From 03cd60491b8dadeadbacd71b5aa7d4de5c0ba6d6 Mon Sep 17 00:00:00 2001
From: SOCFortress <95670863+socfortress@users.noreply.github.com>
Date: Sat, 20 Aug 2022 08:14:23 -0500
Subject: [PATCH] Create nmap_scan.py

---
 Nmap/nmap_scan.py | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 Nmap/nmap_scan.py

diff --git a/Nmap/nmap_scan.py b/Nmap/nmap_scan.py
new file mode 100644
index 0000000..d7d8af3
--- /dev/null
+++ b/Nmap/nmap_scan.py
@@ -0,0 +1,45 @@
+################################
+### Python Script to Run Network Scans and append results to Wazuh Active Responses Log
+### Requirements:
+###     NMAP installed in Agent
+###     python-nmap (https://pypi.org/project/python-nmap/)
+### Replace the Array "subnets" with the subnets to scan from this agent.
+### Do NOT include subnets with a network firewall in the path of the agent and the subnet.
+################################
+import nmap
+import time
+import json
+nm = nmap.PortScanner()
+#Add subnets to scan to the Subnets Array
+subnets=['192.168.252.0/24','192.168.1.0/24']
+for subnet in subnets:
+    json_output={}
+    nm.scan(subnet)
+    for host in nm.all_hosts():
+        json_output['nmap_host']=host
+        for proto in nm[host].all_protocols():
+            if proto not in ["tcp", "udp"]:
+                continue
+            json_output['nmap_protocol']=proto
+            lport = list(nm[host][proto].keys())
+            lport.sort()
+            for port in lport:
+                hostname = ""
+                json_output['nmap_port']=port
+                for h in nm[host]["hostnames"]:
+                    hostname = h["name"]
+                    json_output['nmap_hostname']=hostname
+                    hostname_type = h["type"]
+                    json_output['nmap_hostname_type']=hostname_type
+                    json_output['nmap_port_name']=nm[host][proto][port]["name"]
+                    json_output['nmap_port_state']=nm[host][proto][port]["state"]
+                    json_output['nmap_port_product']=nm[host][proto][port]["product"]
+                    json_output['nmap_port_extrainfo']=nm[host][proto][port]["extrainfo"]
+                    json_output['nmap_port_reason']=nm[host][proto][port]["reason"]
+                    json_output['nmap_port_version']=nm[host][proto][port]["version"]
+                    json_output['nmap_port_conf']=nm[host][proto][port]["conf"]
+                    json_output['nmap_port_cpe']=nm[host][proto][port]["cpe"]
+                    with open("/var/ossec/logs/active-responses.log", "a") as active_response_log:
+                        active_response_log.write(json.dumps(json_output))
+                        active_response_log.write("\n")
+                time.sleep(2)