ronin-scanners 0.1.4 → 1.0.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +4 -0
- data/.gemtest +0 -0
- data/.gitignore +11 -0
- data/.rspec +1 -0
- data/.yardopts +2 -0
- data/COPYING.txt +339 -0
- data/{History.txt → ChangeLog.md} +7 -7
- data/Gemfile +45 -0
- data/README.md +125 -0
- data/Rakefile +39 -14
- data/bin/ronin-scan-dork +20 -0
- data/bin/ronin-scan-nmap +20 -0
- data/bin/ronin-scan-proxies +20 -0
- data/bin/ronin-scan-spider +20 -0
- data/bin/ronin-scanner +20 -0
- data/bin/ronin-scanners +13 -5
- data/gemspec.yml +31 -0
- data/lib/ronin/database/migrations/scanners.rb +25 -0
- data/lib/ronin/database/migrations/scanners/1.0.0.rb +51 -0
- data/lib/ronin/scanners.rb +7 -5
- data/lib/ronin/scanners/dork.rb +173 -0
- data/lib/ronin/scanners/host_name_scanner.rb +67 -0
- data/lib/ronin/scanners/http_scanner.rb +195 -0
- data/lib/ronin/scanners/ip_scanner.rb +75 -0
- data/lib/ronin/scanners/nmap.rb +303 -5
- data/lib/ronin/scanners/{nikto/nikto.rb → proxies.rb} +11 -26
- data/lib/ronin/scanners/resolv_scanner.rb +73 -0
- data/lib/ronin/scanners/reverse_lookup_scanner.rb +76 -0
- data/lib/ronin/scanners/scanner.rb +371 -0
- data/lib/ronin/scanners/{nikto.rb → scanners.rb} +8 -5
- data/lib/ronin/scanners/site_map.rb +62 -0
- data/lib/ronin/scanners/spider.rb +117 -0
- data/lib/ronin/scanners/tcp_port_scanner.rb +72 -0
- data/lib/ronin/scanners/udp_port_scanner.rb +72 -0
- data/lib/ronin/scanners/url_scanner.rb +79 -0
- data/lib/ronin/scanners/version.rb +3 -4
- data/lib/ronin/ui/cli/commands/scan/dork.rb +39 -0
- data/lib/ronin/ui/cli/commands/scan/nmap.rb +105 -0
- data/lib/ronin/ui/cli/commands/scan/proxies.rb +82 -0
- data/lib/ronin/ui/cli/commands/scan/spider.rb +71 -0
- data/lib/ronin/ui/cli/commands/scanner.rb +43 -0
- data/lib/ronin/ui/cli/scanner_command.rb +118 -0
- data/ronin-scanners.gemspec +60 -0
- data/spec/scanners/host_name_scanner_spec.rb +24 -0
- data/spec/scanners/ip_scanner_spec.rb +24 -0
- data/spec/scanners/resolv_scanner_spec.rb +26 -0
- data/spec/scanners/reverse_lookup_scanner_spec.rb +26 -0
- data/spec/scanners/scanner_spec.rb +89 -0
- data/spec/scanners/scanners_spec.rb +9 -0
- data/spec/scanners/tcp_port_scanner_spec.rb +27 -0
- data/spec/scanners/udp_port_scanner_spec.rb +27 -0
- data/spec/scanners/url_scanner_spec.rb +37 -0
- data/spec/spec_helper.rb +4 -3
- metadata +261 -116
- data.tar.gz.sig +0 -1
- data/Manifest.txt +0 -16
- data/README.txt +0 -106
- data/lib/ronin/scanners/nikto/nikto_task.rb +0 -183
- data/lib/ronin/scanners/nmap/nmap.rb +0 -74
- data/lib/ronin/scanners/nmap/nmap_task.rb +0 -290
- data/spec/scanners_spec.rb +0 -11
- data/tasks/spec.rb +0 -9
- metadata.gz.sig +0 -0
data.tar.gz.sig
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
^pո�9!�t]D��w:Ι&�*���b�1�Q��5n-����=���pKX�x�wӴ��Q� ��j�\]��,;�W���A�餔 �����}1�݁��T�P�F�[<9N���&%+�9<��.y��,=�/pW�?������ς
|
data/Manifest.txt
DELETED
@@ -1,16 +0,0 @@
|
|
1
|
-
History.txt
|
2
|
-
Manifest.txt
|
3
|
-
README.txt
|
4
|
-
Rakefile
|
5
|
-
bin/ronin-scanners
|
6
|
-
lib/ronin/scanners.rb
|
7
|
-
lib/ronin/scanners/nmap.rb
|
8
|
-
lib/ronin/scanners/nmap/nmap.rb
|
9
|
-
lib/ronin/scanners/nmap/nmap_task.rb
|
10
|
-
lib/ronin/scanners/nikto.rb
|
11
|
-
lib/ronin/scanners/nikto/nikto.rb
|
12
|
-
lib/ronin/scanners/nikto/nikto_task.rb
|
13
|
-
lib/ronin/scanners/version.rb
|
14
|
-
tasks/spec.rb
|
15
|
-
spec/spec_helper.rb
|
16
|
-
spec/scanners_spec.rb
|
data/README.txt
DELETED
@@ -1,106 +0,0 @@
|
|
1
|
-
= Ronin Scanners
|
2
|
-
|
3
|
-
* http://ronin.rubyforge.org/scanners/
|
4
|
-
* http://github.com/postmodern/ronin-scanners
|
5
|
-
* irc.freenode.net ##ronin
|
6
|
-
* Postmodern (postmodern.mod3 at gmail.com)
|
7
|
-
|
8
|
-
== DESCRIPTION:
|
9
|
-
|
10
|
-
Ronin Scanners is a Ruby library for Ronin that provides Ruby interfaces to
|
11
|
-
various third-party security scanners.
|
12
|
-
|
13
|
-
Ronin is a Ruby platform designed for information security and data
|
14
|
-
exploration tasks. Ronin allows for the rapid development and distribution
|
15
|
-
of code over many of the common Source-Code-Management (SCM) systems.
|
16
|
-
|
17
|
-
=== Free
|
18
|
-
|
19
|
-
All source code within Ronin is licensed under the GPL-2, therefore no user
|
20
|
-
will ever have to pay for Ronin or updates to Ronin. Not only is the
|
21
|
-
source code free, the Ronin project will not sell enterprise grade security
|
22
|
-
snake-oil solutions, give private training classes or later turn Ronin into
|
23
|
-
commercial software.
|
24
|
-
|
25
|
-
=== Modular
|
26
|
-
|
27
|
-
Ronin was not designed as one monolithic framework but instead as a
|
28
|
-
collection of libraries which can be individually installed. This allows
|
29
|
-
users to pick and choose what functionality they want in Ronin.
|
30
|
-
|
31
|
-
=== Decentralized
|
32
|
-
|
33
|
-
Ronin does not have a central repository of exploits and payloads which
|
34
|
-
all developers contribute to. Instead Ronin has Overlays, repositories of
|
35
|
-
code that can be hosted on any CVS/SVN/Git/Rsync server. Users can then use
|
36
|
-
Ronin to quickly install or update Overlays. This allows developers and
|
37
|
-
users to form their own communities, independent of the main developers
|
38
|
-
of Ronin.
|
39
|
-
|
40
|
-
== FEATURES/PROBLEMS:
|
41
|
-
|
42
|
-
* Provides a Rubyful interface to Nmap.
|
43
|
-
* Allows for recording of Nmap scan results using ScanDB.
|
44
|
-
* Provides a Rubyful interface to Nikto.
|
45
|
-
|
46
|
-
== REQUIREMENTS:
|
47
|
-
|
48
|
-
* {scandb}[http://scandb.rubyforge.org/]
|
49
|
-
* {rprogram}[http://rprogram.rubyforge.org/] >= 0.1.4
|
50
|
-
* {ronin}[http://ronin.rubyforge.org/] >= 0.1.2
|
51
|
-
|
52
|
-
== INSTALL:
|
53
|
-
|
54
|
-
$ sudo gem install ronin-scanners
|
55
|
-
|
56
|
-
== SYNOPSIS:
|
57
|
-
|
58
|
-
* Start the Ronin console with Ronin Scanners preloaded:
|
59
|
-
|
60
|
-
$ ronin-scanners
|
61
|
-
|
62
|
-
== EXAMPLES:
|
63
|
-
|
64
|
-
* Calling Nmap from Ruby:
|
65
|
-
|
66
|
-
require 'ronin/scanners/nmap'
|
67
|
-
|
68
|
-
Scanners::Nmap.scan(:targets => 'www.google.com', :ports => [80,21,25], :service_scan => true)
|
69
|
-
# Starting Nmap 4.68 ( http://nmap.org ) at 2009-01-09 16:51 PST
|
70
|
-
# Interesting ports on mh-in-f99.google.com (209.85.173.99):
|
71
|
-
# PORT STATE SERVICE VERSION
|
72
|
-
# 21/tcp filtered ftp
|
73
|
-
# 25/tcp filtered smtp
|
74
|
-
# 80/tcp open http Google httpd 1.3 (GFE)
|
75
|
-
# Service Info: OS: Linux
|
76
|
-
#
|
77
|
-
# Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
|
78
|
-
# Nmap done: 1 IP address (1 host up) scanned in 11.627 seconds
|
79
|
-
# => nil
|
80
|
-
|
81
|
-
* Calling Nikto from Ruby:
|
82
|
-
|
83
|
-
require 'ronin/scanners/nikto'
|
84
|
-
|
85
|
-
Scanners::Nikto.scan(:host => 'www.example.com')
|
86
|
-
|
87
|
-
== LICENSE:
|
88
|
-
|
89
|
-
Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
|
90
|
-
various third-party security scanners.
|
91
|
-
|
92
|
-
Copyright (c) 2008-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
93
|
-
|
94
|
-
This program is free software; you can redistribute it and/or modify
|
95
|
-
it under the terms of the GNU General Public License as published by
|
96
|
-
the Free Software Foundation; either version 2 of the License, or
|
97
|
-
(at your option) any later version.
|
98
|
-
|
99
|
-
This program is distributed in the hope that it will be useful,
|
100
|
-
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
101
|
-
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
102
|
-
GNU General Public License for more details.
|
103
|
-
|
104
|
-
You should have received a copy of the GNU General Public License
|
105
|
-
along with this program; if not, write to the Free Software
|
106
|
-
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
@@ -1,183 +0,0 @@
|
|
1
|
-
#
|
2
|
-
#--
|
3
|
-
# Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
|
4
|
-
# various third-party security scanners.
|
5
|
-
#
|
6
|
-
# Copyright (c) 2008-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
-
#
|
8
|
-
# This program is free software; you can redistribute it and/or modify
|
9
|
-
# it under the terms of the GNU General Public License as published by
|
10
|
-
# the Free Software Foundation; either version 2 of the License, or
|
11
|
-
# (at your option) any later version.
|
12
|
-
#
|
13
|
-
# This program is distributed in the hope that it will be useful,
|
14
|
-
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
-
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
-
# GNU General Public License for more details.
|
17
|
-
#
|
18
|
-
# You should have received a copy of the GNU General Public License
|
19
|
-
# along with this program; if not, write to the Free Software
|
20
|
-
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
-
#++
|
22
|
-
#
|
23
|
-
|
24
|
-
require 'rprogram/task'
|
25
|
-
|
26
|
-
module Ronin
|
27
|
-
module Scanners
|
28
|
-
#
|
29
|
-
# == Nikto options:
|
30
|
-
# <tt>-h</tt>:: <tt>nikto.host</tt>
|
31
|
-
# <tt>-config</tt>:: <tt>nikto.config</tt>
|
32
|
-
# <tt>-Cgidirs</tt>:: <tt>nikto.cgi_dirs</tt>
|
33
|
-
# <tt>-cookies</tt>:: <tt>nikto.print_cookies</tt>
|
34
|
-
# <tt>-evasion</tt>:: <tt>nikto.evasion</tt>
|
35
|
-
# <tt>-findonly</tt>:: <tt>nikto.evasion</tt>
|
36
|
-
# <tt>-Format</tt>:: <tt>nikto.format</tt>
|
37
|
-
# <tt>-generic</tt>:: <tt>nikto.full_scan</tt>
|
38
|
-
# <tt>-id</tt>:: <tt>nikto.http_auth</tt>
|
39
|
-
# <tt>-mutate</tt>:: <tt>nikto.mutate_checks</tt>
|
40
|
-
# <tt>-nolookup</tt>:: <tt>nikto.no_lookup</tt>
|
41
|
-
# <tt>-output</tt>:: <tt>nikto.output</tt>
|
42
|
-
# <tt>-port</tt>:: <tt>nikto.port</tt>
|
43
|
-
# <tt>-root</tt>:: <tt>nikto.root</tt>
|
44
|
-
# <tt>-ssl</tt>:: <tt>nikto.ssl</tt>
|
45
|
-
# <tt>-timeout</tt>:: <tt>nikto.timeout</tt>
|
46
|
-
# <tt>-useproxy</tt>:: <tt>nikto.enable_proxy</tt>
|
47
|
-
# <tt>-vhost</tt>:: <tt>nikto.vhost</tt>
|
48
|
-
# <tt>-Version</tt>:: <tt>nikto.version</tt>
|
49
|
-
# <tt>-404</tt>:: <tt>nikto.not_found_message</tt>
|
50
|
-
# <tt>-dbcheck</tt>:: <tt>nikto.validate_checks</tt>
|
51
|
-
# <tt>-debug</tt>:: <tt>nikto.debug</tt>
|
52
|
-
# <tt>-update</tt>:: <tt>nikto.update</tt>
|
53
|
-
# <tt>-verbose</tt>:: <tt>nikto.verbose</tt>
|
54
|
-
#
|
55
|
-
class NiktoTask < RProgram::Task
|
56
|
-
|
57
|
-
short_option :flag => '-h', :name => :host
|
58
|
-
short_option :flag => '-config', :name => :config
|
59
|
-
short_option :flag => '-Cgidirs', :name => :cgi_dirs
|
60
|
-
short_option :flag => '-cookies', :name => :print_cookies
|
61
|
-
short_option :flag => '-evasion', :name => :evasion
|
62
|
-
|
63
|
-
#
|
64
|
-
# Enable random URI encoding.
|
65
|
-
#
|
66
|
-
def random_uri_encoding!
|
67
|
-
self.evasion ||= ''
|
68
|
-
self.evasion << '1'
|
69
|
-
end
|
70
|
-
|
71
|
-
#
|
72
|
-
# Enable adding self-referencing directories (<tt>/./</tt>) to the
|
73
|
-
# request.
|
74
|
-
#
|
75
|
-
def directory_self_reference!
|
76
|
-
self.evasion ||= ''
|
77
|
-
self.evasion << '2'
|
78
|
-
end
|
79
|
-
|
80
|
-
#
|
81
|
-
# Enable premature URL ending.
|
82
|
-
#
|
83
|
-
def premature_url_ending!
|
84
|
-
self.evasion ||= ''
|
85
|
-
self.evasion << '3'
|
86
|
-
end
|
87
|
-
|
88
|
-
#
|
89
|
-
# Enable prepend long random strings to the request.
|
90
|
-
#
|
91
|
-
def prepend_random_strings!
|
92
|
-
self.evasion ||= ''
|
93
|
-
self.evasion << '4'
|
94
|
-
end
|
95
|
-
|
96
|
-
#
|
97
|
-
# Enable fake parameters to files.
|
98
|
-
#
|
99
|
-
def fake_params_to_files!
|
100
|
-
self.evasion ||= ''
|
101
|
-
self.evasion << '5'
|
102
|
-
end
|
103
|
-
|
104
|
-
#
|
105
|
-
# Enable using a tab character as the request spacer, instead of
|
106
|
-
# spaces.
|
107
|
-
#
|
108
|
-
def tab_request_spacer!
|
109
|
-
self.evasion ||= ''
|
110
|
-
self.evasion << '6'
|
111
|
-
end
|
112
|
-
|
113
|
-
#
|
114
|
-
# Enable random case sensitivity.
|
115
|
-
#
|
116
|
-
def random_casing!
|
117
|
-
self.evasion ||= ''
|
118
|
-
self.evasion << '7'
|
119
|
-
end
|
120
|
-
|
121
|
-
#
|
122
|
-
# Enable use of Windows style directory separators
|
123
|
-
# (<tt>\\</tt> instead of <tt>/</tt>).
|
124
|
-
#
|
125
|
-
def windows_directories!
|
126
|
-
self.evasion ||= ''
|
127
|
-
self.evasion << '8'
|
128
|
-
end
|
129
|
-
|
130
|
-
#
|
131
|
-
# Enable session splicing.
|
132
|
-
#
|
133
|
-
def session_splicing!
|
134
|
-
self.evasion ||= ''
|
135
|
-
self.evasion << '9'
|
136
|
-
end
|
137
|
-
|
138
|
-
short_option :flag => '-findonly', :name => :only_find
|
139
|
-
short_option :flag => '-Format', :name => :format
|
140
|
-
|
141
|
-
#
|
142
|
-
# Sets the report format to +HTM+.
|
143
|
-
#
|
144
|
-
def html_format!
|
145
|
-
self.format = 'HTM'
|
146
|
-
end
|
147
|
-
|
148
|
-
#
|
149
|
-
# Sets the report format to +TXT+.
|
150
|
-
#
|
151
|
-
def text_format!
|
152
|
-
self.format = 'TXT'
|
153
|
-
end
|
154
|
-
|
155
|
-
#
|
156
|
-
# Sets the report format to +CVS+.
|
157
|
-
#
|
158
|
-
def csv_format!
|
159
|
-
self.format = 'CSV'
|
160
|
-
end
|
161
|
-
|
162
|
-
short_option :flag => '-generic', :name => :full_scan
|
163
|
-
short_option :flag => '-id', :name => :http_auth
|
164
|
-
short_option :flag => '-mutate', :name => :mutate_checks
|
165
|
-
short_option :flag => '-nolookup', :name => :no_lookup
|
166
|
-
short_option :flag => '-output', :name => :output
|
167
|
-
short_option :flag => '-port', :name => :port
|
168
|
-
short_option :flag => '-root', :name => :root
|
169
|
-
short_option :flag => '-ssl', :name => :ssl
|
170
|
-
short_option :flag => '-timeout', :name => :timeout
|
171
|
-
short_option :flag => '-useproxy', :name => :enable_proxy
|
172
|
-
short_option :flag => '-vhost', :name => :vhost
|
173
|
-
short_option :flag => '-Version', :name => :version
|
174
|
-
|
175
|
-
short_option :flag => '-404', :name => :not_found_message
|
176
|
-
short_option :flag => '-dbcheck', :name => :validate_checks
|
177
|
-
short_option :flag => '-debug', :name => :debug
|
178
|
-
short_option :flag => '-update', :name => :update
|
179
|
-
short_option :flag => '-verbose', :name => :verbose
|
180
|
-
|
181
|
-
end
|
182
|
-
end
|
183
|
-
end
|
@@ -1,74 +0,0 @@
|
|
1
|
-
#
|
2
|
-
#--
|
3
|
-
# Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
|
4
|
-
# various third-party security scanners.
|
5
|
-
#
|
6
|
-
# Copyright (c) 2008-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
-
#
|
8
|
-
# This program is free software; you can redistribute it and/or modify
|
9
|
-
# it under the terms of the GNU General Public License as published by
|
10
|
-
# the Free Software Foundation; either version 2 of the License, or
|
11
|
-
# (at your option) any later version.
|
12
|
-
#
|
13
|
-
# This program is distributed in the hope that it will be useful,
|
14
|
-
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
-
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
-
# GNU General Public License for more details.
|
17
|
-
#
|
18
|
-
# You should have received a copy of the GNU General Public License
|
19
|
-
# along with this program; if not, write to the Free Software
|
20
|
-
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
-
#++
|
22
|
-
#
|
23
|
-
|
24
|
-
require 'ronin/scanners/nmap/nmap_task'
|
25
|
-
|
26
|
-
require 'rprogram/program'
|
27
|
-
require 'scandb'
|
28
|
-
require 'tempfile'
|
29
|
-
|
30
|
-
module Ronin
|
31
|
-
module Scanners
|
32
|
-
class Nmap < RProgram::Program
|
33
|
-
|
34
|
-
name_program 'nmap'
|
35
|
-
|
36
|
-
#
|
37
|
-
# Perform an Nmap scan using the given _options_ and _block_.
|
38
|
-
# If a _block_ is given, it will be passed a newly created
|
39
|
-
# NmapTask object.
|
40
|
-
#
|
41
|
-
def self.scan(options={},&block)
|
42
|
-
self.find.scan(options,&block)
|
43
|
-
end
|
44
|
-
|
45
|
-
#
|
46
|
-
# Perform an Nmap scan using the given _options_ and _block_.
|
47
|
-
# If a _block_ is given, it will be passed a newly created
|
48
|
-
# NmapTask object.
|
49
|
-
#
|
50
|
-
def scan(options={},&block)
|
51
|
-
run_task(NmapTask.new(options,&block))
|
52
|
-
end
|
53
|
-
|
54
|
-
#
|
55
|
-
# Perform an Nmap scan using the given _options_ and save
|
56
|
-
# the resulting scan information into ScanDB. If a _block_ is given,
|
57
|
-
# it will be passed each ScanDB::Host object from the scan.
|
58
|
-
#
|
59
|
-
def import_scan(options={},&block)
|
60
|
-
file = Tempfile.new('nmap',Config::TMP_DIR)
|
61
|
-
|
62
|
-
# perform the scan
|
63
|
-
scan(options.merge(:xml => file))
|
64
|
-
|
65
|
-
# import the xml file into ScanDB
|
66
|
-
hosts = ScanDB::Nmap.import_xml(file,&block)
|
67
|
-
|
68
|
-
file.delete
|
69
|
-
return hosts
|
70
|
-
end
|
71
|
-
|
72
|
-
end
|
73
|
-
end
|
74
|
-
end
|
@@ -1,290 +0,0 @@
|
|
1
|
-
#
|
2
|
-
#--
|
3
|
-
# Ronin Scanners - A Ruby library for Ronin that provides Ruby interfaces to
|
4
|
-
# various third-party security scanners.
|
5
|
-
#
|
6
|
-
# Copyright (c) 2008-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
|
7
|
-
#
|
8
|
-
# This program is free software; you can redistribute it and/or modify
|
9
|
-
# it under the terms of the GNU General Public License as published by
|
10
|
-
# the Free Software Foundation; either version 2 of the License, or
|
11
|
-
# (at your option) any later version.
|
12
|
-
#
|
13
|
-
# This program is distributed in the hope that it will be useful,
|
14
|
-
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
-
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
-
# GNU General Public License for more details.
|
17
|
-
#
|
18
|
-
# You should have received a copy of the GNU General Public License
|
19
|
-
# along with this program; if not, write to the Free Software
|
20
|
-
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
21
|
-
#++
|
22
|
-
#
|
23
|
-
|
24
|
-
require 'rprogram/task'
|
25
|
-
|
26
|
-
module Ronin
|
27
|
-
module Scanners
|
28
|
-
#
|
29
|
-
# == Nmap options:
|
30
|
-
#
|
31
|
-
# === Target Specifications:
|
32
|
-
#
|
33
|
-
# <tt>-iL</tt>:: <tt>nmap.target_file</tt>
|
34
|
-
# <tt>-iR</tt>:: <tt>nmap.random_targets</tt>
|
35
|
-
# <tt>--exclude</tt>:: <tt>nmap.exclude</tt>
|
36
|
-
# <tt>--excludefile</tt>:: <tt>nmap.exclude_file</tt>
|
37
|
-
#
|
38
|
-
# === Host Discovery:
|
39
|
-
#
|
40
|
-
# <tt>-sL</tt>:: <tt>nmap.list</tt>
|
41
|
-
# <tt>-sP</tt>:: <tt>nmap.ping</tt>
|
42
|
-
# <tt>-PN</tt>:: <tt>nmap.skip_discovery</tt>
|
43
|
-
# <tt>-PS</tt>:: <tt>nmap.syn_discovery</tt>
|
44
|
-
# <tt>-PA</tt>:: <tt>nmap.ack_discovery</tt>
|
45
|
-
# <tt>-PU</tt>:: <tt>nmap.udp_discovery</tt>
|
46
|
-
# <tt>-PE</tt>:: <tt>nmap.icmp_echo_discovery</tt>
|
47
|
-
# <tt>-PP</tt>:: <tt>nmap.icmp_timestamp_discovery</tt>
|
48
|
-
# <tt>-PM</tt>:: <tt>nmap.icmp_netmask_discovery</tt>
|
49
|
-
# <tt>-PO</tt>:: <tt>nmap.ip_ping</tt>
|
50
|
-
# <tt>-n</tt>:: <tt>nmap.disable_dns</tt>
|
51
|
-
# <tt>-R</tt>:: <tt>nmap.enable_dns</tt>
|
52
|
-
# <tt>--dns-servers</tt>:: <tt>nmap.dns_servers</tt>
|
53
|
-
# <tt>--systems-dns</tt>:: <tt>nmap.systems_dns</tt>
|
54
|
-
#
|
55
|
-
# === Scan Techniques:
|
56
|
-
#
|
57
|
-
# <tt>-sS</tt>:: <tt>nmap.syn_scan</tt>
|
58
|
-
# <tt>-sT</tt>:: <tt>nmap.connect_scan</tt>
|
59
|
-
# <tt>-sA</tt>:: <tt>nmap.ack_scan</tt>
|
60
|
-
# <tt>-sW</tt>:: <tt>nmap.window_scan</tt>
|
61
|
-
# <tt>-sM</tt>:: <tt>nmap.maimon_scan</tt>
|
62
|
-
# <tt>-sU</tt>:: <tt>nmap.udp_scan</tt>
|
63
|
-
# <tt>-sN</tt>:: <tt>nmap.null_scan</tt>
|
64
|
-
# <tt>-sF</tt>:: <tt>nmap.fin_scan</tt>
|
65
|
-
# <tt>-sX</tt>:: <tt>nmap.xmas_scan</tt>
|
66
|
-
# <tt>--scanflags</tt>:: <tt>nmap.tcp_scan_flags</tt>
|
67
|
-
# <tt>-sI</tt>:: <tt>nmap.idle_scan</tt>
|
68
|
-
# <tt>-s0</tt>:: <tt>nmap.ip_scan</tt>
|
69
|
-
# <tt>-b</tt>:: <tt>nmap.ftp_bounce_scan</tt>
|
70
|
-
# <tt>--traceroute</tt>:: <tt>nmap.traceroute</tt>
|
71
|
-
# <tt>--reason</tt>:: <tt>nmap.show_reason</tt>
|
72
|
-
#
|
73
|
-
# === Port Specification and Scan Order:
|
74
|
-
#
|
75
|
-
# <tt>-p</tt>:: <tt>nmap.ports</tt>
|
76
|
-
# <tt>-F</tt>:: <tt>nmap.fast</tt>
|
77
|
-
# <tt>-r</tt>:: <tt>nmap.consecutively</tt>
|
78
|
-
# <tt>--top-ports</tt>:: <tt>nmap.top_ports</tt>
|
79
|
-
# <tt>--port-ratio</tt>:: <tt>nmap.port_ratio</tt>
|
80
|
-
#
|
81
|
-
# === Service/Version Detection:
|
82
|
-
#
|
83
|
-
# <tt>-sV</tt>:: <tt>nmap.service_scan</tt>
|
84
|
-
# <tt>--version-intensity</tt>:: <tt>nmap.version_intensity</tt>
|
85
|
-
# <tt>--version-light</tt>:: <tt>nmap.version_light</tt>
|
86
|
-
# <tt>--version-all</tt>:: <tt>nmap.version_all</tt>
|
87
|
-
# <tt>--version-trace</tt>:: <tt>nmap.version_trace</tt>
|
88
|
-
#
|
89
|
-
# === Script Scan:
|
90
|
-
#
|
91
|
-
# <tt>-sC</tt>:: <tt>nmap.default_script</tt>
|
92
|
-
# <tt>--script</tt>:: <tt>nmap.script</tt>
|
93
|
-
# <tt>--script-args</tt>:: <tt>nmap.script_params</tt>
|
94
|
-
# <tt>--script-trace</tt>:: <tt>nmap.script_trace</tt>
|
95
|
-
# <tt>--script-updatedb</tt>:: <tt>nmap.update_scriptdb</tt>
|
96
|
-
#
|
97
|
-
# === OS Detection:
|
98
|
-
#
|
99
|
-
# <tt>-O</tt>:: <tt>nmap.os_fingerprint</tt>
|
100
|
-
# <tt>--osscan_limit</tt>:: <tt>nmap.limit_os_scan</tt>
|
101
|
-
# <tt>--osscan_guess</tt>:: <tt>nmap.max_os_scan</tt>
|
102
|
-
#
|
103
|
-
# === Timing and Performance:
|
104
|
-
#
|
105
|
-
# <tt>--min-hostgroup</tt>:: <tt>nmap.min_host_group</tt>
|
106
|
-
# <tt>--max-hostgroup</tt>:: <tt>nmap.max_host_group</tt>
|
107
|
-
# <tt>--min-parallelism</tt>:: <tt>nmap.min_parallelism</tt>
|
108
|
-
# <tt>--max-parallelism</tt>:: <tt>nmap.max_parallelism</tt>
|
109
|
-
# <tt>--min-rtt-timeout</tt>:: <tt>nmap.min_rtt_timeout</tt>
|
110
|
-
# <tt>--max-rtt-timeout</tt>:: <tt>nmap.max_rtt_timeout</tt>
|
111
|
-
# <tt>--max-retries</tt>:: <tt>nmap.max_retries</tt>
|
112
|
-
# <tt>--host-timeout</tt>:: <tt>nmap.host_timeout</tt>
|
113
|
-
# <tt>--scan-delay</tt>:: <tt>nmap.scan_delay</tt>
|
114
|
-
# <tt>--max-scan-delay</tt>:: <tt>nmap.max_scan_delay</tt>
|
115
|
-
# <tt>--min-rate</tt>:: <tt>nmap.min_rate</tt>
|
116
|
-
# <tt>--max-rate</tt>:: <tt>nmap.max_rate</tt>
|
117
|
-
#
|
118
|
-
# === Firewall/IDS Evasion and Spoofing:
|
119
|
-
#
|
120
|
-
# <tt>-f</tt>:: <tt>nmap.packet_fragments</tt>
|
121
|
-
# <tt>--mtu</tt>:: <tt>nmap.mtu</tt>
|
122
|
-
# <tt>-D</tt>:: <tt>nmap.decoys</tt>
|
123
|
-
# <tt>-S</tt>:: <tt>nmap.spoof</tt>
|
124
|
-
# <tt>-e</tt>:: <tt>nmap.interface</tt>
|
125
|
-
# <tt>-g</tt>:: <tt>nmap.source_port</tt>
|
126
|
-
# <tt>--data-length</tt>:: <tt>nmap.data_length</tt>
|
127
|
-
# <tt>--ip-options</tt>:: <tt>nmap.ip_options</tt>
|
128
|
-
# <tt>--ttl</tt>:: <tt>nmap.ttl</tt>
|
129
|
-
# <tt>--spoof-mac</tt>:: <tt>nmap.spoof_mac</tt>
|
130
|
-
# <tt>--badsum</tt>:: <tt>nmap.bad_checksum</tt>
|
131
|
-
#
|
132
|
-
# === Output:
|
133
|
-
#
|
134
|
-
# <tt>-oN</tt>:: <tt>nmap.save</tt>
|
135
|
-
# <tt>-oX</tt>:: <tt>nmap.xml</tt>
|
136
|
-
# <tt>-oS</tt>:: <tt>nmap.skiddie</tt>
|
137
|
-
# <tt>-oG</tt>:: <tt>nmap.grepable</tt>
|
138
|
-
# <tt>-v</tt>:: <tt>nmap.verbose</tt>
|
139
|
-
# <tt>--open</tt>:: <tt>nmap.show_open_ports</tt>
|
140
|
-
# <tt>--packet-trace</tt>:: <tt>nmap.show_packets</tt>
|
141
|
-
# <tt>--iflist</tt>:: <tt>nmap.show_interfaces</tt>
|
142
|
-
# <tt>--log-errors</tt>:: <tt>nmap.show_log_errors</tt>
|
143
|
-
# <tt>--append-output</tt>:: <tt>nmap.append</tt>
|
144
|
-
# <tt>--resume</tt>:: <tt>nmap.resume</tt>
|
145
|
-
# <tt>--stylesheet</tt>:: <tt>nmap.stylesheet</tt>
|
146
|
-
# <tt>--webxml</tt>:: <tt>nmap.nmap_stylesheet</tt>
|
147
|
-
# <tt>--no-stylesheet</tt>:: <tt>nmap.disable_stylesheet</tt>
|
148
|
-
#
|
149
|
-
# === Misc:
|
150
|
-
#
|
151
|
-
# <tt>-6</tt>:: <tt>nmap.ipv6</tt>
|
152
|
-
# <tt>-A</tt>:: <tt>nmap.all</tt>
|
153
|
-
# <tt>--datadir</tt>:: <tt>nmap.nmap_datadir</tt>
|
154
|
-
# <tt>--send-eth</tt>:: <tt>nmap.raw_ethernet</tt>
|
155
|
-
# <tt>--send-ip</tt>:: <tt>nmap.raw_ip</tt>
|
156
|
-
# <tt>--privledged</tt>:: <tt>nmap.privledged</tt>
|
157
|
-
# <tt>--unprivledged</tt>:: <tt>nmap.unprivledged</tt>
|
158
|
-
# <tt>-V</tt>:: <tt>nmap.version</tt>
|
159
|
-
# <tt>-h</tt>:: <tt>nmap.help</tt>
|
160
|
-
#
|
161
|
-
# <tt>{target specification}</tt>:: <tt>nmap.targets</tt>
|
162
|
-
#
|
163
|
-
class NmapTask < RProgram::Task
|
164
|
-
|
165
|
-
# TARGET SPECIFICATIONS:
|
166
|
-
short_option :flag => '-iL', :name => :target_file
|
167
|
-
short_option :flag => '-iR', :name => :random_targets
|
168
|
-
long_option :flag => '--exclude', :name => :exclude, :separator => ','
|
169
|
-
long_option :flag => '--excludefile', :name => :exclude_file
|
170
|
-
|
171
|
-
# HOST DISCOVERY:
|
172
|
-
short_option :flag => '-sL', :name => :list
|
173
|
-
short_option :flag => '-sP', :name => :ping
|
174
|
-
short_option :flag => '-PN', :name => :skip_discovery
|
175
|
-
short_option :flag => '-PS', :name => :syn_discovery
|
176
|
-
short_option :flag => '-PA', :name => :ack_discovery
|
177
|
-
short_option :flag => '-PU', :name => :udp_discovery
|
178
|
-
short_option :flag => '-PE', :name => :icmp_echo_discovery
|
179
|
-
short_option :flag => '-PP', :name => :icmp_timestamp_discovery
|
180
|
-
short_option :flag => '-PM', :name => :icmp_netmask_discovery
|
181
|
-
short_option :flag => '-PO', :name => :ip_ping
|
182
|
-
short_option :flag => '-n', :name => :disable_dns
|
183
|
-
short_option :flag => '-R', :name => :enable_dns
|
184
|
-
long_option :flag => '--dns-servers', :separator => ','
|
185
|
-
long_option :flag => '--system-dns'
|
186
|
-
|
187
|
-
# SCAN TECHNIQUES:
|
188
|
-
short_option :flag => '-sS', :name => :syn_scan
|
189
|
-
short_option :flag => '-sT', :name => :connect_scan
|
190
|
-
short_option :flag => '-sA', :name => :ack_scan
|
191
|
-
short_option :flag => '-sW', :name => :window_scan
|
192
|
-
short_option :flag => '-sM', :name => :maimon_scan
|
193
|
-
short_option :flag => '-sU', :name => :udp_scan
|
194
|
-
short_option :flag => '-sN', :name => :null_scan
|
195
|
-
short_option :flag => '-sF', :name => :fin_scan
|
196
|
-
short_option :flag => '-sX', :name => :xmas_scan
|
197
|
-
long_option :flag => '--scanflags', :name => :tcp_scan_flags
|
198
|
-
short_option :flag => '-sI', :name => :idle_scan
|
199
|
-
short_option :flag => '-s0', :name => :ip_scan
|
200
|
-
short_option :flag => '-b', :name => :ftp_bounce_scan
|
201
|
-
long_option :flag => '--traceroute', :name => :traceroute
|
202
|
-
long_option :flag => '--reason', :name => :show_reason
|
203
|
-
|
204
|
-
# PORT SPECIFICATION AND SCAN ORDER:
|
205
|
-
short_option :flag => '-p', :name => :ports, :separator => ','
|
206
|
-
short_option :flag => '-F', :name => :fast
|
207
|
-
short_option :flag => '-r', :name => :consecutively
|
208
|
-
long_option :flag => '--top-ports'
|
209
|
-
long_option :flag => '--port-ratio'
|
210
|
-
|
211
|
-
# SERVICE/VERSION DETECTION:
|
212
|
-
short_option :flag => '-sV', :name => :service_scan
|
213
|
-
long_option :flag => '--version-intensity'
|
214
|
-
long_option :flag => '--version-light'
|
215
|
-
long_option :flag => '--version-all'
|
216
|
-
long_option :flag => '--version-trace'
|
217
|
-
|
218
|
-
# SCRIPT SCAN:
|
219
|
-
short_option :flag => '-sC', :name => :default_script
|
220
|
-
long_option :flag => '--script'
|
221
|
-
long_option :flag => '--script-args',
|
222
|
-
:name => :script_params,
|
223
|
-
:separator => ','
|
224
|
-
long_option :flag => '--script-trace'
|
225
|
-
long_option :flag => '--script-updatedb', :name => :update_scriptdb
|
226
|
-
|
227
|
-
# OS DETECTION:
|
228
|
-
short_option :flag => '-O', :name => :os_fingerprint
|
229
|
-
long_option :flag => '--osscan_limit', :name => :limit_os_scan
|
230
|
-
long_option :flag => '--osscan_guess', :name => :max_os_scan
|
231
|
-
|
232
|
-
# TIMING AND PERFORMANCE:
|
233
|
-
long_option :flag => '--min-hostgroup', :name => :min_host_group
|
234
|
-
long_option :flag => '--max-hostgroup', :name => :max_host_group
|
235
|
-
long_option :flag => '--min-parallelism'
|
236
|
-
long_option :flag => '--max-parallelism'
|
237
|
-
long_option :flag => '--min-rtt-timeout'
|
238
|
-
long_option :flag => '--max-rtt-timeout'
|
239
|
-
long_option :flag => '--max-retries'
|
240
|
-
long_option :flag => '--host-timeout'
|
241
|
-
long_option :flag => '--scan-delay'
|
242
|
-
long_option :flag => '--max-scan-delay'
|
243
|
-
long_option :flag => '--min-rate'
|
244
|
-
long_option :flag => '--max-rate'
|
245
|
-
|
246
|
-
# FIREWALL/IDS EVASION AND SPOOFING:
|
247
|
-
short_option :flag => '-f', :name => :packet_fragments
|
248
|
-
long_option :flag => '--mtu'
|
249
|
-
short_option :flag => '-D', :name => :decoys, :separator => ','
|
250
|
-
short_option :flag => '-S', :name => :spoof
|
251
|
-
short_option :flag => '-e', :name => :interface
|
252
|
-
short_option :flag => '-g', :name => :source_port
|
253
|
-
long_option :flag => '--data-length'
|
254
|
-
long_option :flag => '--ip-options'
|
255
|
-
long_option :flag => '--ttl'
|
256
|
-
long_option :flag => '--spoof-mac'
|
257
|
-
long_option :flag => '--badsum', :name => :bad_checksum
|
258
|
-
|
259
|
-
# OUTPUT:
|
260
|
-
short_option :flag => '-oN', :name => :save
|
261
|
-
short_option :flag => '-oX', :name => :xml
|
262
|
-
short_option :flag => '-oS', :name => :skiddie
|
263
|
-
short_option :flag => '-oG', :name => :grepable
|
264
|
-
short_option :flag => '-v', :name => :verbose
|
265
|
-
long_option :flag => '--open', :name => :show_open_ports
|
266
|
-
long_option :flag => '--packet-trace', :name => :show_packets
|
267
|
-
long_option :flag => '--iflist', :name => :show_interfaces
|
268
|
-
long_option :flag => '--log-errors', :name => :show_log_errors
|
269
|
-
long_option :flag => '--append-output', :name => :append
|
270
|
-
long_option :flag => '--resume'
|
271
|
-
long_option :flag => '--stylesheet'
|
272
|
-
long_option :flag => '--webxml', :name => :nmap_stylesheet
|
273
|
-
long_option :flag => '--no-stylesheet', :name => :disable_stylesheet
|
274
|
-
|
275
|
-
# MISC:
|
276
|
-
short_option :flag => '-6', :name => :ipv6
|
277
|
-
short_option :flag => '-A', :name => :all
|
278
|
-
long_option :flag => '--datadir', :name => :nmap_datadir
|
279
|
-
long_option :flag => '--send-eth', :name => :raw_ethernet
|
280
|
-
long_option :flag => '--send-ip', :name => :raw_ip
|
281
|
-
long_option :flag => '--privledged'
|
282
|
-
long_option :flag => '--unprivleged'
|
283
|
-
short_option :flag => '-V', :name => :version
|
284
|
-
short_option :flag => '-h', :name => :help
|
285
|
-
|
286
|
-
non_option :tailing => true, :name => :targets
|
287
|
-
|
288
|
-
end
|
289
|
-
end
|
290
|
-
end
|