Python3-nmap converts Nmap commands into python3 methods

Rationale

There is python-nmap projects out there hosted on bitbucket, which is the basic of our online port scanner at Nmmapper But we wanted to extend our online port scanner with nmap features like running nmap scripts online. The existing projects does it very well, in fact we used the existing python-nmap project to run nmap’s dns-brute script on our subdomain finder tool .

But we wanted something that defines each nmap command and each nmap script as a python3 function that we can call like calling python3 function. for example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 import nmap3
 nmap = nmap3.Nmap()

 result = nmap.nmap_version_detection("nmmapper.com")

 # This is equivalent to nmap's
 # nmap  nmmapper.com  -sV
 # Except we add 'oX' to be /usr/bin/nmap  -oX  -  nmmapper.com  -sV
 #
 # result Output
 [
 {
     "cpe": [
         {
             "cpe": "cpe:/o:linux:linux_kernel"
         }
     ],
     "port": "80",
     "protocol": "tcp",
     "service": {
         "conf": "10",
         "extrainfo": "Ubuntu",
         "method": "probed",
         "name": "http",
         "ostype": "Linux",
         "product": "nginx",
         "version": "1.14.0"
     }
 },
 {
     "cpe": [
         {
             "cpe": "cpe:/o:linux:linux_kernel"
         }
     ],
     "port": "443",
     "protocol": "tcp",
     "service": {
         "conf": "10",
         "extrainfo": "Ubuntu",
         "method": "probed",
         "name": "http",
         "ostype": "Linux",
         "product": "nginx",
         "tunnel": "ssl",
         "version": "1.14.0"
     }
 },
 {
     "cpe": [
         {
             "cpe": "cpe:/o:linux:linux_kernel"
         }
     ],
     "port": "2000",
     "protocol": "tcp",
     "service": {
         "conf": "10",
         "extrainfo": "Ubuntu Linux; protocol 2.0",
         "method": "probed",
         "name": "ssh",
         "ostype": "Linux",
         "product": "OpenSSH",
         "version": "7.6p1 Ubuntu 4ubuntu0.3"
     }
 }
 ]
This python3 program defines each Nmap command
as a python3 method that can be called independently, this makes using nmap in python very easy. Right now the script is not yet complete, because we are still adding more nmap args and commands inside this script, but we are already using this script at Nmmapper’s online port scanner

The following are some of the added commands from nmap and how to use them. In this script.

  • Nmap top port scan
  • Nmap dns-brute-script( to find subdomains and more )
  • Nmap List scan
  • Nmap os detection
  • Nmap Subnet scan
  • Nmap version detection

Nmap Scanning Techniques

TCP SYN Scan (-sS)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 import nmap3
 nmap = nmap3.NmapScanTechniques()

 results = nmap.nmap_syn_scan()

 [
 {
     "port": "53",
     "protocol": "tcp",
     "reason": "syn-ack",
     "reason_ttl": "64",
     "service": {
         "conf": "3",
         "method": "table",
         "name": "domain"
     },
     "state": "open"
 },
 {
     "port": "80",
     "protocol": "tcp",
     "reason": "syn-ack",
     "reason_ttl": "64",
     "service": {
         "conf": "3",
         "method": "table",
         "name": "http"
     },
     "state": "open"
 }
]

TCP connect() scan (-sT)

1
2
3
 import nmap3
 nmap = nmap3.NmapScanTechniques()
 results = nmap.nmap_tcp_scan()

FIN Scan (-sF)

1
2
3
 import nmap3
 nmap = nmap3.NmapScanTechniques()
 results = nmap.nmap_fin_scan()

Ping Scan (-sP)

1
2
3
 import nmap3
 nmap = nmap3.NmapScanTechniques()
 results = nmap.nmap_ping_scan()

Idle Scan (-sI))

1
2
3
 import nmap3
 nmap = nmap3.NmapScanTechniques()
 results = nmap.nmap_idle_scan()

Nmap is a large tool, as you can see python3-nmap provides only things what you could say commonly used nmap features.

NmapHostDiscovery

*def nmap_portscan_only(self, host, args=None)*

def nmap_no_portscan(self, host, args=None):

1
2
3
import nmap3
nmap = nmapp.NmapHostDiscovery()
results = nmap.nmap_no_portscan("your-host")

def nmap_arp_discovery(self, host, args=None):

1
2
3
import nmap3
nmap = nmapp.NmapHostDiscovery()
results = nmap.nmap_arp_discovery("your-host")

def nmap_disable_dns(self, host, args=None):

1
2
3
import nmap3
nmap = nmapp.NmapHostDiscovery()
results = nmap.nmap_disable_dns("your-host")

Using custom nmap command line arguments.

As we said, the script defines each set of nmap command as python function/methods. You can also pass arguments to those methods/function thus extending your capabilities for example.Let’s say we want to scan top ports but also perform version detection .

1
2
3
 import nmap3
 nmap = nmap3.Namp()
 results = nmap3.scan_top_ports("host", args="-sV")
Cross Reading

Wappalyzer online

Whatweb online

Cmseek online

theHarvester online

Become a patreon

Indices and tables