Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
141 lines (110 sloc) 4.58 KB
"""Network Enumeration Automator
A simple script to automate early network enumeration on HackTheBox or other
networks. Depends on the following binaries being installed:
- nmap
- gobuster
This package assumes python 3 compatibility. Configuration is in-line beginning
on line ##. It is assumed this script will be running on a Raspberry Pi using
Raspbian for its OS, therefore no effort is made to allow for cross-platform
functionality.
This script is not designed as a finish product. For more information, see USAGE
and CATALOG.
"""
from datetime import date
import os
import tarfile
import xml.etree.ElementTree as ElementTree
# Begin Configuration Block
string_subnet = "10.10.10.0/24" # Target subnet. 10.10.10.0/24 for HTB
dir_output = "/home/pi/enumeration" # Root output dir, include lulz.
dir_gobuster = "/home/pi/go/bin/" # Standard gobuster install is not system-wide
path_wordlist = "/some/path/to/words"
# Define Functions
# noinspection PyShadowingNames
def scan_subnets(target_range):
""" Uses nmap to perform a quick scan of a subnet, to determine up hosts.
Not the fastest mode as it uses the relatively stealthy "Syn" mode. Output
is not easily human-readable as this method relies on the XML output type.
:param target_range: A string describing a subnet range to search.
:return: A list of hosts output by the nmap scan.
"""
ret_nmap = os.system("nmap -sS -F -oX broadscan.xml %s > /dev/null" % target_range)
"""Including an output directive to /dev/null avoids spamming stdout"""
broad_scan = ElementTree.parse("broadscan.xml")
nmaprun = broad_scan.getroot()
found_hosts = []
"""Because of limitations of XML tree, we need to iterate over the whole
structure of the broad scan in order to identify up hosts. This is a very
simplistic way to achieve that.
"""
for host in nmaprun.findall("host"):
for child in host.findall('status'):
if child.get("state") == 'up':
for address in host.findall("address"):
if address.get("addrtype") == "ipv4":
found_hosts.append(address.get("addr"))
return found_hosts
def scan_tcp(target):
"""Scans a target with a "full" TCP scan, including doing OS/Service
enumeration. Unlike the broad scan, the output file is done using the
human-readable -oN flag for end user convenience. Output files are
dropped into a ~/TCP directory.
:param target: target or range of targets to be scanned.
:return:
"""
if not os.path.isdir("TCP"):
os.mkdir("TCP")
ret_nmap = os.system("nmap -sV -p - -oN TCP/%s %s > /dev/null" % (target, target))
return ret_nmap
def scan_udp(target):
"""Scans a target with a UDP scan, including the first 100 UDP ports, by
frequency of use. Unlike the broad scan, the output file is done using the
human-readable -oN flag for end user convenience. Output files are
dropped into a ~/TCP directory.
:param target: target or range of targets to be scanned.
:return:
"""
if not os.path.isdir("UDP"):
os.mkdir("UDP")
ret_nmap = os.system("nmap -sU -F -oN UDP/%s %s > /dev/null" % (target, target))
return ret_nmap
def scan_paths(target, wordlist, path_to_go):
"""Performs a full directory busting with the target based on a given
wordlist. Outputs to ~/dir under this date's runs.
:param target: A specific host or range to scan.
:param wordlist: A path (absolute) to a wordlist to use.
:param path_to_go: The absolute path to go/bin.
:return:
"""
origin = os.getcwd()
if not os.path.isdir("dir"):
os.mkdir("dir")
abspath_dir = os.path.join(os.getcwd(), "dir")
os.chdir(path_to_go)
go_command = "./gobuster -u %s -w %s -k > %s" % (target, wordlist,
str(os.path.join(abspath_dir, target)))
ret_gobuster = os.system(go_command)
os.chdir(origin)
return ret_gobuster
def package_output():
global today
global dir_output
os.chdir(dir_output)
label = str(today)
with tarfile.open(("%s.tar.bz2" % label), "w:bz2") as tar:
tar.add(label, arcname=os.path.basename(label))
# Define runtime
if __name__ == "__main__":
today = str(date.today())
if not os.path.isdir(dir_output):
os.mkdir(dir_output)
os.chdir(dir_output)
if not os.path.isdir(today):
os.mkdir(today)
os.chdir(today)
list_hosts = scan_subnets(string_subnet)
for host in list_hosts:
scan_tcp(host)
scan_udp(host)
scan_paths(host, path_wordlist, dir_gobuster)
package_output()