mirror of https://github.com/avast/PurpleDome
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
80 lines
2.3 KiB
Python
80 lines
2.3 KiB
Python
4 years ago
|
#!/usr/bin/env python3
|
||
|
|
|
||
|
|
# A plugin to nmap targets
|
||
|
|
|
||
|
|
from plugins.base.kali import KaliPlugin
|
||
|
|
|
||
|
|
|
||
|
|
# TODO All scan patterns need explicit logging into the attack log !
|
||
|
|
# TODO: Add config for subnet range for ping sweeps
|
||
|
|
# TODO: Add IP exclusion --exclude ip,ip,ip to not accidentially scan non-targets
|
||
|
|
# TODO: host discovery Ping scan: -sn
|
||
|
|
# TODO: host discovery PE/PP/PM
|
||
|
|
# TODO: host discovery PS/PA/PU/PY
|
||
|
|
# TODO: host discovery reverse DNS resolution
|
||
|
|
# TODO OS identification
|
||
|
|
# TODO service discovery
|
||
|
|
# TODO stealth scans
|
||
|
|
# TODO firewall evasion
|
||
|
|
# TODO service fingerprinting
|
||
|
|
# TODO udp scans -sU
|
||
|
|
# TODO TCP SYN scan: -sS
|
||
|
|
# TODO TCP connect scan: -sT
|
||
|
|
# TODO port scan without prior ping (this is to avoid triggering firewall logic): -Pn
|
||
|
|
|
||
|
|
class NmapPlugin(KaliPlugin):
|
||
|
|
|
||
|
|
# Boilerplate
|
||
|
|
name = "nmap"
|
||
|
|
description = "NMap scan the target"
|
||
|
|
ttp = "T1595"
|
||
|
|
references = ["https://attack.mitre.org/techniques/T1595/"]
|
||
|
|
|
||
|
|
required_files = [] # Files shipped with the plugin which are needed by the kali tool. Will be copied to the kali share
|
||
|
|
|
||
|
|
def __init__(self):
|
||
|
|
super().__init__()
|
||
|
|
self.plugin_path = __file__
|
||
|
|
|
||
|
|
def process_config(self, config):
|
||
|
|
""" process config and use defaults if stuff is missing
|
||
|
|
|
||
|
|
@param config: The config dict
|
||
|
|
"""
|
||
|
|
# TODO Create kali specific config class, send this to the plugins
|
||
|
|
# TODO: NMap specific config should be added. So far we only have the basic scan
|
||
|
|
|
||
|
|
def command(self, targets, config):
|
||
|
|
""" Generate the command (having a separate step assists on debugging)
|
||
|
|
|
||
|
|
@param targets: A list of targets, ip addresses will do
|
||
|
|
@param config: dict with command specific configuration
|
||
|
|
"""
|
||
|
|
|
||
|
|
# Set defaults if not present in config
|
||
|
|
self.process_config(config)
|
||
|
|
playground = self.machine_plugin.get_playground()
|
||
|
|
|
||
|
|
# Generate command
|
||
|
|
cmd = f"cd {playground};"
|
||
|
|
# cmd += "sudo apt -y install nmap;"
|
||
|
|
for t in targets:
|
||
|
|
cmd += f"nmap {t};"
|
||
|
|
|
||
|
|
return cmd
|
||
|
|
|
||
|
|
def run(self, targets, config):
|
||
|
|
""" Run the command
|
||
|
|
|
||
|
|
@param targets: A list of targets, ip addresses will do
|
||
|
|
@param config: dict with command specific configuration
|
||
|
|
"""
|
||
|
|
|
||
|
|
res = ""
|
||
|
|
|
||
|
|
cmd = self.command(targets, config)
|
||
|
|
|
||
|
|
res += self.run_cmd(cmd) or ""
|
||
|
|
|
||
|
|
return res
|