Create nmap_scan.py

2025-10-23 00:02:11 +00:00 · 2022-08-20 08:14:23 -05:00
parent b9ca589285
commit 03cd60491b
1 changed files with 45 additions and 0 deletions
--- a/Nmap/nmap_scan.py
+++ b/Nmap/nmap_scan.py
@@ -0,0 +1,45 @@
+################################
+### Python Script to Run Network Scans and append results to Wazuh Active Responses Log
+### Requirements:
+###     NMAP installed in Agent
+###     python-nmap (https://pypi.org/project/python-nmap/)
+### Replace the Array "subnets" with the subnets to scan from this agent.
+### Do NOT include subnets with a network firewall in the path of the agent and the subnet.
+################################
+import nmap
+import time
+import json
+nm = nmap.PortScanner()
+#Add subnets to scan to the Subnets Array
+subnets=['192.168.252.0/24','192.168.1.0/24']
+for subnet in subnets:
+    json_output={}
+    nm.scan(subnet)
+    for host in nm.all_hosts():
+        json_output['nmap_host']=host
+        for proto in nm[host].all_protocols():
+            if proto not in ["tcp", "udp"]:
+                continue
+            json_output['nmap_protocol']=proto
+            lport = list(nm[host][proto].keys())
+            lport.sort()
+            for port in lport:
+                hostname = ""
+                json_output['nmap_port']=port
+                for h in nm[host]["hostnames"]:
+                    hostname = h["name"]
+                    json_output['nmap_hostname']=hostname
+                    hostname_type = h["type"]
+                    json_output['nmap_hostname_type']=hostname_type
+                    json_output['nmap_port_name']=nm[host][proto][port]["name"]
+                    json_output['nmap_port_state']=nm[host][proto][port]["state"]
+                    json_output['nmap_port_product']=nm[host][proto][port]["product"]
+                    json_output['nmap_port_extrainfo']=nm[host][proto][port]["extrainfo"]
+                    json_output['nmap_port_reason']=nm[host][proto][port]["reason"]
+                    json_output['nmap_port_version']=nm[host][proto][port]["version"]
+                    json_output['nmap_port_conf']=nm[host][proto][port]["conf"]
+                    json_output['nmap_port_cpe']=nm[host][proto][port]["cpe"]
+                    with open("/var/ossec/logs/active-responses.log", "a") as active_response_log:
+                        active_response_log.write(json.dumps(json_output))
+                        active_response_log.write("\n")
+                time.sleep(2)