diff --git a/AnmapThread.py b/AnmapThread.py index 3ceec09..8fd0f30 100644 --- a/AnmapThread.py +++ b/AnmapThread.py @@ -1,4 +1,5 @@ -from nmap import PortScanner +import nmap +import masscan from threading import Thread from datetime import datetime @@ -8,7 +9,7 @@ class AnmapThread(Thread): Thread.__init__(self) self.host = hostname self.ports = ports - self.nm = PortScanner() + self.scanner = nmap.PortScanner() self.verbose = verbose self.daemon = True self.out = out @@ -17,12 +18,12 @@ class AnmapThread(Thread): class ThoroughAnmapThread(AnmapThread): def run(self): log("Starting thorough scan on " + self.host, self.verbose) - self.nm.scan(self.host, "1," + ",".join(self.ports), - arguments='-sSVC -A -Pn{}'.format(output(self.out, self.host, 2))) + self.scanner.scan(self.host, "1," + ",".join(self.ports), + arguments='-sSVC -A -Pn{}'.format(output(self.out, self.host, 2))) if self.out: - with open(output(True, self.host, 5), "w") as out: - out.write(self.nm.get_nmap_last_output()) - host = self.nm[self.host] + with open(output(True, self.host, 5), "w") as outfile: + outfile.write(self.scanner.get_nmap_last_output()) + host = self.scanner[self.host] for p in host.all_tcp(): if p == 1: continue @@ -33,12 +34,12 @@ class ThoroughAnmapThread(AnmapThread): class UDPAnmapThread(AnmapThread): def run(self): log("Starting UDP scan on " + self.host, self.verbose) - self.nm.scan(self.host, arguments='-sVCU -A -Pn --top-ports {}{}'. - format(self.ports, output(self.out, self.host, 3))) + self.scanner.scan(self.host, arguments='-sVCU -A -Pn --top-ports {}{}'. + format(self.ports, output(self.out, self.host, 3))) if self.out: - with open(output(True, self.host, 6), "w") as out: - out.write(self.nm.get_nmap_last_output()) - host = self.nm[self.host] + with open(output(True, self.host, 6), "w") as outfile: + outfile.write(self.scanner.get_nmap_last_output()) + host = self.scanner[self.host] for p in host.all_udp(): log("Port {}/udp: {}".format(p, host['udp'][p]), self.verbose) log("Finished UDP scan on " + self.host, self.verbose) @@ -47,27 +48,47 @@ class UDPAnmapThread(AnmapThread): class BaseAnmapThread(AnmapThread): def __init__(self, hostname, ports, verbose, out): AnmapThread.__init__(self, hostname, ports, verbose, out) - self.host_list = dict() + self.host_dict = dict() def run(self): log("Starting quick scan", self.verbose) - self.nm.scan(self.host, arguments='-sS -Pn -p{}{}'.format(self.ports, output(self.out, self.host, 1))) + self.scanner.scan(self.host, arguments='-sS -Pn -p{}{}'.format(self.ports, output(self.out, self.host, 1))) if self.out: - with open(output(True, self.host, 4), "w") as out: - out.write(self.nm.get_nmap_last_output()) + with open(output(True, self.host, 4), "w") as outfile: + outfile.write(self.scanner.get_nmap_last_output()) log("Finished quick scan", self.verbose) - for hostname in self.nm.all_hosts(): - host = self.nm[hostname] + for hostname in self.scanner.all_hosts(): + host = self.scanner[hostname] port_list = list() for p in host.all_tcp(): - if self.nm[hostname]['tcp'][p]['state'] == 'open': + if self.scanner[hostname]['tcp'][p]['state'] == 'open': port_list.append(str(p)) if port_list is not list(): - self.host_list[hostname] = port_list + self.host_dict[hostname] = port_list def rjoin(self): Thread.join(self) - return self.host_list + return self.host_dict + + +class MasscanAnmapThread(BaseAnmapThread): + def __init__(self, hostname, ports, verbose, out): + AnmapThread.__init__(self, hostname, ports, verbose, out) + self.host_dict = dict() + self.scanner = masscan.PortScanner() + + def run(self): + log("Starting masscan scan", self.verbose) + self.scanner.scan(self.host, arguments='-p{}{}'.format(self.ports, output(self.out, self.host, 7))) + log("Finished quick scan", self.verbose) + for hostname in self.scanner.all_hosts(): + host = self.scanner[hostname] + port_list = list() + for p in host.all_tcp(): + if self.scanner[hostname]['tcp'][p]['state'] == 'open': + port_list.append(str(p)) + if port_list is not list(): + self.host_dict[hostname] = port_list def output(o, host, st): @@ -87,6 +108,8 @@ def output(o, host, st): return "nmap_{}_SVCA_{}.xml".format(host, date()) if st == 6: return "nmap_{}_VCUA_{}.xml".format(host, date()) + if st == 7: + return " -oG masscan_{}_S_{}.gnmap -oX masscan_{}_S_{}.xml".format(host, date(), host, date()) def log(message, verbose): diff --git a/anmap.py b/anmap.py index f644b85..1b5360e 100644 --- a/anmap.py +++ b/anmap.py @@ -1,5 +1,6 @@ +#!/usr/bin/python3 from argparse import ArgumentParser -from AnmapThread import UDPAnmapThread, ThoroughAnmapThread, BaseAnmapThread +from AnmapThread import UDPAnmapThread, ThoroughAnmapThread, BaseAnmapThread, MasscanAnmapThread, log if __name__ == "__main__": @@ -10,6 +11,7 @@ if __name__ == "__main__": prog="anmap.py") ap.add_argument("-u", "--udp", default=1000, type=int, help="The number of UDP ports to scan (Default 1000)") ap.add_argument("-v", "--verbose", action="store_true", help="This enables verbose output") + ap.add_argument("-m", "--masscan", action="store_true", help="This enables masscan for first scan") ap.add_argument("-d", "--debug", action="store_true", help="Sets flags -v and -u 100 and scans only the first 1000 tcp ports") ap.add_argument("-o", "--output", action="store_true", help="Enables saving of output files") @@ -19,13 +21,38 @@ if __name__ == "__main__": args.verbose = True args.udp = 100 try: - # Scanning all tcp ports - t0 = BaseAnmapThread(args.HOST, "1-1000" if args.debug else "-", args.verbose, args.output) - t0.start() - host_list = t0.rjoin() + c = host_dict = "" + if args.masscan: + # Scanning all tcp ports with masscan + tm = MasscanAnmapThread(args.HOST, "1-1000" if args.debug else "-", args.verbose, args.output) + tm.start() + host_dict = tm.rjoin() + np = 0 + for p in host_dict.values(): + np += len(p) + log("Found {} open ports on {} host(s) with masscan".format(np, len(host_dict)), args.verbose) + c = input("Do you want to continue without a full nmap scan? (y/N)") + if c != "y": + # Scanning all tcp ports with nmap + t0 = BaseAnmapThread(args.HOST, "1-1000" if args.debug else "-", args.verbose, args.output) + t0.start() + host_dict = t0.rjoin() + np = 0 + for p in host_dict.values(): + np += len(p) + log("Found {} open ports on {} host(s) with nmap".format(np, len(host_dict)), args.verbose) + else: + # Scanning all tcp ports with nmap + t0 = BaseAnmapThread(args.HOST, "1-1000" if args.debug else "-", args.verbose, args.output) + t0.start() + host_dict = t0.rjoin() + np = 0 + for p in host_dict.values(): + np += len(p) + log("Found {} open ports on {} host(s) with nmap".format(np, len(host_dict)), args.verbose) # Starting thorough and udp scan for each host in separate threads thread_list = list() - for host, open_port_list in host_list.items(): + for host, open_port_list in host_dict.items(): thread_list.append(ThoroughAnmapThread(host, open_port_list, args.verbose, args.output)) thread_list.append(UDPAnmapThread(host, args.udp, args.verbose, args.output)) for t in thread_list: