⭐️ nmap provider

.github/actions/spelling/expect.txt

@@ -59,6 +59,7 @@ mgroup
 Mpim
 natgateway
 networkinterface
+nmap
 nodegroup
 nodepool
 notebookinstancedetails
@@ -78,6 +79,7 @@ regexpatternsetreferencestatement
 resourcegroup
 rulegroup
 rulegroupreferencestatement
+rtsp
 Sas
 scim
 serviceprincipals

Makefile

@@ -212,7 +212,8 @@ providers/build: \
 	providers/build/shodan \
 	providers/build/ansible \
 	providers/build/snowflake \
-	providers/build/mondoo
+	providers/build/mondoo \
+	providers/build/nmap
 
 .PHONY: providers/install
 # Note we need \ to escape the target line into multiple lines
@@ -242,7 +243,8 @@ providers/install: \
 	providers/install/shodan \
 	providers/install/ansible \
 	providers/install/snowflake \
-	providers/install/mondoo
+	providers/install/mondoo \
+	providers/build/nmap
 
 providers/build/mock: providers/lr
 	./lr go providers-sdk/v1/testutils/mockprovider/resources/mockprovider.lr
@@ -380,6 +382,11 @@ providers/build/mondoo: providers/lr
 providers/install/mondoo:
 	@$(call installProvider, providers/mondoo)
 
+providers/build/nmap: providers/lr
+	@$(call buildProvider, providers/nmap)
+providers/install/nmap:
+	@$(call installProvider, providers/nmap)
+
 providers/dist:
 	@$(call buildProviderDist, providers/network)
 	@$(call buildProviderDist, providers/os)
@@ -407,6 +414,7 @@ providers/dist:
 	@$(call buildProviderDist, providers/ansible)
 	@$(call buildProviderDist, providers/snowflake)
 	@$(call buildProviderDist, providers/mondoo)
+	@$(call buildProviderDist, providers/nmap)
 
 providers/bundle:
 	@$(call bundleProvider, providers/network)
@@ -435,6 +443,7 @@ providers/bundle:
 	@$(call bundleProvider, providers/ansible)
 	@$(call bundleProvider, providers/snowflake)
 	@$(call bundleProvider, providers/mondoo)
+	@$(call bundleProvider, providers/nmap)
 
 providers/test:
 	@$(call testProvider, providers/core)
@@ -464,6 +473,7 @@ providers/test:
 	@$(call testGoModProvider, providers/ansible)
 	@$(call testGoModProvider, providers/snowflake)
 	@$(call testGoModProvider, providers/mondoo)
+	@$(call testGoModProvider, providers/nmap)
 
 lr/test:
 	go test ./resources/lr/...
@@ -557,6 +567,11 @@ lr/docs/markdown: providers/lr
 		--description "The Network resource pack lets you use MQL to query and assess the security of domains and network services." \
 		--docs-file providers/network/resources/network.lr.manifest.yaml \
 		--output ../docs/docs/mql/resources/network-pack
+	./lr markdown providers/network/resources/nmap.lr \
+		--pack-name "nmap" \
+		--description "The Nmap resource pack lets you use MQL to query and assess Nmap data." \
+		--docs-file providers/network/resources/nmap.lr.manifest.yaml \
+		--output ../docs/docs/mql/resources/nmap-pack
 	./lr markdown providers/oci/resources/oci.lr \
 		--pack-name "Oracle Cloud Infrastructure (OCI)" \
 		--description "The Oracle Cloud Infrastructure (OCI) resource pack lets you use MQL to query and assess the security of your OCI services." \

providers/defaults.go

@@ -245,6 +245,21 @@ var DefaultProviders Providers = map[string]*Provider{
 		},
 	},
 
+	"nmap": {
+		Provider: &plugin.Provider{
+			Name:            "nmap",
+			ID:              "go.mondoo.com/cnquery/v9/providers/nmap",
+			ConnectionTypes: []string{"nmap"},
+			Connectors: []plugin.Connector{
+				{
+					Name:  "nmap",
+					Use:   "nmap",
+					Short: "a Nmap network scanner",
+				},
+			},
+		},
+	},
+
 	"oci": {
 		Provider: &plugin.Provider{
 			Name:            "oci",

providers/nmap/README.md

@@ -0,0 +1,127 @@
+# Nmap Provider
+
+Nmap, short for Network Mapper, is a powerful and versatile open-source tool used for network discovery and security auditing. This tool is widely utilized by network administrators, security professionals, and penetration testers to map out network structures, discover hosts, identify services, and detect vulnerabilities.
+
+The nmap provider maps primary objects and attributes that nmap uses to store and manage information about scanned targets, discovered hosts, and their associated ports and services.
+
+## Pre-requisites
+
+This provider requires the Nmap tool to be installed on your system. You can download and install Nmap from the official [website](https://nmap.org/download.html).
+
+## Get Started
+
+```shell
+cnquery shell nmap
+```
+
+## Example
+
+*Scan active IP address in network*
+
+```shell
+nmap.network("192.168.178.0/24").hosts { name ports { * }  }
+nmap.network.hosts: [
+  0: {
+    ports: [
+      0: {
+        service: "http"
+        version: ""
+        method: "probed"
+        state: "open"
+        protocol: "tcp"
+        port: 443
+        product: "FRITZ!Box http config"
+      }
+      1: {
+        service: "sip"
+        version: ""
+        method: "probed"
+        state: "open"
+        protocol: "tcp"
+        port: 5060
+        product: "AVM FRITZ!OS SIP"
+      }
+    ]
+    name: "192.168.178.1"
+  }
+  1: {
+    ports: [
+      0: {
+        service: "rtsp"
+        version: "770.8.1"
+        method: "probed"
+        state: "open"
+        protocol: "tcp"
+        port: 5000
+        product: "AirTunes rtspd"
+      }
+      1: {
+        service: "rtsp"
+        version: "770.8.1"
+        method: "probed"
+        state: "open"
+        protocol: "tcp"
+        port: 7000
+        product: "AirTunes rtspd"
+      }
+    ]
+    name: "192.168.178.25"
+  }
+]
+```
+
+*Host scan with specific ip*
+
+```shell
+nmap.network(target: "192.168.178.25").hosts { ports }
+nmap.network.hosts: [
+  0: {
+    ports: [
+      0: nmap.port port=5000 service="rtsp"
+      1: nmap.port port=7000 service="rtsp"
+    ]
+  }
+]
+```
+
+# Advanced Usage
+
+Discover all exposed hosts on a network.
+
+```shell
+cnquery shell nmap --networks "192.168.0.0/20" --discover hosts
+```
+
+Connect to a specific IP address and display all open ports.
+
+```shell
+cnquery shell nmap host 8.8.8.8
+```
+
+## Verifying the Installation of nmap
+
+To verify the installation of nmap, run the following command:
+
+```shell
+cnquery run nmap -c "nmap.version { * }"
+nmap.version: {
+  compiledWithout: []
+  nsockEngines: [
+    0: "kqueue"
+    1: "poll"
+    2: "select"
+  ]
+  version: "7.95"
+  platform: "arm-apple-darwin23.4.0"
+  compiledWith: [
+    0: "liblua-5.4.6"
+    1: "openssl-3.3.1"
+    2: "libssh2-1.11.0"
+    3: "libz-1.2.12"
+    4: "libpcre2-10.44"
+    5: "nmap-libpcap-1.10.4"
+    6: "nmap-libdnet-1.12"
+    7: "ipv6"
+  ]
+}
+```

providers/nmap/config/config.go

@@ -0,0 +1,51 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package config
+
+import (
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
+	"go.mondoo.com/cnquery/v11/providers/nmap/connection"
+	"go.mondoo.com/cnquery/v11/providers/nmap/provider"
+)
+
+var Config = plugin.Provider{
+	Name:            "nmap",
+	ID:              "go.mondoo.com/cnquery/v11/providers/nmap",
+	Version:         "11.0.0",
+	ConnectionTypes: []string{provider.DefaultConnectionType},
+	Connectors: []plugin.Connector{
+		{
+			Name:    "nmap",
+			Use:     "nmap",
+			Short:   "a Nmap network scanner",
+			MinArgs: 0,
+			MaxArgs: 2,
+			Discovery: []string{
+				connection.DiscoveryAll,
+				connection.DiscoveryAuto,
+				connection.DiscoveryHosts,
+			},
+			Flags: []plugin.Flag{
+				{
+					Long:    "networks",
+					Type:    plugin.FlagType_List,
+					Default: "",
+					Desc:    "Only include repositories with matching names",
+				},
+			},
+		},
+	},
+	AssetUrlTrees: []*inventory.AssetUrlBranch{
+		{
+			PathSegments: []string{"technology=network", "category=nmap"},
+			Key:          "kind",
+			Title:        "Kind",
+			Values: map[string]*inventory.AssetUrlBranch{
+				"host":   nil,
+				"domain": nil,
+			},
+		},
+	},
+}

providers/nmap/connection/connection.go

@@ -0,0 +1,109 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package connection
+
+import (
+	"strings"
+
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/plugin"
+)
+
+const (
+	DiscoveryAll   = "all"
+	DiscoveryAuto  = "auto"
+	DiscoveryHosts = "hosts"
+)
+
+type NmapConnection struct {
+	plugin.Connection
+	Conf  *inventory.Config
+	asset *inventory.Asset
+	// Add custom connection fields here
+}
+
+func NewNmapConnection(id uint32, asset *inventory.Asset, conf *inventory.Config) (*NmapConnection, error) {
+	conn := &NmapConnection{
+		Connection: plugin.NewConnection(id, asset),
+		Conf:       conf,
+		asset:      asset,
+	}
+
+	// initialize your connection here
+
+	return conn, nil
+}
+
+func (c *NmapConnection) Name() string {
+	return "nmap"
+}
+
+func (c *NmapConnection) Asset() *inventory.Asset {
+	return c.asset
+}
+
+func nmapHostPlatform() *inventory.Platform {
+	return &inventory.Platform{
+		Name:                  "nmap-host",
+		Title:                 "Nmap Host",
+		Family:                []string{"nmap"},
+		Kind:                  "api",
+		Runtime:               "nmap",
+		TechnologyUrlSegments: []string{"network", "nmap", "host"},
+	}
+}
+
+func nmapDomainPlatform() *inventory.Platform {
+	return &inventory.Platform{
+		Name:                  "nmap-domain",
+		Title:                 "Nmap Domain",
+		Family:                []string{"nmap"},
+		Kind:                  "api",
+		Runtime:               "nmap",
+		TechnologyUrlSegments: []string{"network", "nmap", "domain"},
+	}
+}
+
+func nmapPlatform() *inventory.Platform {
+	return &inventory.Platform{
+		Name:                  "nmap-org",
+		Title:                 "Nmap",
+		Family:                []string{"nmap"},
+		Kind:                  "api",
+		Runtime:               "nmap",
+		TechnologyUrlSegments: []string{"network", "nmap", "org"},
+	}
+}
+
+func (c *NmapConnection) PlatformInfo() (*inventory.Platform, error) {
+	conf := c.asset.Connections[0]
+
+	if conf.Options != nil && conf.Options["search"] != "" {
+		search := conf.Options["search"]
+		switch search {
+		case "host":
+			return nmapHostPlatform(), nil
+		case "domain":
+			return nmapDomainPlatform(), nil
+		}
+	}
+	return nmapPlatform(), nil
+}
+
+func (c *NmapConnection) Identifier() string {
+	baseId := "//platformid.api.mondoo.app/runtime/nmap"
+
+	conf := c.asset.Connections[0]
+	if conf.Options != nil && conf.Options["search"] != "" {
+		search := conf.Options["search"]
+		switch search {
+		case "host":
+			return baseId + "/host/" + strings.ToLower(conf.Host)
+		case "domain":
+			return baseId + "/domain/" + strings.ToLower(conf.Host)
+		}
+	}
+
+	return baseId
+}