Python – NMAP/SSH Fun

Python – NMAP/SSH Fun


I am currently working on some Ansible/Python project(s) (More to come on that soon) and am working on integrating some functionality between some of the moving components. One of them is scanning subnet(s) with NMAP and testing SSH access (May not be the most efficient, but time will tell) along with spitting out some JSON results. So I figured I would share the Python script that I am currently working on for this.

And if I were to run this against a subnet such as (Only scanning hosts for an SSH port)…

nmap_fun.py 172.28.128.0/24 22 22 --sshuser vagrant --sshpass vagrant --testssh true

I would get the following results…Now I could easily use these results elsewhere 🙂

{
    "hosts": {
        "172.28.128.11": {
            "scanned_ports": [
                {
                    "product": "OpenSSH", 
                    "state": "open", 
                    "port": 22, 
                    "name": "ssh"
                }
            ], 
            "host": "172.28.128.11", 
            "hostname": "Lookup failed", 
            "protocol": "tcp", 
            "ssh_connection_status": "Successful"
        }, 
        "172.28.128.10": {
            "scanned_ports": [
                {
                    "product": "OpenSSH", 
                    "state": "open", 
                    "port": 22, 
                    "name": "ssh"
                }
            ], 
            "host": "172.28.128.10", 
            "hostname": "Lookup failed", 
            "protocol": "tcp", 
            "ssh_connection_status": "Successful"
        }, 
        "172.28.128.13": {
            "scanned_ports": [
                {
                    "product": "OpenSSH", 
                    "state": "open", 
                    "port": 22, 
                    "name": "ssh"
                }
            ], 
            "host": "172.28.128.13", 
            "hostname": "Lookup failed", 
            "protocol": "tcp", 
            "ssh_connection_status": "Successful"
        }, 
        "172.28.128.12": {
            "scanned_ports": [
                {
                    "product": "OpenSSH", 
                    "state": "open", 
                    "port": 22, 
                    "name": "ssh"
                }
            ], 
            "host": "172.28.128.12", 
            "hostname": "Lookup failed", 
            "protocol": "tcp", 
            "ssh_connection_status": "Successful"
        }, 
        "172.28.128.9": {
            "scanned_ports": [
                {
                    "product": "OpenSSH", 
                    "state": "open", 
                    "port": 22, 
                    "name": "ssh"
                }
            ], 
            "host": "172.28.128.9", 
            "hostname": "Lookup failed", 
            "protocol": "tcp", 
            "ssh_connection_status": "Successful"
        }, 
        "172.28.128.1": {
            "scanned_ports": [
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 22, 
                    "name": "ssh"
                }
            ], 
            "host": "172.28.128.1", 
            "hostname": "Lookup failed", 
            "protocol": "tcp", 
            "ssh_connection_status": "Unable to Connect"
        }
    }
}

But maybe instead of checking for an SSH connection I would like to scan a subnet for the common ports defined in the Python script variable common_ports and return those results in JSON.

nmap_fun.py 10.0.102.0/24

I would get some additional information in my JSON results..

{
    "hosts": {
        "10.0.102.1": {
            "scanned_ports": [
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 21, 
                    "name": "ftp"
                }, 
                {
                    "product": "OpenSSH", 
                    "state": "open", 
                    "port": 22, 
                    "name": "ssh"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 23, 
                    "name": "telnet"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 25, 
                    "name": "smtp"
                }, 
                {
                    "product": "", 
                    "state": "open", 
                    "port": 53, 
                    "name": "domain"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 69, 
                    "name": "tftp"
                }, 
                {
                    "product": "nginx", 
                    "state": "open", 
                    "port": 80, 
                    "name": "http"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 109, 
                    "name": "pop2"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 110, 
                    "name": "pop3"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 123, 
                    "name": "ntp"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 137, 
                    "name": "netbios-ns"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 138, 
                    "name": "netbios-dgm"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 139, 
                    "name": "netbios-ssn"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 143, 
                    "name": "imap"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 156, 
                    "name": ""
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 389, 
                    "name": "ldap"
                }, 
                {
                    "product": "nginx", 
                    "state": "open", 
                    "port": 443, 
                    "name": "http"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 445, 
                    "name": "microsoft-ds"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 546, 
                    "name": ""
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 547, 
                    "name": ""
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 993, 
                    "name": "imaps"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 995, 
                    "name": "pop3s"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 3306, 
                    "name": "mysql"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 3389, 
                    "name": "ms-wbt-server"
                }
            ], 
            "host": "10.0.102.1", 
            "hostname": "Lookup failed", 
            "protocol": "tcp"
        }, 
        "10.0.102.129": {
            "scanned_ports": [
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 21, 
                    "name": "ftp"
                }, 
                {
                    "product": "OpenSSH", 
                    "state": "open", 
                    "port": 22, 
                    "name": "ssh"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 23, 
                    "name": "telnet"
                }, 
                {
                    "product": "Postfix smtpd", 
                    "state": "open", 
                    "port": 25, 
                    "name": "smtp"
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 53, 
                    "name": "domain"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 69, 
                    "name": "tftp"
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 80, 
                    "name": "http"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 109, 
                    "name": "pop2"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 110, 
                    "name": "pop3"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 123, 
                    "name": "ntp"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 137, 
                    "name": "netbios-ns"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 138, 
                    "name": "netbios-dgm"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 139, 
                    "name": "netbios-ssn"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 143, 
                    "name": "imap"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 156, 
                    "name": ""
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 389, 
                    "name": "ldap"
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 443, 
                    "name": "https"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 445, 
                    "name": "microsoft-ds"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 546, 
                    "name": ""
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 547, 
                    "name": ""
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 993, 
                    "name": "imaps"
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 995, 
                    "name": "pop3s"
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 3306, 
                    "name": "mysql"
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 3389, 
                    "name": "ms-wbt-server"
                }
            ], 
            "host": "10.0.102.129", 
            "hostname": "'ansible-control.etsbv.internal'", 
            "protocol": "tcp"
        }, 
        "10.0.102.128": {
            "scanned_ports": [
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 21, 
                    "name": "ftp"
                }, 
                {
                    "product": "OpenSSH", 
                    "state": "open", 
                    "port": 22, 
                    "name": "ssh"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 23, 
                    "name": "telnet"
                }, 
                {
                    "product": "Postfix smtpd", 
                    "state": "open", 
                    "port": 25, 
                    "name": "smtp"
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 53, 
                    "name": "domain"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 69, 
                    "name": "tftp"
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 80, 
                    "name": "http"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 109, 
                    "name": "pop2"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 110, 
                    "name": "pop3"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 123, 
                    "name": "ntp"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 137, 
                    "name": "netbios-ns"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 138, 
                    "name": "netbios-dgm"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 139, 
                    "name": "netbios-ssn"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 143, 
                    "name": "imap"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 156, 
                    "name": ""
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 389, 
                    "name": "ldap"
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 443, 
                    "name": "https"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 445, 
                    "name": "microsoft-ds"
                }, 
                {
                    "product": "", 
                    "state": "filtered", 
                    "port": 546, 
                    "name": ""
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 547, 
                    "name": ""
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 993, 
                    "name": "imaps"
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 995, 
                    "name": "pop3s"
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 3306, 
                    "name": "mysql"
                }, 
                {
                    "product": "", 
                    "state": "closed", 
                    "port": 3389, 
                    "name": "ms-wbt-server"
                }
            ], 
            "host": "10.0.102.128", 
            "hostname": "'smtp.etsbv.internal'", 
            "protocol": "tcp"
        }
    }
}

So there you have it…Stay tuned for more on this and more…

Enjoy!

About Larry Smith Jr.

vExpert 2013-2016 | Old-School coder coming back around to my roots #DevOPS and #automation | #Ansible junky!

Leave a Reply

Your email address will not be published. Required fields are marked *

*