The other day I was faced with a challenge where I needed to store each nmap scan as its own file. I created this quick python script to assist with doing this.
#!/usr/bin/python
import sys
import os
import re
scanFile = 'scan.list'
def selectScan(nList, dList, sIP, eIP):
file = open('scan.list', 'r')
for line in file:
if '#' not in line:
theList = line.split(',')
nList.append(theList[0])
dList.append(theList[1])
sIP.append(theList[2])
eIP.append(theList[3].strip())
file.close()
print
print "Select which scan you would like to perform:"
print
for i in range(0, len(nList)):
print str(i+1) + ". Scan: " + nList[i] + ", Save to Directory: " + dList[i] + ", Start IP: " + sIP[i] + ", End IP: " + eIP[i]
print
scanSelect = raw_input('Select: ')
try:
scanSelect = int(scanSelect)
scanSelect = scanSelect - 1
except:
scanSelect = 9999
return scanSelect
def ipRangeScan(nList, dList, sIP, eIP):
dList = dList.strip(' ')
sIP = sIP.strip(' ')
eIP = eIP.strip(' ')
# nmap -sP 172.16.2.1-31 -oN test/test.subnet
print
print "Checking to see if the directory exists that we are saving the results to..."
if not os.path.exists(dList):
os.mkdir(dList)
# This only works if the scan encompasses a /24 to a /31 subnet range... Any subnet larger that a /24 will not work
ipScanRange = sIP + '-' + eIP.split('.')[3]
saveFile = dList + "/" + dList + ".range"
print "Executing 'nmap -sP " + ipScanRange + " -oN " + saveFile
execCommand = "nmap -sP " + ipScanRange + " -oN " + saveFile
c = os.system(execCommand)
def individualIPScan(nList, dList, sIP, eIP):
dList = dList.strip(' ')
sIP = sIP.strip(' ')
eIP = eIP.strip(' ')
ipList = []
# nmap -sS -sV -O 172.16.2.1 -oN test/172_16_2_1.nmap
print
print "Checking to see if the directory exists that we are saving the results to..."
if not os.path.exists(dList):
os.mkdir(dList)
saveFile = dList + "/" + dList + ".range"
f = open(saveFile, 'r')
pattern = re.compile('^.*for\s[0-9]+(?:\.[0-9]+){3}(?:.*$|$)')
for line in f:
if pattern.match(line.strip()):
ip = re.findall(r'[0-9]+(?:\.[0-9]+){3}', line)
ipList = ipList + ip
f.close()
ipStartRange = int(sIP.split('.')[3])
ipEndRange = int(eIP.split('.')[3]) + 1 # If you do not add 1 it does not catch the last IP in the range
for j in range(ipStartRange, ipEndRange):
currentIP = sIP.split('.')[0] + "." + sIP.split('.')[1] + "." + sIP.split('.')[2] + "." + str(j)
# Only scan the IP Addresses that were found through the previous scan...
if currentIP in ipList:
saveFile = dList + "/" + currentIP.replace('.','_') + ".nmap"
print "Executing 'nmap -sS -sV -O " + currentIP + " -oN " + saveFile + "'"
execCommand = "nmap -sS -sV -O " + currentIP + " -oN " + saveFile
c = os.system(execCommand)
def main():
while True:
selection = 0
nameList = []
dirList = []
startIP = []
endIP = []
selection = selectScan(nameList, dirList, startIP, endIP)
if ((selection < 9999) and (selection <= (len(nameList)-1))):
print "You selected to perform the following scan: " + nameList[selection]
continueScan = raw_input('Run the above selected scan? (y/n): ')
if (continueScan == 'y' or continueScan == 'Y'):
ipRangeScan(nameList[selection], dirList[selection], startIP[selection], endIP[selection])
individualIPScan(nameList[selection], dirList[selection], startIP[selection], endIP[selection])
else:
print "Error: The scan was aborted"
print
else:
print "Error: The selection of the scan was incorrect"
print
if __name__ == "__main__":
main()
It parses a file like the following to cycle through a variety of scans that you can stage. To comment out a line in the scan.list file just place a # in the front of the line. I have not tested this but I believe you can not have spaces in the save to directory.
#Name of Scan, Save to Directory, Start IP Address, End IP Address
Test1, test1, 172.16.2.1, 172.16.2.31
Test2, test2, 172.16.2.32, 172.16.2.63
