⭐️ nmap provider (#4168)

* ⭐️ nmap provider

* 🧹 update go mod file

* 🧹 update spellcheck

.github/actions/spelling/expect.txt

@@ -48,7 +48,14 @@ ipsetreferencestatement
 istio
 jira
 jsonbody
+kqueue
 labelmatchstatement
+libdnet
+liblua
+libpcap
+libpcre
+libssh
+libz
 liveanalytics
 loggingservice
 managedrulegroupstatement
@@ -60,13 +67,16 @@ mgroup
 Mpim
 natgateway
 networkinterface
+nmap
 nodegroup
 nodepool
 notebookinstancedetails
+nsock
 nsrecord
 nullgroup
 nullstring
 opcplc
+openssl
 orstatement
 PAYG
 Pids
@@ -80,6 +90,7 @@ regexpatternsetreferencestatement
 resourcegroup
 rulegroup
 rulegroupreferencestatement
+rtsp
 Sas
 scim
 serviceprincipals

Makefile

@@ -213,7 +213,8 @@ providers/build: \
 	providers/build/ansible \
 	providers/build/snowflake \
 	providers/build/mondoo \
-	providers/build/cloudflare
+	providers/build/cloudflare \
+	providers/build/nmap
 
 .PHONY: providers/install
 # Note we need \ to escape the target line into multiple lines
@@ -244,7 +245,8 @@ providers/install: \
 	providers/install/ansible \
 	providers/install/snowflake \
 	providers/install/mondoo \
-	providers/install/cloudflare
+	providers/install/cloudflare \
+	providers/build/nmap
 
 providers/build/mock: providers/lr
 	./lr go providers-sdk/v1/testutils/mockprovider/resources/mockprovider.lr
@@ -387,6 +389,11 @@ providers/build/mondoo: providers/lr
 providers/install/mondoo:
 	@$(call installProvider, providers/mondoo)
 
+providers/build/nmap: providers/lr
+	@$(call buildProvider, providers/nmap)
+providers/install/nmap:
+	@$(call installProvider, providers/nmap)
+
 providers/dist:
 	@$(call buildProviderDist, providers/network)
 	@$(call buildProviderDist, providers/os)
@@ -414,6 +421,7 @@ providers/dist:
 	@$(call buildProviderDist, providers/ansible)
 	@$(call buildProviderDist, providers/snowflake)
 	@$(call buildProviderDist, providers/mondoo)
+	@$(call buildProviderDist, providers/nmap)
 
 providers/bundle:
 	@$(call bundleProvider, providers/network)
@@ -442,6 +450,7 @@ providers/bundle:
 	@$(call bundleProvider, providers/ansible)
 	@$(call bundleProvider, providers/snowflake)
 	@$(call bundleProvider, providers/mondoo)
+	@$(call bundleProvider, providers/nmap)
 
 providers/test:
 	@$(call testProvider, providers/core)
@@ -471,6 +480,7 @@ providers/test:
 	@$(call testGoModProvider, providers/ansible)
 	@$(call testGoModProvider, providers/snowflake)
 	@$(call testGoModProvider, providers/mondoo)
+	@$(call testGoModProvider, providers/nmap)
 
 lr/test:
 	go test ./resources/lr/...
@@ -564,6 +574,11 @@ lr/docs/markdown: providers/lr
 		--description "The Network resource pack lets you use MQL to query and assess the security of domains and network services." \
 		--docs-file providers/network/resources/network.lr.manifest.yaml \
 		--output ../docs/docs/mql/resources/network-pack
+	./lr markdown providers/network/resources/nmap.lr \
+		--pack-name "nmap" \
+		--description "The Nmap resource pack lets you use MQL to query and assess Nmap data." \
+		--docs-file providers/network/resources/nmap.lr.manifest.yaml \
+		--output ../docs/docs/mql/resources/nmap-pack
 	./lr markdown providers/oci/resources/oci.lr \
 		--pack-name "Oracle Cloud Infrastructure (OCI)" \
 		--description "The Oracle Cloud Infrastructure (OCI) resource pack lets you use MQL to query and assess the security of your OCI services." \

providers/defaults.go

@@ -245,6 +245,21 @@ var DefaultProviders Providers = map[string]*Provider{
 		},
 	},
 
+	"nmap": {
+		Provider: &plugin.Provider{
+			Name:            "nmap",
+			ID:              "go.mondoo.com/cnquery/v9/providers/nmap",
+			ConnectionTypes: []string{"nmap"},
+			Connectors: []plugin.Connector{
+				{
+					Name:  "nmap",
+					Use:   "nmap",
+					Short: "a Nmap network scanner",
+				},
+			},
+		},
+	},
+
 	"oci": {
 		Provider: &plugin.Provider{
 			Name:            "oci",

providers/nmap/README.md

@@ -0,0 +1,127 @@
+# Nmap Provider
+
+Nmap, short for Network Mapper, is a powerful and versatile open-source tool used for network discovery and security auditing. This tool is widely utilized by network administrators, security professionals, and penetration testers to map out network structures, discover hosts, identify services, and detect vulnerabilities.
+
+The nmap provider maps primary objects and attributes that nmap uses to store and manage information about scanned targets, discovered hosts, and their associated ports and services.
+
+## Pre-requisites
+
+This provider requires the Nmap tool to be installed on your system. You can download and install Nmap from the official [website](https://nmap.org/download.html).
+
+## Get Started
+
+```shell
+cnquery shell nmap
+```
+
+## Example
+
+*Scan active IP address in network*
+
+```shell
+nmap.network("192.168.178.0/24").hosts { name ports { * }  }
+nmap.network.hosts: [
+  0: {
+    ports: [
+      0: {
+        service: "http"
+        version: ""
+        method: "probed"
+        state: "open"
+        protocol: "tcp"
+        port: 443
+        product: "FRITZ!Box http config"
+      }
+      1: {
+        service: "sip"
+        version: ""
+        method: "probed"
+        state: "open"
+        protocol: "tcp"
+        port: 5060
+        product: "AVM FRITZ!OS SIP"
+      }
+    ]
+    name: "192.168.178.1"
+  }
+  1: {
+    ports: [
+      0: {
+        service: "rtsp"
+        version: "770.8.1"
+        method: "probed"
+        state: "open"
+        protocol: "tcp"
+        port: 5000
+        product: "AirTunes rtspd"
+      }
+      1: {
+        service: "rtsp"
+        version: "770.8.1"
+        method: "probed"
+        state: "open"
+        protocol: "tcp"
+        port: 7000
+        product: "AirTunes rtspd"
+      }
+    ]
+    name: "192.168.178.25"
+  }
+]
+```
+
+*Host scan with specific ip*
+
+```shell
+nmap.network(target: "192.168.178.25").hosts { ports }
+nmap.network.hosts: [
+  0: {
+    ports: [
+      0: nmap.port port=5000 service="rtsp"
+      1: nmap.port port=7000 service="rtsp"
+    ]
+  }
+]
+```
+
+# Advanced Usage
+
+Discover all exposed hosts on a network.
+
+```shell
+cnquery shell nmap --networks "192.168.0.0/20" --discover hosts
+```
+
+Connect to a specific IP address and display all open ports.
+
+```shell
+cnquery shell nmap host 8.8.8.8
+```
+
+## Verifying the Installation of nmap
+
+To verify the installation of nmap, run the following command:
+
+```shell
+cnquery run nmap -c "nmap.version { * }"
+nmap.version: {
+  compiledWithout: []
+  nsockEngines: [
+    0: "kqueue"
+    1: "poll"
+    2: "select"
+  ]
+  version: "7.95"
+  platform: "arm-apple-darwin23.4.0"
+  compiledWith: [
+    0: "liblua-5.4.6"
+    1: "openssl-3.3.1"
+    2: "libssh2-1.11.0"
+    3: "libz-1.2.12"
+    4: "libpcre2-10.44"
+    5: "nmap-libpcap-1.10.4"
+    6: "nmap-libdnet-1.12"
+    7: "ipv6"
+  ]
+}
+```

providers/nmap/config/config.go

@@ -0,0 +1,51 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package config
+
+import (
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
+	"go.mondoo.com/cnquery/v11/providers/nmap/connection"
+	"go.mondoo.com/cnquery/v11/providers/nmap/provider"
+)
+
+var Config = plugin.Provider{
+	Name:            "nmap",
+	ID:              "go.mondoo.com/cnquery/v11/providers/nmap",
+	Version:         "11.0.0",
+	ConnectionTypes: []string{provider.DefaultConnectionType},
+	Connectors: []plugin.Connector{
+		{
+			Name:    "nmap",
+			Use:     "nmap",
+			Short:   "a Nmap network scanner",
+			Long:    `Use the nmap provider to query network information using the Nmap network scanner.`,
+			MinArgs: 0,
+			MaxArgs: 2,
+			Discovery: []string{
+				connection.DiscoveryAll,
+				connection.DiscoveryAuto,
+				connection.DiscoveryHosts,
+			},
+			Flags: []plugin.Flag{
+				{
+					Long:    "networks",
+					Type:    plugin.FlagType_List,
+					Default: "",
+					Desc:    "Only include repositories with matching names",
+				},
+			},
+		},
+	},
+	AssetUrlTrees: []*inventory.AssetUrlBranch{
+		{
+			PathSegments: []string{"technology=network", "category=nmap"},
+			Key:          "kind",
+			Title:        "Kind",
+			Values: map[string]*inventory.AssetUrlBranch{
+				"host": nil,
+			},
+		},
+	},
+}