mirror of
https://github.com/infinition/Bjorn.git
synced 2025-12-06 06:11:46 +00:00
Created nmap_vuln_scanner.py (markdown)
infinition
148
nmap_vuln_scanner.py.md
Normal file
148
nmap_vuln_scanner.py.md
Normal file
@@ -0,0 +1,148 @@
|
||||
# Nmap Vulnerability Scanner nmap_vuln_scanner.py
|
||||
|
||||
This document provides a detailed step-by-step explanation of how the `nmap_vuln_scanner.py` script operates. This script performs vulnerability scanning using Nmap on specified IP addresses, scans for vulnerabilities on various ports, and saves the results and progress.
|
||||
|
||||
## Overview
|
||||
|
||||
### Description
|
||||
- **Filename**: `nmap_vuln_scanner.py`
|
||||
- **Purpose**: To perform vulnerability scanning using Nmap on specified IP addresses and save the results.
|
||||
|
||||
## Initialization and Setup
|
||||
|
||||
### Importing Modules
|
||||
The script imports the following modules:
|
||||
|
||||
- **Standard Libraries**:
|
||||
- `os`
|
||||
- `pandas`
|
||||
- `subprocess`
|
||||
- `logging`
|
||||
- `datetime`
|
||||
- `concurrent.futures.ThreadPoolExecutor`, `as_completed`
|
||||
|
||||
- **External Libraries**:
|
||||
- `rich.console`
|
||||
- `rich.progress`
|
||||
|
||||
- **Custom Modules**:
|
||||
- `SharedData`
|
||||
- `Logger`
|
||||
|
||||
### Configuring the Logger
|
||||
The logger is configured to log messages for `nmap_vuln_scanner.py` at the INFO level, ensuring detailed logging of events and errors.
|
||||
|
||||
### Defining Global Variables
|
||||
Global variables are defined to provide metadata about the class and module, including:
|
||||
- `b_class = "NmapVulnScanner"`
|
||||
- `b_module = "nmap_vuln_scanner"`
|
||||
- `b_status = "vuln_scan"`
|
||||
- `b_port = None`
|
||||
- `b_parent = None`
|
||||
|
||||
## `NmapVulnScanner` Class
|
||||
|
||||
### Purpose
|
||||
The `NmapVulnScanner` class manages the process of scanning IP addresses for vulnerabilities using Nmap and saving the results.
|
||||
|
||||
### Initialization
|
||||
- **Attributes**: Initializes shared data, prepares for scanning, and sets up the summary file.
|
||||
- **Logger**: Logs the initialization process.
|
||||
|
||||
### Methods
|
||||
|
||||
#### `create_summary_file()`
|
||||
- **Purpose**: Creates a summary file for vulnerabilities if it does not exist.
|
||||
- **Details**: Initializes the summary file with appropriate columns and saves it as a CSV file.
|
||||
|
||||
#### `update_summary_file(ip, hostname, mac, port, vulnerabilities)`
|
||||
- **Purpose**: Updates the summary file with the scan results.
|
||||
- **Details**: Reads the existing summary file, appends new scan results, removes duplicates, and saves the updated data.
|
||||
|
||||
#### `scan_vulnerabilities(ip, hostname, mac, ports)`
|
||||
- **Purpose**: Scans the specified IP address for vulnerabilities on given ports using Nmap.
|
||||
- **Details**: Executes Nmap commands, captures the output, and updates the summary file with the parsed vulnerabilities.
|
||||
- **Returns**: The combined scan result as a string or `None` if an error occurs.
|
||||
|
||||
#### `execute(ip, row, status_key)`
|
||||
- **Purpose**: Executes the vulnerability scan for a given IP and row data.
|
||||
- **Details**: Initiates the scan, saves results, and updates the status.
|
||||
- **Returns**: A status string indicating success or failure.
|
||||
|
||||
#### `parse_vulnerabilities(scan_result)`
|
||||
- **Purpose**: Parses the Nmap scan result to extract vulnerabilities.
|
||||
- **Details**: Identifies lines containing vulnerability information and compiles them into a single string.
|
||||
- **Returns**: A string of parsed vulnerabilities.
|
||||
|
||||
#### `save_results(mac_address, ip, scan_result)`
|
||||
- **Purpose**: Saves the detailed scan results to a file.
|
||||
- **Details**: Writes the scan result to a file named after the MAC address and IP.
|
||||
|
||||
#### `save_summary()`
|
||||
- **Purpose**: Saves a summary of all scanned vulnerabilities to a final summary file.
|
||||
- **Details**: Aggregates data from the summary file and writes it to a final summary CSV.
|
||||
|
||||
## Detailed Execution Flow
|
||||
|
||||
### Step 1: Initialization
|
||||
- The `NmapVulnScanner` class is initialized with shared data, setting up necessary attributes and logging the initialization.
|
||||
|
||||
### Step 2: Create Summary File
|
||||
- The `create_summary_file` method ensures the summary file exists and initializes it if not.
|
||||
|
||||
### Step 3: Scan Vulnerabilities
|
||||
- The `scan_vulnerabilities` method scans the specified IP for vulnerabilities using Nmap, logs the process, and updates the summary file.
|
||||
|
||||
### Step 4: Execute Scan
|
||||
- The `execute` method orchestrates the scan for each IP, saves the results, and updates the status based on the scan outcome.
|
||||
|
||||
### Step 5: Parse Vulnerabilities
|
||||
- The `parse_vulnerabilities` method extracts and compiles vulnerability information from the Nmap scan result.
|
||||
|
||||
### Step 6: Save Results
|
||||
- The `save_results` method saves detailed scan results to a file for each scanned IP.
|
||||
|
||||
### Step 7: Save Summary
|
||||
- The `save_summary` method compiles and saves a summary of all vulnerabilities to a final summary file.
|
||||
|
||||
## Variables and Configuration
|
||||
|
||||
### Target Files and Directories
|
||||
|
||||
#### `self.shared_data.vuln_summary_file`
|
||||
- **Purpose**: Specifies the path to the summary file that records scan results.
|
||||
- **Type**: String (file path).
|
||||
- **Example**: `'/path/to/vuln_summary.csv'`
|
||||
|
||||
#### `self.shared_data.vulnerabilities_dir`
|
||||
- **Purpose**: Specifies the directory where detailed scan results are saved.
|
||||
- **Type**: String (directory path).
|
||||
- **Example**: `'/path/to/vulnerabilities/'`
|
||||
|
||||
#### `self.shared_data.nmap_scan_aggressivity`
|
||||
- **Purpose**: Specifies the aggressiveness level for Nmap scans.
|
||||
- **Type**: String (Nmap option).
|
||||
- **Example**: `'-T4'`
|
||||
|
||||
### Example Configuration
|
||||
|
||||
```python
|
||||
self.shared_data.vuln_summary_file = '/path/to/vuln_summary.csv'
|
||||
self.shared_data.vulnerabilities_dir = '/path/to/vulnerabilities/'
|
||||
self.shared_data.nmap_scan_aggressivity = '-T4'
|
||||
```
|
||||
|
||||
## Integration with Orchestrator
|
||||
|
||||
### Method Call
|
||||
The `NmapVulnScanner` class is called by the orchestrator via its `execute` method. The process involves:
|
||||
1. **Receiving Target Details**: The orchestrator provides IP, port, and other relevant details to the `NmapVulnScanner` class.
|
||||
2. **Performing Vulnerability Scan**: The `execute` method initiates the Nmap scan, parses results, and updates the summary file.
|
||||
3. **Updating Orchestrator**: The status (success or failure) is returned to the orchestrator for further action.
|
||||
|
||||
### Example Workflow
|
||||
1. **Initialization**: The orchestrator initializes the `NmapVulnScanner` class.
|
||||
2. **Execution**: For each target IP, the orchestrator calls the `execute` method of `NmapVulnScanner`.
|
||||
3. **Logging and Status Update**: The `NmapVulnScanner` class logs each step and updates the status based on the outcome of the scan.
|
||||
|
||||
By following these detailed steps, the `nmap_vuln_scanner.py` script performs vulnerability scans on specified IP addresses, saves detailed results, and updates a summary of vulnerabilities.
|
||||
Reference in New Issue
Block a user