paulmataruso/main
1
0
Fork 0
mirror of https://github.com/socfortress/Wazuh-Rules.git synced 2025-10-24 00:23:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
03cd60491b8dadeadbacd71b5aa7d4de5c0ba6d6
main/Nmap/nmap_scan.py
SOCFortress 03cd60491b Create nmap_scan.py
2022-08-20 08:14:23 -05:00

46 lines
2.2 KiB
Python
Raw Blame History

################################
### Python Script to Run Network Scans and append results to Wazuh Active Responses Log
### Requirements:
### NMAP installed in Agent
### python-nmap (https://pypi.org/project/python-nmap/)
### Replace the Array "subnets" with the subnets to scan from this agent.
### Do NOT include subnets with a network firewall in the path of the agent and the subnet.
################################
import nmap
import time
import json
nm = nmap.PortScanner()
#Add subnets to scan to the Subnets Array
subnets=['192.168.252.0/24','192.168.1.0/24']
for subnet in subnets:
json_output={}
nm.scan(subnet)
for host in nm.all_hosts():
json_output['nmap_host']=host
for proto in nm[host].all_protocols():
if proto not in ["tcp", "udp"]:
continue
json_output['nmap_protocol']=proto
lport = list(nm[host][proto].keys())
lport.sort()
for port in lport:
hostname = ""
json_output['nmap_port']=port
for h in nm[host]["hostnames"]:
hostname = h["name"]
json_output['nmap_hostname']=hostname
hostname_type = h["type"]
json_output['nmap_hostname_type']=hostname_type
json_output['nmap_port_name']=nm[host][proto][port]["name"]
json_output['nmap_port_state']=nm[host][proto][port]["state"]
json_output['nmap_port_product']=nm[host][proto][port]["product"]
json_output['nmap_port_extrainfo']=nm[host][proto][port]["extrainfo"]
json_output['nmap_port_reason']=nm[host][proto][port]["reason"]
json_output['nmap_port_version']=nm[host][proto][port]["version"]
json_output['nmap_port_conf']=nm[host][proto][port]["conf"]
json_output['nmap_port_cpe']=nm[host][proto][port]["cpe"]
with open("/var/ossec/logs/active-responses.log", "a") as active_response_log:
active_response_log.write(json.dumps(json_output))
active_response_log.write("\n")
time.sleep(2)
Reference in New Issue View Git Blame Copy Permalink