From a8bf2f2729fccc7d1cb5b9956f470cfd95fdc169 Mon Sep 17 00:00:00 2001 From: Al Straumann Date: Tue, 1 Oct 2019 19:59:55 -0500 Subject: [PATCH] Add nmap options to config.json. Add Dockerfile. Add requirements.txt for later --- Dockerfile | 15 ++++++++++ Reconnoitre/lib/config.json | 6 ++++ Reconnoitre/lib/file_helper.py | 28 ++++++++++++++++++ Reconnoitre/lib/service_scan.py | 51 +++++++++++++-------------------- requirements.txt | 2 ++ 5 files changed, 71 insertions(+), 31 deletions(-) create mode 100644 Dockerfile create mode 100644 requirements.txt diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..54dd89c --- /dev/null +++ b/Dockerfile @@ -0,0 +1,15 @@ +FROM python:3.7 + + +RUN apt update && \ + apt install git nmap + + +RUN https://github.com/CrimsonK1ng/Reconnoitre.git recon + +WORKDIR /recon + +RUN pip install requirements && python setup.py install + + + diff --git a/Reconnoitre/lib/config.json b/Reconnoitre/lib/config.json index 9becfe6..a67195d 100644 --- a/Reconnoitre/lib/config.json +++ b/Reconnoitre/lib/config.json @@ -1,4 +1,10 @@ { + "nmap": { + "tcpscan": "-vv -Pn --disable-arp-ping -sS -A -sC -p- -T 3 -script-args=unsafe=1", + "quickscan":"-sC -sV -Pn --disable-arp-ping", + "dnsudpscan" : "-vv -Pn --disable-arp-ping -A -sC -sU -T 4 --top-ports 200 --max-retries 0", + "udpscan": "-sC -sV -sU -Pn --disable-arp-ping" + }, "services":{ "http/s":{ "description":"Found HTTP/S service on $ip:$port", diff --git a/Reconnoitre/lib/file_helper.py b/Reconnoitre/lib/file_helper.py index 5f49a23..bb90f4d 100644 --- a/Reconnoitre/lib/file_helper.py +++ b/Reconnoitre/lib/file_helper.py @@ -142,3 +142,31 @@ def write_recommendations(results, ip_address, outputdir): "\n\n[*] Always remember to manually go over the" " portscan report and carefully read between the lines ;)") f.close() + +def get_config_options(key, option): + __location__ = os.path.realpath( + os.path.join( + os.getcwd(), + os.path.dirname(__file__))) + with open(os.path.join(__location__, "config.json"), "r") as config: + c = config.read() + j = json.loads( + c.replace( + "$ip", + "%(ip)s").replace( + "$port", + "%(port)s").replace( + "$outputdir", + "%(outputdir)s")) + + res = j.get(key, None) + + if res is None: + raise KeyError + + res2 = res.get(option, None) + + if res2 is None: + raise KeyError + + return res2 diff --git a/Reconnoitre/lib/service_scan.py b/Reconnoitre/lib/service_scan.py index 0202f62..9918118 100644 --- a/Reconnoitre/lib/service_scan.py +++ b/Reconnoitre/lib/service_scan.py @@ -3,6 +3,7 @@ from Reconnoitre.lib.file_helper import check_directory from Reconnoitre.lib.file_helper import create_dir_structure +from Reconnoitre.lib.file_helper import get_config_options from Reconnoitre.lib.file_helper import load_targets from Reconnoitre.lib.file_helper import write_recommendations from Reconnoitre.lib.subprocess_helper import run_scan @@ -17,8 +18,8 @@ def nmap_scan( ip_address = ip_address.strip() print("[+] Starting quick nmap scan for %s" % (ip_address)) - QUICKSCAN = "nmap -sC -sV -Pn --disable-arp-ping %s -oA '%s/%s.quick'" % ( - ip_address, output_directory, ip_address) + flags = get_config_options('nmap', 'quickscan') + QUICKSCAN = f"nmap {flags} {ip_address} -oA '{output_directory}/{ip_address}.quick'" quickresults = run_scan(QUICKSCAN) write_recommendations(quickresults, ip_address, output_directory) @@ -35,38 +36,26 @@ def nmap_scan( ip_address, dns_server)) print("[+] Using DNS server %s" % (dns_server)) - TCPSCAN = "nmap -vv -Pn --disable-arp-ping -sS -A -sC -p- -T 3 -script-args=unsafe=1 \ - --dns-servers %s -oN '%s/%s.nmap' -oX \ - '%s/%s_nmap_scan_import.xml' %s" % ( - dns_server, - output_directory, - ip_address, - output_directory, - ip_address, - ip_address) - UDPSCAN = "nmap -vv -Pn --disable-arp-ping -A -sC -sU -T 4 --top-ports 200 \ - --max-retries 0 --dns-servers %s -oN '%s/%sU.nmap' \ - -oX '%s/%sU_nmap_scan_import.xml' %s" % ( - dns_server, - output_directory, - ip_address, - output_directory, - ip_address, - ip_address) + flags = get_config_options("nmap", "tcpscan") + TCPSCAN = f"nmap {flags} --dns-servers {dns_server} -oN\ + '{output_directory}/{ip_address}.nmap' -oX\ + '{output_directory}/{ip_address}_nmap_scan_import.xml' {ip_address}" + + flags = get_config_options("nmap", "dnsudpscan") + UDPSCAN = f"nmap {flags} \ + --dns-servers {dns_server} -oN '{output_directory}/{ip_address}U.nmap' \ + -oX '{output_directory}/{ip_address}U_nmap_scan_import.xml' {ip_address}" + else: print("[+] Starting detailed TCP%s nmap scans for %s" % ( ("" if no_udp_service_scan is True else "/UDP"), ip_address)) - TCPSCAN = "nmap -vv -Pn --disable-arp-ping -sS -A -sC -p- -T 3 \ - -script-args=unsafe=1 -n %s -oN '%s/%s.nmap' \ - -oX '%s/%s_nmap_scan_import.xml' %s" % ( - dns_server, - output_directory, - ip_address, - output_directory, - ip_address, - ip_address) - UDPSCAN = "nmap -sC -sV -sU -Pn --disable-arp-ping %s -oA '%s/%s-udp'" % ( - ip_address, output_directory, ip_address) + flags = get_config_options("nmap", "tcpscan") + TCPSCAN = f"nmap {flags} --dns-servers {dns_server} -oN\ + '{output_directory}/{ip_address}.nmap' -oX\ + '{output_directory}/{ip_address}_nmap_scan_import.xml' {ip_address}" + + flags = get_config_options("nmap", "udpscan") + UDPSCAN = f"nmap {flags} {ip_address} -oA '{output_directory}/{ip_address}-udp'" udpresult = "" if no_udp_service_scan is True else run_scan(UDPSCAN) tcpresults = run_scan(TCPSCAN) diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..8194198 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,2 @@ +requests=='*' +