If extraports exists, r becomes None. r.get raises an exception.

I think libnmap is a nifty library with good documentation, but I have noticed that when scanning a /24, NmapProcess never completes when run in both the background and not. On Ubuntu 14.04, I can see the underlying nmap process finish up and shutdown, but the NmapProcess progress (with run_background) gets stuck at 99.xx% and parsing the stdout generates an XML structure error. The stop method seems to work, but the parsed results still fail. Subnets smaller than /25 complete as expected.

Perhaps it is something about my environment since I would think someone else must have tried NmapProcess on a /24 before? Please let me know if I can provide more information.

Thanks

/home/username/.virtualenvs/project/local/lib/python2.7/site-packages/libnmap/objects/host.pyc in os_fingerprint(self)
    317         rval = ''
    318         if self.os is not None:
--> 319             rval = self.os.fingerprints.join("\n")
    320         return rval
    321 

AttributeError: 'list' object has no attribute 'join'

self.os.finerprints is a list, It should be fixed like this:

"\n".join(self.os.fingerprints)

Can't there be multiple tags in the XML output? e.g 1000 closed ports and 1000 filtered? host.extraports_state just returns a dictionary containing the last tag to be processed.

There needs to be a way to stop asynchronous scans. I know it's typically bad form to kill threads abruptly but nmap has the potential to take a long time to run and may need to be killed.

Why are you use multiprocessing for read nmap stdout?

Here I create version without multiprocessing removed multiprocessing

Hello :)
With some options given to the nmap such as (type ping):

nm = NmapProcess('192.168.0.0/24', options='-e wlan0 -n -sP -PR')
nm.sudo_run()
report = NmapParser.parse(nm.stdout)
print report.scan_type

The scan_type is absent which lead to a KeyError:

In [13]: print report.scan_type
scan_type(self)
--> 113         return self._scaninfo['type']
KeyError: 'type'

And because of this error it's impossible to proceed a diff on the report.
Maybe it would be nice to put a default _scaninfo['type'] to avoid this kind of behavior ?

-sn option does not create a tag, and report.scantype returns a KeyError.

nothing returned when invoking NmapHost.os_class_probabilities()

I got this AttributeError when using os_class_probabilities()

def nmap(target):
    nmap_proc = NmapProcess(targets=target, options="-O")
    nmap_proc.sudo_run()

    if nmap_proc.rc == 0:
        nmap_report = nmap_proc.stdout
    else:
        return

    try:
        parsed = NmapParser.parse(nmap_report)
    except NmapParserException, e:
        return

    for host in parsed.hosts:
        osclass = host.os_class_probabilities()

Then, I got exception:

AttributeError: 'NmapOSFingerprint' object has no attribute 'osclasses'

I read the code of libnmap/objects/os.py, and found it only has a method called osclass, while method osclasses does really not exist. Is it lost?

When I changed rval = self.os.osclasses to rval = self.os.osclass() (libnmap/objects/host.py), I got another exception:

File "/path/libnmap/objects/os.py", line 369, in osclass
  for osmatch_entry in self.osmatches():
TypeError: 'list' object is not callable

Then I found osmatches has decorator @property. So it may another bug.

And a typo of method osclass (libnmap/objects/os.py) :
_ftstr = "type:{0}|vendor:{1}|osfamily{2}".format(
->
_ftstr = "type:{0}|vendor:{1}|osfamily:{2}".format(

Hi, I can't run udp scan with libnmap and i have to use -sT options intead of -sS option to run TCP scan.

I'm not sure if I am not finding the correct attribute to access but retrieving the CPE data does not seem possible. This is important if we want to search for vulns in things like CVE.

Hi @savon-noir,

it seems there is a deadlock in NmapProcess.run().
This issue occurs with:
/usr/bin/nmap -oX - -vvv --stats-every 1s --top-ports 5 --unprivileged -sT 127.0.0.1

Popen.poll() checks if the process is still existent, but the iteration on the stdout.readline never finishes if there is too much output.

Breaking the iteration if the streamline is empty may fix this issue:

        while self.__nmap_proc.poll() is None:
            for streamline in iter(self.__nmap_proc.stdout.readline, ''):
                if not streamline:
                    break
                self.__stdout += str(streamline)
                evnt = self.__process_event(streamline)
                if self.__nmap_event_callback and evnt:
                    self.__nmap_event_callback(self)

NMap scan: nmap -sC -sV -T4 -O -v -iL K:\Development\Python\test_switches.txt -oX K:\Development\Python\test_switches.xml"

the xml produced:

The code:

!/usr/bin/env python

import nmap library

from libnmap.parser import NmapParser
from libnmap.objects import *

TODO check for valid input file name and valid csv export pathname

TODO use command line input for xml source file name

parse nmap xml and get nmap report object

nmapReport = NmapParser.parse_fromfile('HO_-sC-sV-T4-O-oX.xml')

nmapReport = NmapParser.parse_fromfile('test_120.xml')

nmapReport = NmapParser.parse_fromfile('test_-sC-sV-T4-O-oX-iL.xml')

nmapReport = NmapParser.parse_fromfile('test_printers.xml')

nmapReport = NmapParser.parse_fromfile('test_switches.xml')

TODO use command line input for output file

outputCsv = open('test_HO.csv', 'w')

write header line to console and csv

print('IP Address,State,Host Name,MAC Address,MAC Vendor,Device Type,OS')
outputCsv.write('IP Address, State, Host Name, MAC Address, MAC Vendor, Device Type, OS\n')

get array of nmap host objects from nmap report object

hostList = nmapReport.hosts

iterate thru nmap host objects

for host in hostList:
#will always have host IPv4 address and up/down status
hostAddy = host.address
hostStatus = host.status
#instantiate the other datums variables we are interested in
hostName = ""
hostMac = ""
hostVendor = ""
hostDevice = ""
hostOS = ""

#check if host is up
if host.is_up():
    #instantiate script result dictionaries
    nbstatDict = None
    smbDict = None
    #iterate thru array of script results dictionaries
    for scriptDict in host.scripts_results:
        #check for nbstat scriptname id
        if scriptDict.get('id') == "nbstat":
            #get the nbstat script result dictionary
            nbstatDict = scriptDict
        #check for sm-os-discovery script id
        elif scriptDict.get('id') == "smb-os-discovery":
            smbDict = scriptDict

    #if we have an nbstat script results
    if nbstatDict:
        #get the hostname from it
        hostName = nbstatDict.get('elements').get('server_name')
    else:
        #check if we have a hostname from dns
        if len(host.hostnames) >0:
            #use the 1st fqdn hostname from array
            hostName = host.hostnames[0]
        else:
            #use the ipv4 addy
            hostName = host.address

    #if we have smb os discovery results 
    if smbDict:
        #get the os from it
        hostOS =  smbDict.get('elements').get('os')
    else:
        #check if we have a fingerprint
        if host.os_fingerprinted:
            #use the 1st (highest confidence) fingerprint
            hostOS = host.os.osmatches[0].name
        else:
            #use host ipv4 addy
            hostOS = "unable to determine OS"

    #get mac address
    hostMac = host.mac
    #get mac vendor
    hostVendor = host._address[1].get('vendor')

    #iterate thru list of NMap service objects for the current host
    for hostService in host.services:
        #get the services dictionary for current host 
        serviceDict = hostService.service
        #check for a printer
        if serviceDict.get('name') == "printer":
            hostDevice = "printer"
        #check for a switch
        if serviceDict.get('devicetype') == "switch":
            hostDevice = "switch"


#print the host info to console and csv
print(hostAddy, hostStatus, hostName, hostMac, hostVendor, hostDevice, hostOS, sep=",")
outputCsv.write(hostName + "," + hostStatus + "," + hostMac + "," + hostVendor + "," + hostDevice + "," + hostOS)

The results:
pydev debugger: starting (pid: 2588)
IP Address,State,Host Name,MAC Address,MAC Vendor,Device Type,OS
Traceback (most recent call last):
File "C:\Development\adt-bundle-windows-x86_64-20131030\eclipse\dropins\PyDev 3.5.0\plugins\org.python.pydev_3.5.0.201405201709\pysrc\pydevd.py", line 1845, in
debugger.run(setup['file'], None, None)
File "C:\Development\adt-bundle-windows-x86_64-20131030\eclipse\dropins\PyDev 3.5.0\plugins\org.python.pydev_3.5.0.201405201709\pysrc\pydevd.py", line 1373, in run
pydev_imports.execfile(file, globals, locals) # execute the script
File "C:\Development\adt-bundle-windows-x86_64-20131030\eclipse\dropins\PyDev 3.5.0\plugins\org.python.pydev_3.5.0.201405201709\pysrc_pydev_execfile.py", line 38, in execfile
exec(compile(contents+"\n", file, 'exec'), glob, loc) #execute the script
File "K:\Development\Python\NMapParser.py", line 89, in
if serviceDict.get('name') == "printer":
AttributeError: 'str' object has no attribute 'get'

Now when I directly access the the service dictionary by changing line 87 to serviceDict = hostService._service from serviceDict = hostService.service,
the proper results:
IP Address,State,Host Name,MAC Address,MAC Vendor,Device Type,OS
129.129.10.24,up,129.129.10.24,00:0E:7F:C4:4D:C0,Hewlett-Packard Company,switch,Xerox WorkCentre Pro 7245 printer
129.129.10.25,up,129.129.10.25,00:10:83:0E:57:00,Hewlett-packard Company,switch,HP ProCurve 4000M switch (J4121A)
129.129.10.71,up,129.129.10.71,C0:91:34:C8:C0:80,ProCurve Networking by HP,switch,HP ProCurve 5406zl switch
129.129.10.72,up,129.129.10.72,68:B5:99:17:CD:C0,Hewlett-Packard Company,switch,HP ProCurve 5406zl switch
129.129.10.74,up,129.129.10.74,38:EA:A7:76:7C:C0,Hewlett Packard,switch,HP ProCurve 5406zl switch
129.129.10.76,up,129.129.10.76,C0:91:34:C4:D6:00,ProCurve Networking by HP,switch,HP ProCurve 5406zl switch
129.129.10.77,up,129.129.10.77,00:30:C1:22:B6:80,Hewlett-packard,switch,HP ProCurve 4000M switch (J4121A)
129.129.10.78,up,129.129.10.78,C0:91:34:C8:01:00,ProCurve Networking by HP,switch,HP ProCurve 5406zl switch
129.129.10.79,up,129.129.10.79,C0:91:34:C8:E1:00,ProCurve Networking by HP,switch,HP ProCurve 5406zl switch
129.129.10.85,up,129.129.10.85,F8:B1:56:0C:2C:12,Dell,switch,AVtech Room Alert 26W environmental monitor
129.129.10.158,up,edm-f0gggk1-mamilla.mwfp.mw,74:46:A0:57:21:00,Hewlett Packard,switch,FreeBSD 6.2-RELEASE

this looks like a similiar issue to issue 14.

it would be great to have the ability to specify where the nmap binary is located if not in the path.

requestor: @andre_vans

Some of my nmap scans are saving XML output with this line:

<port protocol=\"tcp\" portid=\"6219\"><state state=\"filtered\" reason=\"no-response\" reason_ttl=\"0\"/></port>

It fails with this error:

"NmapParserException: XML <port> tag is incomplete. One of the following tags is missing: portid, protocol state or service."

I've verified that NmapParser is able to parse the XML if I replace all instances of those lines with something like:

<port protocol="tcp" portid="6219"><state state="filtered" reason="no-response" reason_ttl="0"/><service name="FAKESERVICE" method="table" conf="3"/></port>

Not sure if this is working as intended. For a bit more information, I'm importing XML output from an nmap command line scan and I am not using any other python-libnmap libraries other than NmapParser.

user@work-dev:~/$ cat test.xml | grep -A 3 "<ports>"
<ports><extraports state="closed" count="997">
<extrareasons reason="conn-refused" count="997"/>
</extraports>
<port protocol="tcp" portid="53"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="domain" method="probed" conf="10"/><script id="dns-nsid" output=" bind.version: 9.9.5-9+deb8u5-Debian"><elem key="bind.version">9.9.5-9+deb8u5-Debian</elem>

>>> nmap_report = NmapParser.parse_fromfile('test.xml')
>>> type(nmap_report)
<class 'libnmap.objects.report.NmapReport'>
>>>

This should have created an object as NmapHost correct?

Thank you

It would be nice if libnmap could extract traceroute data from nmap reports.

I have tried to run a background scan with:

arg='--send-ip -PE -PS21,22,23,25,53,80,110,111,139,443,445,5357 -PA80 -PP'
nmapscanner = NmapProcess(targets='10.1.0.80-100', options=arg, event_callback=lambda nmapscanner: callback(nmapscanner))
nmapscanner.run_background()

my callback function just try to parse the nmapscanner.stdout but it's impossible, the output is not xml well formed.
I have tried to use ElementTree and your NmapParser and they raise the following errors:
Wrong XML structure: cannot parse data (NmapParser)
no element found: line 4, column 0 (ElementTree)

So there is no way to access to datas discovered during the scan (for example if I want to know which host have been found alive before the end of the scan), the only way to access datas: stdout, isn't usable (or only with advanced regex).

I'm not sure this is an issue, but python-nmap permits to access to datas during the scan, so I guess there should be a method to do that here too.

Thanks for your work, it's a great lib

Feature request: Make the reason attribute available in python-libnmap. So a target could be explicitly tested on an expected behaviour regarding answering misc port scanning technics.

Here some sample output from executing nmap 6.40 with python-libnmap

• extraports

<extraports state="closed" count="999">
<extrareasons reason="resets" count="999"/>
</extraports>

• port

<port protocol="tcp" portid="9418"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="git" method="table" conf="3"/></port>
</ports>

adapt code of python-libnmap to make it fully compatible with py3.x and guarantee backward compatibility with py2.x.

Ideally all unit test should succeed for all version mentioned and be automatically testable via tox

Was it intended to be a public property for _cpedict?

If you call nmapprocess.stop() on a sudo started process it will throw the following exception:
OSError: [Errno 1] Operation not permitted

Should maybe use something like os.system("sudo kill -15 {0}".format(self.__nmap_proc.pid)) in process.py stop method.

Hi

Resend as the formatting was terrible - this is better but still not great :-(

I am trying to scan for and retrieve the NTP-MONLIST Results.

I end with with a KEYERROR when trying to reference the NTP-MONLIST results.

Please see below my scripts and testing.

Any guidance will be much appreciated!

-John

When I run the nmap command manually I get the results as part of the XML results:
++++++++++++
/usr/bin/nmap -oX - -vvv --stats-every 2s -sU -pU:123 -n -Pn --script=ntp-monlist 127.0.0.1

++++++++++++

This is my script:

++++++++++++

!/usr/bin/python

from libnmap.process import NmapProcess
from libnmap.parser import NmapParser, NmapParserException
from libnmap.objects import NmapReport, NmapHost, NmapService

def do_scan(targets, options):
nm = NmapProcess(targets, options, safe_mode=False)
rc = nm.run()
if rc != 0:
print "nmap scan failed: %s" % (nm.stderr)

try:
    parsed = NmapParser.parse(nm.stdout)
except NmapParserException as e:
    print "Exception raised while parsing scan: %s" % (e.msg)

return parsed

def print_scan(nmap_report):
print "Starting Nmap {0} ( http://nmap.org ) at {1}".format(
nmap_report._nmaprun['version'],
nmap_report._nmaprun['startstr'])

for host in nmap_report.hosts:
    if len(host.hostnames):
        tmp_host = host.hostnames.pop()
    else:
        tmp_host = host.address

    print "Nmap scan report for {0} ({1})".format(
        tmp_host,
        host.address)
    print "Host is {0}.".format(host.status)
    print "  PORT     STATE         SERVICE"

    for serv in host.services:
        pserv = "{0:>5s}/{1:3s}  {2:12s}  {3}".format(
                str(serv.port),
                serv.protocol,
                serv.state,
                serv.service)
        if len(serv.banner):
            pserv += " ({0})".format(serv.banner)
        print pserv
print nmap_report.summary

print "++++++++++++++++++++++"
print "nmap_report.commandline: ", nmap_report.commandline
print "++++++++++++++++++++++"

print "HOST.address: ", host.address
print "HOST.mac: ", host.mac
print "HOST.scripts_results: ", (host.scripts_results['ntp-monlist'])
print "TGTPORT: ", TGTPORT
print "HOST.services: ", host.services

if name == "main":
global DEBUG
DEBUG = 0

TGTHOST = "127.0.0.1"
TGTPROTO = "udp"
NMAP_PROTO = " -sU -pU:"
TGTPORT = 123

report = do_scan(TGTHOST, NMAP_PROTO + str(TGTPORT) + " -n -Pn --script=ntp-monlist ")

print_scan(report)
++++++++++++++++++++++

This is the output I get when I run this script from the command_line:

[root@localhost python]# ./libnmap_testing.py
Starting Nmap 5.51 ( http://nmap.org ) at Fri May 16 13:10:26 2014
Nmap scan report for 127.0.0.1 (127.0.0.1)
Host is up.
PORT STATE SERVICE
123/udp open ntp
Nmap done at Fri May 16 13:10:26 2014; 1 IP address (1 host up) scanned in 0.08 seconds
++++++++++++++++++++++
nmap_report.commandline: /usr/bin/nmap -oX - -vvv --stats-every 2s -sU -pU:123 -n -Pn --script=ntp-monlist 127.0.0.1
++++++++++++++++++++++
HOST.address: 127.0.0.1
HOST.mac:
HOST.scripts_results:
Traceback (most recent call last):
File "./libnmap_testing.py", line 76, in
print_scan(report)
File "./libnmap_testing.py", line 57, in print_scan
print "HOST.scripts_results: ", (host.scripts_results['ntp-monlist'])
KeyError: 'ntp-monlist'
++++++++++++++++++++++

Hello :)

Part of my nmap output is as follows:

<port protocol="udp" portid="3306">
    <state state="closed" reason="port-unreach" reason_ttl="64" />
</port>

There is no <service> tag under <port>. There is some sort of validation check in parser.py that raises an exception if there is no <service>

if(_portid is None or _protocol is None
                or _state is None or _service is None):
            raise NmapParserException("XML <port> tag is incomplete. One "
                                      "of the following tags is missing: "
                                      "portid, protocol state or service.")

I was wondering if this is the intended behavior because it is possible that the nmap output will not contain a <service> tag.

Thanks. :)

I ran an Nmap scan (outside of python-libnmap) as follows:
nmap -p139,445 --script=smb-os-discovery -oX smb-os-test.xml 192.168.31.205

In the smb-os-test.xml file, I can see that the NSE script results are included:

nmap_report = NmapParser.parse_fromfile('smb-os-test.xml')
host = nmap_report.get_host_byid('192.168.31.205')
svc = host.get_service(139)
nse_results = svc.scripts_results()
print nse_results

{}

This is what svc.get_dict() shows me:
{'banner': '',
'id': 'tcp.139',
'port': '139',
'protocol': 'tcp',
'service': 'netbios-ssn',
'state': 'open'}

I also tried this for port 445, but get the same results. Am I doing something wrong? Let me know if you need any additional info.

I've created a gist that demonstrates the issue. Basically it never breaks out of the while loop. The issue seems to be caused by the fact that __wait() spins forever in it's own while since the condition:

threading.active_count() != self.initial_threads

is never satisfied. This instead seems to fix it:

threading.active_count() > self.initial_threads

Please let me know if I'm misusing your library or if indeed this is a problem. Thank you for this library.

If someone had to find all the ports running (say http ), the person has to first the open ports using get_open_ports() and then do a get_service() . It'd be great to have a method get_ports_by_service('service_name') which can return a list of ports that run the service.

nmap_proc = NmapProcess(targets="127.0.0.1", options="-sU -p 18000 -A") nmap_proc.sudo_run_background() parsed = NmapParser.parse(nmap_proc.stdout)

Traceback

(most recent call last):
File "/usr/local/lib/python3.5/dist-packages/libnmap/parser.py", line 90, in _parse_xml
root = ET.fromstring(nmap_data)
File "/usr/lib/python3.5/xml/etree/ElementTree.py", line 1334, in XML
return parser.close()
xml.etree.ElementTree.ParseError: no element found: line 33, column 0

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/$USER/PycharmProjects/hmap/test.py", line 15, in
parsed = NmapParser.parse(nmap_proc.stdout)
File "/usr/local/lib/python3.5/dist-packages/libnmap/parser.py", line 41, in parse
nmapobj = cls._parse_xml(nmap_data, incomplete)
File "/usr/local/lib/python3.5/dist-packages/libnmap/parser.py", line 92, in _parse_xml
raise NmapParserException("Wrong XML structure: cannot parse data")
libnmap.parser.NmapParserException: Wrong XML structure: cannot parse data

Nmap command:
sudo nmap -oX - -vvv -stats-every 1s -sU -p 18000 -A

nmap: timing.cc:710 bool ScanProgressMeter::printstats(double, const timeval*): Assertion 'ltime' failed.

Turns out it's an issue with nmap, not the lib. It would be nice if stats-every was an option we could control though.

nmap xml output does not includes "summary" in tag. Need to aggregate data if summary is empty.

Hi,

Seems like windows support is broken:

...
    from libnmap.process import NmapProcess
  File "C:\Python27\lib\site-packages\libnmap\process.py", line 3, in <module>
    import pwd
ImportError: No module named pwd

feature request from ddelazerda

Another thing that I was thinking about is that when I use run_background() I don't have the option to do it as root as I do with the sudo_run(). It would be great if I had that option when using run_background().

Can you please include a copy of the kibana dashboard in the next release?

The code uses defaults which are ints (0 or 100), but the values retrieved from the XML are strings. I think it would be more useful to return the value as a float.

The documentation is vague and says the value is "percentage of job processed.", this change should probably be updated to mention the type.

nmap 7.01 + python-libnmap 0.6.1

When using an event_callback with an NmapProcess, you only receive the NmapProcess object, which does not contain any information about the host that generated the callback and is therefore pretty useless.

From the docs:

event_callback –
callable function which will be ran each time nmap process outputs data. This function will receive two parameters:

1. the nmap process object
2. the data produced by nmap process. See readme for examples.

(there are no examples in the readme)

When attempting to implement a callback function (nm_callback in this case) there is an error because callbacks only actually take one argument. This is in line 266 of process.py:
self.__nmap_event_callback(self)

Exception in thread Thread-3:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 552, in __bootstrap_inner
     self.run()
  File "/usr/local/lib/python2.7/dist-packages/libnmap/process.py", line 266, in run
     self.__nmap_event_callback(self)
 TypeError: nm_callback() takes exactly 2 arguments (1 given)

Changing nm_callback to only take 1 argument results in getting the NmapProcess object (self), which appears as:
<NmapProcess(Thread-3, started 139827701815040)>

Are there any plans to include host data as a argument for the callback function? I'll see what I can do and submit a pull request if I get anywhere on it. Overall this is a great library, thanks for putting in the work to create and maintain it.

First of all, let me tell you that your library is realy tight. However, I had issues running the following nmap options with libnmap:

nmap -sVUC --script=default,ssl-cert,ssl-poodle,ssl-heartbleed,ssl-enum-ciphers -p U:53,T:1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,1433-1434,1443,1455,1461,1494,1500-1501,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3052,3071,3077,3128,3168,3211,3221,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,3389-3390,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,5959-5963,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8254,8290-8292,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200,9207,9220,9290,9415,9418,9485,9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9929,9943-9944,9968,9998-10004,10009-10010,10012,10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11967,12000,12174,12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000,27352-27353,27355-27356,27715,28201,30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389

When the process launches, it does not finish (i think the nmap process crash or something). I ran it on 3 /24 and it keeps crashing over and over with no result. Does the length of the command options is related or do i miss something?! It runs well from the nmap cli.

Thanks for your hard work!

Hi :
When the nmap scan OS, my output is follow:

<os>
    <osmatch name="Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8" accuracy="100" line="53077">
      <osclass type="general purpose" vendor="Microsoft" osfamily="Windows" osgen="7" accuracy="100">
          <cpe>cpe:/o:microsoft:windows_7::-</cpe> 
          <cpe>cpe:/o:microsoft:windows_7::sp1</cpe> 
      </osclass>
    </osmatch>
</os>

the <osclass> is under <osmatch> but i see the parser.py like this:

504         for xos in xelement:
505             if xos.tag == 'osclass':
506                 os_class_proba = cls.__format_attributes(xos)
507                 os_class_probability.append(os_class_proba)
508             elif xos.tag == 'osmatch':
509                 os_match_proba = cls.__format_attributes(xos)
510                 os_match_probability.append(os_match_proba)
511             elif xos.tag == 'portused':
512                 os_portused = cls.__format_attributes(xos)
513                 os_ports_used.append(os_portused)
514             elif xos.tag == 'osfingerprint':
515                 os_fp = cls.__format_attributes(xos)

I think you handle <osclass> and <osmatch> in a same level.
So the NmapHost.os_class_probabilities() has no result
My nmap version is:

linux-b8h2:~ # nmap
Nmap 6.40 ( http://nmap.org )

I'm not sure whether the nmap version problem

Thinks 😄

There have been some fixes since the last release 0.6.2. Would it be possible to get a new release pushed to PyPi?

i started the poc that you will find gisted here: https://gist.github.com/savon-noir/483da3fcfe1b5cce3994

the idea here is to:

• remove threads from original NmapProcess code
• replace it with Process in order to read asynchronously from the stdout of running subprocess (nmap)
• use semaphores in order to execute code from the main while loop only when data is made available from the "producer" (with event.wait()).

do not hesitate to comment or let it peer reviewed.

Thanks.

Ronald

error in api

reported by Tomas V.

cat test_libnmap.py

!/usr/bin/env python

from libnmap.process import NmapProcess
from libnmap.parser import NmapParser, NmapParserException

nm = NmapProcess('127.0.0.1', '-sP')
rc = nm.run()
if rc != 0:
print "nmap scan failed: %s" % (nm.stderr)

try:
report = NmapParser.parse(nm.stdout)
except NmapParserException as e:
print "Exception raised while parsing scan: %s" % (e.msg)

$ for i in $(seq 1 100); do ./test_libnmap.py; done
Exception raised while parsing scan: Wrong XML structure: cannot parse data
Exception raised while parsing scan: Wrong XML structure: cannot parse data
Exception raised while parsing scan: Wrong XML structure: cannot parse data
Exception raised while parsing scan: Wrong XML structure: cannot parse data
Exception raised while parsing scan: Wrong XML structure: cannot parse data
Exception raised while parsing scan: Wrong XML structure: cannot parse data
Exception raised while parsing scan: Wrong XML structure: cannot parse data
Exception raised while parsing scan: No report data to parse: please provide a valid XML nmap report
$

Hello!
Sorry to bother you with this question, but I wonder:
Why you didn't return more attributes than just [status, hostnames, address] in the function get_dict() such as the MAC adress etc...
Could be useful to make a diff also on the MAC adress & others fields no?

Hi

I am trying to scan for and retrieve the NTP-MONLIST Results.

I end with with a KEYERROR when trying to reference the NTP-MONLIST results.

Please see below my scripts and testing.

Any guidance will be much appreciated!

-John

When I run the nmap command manually I get the results as part of the XML results:

[root@localhost python]# /usr/bin/nmap -oX - -vvv --stats-every 2s -sU -pU:123 -n -Pn --script=ntp-monlist 127.0.0.1

This is my script:

!/usr/bin/python

from libnmap.process import NmapProcess
from libnmap.parser import NmapParser, NmapParserException
from libnmap.objects import NmapReport, NmapHost, NmapService

start a new nmap scan on localhost with some specific options

def do_scan(targets, options):
nm = NmapProcess(targets, options, safe_mode=False)
rc = nm.run()
if rc != 0:
print "nmap scan failed: %s" % (nm.stderr)

try:
    parsed = NmapParser.parse(nm.stdout)
except NmapParserException as e:
    print "Exception raised while parsing scan: %s" % (e.msg)

return parsed

print scan results from a nmap report

def print_scan(nmap_report):
print "Starting Nmap {0} ( http://nmap.org ) at {1}".format(
nmap_report._nmaprun['version'],
nmap_report._nmaprun['startstr'])

for host in nmap_report.hosts:
    if len(host.hostnames):
        tmp_host = host.hostnames.pop()
    else:
        tmp_host = host.address

    print "Nmap scan report for {0} ({1})".format(
        tmp_host,
        host.address)
    print "Host is {0}.".format(host.status)
    print "  PORT     STATE         SERVICE"

    for serv in host.services:
        pserv = "{0:>5s}/{1:3s}  {2:12s}  {3}".format(
                str(serv.port),
                serv.protocol,
                serv.state,
                serv.service)
        if len(serv.banner):
            pserv += " ({0})".format(serv.banner)
        print pserv
print nmap_report.summary

print "++++++++++++++++++++++"
print "nmap_report.commandline: ", nmap_report.commandline
print "++++++++++++++++++++++"

print "===================="
print "HOST.address: ", host.address
print "HOST.mac: ", host.mac
print "HOST.scripts_results: ", (host.scripts_results['ntp-monlist'])
print "TGTPORT: ", TGTPORT
print "HOST.services: ", host.services
print "===================="

if name == "main":
global DEBUG
DEBUG = 0

TGTHOST = "127.0.0.1"
TGTPROTO = "udp"
NMAP_PROTO = " -sU -pU:"
TGTPORT = 123

report = do_scan(TGTHOST, NMAP_PROTO + str(TGTPORT) + " -n -Pn --script=ntp-monlist ")

print_scan(report)

This is the output I get from the command_line:

[root@localhost python]# ./libnmap_testing.py
Starting Nmap 5.51 ( http://nmap.org ) at Fri May 16 13:10:26 2014
Nmap scan report for 127.0.0.1 (127.0.0.1)
Host is up.
PORT STATE SERVICE
123/udp open ntp
Nmap done at Fri May 16 13:10:26 2014; 1 IP address (1 host up) scanned in 0.08 seconds
++++++++++++++++++++++
nmap_report.commandline: /usr/bin/nmap -oX - -vvv --stats-every 2s -sU -pU:123 -n -Pn --script=ntp-monlist 127.0.0.1

++++++++++++++++++++++

HOST.address: 127.0.0.1
HOST.mac:
HOST.scripts_results:
Traceback (most recent call last):
File "./libnmap_testing.py", line 76, in
print_scan(report)
File "./libnmap_testing.py", line 57, in print_scan
print "HOST.scripts_results: ", (host.scripts_results['ntp-monlist'])

KeyError: 'ntp-monlist'

Today accessing NSE scripts output is possible via NmapService.scripts_results. This should be more documented and possibly provide a better API to access data. On top of this the following scripts output are not supported:

• hostscripts
• prescripts
• postscripts

Only service scripts are supported (most of scripts output).

In [1]: from libnmap.parser import NmapParser
In [2]: from libnmap.process import NmapProcess
In [3]: nm = NmapProcess("127.0.0.1")
In [4]: nm.run()
Out[4]: 0
In [5]: p = NmapParser.parse(nm.stdout)
In [6]: h = p.hosts.pop()
In [7]: h.starttime
Out[7]: '1370907773'
In [8]: h.endtime
Out[8]: ''

When NmapParser parse the xml's node "<address addr="", addrtype=""/>", it get the scan address but didn't distinguish between the MAC address and IP address. So sometimes, it get the MAC address in the object.

Hi @savon-noir, maybe we can add timeout for NmapProcess, so that if timeout happens, kill it.

<address addr="192.168.76.124" addrtype="ipv4"/>
<address addr="52:54:00:C8:A4:53" addrtype="mac" vendor="QEMU Virtual NIC"/>

When addrtype is mac <address> has an attribute vendor='QEMU Virtual NIC'

but NmapHost class has no this attribute

nmap = NmapProcess("some_subnet", options="-O")
rc = nmap.sudo_run_background()

The above code causes libnmap to freak out and never return from the execution of Nmap (FUTEX_WAIT_PRIVATE, according to a quick strace). Performing a scan with the same command-line options (shown via nmap.get_command_line) runs fine.