ronin-scanners 0.1.4 → 1.0.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +4 -0
- data/.gemtest +0 -0
- data/.gitignore +11 -0
- data/.rspec +1 -0
- data/.yardopts +2 -0
- data/COPYING.txt +339 -0
- data/{History.txt → ChangeLog.md} +7 -7
- data/Gemfile +45 -0
- data/README.md +125 -0
- data/Rakefile +39 -14
- data/bin/ronin-scan-dork +20 -0
- data/bin/ronin-scan-nmap +20 -0
- data/bin/ronin-scan-proxies +20 -0
- data/bin/ronin-scan-spider +20 -0
- data/bin/ronin-scanner +20 -0
- data/bin/ronin-scanners +13 -5
- data/gemspec.yml +31 -0
- data/lib/ronin/database/migrations/scanners.rb +25 -0
- data/lib/ronin/database/migrations/scanners/1.0.0.rb +51 -0
- data/lib/ronin/scanners.rb +7 -5
- data/lib/ronin/scanners/dork.rb +173 -0
- data/lib/ronin/scanners/host_name_scanner.rb +67 -0
- data/lib/ronin/scanners/http_scanner.rb +195 -0
- data/lib/ronin/scanners/ip_scanner.rb +75 -0
- data/lib/ronin/scanners/nmap.rb +303 -5
- data/lib/ronin/scanners/{nikto/nikto.rb → proxies.rb} +11 -26
- data/lib/ronin/scanners/resolv_scanner.rb +73 -0
- data/lib/ronin/scanners/reverse_lookup_scanner.rb +76 -0
- data/lib/ronin/scanners/scanner.rb +371 -0
- data/lib/ronin/scanners/{nikto.rb → scanners.rb} +8 -5
- data/lib/ronin/scanners/site_map.rb +62 -0
- data/lib/ronin/scanners/spider.rb +117 -0
- data/lib/ronin/scanners/tcp_port_scanner.rb +72 -0
- data/lib/ronin/scanners/udp_port_scanner.rb +72 -0
- data/lib/ronin/scanners/url_scanner.rb +79 -0
- data/lib/ronin/scanners/version.rb +3 -4
- data/lib/ronin/ui/cli/commands/scan/dork.rb +39 -0
- data/lib/ronin/ui/cli/commands/scan/nmap.rb +105 -0
- data/lib/ronin/ui/cli/commands/scan/proxies.rb +82 -0
- data/lib/ronin/ui/cli/commands/scan/spider.rb +71 -0
- data/lib/ronin/ui/cli/commands/scanner.rb +43 -0
- data/lib/ronin/ui/cli/scanner_command.rb +118 -0
- data/ronin-scanners.gemspec +60 -0
- data/spec/scanners/host_name_scanner_spec.rb +24 -0
- data/spec/scanners/ip_scanner_spec.rb +24 -0
- data/spec/scanners/resolv_scanner_spec.rb +26 -0
- data/spec/scanners/reverse_lookup_scanner_spec.rb +26 -0
- data/spec/scanners/scanner_spec.rb +89 -0
- data/spec/scanners/scanners_spec.rb +9 -0
- data/spec/scanners/tcp_port_scanner_spec.rb +27 -0
- data/spec/scanners/udp_port_scanner_spec.rb +27 -0
- data/spec/scanners/url_scanner_spec.rb +37 -0
- data/spec/spec_helper.rb +4 -3
- metadata +261 -116
- data.tar.gz.sig +0 -1
- data/Manifest.txt +0 -16
- data/README.txt +0 -106
- data/lib/ronin/scanners/nikto/nikto_task.rb +0 -183
- data/lib/ronin/scanners/nmap/nmap.rb +0 -74
- data/lib/ronin/scanners/nmap/nmap_task.rb +0 -290
- data/spec/scanners_spec.rb +0 -11
- data/tasks/spec.rb +0 -9
- metadata.gz.sig +0 -0
@@ -0,0 +1,67 @@
|
|
1
|
+
#
|
2
|
+
# Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
|
3
|
+
# various third-party security scanners.
|
4
|
+
#
|
5
|
+
# Copyright (c) 2008-2012 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
|
+
#
|
7
|
+
# This program is free software; you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU General Public License as published by
|
9
|
+
# the Free Software Foundation; either version 2 of the License, or
|
10
|
+
# (at your option) any later version.
|
11
|
+
#
|
12
|
+
# This program is distributed in the hope that it will be useful,
|
13
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
# GNU General Public License for more details.
|
16
|
+
#
|
17
|
+
# You should have received a copy of the GNU General Public License
|
18
|
+
# along with this program; if not, write to the Free Software
|
19
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
20
|
+
#
|
21
|
+
|
22
|
+
require 'ronin/scanners/scanner'
|
23
|
+
require 'ronin/host_name'
|
24
|
+
|
25
|
+
module Ronin
|
26
|
+
module Scanners
|
27
|
+
#
|
28
|
+
# The {HostNameScanner} class represents scanners that yield host-name
|
29
|
+
# results and `HostName` resources.
|
30
|
+
#
|
31
|
+
class HostNameScanner < Scanner
|
32
|
+
|
33
|
+
protected
|
34
|
+
|
35
|
+
#
|
36
|
+
# Normalizes the host name.
|
37
|
+
#
|
38
|
+
# @param [Object] result
|
39
|
+
# The incoming host name.
|
40
|
+
#
|
41
|
+
# @return [String]
|
42
|
+
# The normalized host name.
|
43
|
+
#
|
44
|
+
# @since 1.0.0
|
45
|
+
#
|
46
|
+
def normalize_result(result)
|
47
|
+
result.to_s
|
48
|
+
end
|
49
|
+
|
50
|
+
#
|
51
|
+
# Queries or creates a new HostName resource for the result.
|
52
|
+
#
|
53
|
+
# @param [String] result
|
54
|
+
# The host name.
|
55
|
+
#
|
56
|
+
# @return [HostName]
|
57
|
+
# The HostName resource from the Database.
|
58
|
+
#
|
59
|
+
# @since 1.0.0
|
60
|
+
#
|
61
|
+
def new_resource(result)
|
62
|
+
HostName.first_or_new(:address => result)
|
63
|
+
end
|
64
|
+
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
@@ -0,0 +1,195 @@
|
|
1
|
+
#
|
2
|
+
# Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
|
3
|
+
# various third-party security scanners.
|
4
|
+
#
|
5
|
+
# Copyright (c) 2008-2012 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
|
+
#
|
7
|
+
# This program is free software; you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU General Public License as published by
|
9
|
+
# the Free Software Foundation; either version 2 of the License, or
|
10
|
+
# (at your option) any later version.
|
11
|
+
#
|
12
|
+
# This program is distributed in the hope that it will be useful,
|
13
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
# GNU General Public License for more details.
|
16
|
+
#
|
17
|
+
# You should have received a copy of the GNU General Public License
|
18
|
+
# along with this program; if not, write to the Free Software
|
19
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
20
|
+
#
|
21
|
+
|
22
|
+
require 'ronin/scanners/url_scanner'
|
23
|
+
require 'ronin/network/http/http'
|
24
|
+
|
25
|
+
require 'net/http/persistent'
|
26
|
+
|
27
|
+
module Ronin
|
28
|
+
module Scanners
|
29
|
+
#
|
30
|
+
# The {HTTPScanner} class represents a scanner that performs
|
31
|
+
# HTTP Requests inorder to discover URLs.
|
32
|
+
#
|
33
|
+
# @since 1.0.0
|
34
|
+
#
|
35
|
+
class HTTPScanner < URLScanner
|
36
|
+
|
37
|
+
protected
|
38
|
+
|
39
|
+
#
|
40
|
+
# The [net-http-persistent](http://seattlerb.rubyforge.org/net-http-persistent/)
|
41
|
+
# client.
|
42
|
+
#
|
43
|
+
# @return [Net::HTTP::Persistent]
|
44
|
+
# The client.
|
45
|
+
#
|
46
|
+
# @see http://seattlerb.rubyforge.org/net-http-persistent/
|
47
|
+
#
|
48
|
+
# @api semipublic
|
49
|
+
#
|
50
|
+
def http
|
51
|
+
@http ||= Net::HTTP::Persistent.new
|
52
|
+
end
|
53
|
+
|
54
|
+
#
|
55
|
+
# Performs an HTTP Request through a persistent connection.
|
56
|
+
#
|
57
|
+
# @param [Hash] options
|
58
|
+
# HTTP options.
|
59
|
+
#
|
60
|
+
# @return [Net::HTTPResponse]
|
61
|
+
#
|
62
|
+
# @api semipublic
|
63
|
+
#
|
64
|
+
def http_request(options={})
|
65
|
+
options = Network::HTTP.expand_options(options)
|
66
|
+
uri_class = if options[:ssl]
|
67
|
+
URI::HTTPS
|
68
|
+
else
|
69
|
+
URI::HTTP
|
70
|
+
end
|
71
|
+
|
72
|
+
uri = uri_class.build(
|
73
|
+
:host => options[:host],
|
74
|
+
:port => options[:port],
|
75
|
+
)
|
76
|
+
request = Network::HTTP.request(options)
|
77
|
+
|
78
|
+
return http.request(uri,request)
|
79
|
+
end
|
80
|
+
|
81
|
+
#
|
82
|
+
# @see #http_request
|
83
|
+
#
|
84
|
+
# @api semipublic
|
85
|
+
#
|
86
|
+
def http_copy(options={})
|
87
|
+
http_request(options.merge(:method => :copy))
|
88
|
+
end
|
89
|
+
|
90
|
+
#
|
91
|
+
# @see #http_request
|
92
|
+
#
|
93
|
+
# @api semipublic
|
94
|
+
#
|
95
|
+
def http_delete(url,options={})
|
96
|
+
http_request(options.merge(:method => :delete))
|
97
|
+
end
|
98
|
+
|
99
|
+
def http_get(url,options={})
|
100
|
+
http_request(options.merge(:method => :get))
|
101
|
+
end
|
102
|
+
|
103
|
+
#
|
104
|
+
# @see #http_request
|
105
|
+
#
|
106
|
+
# @api semipublic
|
107
|
+
#
|
108
|
+
def http_head(url,options={})
|
109
|
+
http_request(options.merge(:method => :head))
|
110
|
+
end
|
111
|
+
|
112
|
+
#
|
113
|
+
# @see #http_request
|
114
|
+
#
|
115
|
+
# @api semipublic
|
116
|
+
#
|
117
|
+
def http_lock(url,options={})
|
118
|
+
http_request(options.merge(:method => :lock))
|
119
|
+
end
|
120
|
+
|
121
|
+
#
|
122
|
+
# @see #http_request
|
123
|
+
#
|
124
|
+
# @api semipublic
|
125
|
+
#
|
126
|
+
def http_mkcol(url,options={})
|
127
|
+
http_request(options.merge(:method => :mkcol))
|
128
|
+
end
|
129
|
+
|
130
|
+
#
|
131
|
+
# @see #http_request
|
132
|
+
#
|
133
|
+
# @api semipublic
|
134
|
+
#
|
135
|
+
def http_move(url,options={})
|
136
|
+
http_request(options.merge(:method => :move))
|
137
|
+
end
|
138
|
+
|
139
|
+
#
|
140
|
+
# @see #http_request
|
141
|
+
#
|
142
|
+
# @api semipublic
|
143
|
+
#
|
144
|
+
def http_options(url,options={})
|
145
|
+
http_request(options.merge(:method => :options))
|
146
|
+
end
|
147
|
+
|
148
|
+
#
|
149
|
+
# @see #http_request
|
150
|
+
#
|
151
|
+
# @api semipublic
|
152
|
+
#
|
153
|
+
def http_post(url,options={})
|
154
|
+
http_request(options.merge(:method => :post))
|
155
|
+
end
|
156
|
+
|
157
|
+
#
|
158
|
+
# @see #http_request
|
159
|
+
#
|
160
|
+
# @api semipublic
|
161
|
+
#
|
162
|
+
def http_prop_find(url,options={})
|
163
|
+
http_request(options.merge(:method => :prop_find))
|
164
|
+
end
|
165
|
+
|
166
|
+
#
|
167
|
+
# @see #http_request
|
168
|
+
#
|
169
|
+
# @api semipublic
|
170
|
+
#
|
171
|
+
def http_prop_patch(url,options={})
|
172
|
+
http_request(options.merge(:method => :prop_patch))
|
173
|
+
end
|
174
|
+
|
175
|
+
#
|
176
|
+
# @see #http_request
|
177
|
+
#
|
178
|
+
# @api semipublic
|
179
|
+
#
|
180
|
+
def http_trace(url,options={})
|
181
|
+
http_request(options.merge(:method => :trace))
|
182
|
+
end
|
183
|
+
|
184
|
+
#
|
185
|
+
# @see #http_request
|
186
|
+
#
|
187
|
+
# @api semipublic
|
188
|
+
#
|
189
|
+
def http_unlock(url,options={})
|
190
|
+
http_request(options.merge(:method => :unlock))
|
191
|
+
end
|
192
|
+
|
193
|
+
end
|
194
|
+
end
|
195
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
#
|
2
|
+
# Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
|
3
|
+
# various third-party security scanners.
|
4
|
+
#
|
5
|
+
# Copyright (c) 2008-2012 Hal Brodigan (postmodern.mod3 at gmail.com)
|
6
|
+
#
|
7
|
+
# This program is free software; you can redistribute it and/or modify
|
8
|
+
# it under the terms of the GNU General Public License as published by
|
9
|
+
# the Free Software Foundation; either version 2 of the License, or
|
10
|
+
# (at your option) any later version.
|
11
|
+
#
|
12
|
+
# This program is distributed in the hope that it will be useful,
|
13
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
14
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
15
|
+
# GNU General Public License for more details.
|
16
|
+
#
|
17
|
+
# You should have received a copy of the GNU General Public License
|
18
|
+
# along with this program; if not, write to the Free Software
|
19
|
+
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
20
|
+
#
|
21
|
+
|
22
|
+
require 'ronin/scanners/scanner'
|
23
|
+
require 'ronin/extensions/ip_addr'
|
24
|
+
require 'ronin/ip_address'
|
25
|
+
|
26
|
+
module Ronin
|
27
|
+
module Scanners
|
28
|
+
#
|
29
|
+
# The {IPScanner} class represents scanners that yield `IPAddr` results
|
30
|
+
# and `IPAddress` resources.
|
31
|
+
#
|
32
|
+
class IPScanner < Scanner
|
33
|
+
|
34
|
+
protected
|
35
|
+
|
36
|
+
#
|
37
|
+
# Normalizes the result.
|
38
|
+
#
|
39
|
+
# @param [String, IPAddr] result
|
40
|
+
# The incoming result.
|
41
|
+
#
|
42
|
+
# @return [IPAddr]
|
43
|
+
# The normalized IP Address.
|
44
|
+
#
|
45
|
+
# @since 1.0.0
|
46
|
+
#
|
47
|
+
def normalize_result(result)
|
48
|
+
unless result.kind_of?(IPAddr)
|
49
|
+
begin
|
50
|
+
IPAddr.new(result.to_s)
|
51
|
+
rescue ArgumentError
|
52
|
+
end
|
53
|
+
else
|
54
|
+
result
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
#
|
59
|
+
# Queries or creates a new IPAddress resource for the given result.
|
60
|
+
#
|
61
|
+
# @param [IPAddr] result
|
62
|
+
# The ip address.
|
63
|
+
#
|
64
|
+
# @return [IPAddress]
|
65
|
+
# The IPAddress resource from the Database.
|
66
|
+
#
|
67
|
+
# @since 1.0.0
|
68
|
+
#
|
69
|
+
def new_resource(result)
|
70
|
+
IPAddress.first_or_new(:address => result)
|
71
|
+
end
|
72
|
+
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
data/lib/ronin/scanners/nmap.rb
CHANGED
@@ -1,9 +1,8 @@
|
|
1
1
|
#
|
2
|
-
#--
|
3
2
|
# Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
|
4
3
|
# various third-party security scanners.
|
5
4
|
#
|
6
|
-
# Copyright (c) 2008-
|
5
|
+
# Copyright (c) 2008-2012 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
6
|
#
|
8
7
|
# This program is free software; you can redistribute it and/or modify
|
9
8
|
# it under the terms of the GNU General Public License as published by
|
@@ -18,8 +17,307 @@
|
|
18
17
|
# You should have received a copy of the GNU General Public License
|
19
18
|
# along with this program; if not, write to the Free Software
|
20
19
|
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
-
#++
|
22
20
|
#
|
23
21
|
|
24
|
-
require 'ronin/scanners/
|
25
|
-
require 'ronin/
|
22
|
+
require 'ronin/scanners/scanner'
|
23
|
+
require 'ronin/ip_address'
|
24
|
+
require 'ronin/port'
|
25
|
+
require 'ronin/service'
|
26
|
+
|
27
|
+
require 'nmap/task'
|
28
|
+
require 'nmap/program'
|
29
|
+
require 'nmap/xml'
|
30
|
+
require 'tempfile'
|
31
|
+
|
32
|
+
module Ronin
|
33
|
+
module Scanners
|
34
|
+
#
|
35
|
+
# {Nmap} scans the open-ports found on the targeted IP addresses,
|
36
|
+
# using the Nmap security / port scanner.
|
37
|
+
#
|
38
|
+
class Nmap < Scanner
|
39
|
+
|
40
|
+
# The hosts which will be scanned.
|
41
|
+
parameter :targets, :default => [],
|
42
|
+
:description => 'The hosts to scan with Nmap'
|
43
|
+
|
44
|
+
# The hosts or ranges to exclude from the scan.
|
45
|
+
parameter :exclude, :description => 'The hosts to exclude'
|
46
|
+
|
47
|
+
# The ports or port ranges which will be scanned.
|
48
|
+
parameter :ports, :description => 'The ports to scan'
|
49
|
+
|
50
|
+
# Specifies that a Ping Scan will be performed.
|
51
|
+
parameter :ping_scan, :default => false
|
52
|
+
|
53
|
+
# Specifies that a Connect Scan will be performed.
|
54
|
+
parameter :connect_scan, :default => true
|
55
|
+
|
56
|
+
# Specifies that a TCP SYN scan will be performed.
|
57
|
+
parameter :syn_scan, :default => false
|
58
|
+
|
59
|
+
# Specifies that a TCP ACK scan will be performed.
|
60
|
+
parameter :ack_scan, :default => false
|
61
|
+
|
62
|
+
# Specifies that a TCP NULL scan will be performed.
|
63
|
+
parameter :null_scan, :default => false
|
64
|
+
|
65
|
+
# Specifies that a TCP FIN scan will be performed.
|
66
|
+
parameter :fin_scan, :default => false
|
67
|
+
|
68
|
+
# Specifies that a TCP XMAS scan will be performed.
|
69
|
+
parameter :xmas_scan, :default => false
|
70
|
+
|
71
|
+
# Specifies that a UDP scan will be performed.
|
72
|
+
parameter :udp_scan, :default => false
|
73
|
+
|
74
|
+
# Specifies that a Service scan will be performed.
|
75
|
+
parameter :service_scan, :default => true
|
76
|
+
|
77
|
+
# Specifies that an Idle Scan will be performed.
|
78
|
+
parameter :idle_scan, :default => false
|
79
|
+
|
80
|
+
# Specifies that a Window Scan will be performed.
|
81
|
+
parameter :window_scan, :default => false
|
82
|
+
|
83
|
+
# Enables paranoid-timing for nmap (`-T0`)
|
84
|
+
parameter :paranoid_timing, :default => false
|
85
|
+
|
86
|
+
# Enables sneaky-timing for nmap (`-T1`)
|
87
|
+
parameter :sneaky_timing, :default => false
|
88
|
+
|
89
|
+
# Enables polite-timing for nmap (`-T2`)
|
90
|
+
parameter :polite_timing, :default => false
|
91
|
+
|
92
|
+
# Enables normal-timing for nmap (`-T3`)
|
93
|
+
parameter :normal_timing, :default => false
|
94
|
+
|
95
|
+
# Enables aggressive-timing for nmap (`-T4`)
|
96
|
+
parameter :aggressive_timing, :default => false
|
97
|
+
|
98
|
+
# Enables insane-timing for nmap (`-T5`)
|
99
|
+
parameter :insane_timing, :default => false
|
100
|
+
|
101
|
+
# Specifies whether to resolve the IP Addresses.
|
102
|
+
parameter :dns, :default => true
|
103
|
+
|
104
|
+
# Specifies whether to enable verbose output
|
105
|
+
parameter :verbose, :default => false
|
106
|
+
|
107
|
+
# The input file to read hosts/ports from
|
108
|
+
parameter :import_xml, :description => 'XML Scan file to import'
|
109
|
+
|
110
|
+
# The output file to write hosts/ports to
|
111
|
+
parameter :output, :description => 'XML Scan output file'
|
112
|
+
|
113
|
+
protected
|
114
|
+
|
115
|
+
#
|
116
|
+
# Populates options to call `nmap` with.
|
117
|
+
#
|
118
|
+
# @yield [nmap]
|
119
|
+
# If a block is given, it will be passed the nmap options.
|
120
|
+
#
|
121
|
+
# @yieldparam [Nmap::Task] nmap
|
122
|
+
# The nmap options.
|
123
|
+
#
|
124
|
+
# @return [Nmap::Task]
|
125
|
+
# The populated nmap options.
|
126
|
+
#
|
127
|
+
# @since 1.0.0
|
128
|
+
#
|
129
|
+
def nmap_options
|
130
|
+
nmap = ::Nmap::Task.new
|
131
|
+
nmap.targets = self.targets
|
132
|
+
|
133
|
+
nmap.exclude = self.exclude if self.exclude
|
134
|
+
nmap.ports = self.ports if self.ports
|
135
|
+
|
136
|
+
nmap.paranoid_timing = self.paranoid_timing
|
137
|
+
nmap.sneaky_timing = self.sneaky_timing
|
138
|
+
nmap.polite_timing = self.polite_timing
|
139
|
+
nmap.normal_timing = self.normal_timing
|
140
|
+
nmap.aggressive_timing = self.aggressive_timing
|
141
|
+
nmap.insane_timing = self.insane_timing
|
142
|
+
|
143
|
+
if self.ping_scan
|
144
|
+
nmap.ping = self.ping_scan
|
145
|
+
else
|
146
|
+
nmap.connect_scan = self.connect_scan
|
147
|
+
nmap.syn_scan = self.syn_scan
|
148
|
+
nmap.ack_scan = self.ack_scan
|
149
|
+
nmap.fin_scan = self.fin_scan
|
150
|
+
nmap.null_scan = self.null_scan
|
151
|
+
nmap.xmas_scan = self.xmas_scan
|
152
|
+
nmap.udp_scan = self.udp_scan
|
153
|
+
nmap.service_scan = self.service_scan
|
154
|
+
nmap.idle_scan = self.idle_scan
|
155
|
+
nmap.window_scan = self.window_scan
|
156
|
+
end
|
157
|
+
|
158
|
+
if self.dns? then nmap.enable_dns = true
|
159
|
+
else nmap.disable_dns = true
|
160
|
+
end
|
161
|
+
|
162
|
+
nmap.verbose = self.verbose
|
163
|
+
|
164
|
+
return nmap
|
165
|
+
end
|
166
|
+
|
167
|
+
#
|
168
|
+
# Sets up the scan output file for nmap.
|
169
|
+
#
|
170
|
+
# @yield [output]
|
171
|
+
# The block will be passed the output file.
|
172
|
+
#
|
173
|
+
# @yieldparam [String] output
|
174
|
+
# The path of the output file.
|
175
|
+
#
|
176
|
+
# @since 1.0.0
|
177
|
+
#
|
178
|
+
def nmap_output
|
179
|
+
if self.output
|
180
|
+
yield self.output
|
181
|
+
else
|
182
|
+
Tempfile.open('ronin_scanners_nmap') do |tempfile|
|
183
|
+
yield tempfile.path
|
184
|
+
end
|
185
|
+
end
|
186
|
+
end
|
187
|
+
|
188
|
+
#
|
189
|
+
# Performs a nmap scan and passes the scanned hosts to scanner rules.
|
190
|
+
#
|
191
|
+
# @yield [host]
|
192
|
+
# Every host that nmap scanned, will be passed to the given block.
|
193
|
+
#
|
194
|
+
# @yieldparam [Nmap::Host] host
|
195
|
+
# A host from the nmap scan.
|
196
|
+
#
|
197
|
+
# @see http://rubydoc.info/gems/ruby-nmap/Nmap/Host
|
198
|
+
#
|
199
|
+
# @since 1.0.0
|
200
|
+
#
|
201
|
+
def scan(&block)
|
202
|
+
each_host = lambda { |path|
|
203
|
+
::Nmap::XML.new(path).each_host(&block)
|
204
|
+
}
|
205
|
+
|
206
|
+
if self.import_xml
|
207
|
+
each_host.call(self.import_xml)
|
208
|
+
else
|
209
|
+
nmap_output do |path|
|
210
|
+
options = nmap_options
|
211
|
+
options.xml = path
|
212
|
+
|
213
|
+
nmap = ::Nmap::Program.find()
|
214
|
+
nmap.run_task(options)
|
215
|
+
|
216
|
+
each_host.call(path)
|
217
|
+
end
|
218
|
+
end
|
219
|
+
end
|
220
|
+
|
221
|
+
#
|
222
|
+
# Creates a new IP Address from a scanned host result.
|
223
|
+
#
|
224
|
+
# @param [Nmap::Host] host
|
225
|
+
# The scanned host.
|
226
|
+
#
|
227
|
+
# @return [IPAddress]
|
228
|
+
# The IP Address resource.
|
229
|
+
#
|
230
|
+
# @since 1.0.0
|
231
|
+
#
|
232
|
+
def new_ip(host)
|
233
|
+
# if the host does not have an ip, then skip it
|
234
|
+
return nil unless host.ip
|
235
|
+
|
236
|
+
ip_version, ip_address = if host.ipv6 then [6, host.ipv6]
|
237
|
+
elsif host.ipv4 then [4, host.ipv4]
|
238
|
+
end
|
239
|
+
|
240
|
+
ip = IPAddress.first_or_new(
|
241
|
+
:version => ip_version,
|
242
|
+
:address => ip_address
|
243
|
+
)
|
244
|
+
|
245
|
+
if host.mac
|
246
|
+
# fill in the MAC address
|
247
|
+
ip.mac_addresses << MACAddress.first_or_new(:address => host.mac)
|
248
|
+
end
|
249
|
+
|
250
|
+
# fill in the host names
|
251
|
+
host.each_hostname do |name|
|
252
|
+
ip.host_names << HostName.first_or_new(:address => name)
|
253
|
+
end
|
254
|
+
|
255
|
+
return ip
|
256
|
+
end
|
257
|
+
|
258
|
+
#
|
259
|
+
# Creates a new port from a scanned open port.
|
260
|
+
#
|
261
|
+
# @param [Nmap::Port] open_port
|
262
|
+
# The scanned open port.
|
263
|
+
#
|
264
|
+
# @return [Port]
|
265
|
+
# The port resource.
|
266
|
+
#
|
267
|
+
# @since 1.0.0
|
268
|
+
#
|
269
|
+
def new_port(open_port)
|
270
|
+
Port.first_or_new(
|
271
|
+
:protocol => open_port.protocol.to_s,
|
272
|
+
:number => open_port.number
|
273
|
+
)
|
274
|
+
end
|
275
|
+
|
276
|
+
#
|
277
|
+
# Creates a new service from the scanned open port.
|
278
|
+
#
|
279
|
+
# @param [Nmap::Port] open_port
|
280
|
+
# The scanned open port.
|
281
|
+
#
|
282
|
+
# @return [Service]
|
283
|
+
# The new service.
|
284
|
+
#
|
285
|
+
# @since 1.0.0
|
286
|
+
#
|
287
|
+
def new_service(open_port)
|
288
|
+
if open_port.service
|
289
|
+
Service.first_or_new(:name => open_port.service)
|
290
|
+
end
|
291
|
+
end
|
292
|
+
|
293
|
+
#
|
294
|
+
# Queries or creates an IPAddress resource from the given host.
|
295
|
+
#
|
296
|
+
# @param [Nmap::Host] result
|
297
|
+
# The host scanned by `nmap`.
|
298
|
+
#
|
299
|
+
# @return [IPAddress]
|
300
|
+
# The IPAddress resource from the Database.
|
301
|
+
#
|
302
|
+
# @since 1.0.0
|
303
|
+
#
|
304
|
+
def new_resource(result)
|
305
|
+
return nil unless (ip = new_ip(result))
|
306
|
+
|
307
|
+
# fill in the open ports
|
308
|
+
result.each_open_port do |open_port|
|
309
|
+
port = new_port(open_port)
|
310
|
+
service = new_service(open_port)
|
311
|
+
|
312
|
+
# find or create a new open port
|
313
|
+
new_open_port = ip.open_ports.first_or_new(:port => port)
|
314
|
+
new_open_port.last_scanned_at = Time.now
|
315
|
+
new_open_port.service = service
|
316
|
+
end
|
317
|
+
|
318
|
+
return ip
|
319
|
+
end
|
320
|
+
|
321
|
+
end
|
322
|
+
end
|
323
|
+
end
|