.2-py3.8.egg (26.0 kB view details)

Uploaded Egg

python3_nmap-1.5.2-py3-none-any.whl (26.1 kB view details)

Uploaded Python 3

File details

Details for the file python3-nmap-1.5.2.tar.gz.

File metadata

  • Download URL: python3-nmap-1.5.2.tar.gz
  • Upload date:
  • Size: 14.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.8.10

File hashes

Hashes for python3-nmap-1.5.2.tar.gz
Algorithm Hash digest
SHA256 c7eb57565f8eabc3ad8ffa957b9d23e555d9fcc8c118797f656f8c43ad0095a2
MD5 0de991be3e5f9a58349c4952d1dd41fa
BLAKE2b-256 e965e2c6fe7c255196eb794a3bafd62015106cf095c619efd1710f91844fd0d7

See more details on using hashes here.

File details

Details for the file python3_nmap-1.5.2-py3.8.egg.

File metadata

  • Download URL: python3_nmap-1.5.2-py3.8.egg
  • Upload date:
  • Size: 26.0 kB
  • Tags: Egg
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.8.10

File hashes

Hashes for python3_nmap-1.5.2-py3.8.egg
Algorithm Hash digest
SHA256 3c310709483be863f8cf38f57a1df7cdcbefeec37372f2b6543b48964f2cd167
MD5 5e171637af5f42e12bbd430d43722d63
BLAKE2b-256 845722427e3a84de9a77022533f886f18082fa8822e618c8b23587f33867c06c

See more details on using hashes here.

File details

Details for the file python3_nmap-1.5.2-py3-none-any.whl.

File metadata

  • Download URL: python3_nmap-1.5.2-py3-none-any.whl
  • Upload date:
  • Size: 26.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.0 CPython/3.8.10

File hashes

Hashes for python3_nmap-1.5.2-py3-none-any.whl
Algorithm Hash digest
SHA256 09668e86ed072dcc7117fdcf0fed786f10bcf2721c3326fc1359f9984d88ba6e
MD5 bcc35ad89f472c4dd7f562c9453a5c33
BLAKE2b-256 d8fe97f26c69a50c4b16dad51311d7ebc7c596466db2e40e0e424189ec666836

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page