-
Notifications
You must be signed in to change notification settings - Fork 0
/
exercise2.py
147 lines (130 loc) · 5.86 KB
/
exercise2.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/usr/bin/python3
# -*- encoding: utf-8 -*-
import sys
import dns
import nmap
import socket
import shodan
import argparse
import requests
import pythonwhois
import dns.resolver
shodanKeyString = "lVtPOX3tdnDYUwkqEh9sLqzEDZnN68qm"
class NmapHost:
'''Class that collects the host's attributes'''
def __init__(self):
self.host = None
self.state = None
self.reason = None
self.openPorts = []
self.closedFilteredPorts = []
class NmapPort:
'''Class that collects the port's attributes'''
def __init__(self):
self.id = None
self.state = None
self.reason = None
self.port = None
self.name = None
self.version = None
self.scriptOutput = None
class ScannerNmap():
'''Class containing the method to perform the scan using the nmap tool'''
def parseNmapScan(self, scan):
nmapHosts = []
for host in scan.all_hosts():
nmapHost = NmapHost()
nmapHost.host = host
if 'status' in scan[host]:
nmapHost.state = scan[host]['status']['state']
nmapHost.reason = scan[host]['status']['reason']
for protocol in ["tcp", "udp", "icmp"]:
if protocol in scan[host]:
ports = scan[host][protocol].keys()
for port in ports:
nmapPort = NmapPort()
nmapPort.port = port
nmapPort.state = scan[host][protocol][port]['state']
if 'script' in scan[host][protocol][port]:
nmapPort.scriptOutput = scan[host][protocol][port]['script']
if 'reason' in scan[host][protocol][port]:
nmapPort.reason = scan[host][protocol][port]['reason']
if 'name' in scan[host][protocol][port]:
nmapPort.name = scan[host][protocol][port]['name']
if 'version' in scan[host][protocol][port]:
nmapPort.version = scan[host][protocol][port]['version']
if 'open' in (scan[host][protocol][port]['state']):
nmapHost.openPorts.append(nmapPort)
else:
nmapHost.closedFilteredPorts.append(nmapPort)
nmapHosts.append(nmapHost)
else:
print("[-] There's no match in the Nmap scan with the specified protocol %s" %(protocol))
return nmapHosts
class Main():
def run(self, args):
'''Definition of the main method of the program'''
args = self.arguments()
if len(sys.argv) < 2:
print("[-] Usage python3 exercise2.py -d <url_webpage>\n[-] Example: python3 exercise2.py -d google.com")
sys.exit()
self.ip_address = socket.gethostbyname(args.domain)
self.getWhoisAndDNS(args.domain)
self.scannerNmap(self.ip_address, args.domain)
self.shodanSearch(args.domain)
return 0;
def getWhoisAndDNS(self, host):
'''Method that obtains the owner information and DNS records'''
whois = pythonwhois.get_whois(host)
print("## WHOIS AND DNS RECORDS ##")
print("Information related to the domain owner:")
for key in whois.keys():
print("[+] %s : %s \n" %(key, whois[key]))
ansA,ansMX,ansNS,ansAAAA=(dns.resolver.resolve(host,'A'),
dns.resolver.resolve(host,'MX'),
dns.resolver.resolve(host, 'NS'),
dns.resolver.resolve(host, 'AAAA'))
print("IPv4 address: \n{}".format(ansA.response.to_text()))
print("\nMail Exchange: \n{}".format(ansMX.response.to_text()))
print("\nName server: \n{}".format(ansNS.response.to_text()))
print("\nIPv6 address: \n{}".format(ansAAAA.response.to_text()))
def scannerNmap(self, ip_address, domain):
'''Method scanning with Nmap tool'''
print("\n## SCANNER NMAP ##")
nm = nmap.PortScanner()
nm.scan(ip_address, '22-8080', arguments="-sV -n -A -T5")
structureNmap = ScannerNmap()
struct = structureNmap.parseNmapScan(nm)
for host in struct:
print("Host: "+ host.host)
print("State: "+ host.state)
for openPort in host.openPorts:
print(str(openPort.port)+" - "+openPort.state)
if openPort.port == 80 or openPort.port == 8080 or openPort.port == 443:
response = requests.options("https://" + domain)
if response.headers.get('Allow') is not None:
print("HTTP methods allowed: {}\n".format(response.headers.get('Allow')))
else:
print("This web server does not allow any HTTP method\n")
else:
print("The domain doesn't relate to any web server\n")
def shodanSearch(self, query):
'''Method that obtains more information from the domain owner with the Shodan tool'''
try:
print("## SEARCH WITH SHODAN ##")
shodanApi = shodan.Shodan(shodanKeyString)
results = shodanApi.search(query)
for result in results['matches']:
print('IP: %s' % result['ip_str'])
print(result['data'])
print('')
except shodan.APIError as e:
print('Error: %s' % e)
def arguments(self):
'''Indicates the command line parameters available for executing the script'''
parser = argparse.ArgumentParser(description="Exercise 2 - Module 7")
parser.add_argument("-d", "--domain", required=False, help="Domain of webpage")
args = parser.parse_args()
return args
foo = Main()
foo.run(sys.argv)