Nmap scan

Basic usage

Simple script to scan a network with parallel TCP and UDP scan and save the report into a file. Note that the callback_method is called asynchronous in the scanning thread of each scan method. If you don't need a callback on report finishing just remove the function call argument.

    
#!/usr/bin/python3
    from nmap_scan.NmapArgs import NmapArgs
    from nmap_scan.NmapScanMethods import NmapScanMethods
    from nmap_scan.Scanner import Scanner
    
    args = NmapArgs(['192.168.0.1/24'])
    scanner = Scanner(args)
    
    def callback_method(report, scan_method):
        filename = {
            NmapScanMethods.TCP: 'tcp',
            NmapScanMethods.UDP: 'udp',
        }
    
        report.save('reports/scan-' + filename.get(scan_method) + '.xml')
        report.save_html('reports/scan-' + filename.get(scan_method) + '.html')
        report.save_json('reports/scan-' + filename.get(scan_method) + '.json')
    
    scanner.scan_udp_background(callback_method)
    scanner.scan_tcp_background(callback_method)
    
    # Do other stuff here
    
    scanner.wait_all()

Advanced usage

Simple script to scan multiple networks with different configurations. Each configuration is executed parallel and also each host will be scanned parallel. You can set up the maximum parallel threads per configuration (default 32) so in the following example it will execute nmap within 64 threads. To do so we first will create for each configuration a ping scan with your given hosts and even set pn from your args but all other arguments are ignored for the ping scan. Afterwords for each host it will create a scan thread with your args but update the hosts to the ip of the host resulted by the ping scan. You even can choose, if you want to scan every ip from the host or only the first (default). Of each executed scan (except the ping scan) we will call the callback_method asynchronous as in the simple usage mentored. If you don't need a callback on report finishing just remove the argument in the MultiScannerConfiguration. You can simply get all reports after execution with get_reports()it will automatically wait until the complete scan is finished.

    
#!/usr/bin/python3
    from nmap_scan.MultiScanner import MultiScanner
    from nmap_scan.MultiScannerConfiguration import MultiScannerConfiguration
    from nmap_scan.NmapArgs import NmapArgs
    from nmap_scan.NmapScanMethods import NmapScanMethods
    
    args = NmapArgs(['192.168.0.0/24'])
    args2 = NmapArgs(['192.168.1.0/24'])
    
    def callback_method(ip, report, scan_method):
        filename = {
            NmapScanMethods.TCP: 'tcp',
            NmapScanMethods.UDP: 'udp',
        }
        report.save('reports/' + ip + '_' + filename.get(scan_method) + '.xml')
        report.save_html('reports/' + ip + '_' + filename.get(scan_method) + '.html')
        report.save_json('reports/' + ip + '_' + filename.get(scan_method) + '.json')
    
    configs = [
        MultiScannerConfiguration(nmap_args=args, scan_methods=[NmapScanMethods.TCP, NmapScanMethods.UDP], callback_method=callback_method),
        MultiScannerConfiguration(nmap_args=args2, scan_methods=[NmapScanMethods.TCP], callback_method=callback_method),
    ]
    scanner = MultiScanner(configs)
    scanner.scan_background()
    
    # Do other stuff here
    
    reports = scanner.get_reports()

Debugging

    
#!/usr/bin/python3
    import logging
    logging.basicConfig(level=logging.DEBUG, filename='debug.log')

Hints

We decided to make a few changes in the nmap DTD and also in our script to avoid errors during parsing. We changed the script attribute "output" from required to optional, because not all scipts of nmap set this attribute. Here are the changes:

      <!ATTLIST script
      id        CDATA    #REQUIRED
    - output    CDATA    #REQUIRED
    + output    CDATA    #IMPLIED
      >