in dusty/scanners/dast/nmap/scanner.py [0:0]
def execute(self):
""" Run the scanner """
# Discover open ports
include_ports = list()
if self.config.get("include_ports", "0-65535"):
include_ports.append(f'-p{self.config.get("include_ports", "0-65535")}')
exclude_ports = list()
if self.config.get("exclude_ports", None):
exclude_ports.append("--exclude-ports")
exclude_ports.append(f'{self.config.get("exclude_ports")}')
target_url = url.parse_url(self.config.get("target"))
task = subprocess.run(["nmap", "-PN"] + include_ports + exclude_ports + [
"--min-rate", "1000", "--max-retries", "0", "--max-rtt-timeout", "200ms",
target_url.hostname
], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
log.log_subprocess_result(task)
# Use discovered ports
ports = list()
tcp_ports = ""
udp_ports = ""
for each in re.findall(r'([0-9]*/[tcp|udp])', str(task.stdout)):
if "/t" in each:
tcp_ports += f'{each.replace("/t", "")},'
elif "/u" in each:
udp_ports += f'{each.replace("/u", "")},'
if tcp_ports:
ports.append(f"-pT:{tcp_ports[:-1]}")
if udp_ports:
ports.append(f"-pU:{udp_ports[:-1]}")
if not ports:
log.warning("No open ports found. Exiting")
return
# Make temporary files
output_file_fd, output_file = tempfile.mkstemp()
log.debug("Output file: %s", output_file)
os.close(output_file_fd)
# Scan target
nmap_parameters = shlex.split(self.config.get("nmap_parameters", "-v -sVA"))
nse_scripts = self.config.get(
"nse_scripts",
"ssl-date,http-mobileversion-checker,http-robots.txt,http-title,http-waf-detect,"
"http-chrono,http-headers,http-comments-displayer,http-date"
)
task = subprocess.run(["nmap"] + nmap_parameters + ports + [
"--min-rate", "1000", "--max-retries", "0", f'--script={nse_scripts}',
target_url.hostname, "-oX", output_file
], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
log.log_subprocess_result(task)
# Parse findings
parse_findings(output_file, self)
# Save intermediates
self.save_intermediates(output_file, task)
# Remove temporary files
os.remove(output_file)