nmap

package module
v2.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 9, 2020 License: MIT Imports: 13 Imported by: 40

README

nmap

PkgGoDev github.com/Ullaakut/nmap/v2

This library aims at providing idiomatic nmap bindings for go developers, in order to make it easier to write security audit tools using golang.

What is nmap

Nmap (Network Mapper) is a free and open-source network scanner created by Gordon Lyon. Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.

Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features. Nmap can adapt to network conditions including latency and congestion during a scan.

Why use go for penetration testing

Most pentest tools are currently written using Python and not Go, because it is easy to quickly write scripts, lots of libraries are available, and it's a simple language to use. However, for writing robust and reliable applications, Go is the better tool. It is statically compiled, has a static type system, much better performance, it is also a very simple language to use and goroutines are awesome... But I might be slighly biased, so feel free to disagree.

Supported features

  • All of nmap's native options.
  • Additional idiomatic go filters for filtering hosts and ports.
  • Cancellable contexts support.
  • Helpful enums for nmap commands. (time templates, os families, port states, etc.)
  • Complete documentation of each option, mostly insipred from nmap's documentation.

TODO

  • Add asynchronous scan, send scan progress percentage and time estimation through channel

Simple example

package main

import (
    "context"
    "fmt"
    "log"
    "time"

    "github.com/Ullaakut/nmap/v2"
)

func main() {
    ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
    defer cancel()

    // Equivalent to `/usr/local/bin/nmap -p 80,443,843 google.com facebook.com youtube.com`,
    // with a 5 minute timeout.
    scanner, err := nmap.NewScanner(
        nmap.WithTargets("google.com", "facebook.com", "youtube.com"),
        nmap.WithPorts("80,443,843"),
        nmap.WithContext(ctx),
    )
    if err != nil {
        log.Fatalf("unable to create nmap scanner: %v", err)
    }

    result, warnings, err := scanner.Run()
    if err != nil {
        log.Fatalf("unable to run nmap scan: %v", err)
    }

    if warnings != nil {
        log.Printf("Warnings: \n %v", warnings)
    }

    // Use the results to print an example output
    for _, host := range result.Hosts {
        if len(host.Ports) == 0 || len(host.Addresses) == 0 {
            continue
        }

        fmt.Printf("Host %q:\n", host.Addresses[0])

        for _, port := range host.Ports {
            fmt.Printf("\tPort %d/%s %s %s\n", port.ID, port.Protocol, port.State, port.Service.Name)
        }
    }

    fmt.Printf("Nmap done: %d hosts up scanned in %3f seconds\n", len(result.Hosts), result.Stats.Finished.Elapsed)
}

The program above outputs:

Host "172.217.16.46":
    Port 80/tcp open http
    Port 443/tcp open https
    Port 843/tcp filtered unknown
Host "31.13.81.36":
    Port 80/tcp open http
    Port 443/tcp open https
    Port 843/tcp open unknown
Host "216.58.215.110":
    Port 80/tcp open http
    Port 443/tcp open https
    Port 843/tcp filtered unknown
Nmap done: 3 hosts up scanned in 1.29 seconds

Advanced example

Cameradar already uses this library at its core to communicate with nmap, discover RTSP streams and access them remotely.

More examples:

External resources

Documentation

Overview

Package nmap provides idiomatic `nmap` bindings for go developers.

Index

Examples

Constants

This section is empty.

Variables

View Source
var (
	// ErrNmapNotInstalled means that upon trying to manually locate nmap in the user's path,
	// it was not found. Either use the WithBinaryPath method to set it manually, or make sure that
	// the nmap binary is present in the user's $PATH.
	ErrNmapNotInstalled = errors.New("nmap binary was not found")

	// ErrScanTimeout means that the provided context was done before the scanner finished its scan.
	ErrScanTimeout = errors.New("nmap scan timed out")

	// ErrMallocFailed means that nmap crashed due to insufficient memory, which may happen on large target networks.
	ErrMallocFailed = errors.New("malloc failed, probably out of space")

	// ErrParseOutput means that nmap's output was not parsed successfully.
	ErrParseOutput = errors.New("unable to parse nmap output, see warnings for details")

	// ErrResolveName means that Nmap could not resolve a name.
	ErrResolveName = errors.New("nmap could not resolve a name")
)

Functions

func WithACKDiscovery

func WithACKDiscovery(ports ...string) func(*Scanner)

WithACKDiscovery sets the discovery mode to use ACK packets. If the portList argument is empty, this will enable ACK discovery for all ports. Otherwise, it will be only for the specified ports.

func WithACKScan

func WithACKScan() func(*Scanner)

WithACKScan sets the scan technique to use ACK packets over TCP. This scan is unable to determine if a port is open. When scanning unfiltered systems, open and closed ports will both return a RST packet. Nmap then labels them as unfiltered, meaning that they are reachable by the ACK packet, but whether they are open or closed is undetermined.

func WithASCIIData

func WithASCIIData(data string) func(*Scanner)

WithASCIIData appends a custom ascii-encoded payload to sent packets.

func WithAggressiveScan

func WithAggressiveScan() func(*Scanner)

WithAggressiveScan enables the use of aggressive scan options. This has the same effect as using WithOSDetection, WithServiceInfo, WithDefaultScript and WithTraceRoute at the same time. Because script scanning with the default set is considered intrusive, you should not use this method against target networks without permission.

func WithAppendOutput

func WithAppendOutput() func(*Scanner)

WithAppendOutput makes nmap append to files instead of overwriting them. Currently does nothing, since this library doesn't write in files.

func WithBadSum

func WithBadSum() func(*Scanner)

WithBadSum makes nmap send an invalid TCP, UDP or SCTP checksum for packets sent to target hosts. Since virtually all host IP stacks properly drop these packets, any responses received are likely coming from a firewall or IDS that didn't bother to verify the checksum.

func WithBinaryPath

func WithBinaryPath(binaryPath string) func(*Scanner)

WithBinaryPath sets the nmap binary path for a scanner.

func WithConnectScan

func WithConnectScan() func(*Scanner)

WithConnectScan sets the scan technique to use TCP connections. This is the default method used when a user does not have raw packet privileges. Target machines are likely to log these connections.

func WithConsecutivePortScanning

func WithConsecutivePortScanning() func(*Scanner)

WithConsecutivePortScanning makes the scan go through ports consecutively instead of picking them out randomly.

func WithContext

func WithContext(ctx context.Context) func(*Scanner)

WithContext adds a context to a scanner, to make it cancellable and able to timeout.

func WithCustomArguments

func WithCustomArguments(args ...string) func(*Scanner)

WithCustomArguments sets custom arguments to give to the nmap binary. There should be no reason to use this, unless you are using a custom build of nmap or that this repository isn't up to date with the latest options of the official nmap release. You can use this as a quick way to paste an nmap command into your go code, but remember that the whole purpose of this repository is to be idiomatic, provide type checking, enums for the values that can be passed, etc.

func WithCustomDNSServers

func WithCustomDNSServers(dnsServers ...string) func(*Scanner)

WithCustomDNSServers sets custom DNS servers for the scan. List format: dns1[,dns2],...

func WithDataDir

func WithDataDir(directoryPath string) func(*Scanner)

WithDataDir specifies a custom data directory for nmap to get its nmap-service-probes, nmap-services, nmap-protocols, nmap-rpc, nmap-mac-prefixes, and nmap-os-db.

func WithDataLength

func WithDataLength(length int) func(*Scanner)

WithDataLength appends a random payload of the given length to sent packets.

func WithDebugging

func WithDebugging(level int) func(*Scanner)

WithDebugging sets and increases the debugging level of nmap.

func WithDecoys

func WithDecoys(decoys ...string) func(*Scanner)

WithDecoys causes a decoy scan to be performed, which makes it appear to the remote host that the host(s) you specify as decoys are scanning the target network too. Thus their IDS might report 5–10 port scans from unique IP addresses, but they won't know which IP was scanning them and which were innocent decoys. While this can be defeated through router path tracing, response-dropping, and other active mechanisms, it is generally an effective technique for hiding your IP address. You can optionally use ME as one of the decoys to represent the position for your real IP address. If you put ME in the sixth position or later, some common port scan detectors are unlikely to show your IP address at all.

func WithDefaultScript

func WithDefaultScript() func(*Scanner)

WithDefaultScript sets the scanner to perform a script scan using the default set of scripts. It is equivalent to --script=default. Some of the scripts in this category are considered intrusive and should not be run against a target network without permission.

func WithDisabledDNSResolution

func WithDisabledDNSResolution() func(*Scanner)

WithDisabledDNSResolution disables DNS resolution in the discovery step of the nmap scan.

func WithFTPBounceScan

func WithFTPBounceScan(FTPRelayHost string) func(*Scanner)

WithFTPBounceScan sets the scan technique to use the an FTP relay host. It takes an argument of the form "<username>:<password>@<server>:<port>. <Server>". You may omit <username>:<password>, in which case anonymous login credentials (user: anonymous password:-wwwuser@) are used. The port number (and preceding colon) may be omitted as well, in which case the default FTP port (21) on <server> is used.

func WithFastMode

func WithFastMode() func(*Scanner)

WithFastMode makes the scan faster by scanning fewer ports than the default scan.

func WithFilterHost

func WithFilterHost(hostFilter func(Host) bool) func(*Scanner)

WithFilterHost allows to set a custom function to filter out hosts that don't fulfill a given condition. When the given function returns true, the host is kept, otherwise it is removed from the result. Can be used along with WithFilterPort.

func WithFilterPort

func WithFilterPort(portFilter func(Port) bool) func(*Scanner)

WithFilterPort allows to set a custom function to filter out ports that don't fulfill a given condition. When the given function returns true, the port is kept, otherwise it is removed from the result. Can be used along with WithFilterHost.

func WithForcedDNSResolution

func WithForcedDNSResolution() func(*Scanner)

WithForcedDNSResolution enforces DNS resolution in the discovery step of the nmap scan.

func WithFragmentPackets

func WithFragmentPackets() func(*Scanner)

WithFragmentPackets enables the use of tiny fragmented IP packets in order to split up the TCP header over several packets to make it harder for packet filters, intrusion detection systems, and other annoyances to detect what you are doing. Some programs have trouble handling these tiny packets.

func WithHexData

func WithHexData(data string) func(*Scanner)

WithHexData appends a custom hex-encoded payload to sent packets.

func WithHostTimeout

func WithHostTimeout(timeout time.Duration) func(*Scanner)

WithHostTimeout sets the time after which nmap should give up on a target host.

func WithICMPEchoDiscovery

func WithICMPEchoDiscovery() func(*Scanner)

WithICMPEchoDiscovery sets the discovery mode to use an ICMP type 8 packet (an echo request), like the standard packets sent by the ping command. Many hosts and firewalls block these packets, so this is usually not the best for exploring networks.

func WithICMPNetMaskDiscovery

func WithICMPNetMaskDiscovery() func(*Scanner)

WithICMPNetMaskDiscovery sets the discovery mode to use an ICMP type 17 packet (an address mask request). This query can be valuable when administrators specifically block echo request packets while forgetting that other ICMP queries can be used for the same purpose.

func WithICMPTimestampDiscovery

func WithICMPTimestampDiscovery() func(*Scanner)

WithICMPTimestampDiscovery sets the discovery mode to use an ICMP type 13 packet (a timestamp request). This query can be valuable when administrators specifically block echo request packets while forgetting that other ICMP queries can be used for the same purpose.

func WithIPOptions

func WithIPOptions(options string) func(*Scanner)

WithIPOptions uses the specified IP options to send packets. You may be able to use the record route option to determine a path to a target even when more traditional traceroute-style approaches fail. See http://seclists.org/nmap-dev/2006/q3/52 for examples of use.

func WithIPProtocolPingDiscovery

func WithIPProtocolPingDiscovery(protocols ...string) func(*Scanner)

WithIPProtocolPingDiscovery sets the discovery mode to use the IP protocol ping. If no protocols are specified, the default is to send multiple IP packets for ICMP (protocol 1), IGMP (protocol 2), and IP-in-IP (protocol 4).

func WithIPProtocolScan

func WithIPProtocolScan() func(*Scanner)

WithIPProtocolScan sets the scan technique to use the IP protocol. IP protocol scan allows you to determine which IP protocols (TCP, ICMP, IGMP, etc.) are supported by target machines. This isn't technically a port scan, since it cycles through IP protocol numbers rather than TCP or UDP port numbers.

func WithIPTimeToLive

func WithIPTimeToLive(ttl int16) func(*Scanner)

WithIPTimeToLive sets the IP time-to-live field of IP packets.

func WithIPv6Scanning

func WithIPv6Scanning() func(*Scanner)

WithIPv6Scanning enables the use of IPv6 scanning.

func WithIdleScan

func WithIdleScan(zombieHost string, probePort int) func(*Scanner)

WithIdleScan sets the scan technique to use a zombie host to allow for a truly blind TCP port scan of the target. Besides being extraordinarily stealthy (due to its blind nature), this scan type permits mapping out IP-based trust relationships between machines.

func WithInitialRTTTimeout

func WithInitialRTTTimeout(roundTripTime time.Duration) func(*Scanner)

WithInitialRTTTimeout sets the initial probe round trip time.

func WithInterface

func WithInterface(iface string) func(*Scanner)

WithInterface specifies which network interface to use for scanning.

func WithInterfaceList

func WithInterfaceList() func(*Scanner)

WithInterfaceList makes nmap print host interfaces and routes.

func WithListScan

func WithListScan() func(*Scanner)

WithListScan sets the discovery mode to simply list the targets to scan and not scan them.

func WithMTU

func WithMTU(offset int) func(*Scanner)

WithMTU allows you to specify your own offset size for fragmenting IP packets. Using fragmented packets allows to split up the TCP header over several packets to make it harder for packet filters, intrusion detection systems, and other annoyances to detect what you are doing. Some programs have trouble handling these tiny packets.

func WithMaimonScan

func WithMaimonScan() func(*Scanner)

WithMaimonScan sends the same packets as NULL, FIN, and Xmas scans, except that the probe is FIN/ACK. Many BSD-derived systems will drop these packets if the port is open.

func WithMaxHostgroup

func WithMaxHostgroup(size int) func(*Scanner)

WithMaxHostgroup sets the maximal parallel host scan group size.

func WithMaxParallelism

func WithMaxParallelism(probes int) func(*Scanner)

WithMaxParallelism sets the maximal number of parallel probes.

func WithMaxRTTTimeout

func WithMaxRTTTimeout(roundTripTime time.Duration) func(*Scanner)

WithMaxRTTTimeout sets the maximal probe round trip time.

func WithMaxRate

func WithMaxRate(packetsPerSecond int) func(*Scanner)

WithMaxRate sets the maximal number of packets sent per second.

func WithMaxRetries

func WithMaxRetries(tries int) func(*Scanner)

WithMaxRetries sets the maximal number of port scan probe retransmissions.

func WithMaxScanDelay

func WithMaxScanDelay(timeout time.Duration) func(*Scanner)

WithMaxScanDelay sets the maximum time to wait between each probe sent to a host.

func WithMinHostgroup

func WithMinHostgroup(size int) func(*Scanner)

WithMinHostgroup sets the minimal parallel host scan group size.

func WithMinParallelism

func WithMinParallelism(probes int) func(*Scanner)

WithMinParallelism sets the minimal number of parallel probes.

func WithMinRTTTimeout

func WithMinRTTTimeout(roundTripTime time.Duration) func(*Scanner)

WithMinRTTTimeout sets the minimal probe round trip time.

func WithMinRate

func WithMinRate(packetsPerSecond int) func(*Scanner)

WithMinRate sets the minimal number of packets sent per second.

func WithMostCommonPorts

func WithMostCommonPorts(number int) func(*Scanner)

WithMostCommonPorts sets the scanner to go through the provided number of most common ports.

func WithNoStylesheet

func WithNoStylesheet() func(*Scanner)

WithNoStylesheet prevents the use of XSL stylesheets with the XML output.

func WithOSDetection

func WithOSDetection() func(*Scanner)

WithOSDetection enables OS detection.

func WithOSScanGuess

func WithOSScanGuess() func(*Scanner)

WithOSScanGuess makes nmap attempt to guess the OS more aggressively.

func WithOSScanLimit

func WithOSScanLimit() func(*Scanner)

WithOSScanLimit sets the scanner to not even try OS detection against hosts that do have at least one open TCP port, as it is unlikely to be effective. This can save substantial time, particularly on -Pn scans against many hosts. It only matters when OS detection is requested with -O or -A.

func WithOpenOnly

func WithOpenOnly() func(*Scanner)

WithOpenOnly makes nmap only show open ports.

func WithPacketTrace

func WithPacketTrace() func(*Scanner)

WithPacketTrace makes nmap show all packets sent and received.

func WithPingScan

func WithPingScan() func(*Scanner)

WithPingScan sets the discovery mode to simply ping the targets to scan and not scan them.

func WithPortExclusions

func WithPortExclusions(ports ...string) func(*Scanner)

WithPortExclusions sets the ports that the scanner should not scan on each host.

func WithPortRatio

func WithPortRatio(ratio float32) func(*Scanner)

WithPortRatio sets the scanner to go the ports more common than the given ratio. Ratio must be a float between 0 and 1.

func WithPorts

func WithPorts(ports ...string) func(*Scanner)

WithPorts sets the ports which the scanner should scan on each host.

func WithPrivileged

func WithPrivileged() func(*Scanner)

WithPrivileged makes nmap assume that the user is fully privileged.

func WithProxies

func WithProxies(proxies ...string) func(*Scanner)

WithProxies allows to relay connection through HTTP/SOCKS4 proxies.

func WithRandomTargets

func WithRandomTargets(randomTargets int) func(*Scanner)

WithRandomTargets sets the amount of targets to randomly choose from the targets.

func WithReason

func WithReason() func(*Scanner)

WithReason makes nmap specify why a port is in a particular state.

func WithResumePreviousScan

func WithResumePreviousScan(filePath string) func(*Scanner)

WithResumePreviousScan makes nmap continue a scan that was aborted, from an output file.

func WithSCTPCookieEchoScan

func WithSCTPCookieEchoScan() func(*Scanner)

WithSCTPCookieEchoScan sets the scan technique to use SCTP packets containing a COOKIE-ECHO chunk. The advantage of this scan type is that it is not as obvious a port scan than an INIT scan. Also, there may be non-stateful firewall rulesets blocking INIT chunks, but not COOKIE ECHO chunks.

func WithSCTPDiscovery

func WithSCTPDiscovery(ports ...string) func(*Scanner)

WithSCTPDiscovery sets the discovery mode to use SCTP packets containing a minimal INIT chunk. If the portList argument is empty, this will enable SCTP discovery for all ports. Otherwise, it will be only for the specified ports. Warning: on Unix, only the privileged user root is generally able to send and receive raw SCTP packets.

func WithSCTPInitScan

func WithSCTPInitScan() func(*Scanner)

WithSCTPInitScan sets the scan technique to use SCTP packets containing an INIT chunk. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls. Like SYN scan, INIT scan is relatively unobtrusive and stealthy, since it never completes SCTP associations.

func WithSYNDiscovery

func WithSYNDiscovery(ports ...string) func(*Scanner)

WithSYNDiscovery sets the discovery mode to use SYN packets. If the portList argument is empty, this will enable SYN discovery for all ports. Otherwise, it will be only for the specified ports.

func WithSYNScan

func WithSYNScan() func(*Scanner)

WithSYNScan sets the scan technique to use SYN packets over TCP. This is the default method, as it is fast, stealthy and not hampered by restrictive firewalls.

func WithScanDelay

func WithScanDelay(timeout time.Duration) func(*Scanner)

WithScanDelay sets the minimum time to wait between each probe sent to a host.

func WithScriptArguments

func WithScriptArguments(arguments map[string]string) func(*Scanner)

WithScriptArguments provides arguments for scripts. If a value is the empty string, the key will be used as a flag.

func WithScriptArgumentsFile

func WithScriptArgumentsFile(inputFilePath string) func(*Scanner)

WithScriptArgumentsFile provides arguments for scripts from a file.

func WithScriptTrace

func WithScriptTrace() func(*Scanner)

WithScriptTrace makes the scripts show all data sent and received.

func WithScriptUpdateDB

func WithScriptUpdateDB() func(*Scanner)

WithScriptUpdateDB updates the script database.

func WithScripts

func WithScripts(scripts ...string) func(*Scanner)

WithScripts sets the scanner to perform a script scan using the enumerated scripts, script directories and script categories.

func WithSendEthernet

func WithSendEthernet() func(*Scanner)

WithSendEthernet makes nmap send packets at the raw ethernet (data link) layer rather than the higher IP (network) layer. By default, nmap chooses the one which is generally best for the platform it is running on.

func WithSendIP

func WithSendIP() func(*Scanner)

WithSendIP makes nmap send packets via raw IP sockets rather than sending lower level ethernet frames.

func WithServiceInfo

func WithServiceInfo() func(*Scanner)

WithServiceInfo enables the probing of open ports to determine service and version info.

func WithSkipHostDiscovery

func WithSkipHostDiscovery() func(*Scanner)

WithSkipHostDiscovery diables host discovery and considers all hosts as online.

func WithSourcePort

func WithSourcePort(port int16) func(*Scanner)

WithSourcePort specifies from which port to scan.

func WithSpoofIPAddress

func WithSpoofIPAddress(ip string) func(*Scanner)

WithSpoofIPAddress spoofs the IP address of the machine which is running nmap. This can be used if nmap is unable to determine your source address. Another possible use of this flag is to spoof the scan to make the targets think that someone else is scanning them. The WithInterface option and WithSkipHostDiscovery are generally required for this sort of usage. Note that you usually won't receive reply packets back (they will be addressed to the IP you are spoofing), so Nmap won't produce useful reports.

func WithSpoofMAC

func WithSpoofMAC(argument string) func(*Scanner)

WithSpoofMAC uses the given MAC address for all of the raw ethernet frames the scanner sends. This option implies WithSendEthernet to ensure that Nmap actually sends ethernet-level packets. Valid argument examples are Apple, 0, 01:02:03:04:05:06, deadbeefcafe, 0020F2, and Cisco.

func WithStatsEvery

func WithStatsEvery(interval string) func(*Scanner)

WithStatsEvery periodically prints a timing status message after each interval of time.

func WithStylesheet

func WithStylesheet(stylesheetPath string) func(*Scanner)

WithStylesheet makes nmap apply an XSL stylesheet to transform its XML output to HTML.

func WithSystemDNS

func WithSystemDNS() func(*Scanner)

WithSystemDNS sets the scanner's DNS to the system's DNS.

func WithTCPFINScan

func WithTCPFINScan() func(*Scanner)

WithTCPFINScan sets the scan technique to use TCP packets with the FIN flag set. This scan method can be used to exploit a loophole in the TCP RFC. If an RST packet is received, the port is considered closed, while no response means it is open|filtered.

func WithTCPNullScan

func WithTCPNullScan() func(*Scanner)

WithTCPNullScan sets the scan technique to use TCP null packets. (TCP flag header is 0). This scan method can be used to exploit a loophole in the TCP RFC. If an RST packet is received, the port is considered closed, while no response means it is open|filtered.

func WithTCPScanFlags

func WithTCPScanFlags(flags ...TCPFlag) func(*Scanner)

WithTCPScanFlags sets the scan technique to use custom TCP flags.

func WithTCPXmasScan

func WithTCPXmasScan() func(*Scanner)

WithTCPXmasScan sets the scan technique to use TCP packets with the FIN, PSH and URG flags set. This scan method can be used to exploit a loophole in the TCP RFC. If an RST packet is received, the port is considered closed, while no response means it is open|filtered.

func WithTargetExclusion

func WithTargetExclusion(target string) func(*Scanner)

WithTargetExclusion sets the excluded targets of a scanner.

func WithTargetExclusionInput

func WithTargetExclusionInput(inputFileName string) func(*Scanner)

WithTargetExclusionInput sets the input file name to set the target exclusions.

func WithTargetInput

func WithTargetInput(inputFileName string) func(*Scanner)

WithTargetInput sets the input file name to set the targets.

func WithTargets

func WithTargets(targets ...string) func(*Scanner)

WithTargets sets the target of a scanner.

func WithTimingTemplate

func WithTimingTemplate(timing Timing) func(*Scanner)

WithTimingTemplate sets the timing template for nmap.

func WithTraceRoute

func WithTraceRoute() func(*Scanner)

WithTraceRoute enables the tracing of the hop path to each host.

func WithUDPDiscovery

func WithUDPDiscovery(ports ...string) func(*Scanner)

WithUDPDiscovery sets the discovery mode to use UDP packets. If the portList argument is empty, this will enable UDP discovery for all ports. Otherwise, it will be only for the specified ports.

func WithUDPScan

func WithUDPScan() func(*Scanner)

WithUDPScan sets the scan technique to use UDP packets. It can be combined with a TCP scan type such as SYN scan to check both protocols during the same run. UDP scanning is generally slower than TCP, but should not be ignored.

func WithUnprivileged

func WithUnprivileged() func(*Scanner)

WithUnprivileged makes nmap assume that the user lacks raw socket privileges.

func WithVerbosity

func WithVerbosity(level int) func(*Scanner)

WithVerbosity sets and increases the verbosity level of nmap.

func WithVersionAll

func WithVersionAll() func(*Scanner)

WithVersionAll sets the level of intensity with which nmap should probe the open ports to get version information to 9. This will ensure that every single probe is attempted against each port.

func WithVersionIntensity

func WithVersionIntensity(intensity int16) func(*Scanner)

WithVersionIntensity sets the level of intensity with which nmap should probe the open ports to get version information. Intensity should be a value between 0 (light) and 9 (try all probes). The default value is 7.

func WithVersionLight

func WithVersionLight() func(*Scanner)

WithVersionLight sets the level of intensity with which nmap should probe the open ports to get version information to 2. This will make version scanning much faster, but slightly less likely to identify services.

func WithVersionTrace

func WithVersionTrace() func(*Scanner)

WithVersionTrace causes Nmap to print out extensive debugging info about what version scanning is doing. TODO: See how this works along with XML output.

func WithWebXML

func WithWebXML() func(*Scanner)

WithWebXML makes nmap apply the default nmap.org stylesheet to transform XML output to HTML. The stylesheet can be found at https://nmap.org/svn/docs/nmap.xsl

func WithWindowScan

func WithWindowScan() func(*Scanner)

WithWindowScan sets the scan technique to use ACK packets over TCP and examining the TCP window field of the RST packets returned. Window scan is exactly the same as ACK scan except that it exploits an implementation detail of certain systems to differentiate open ports from closed ones, rather than always printing unfiltered when a RST is returned.

Types

type Address

type Address struct {
	Addr     string `xml:"addr,attr" json:"addr"`
	AddrType string `xml:"addrtype,attr" json:"addr_type"`
	Vendor   string `xml:"vendor,attr" json:"vendor"`
}

Address contains a IPv4 or IPv6 address for a host.

func (Address) String

func (a Address) String() string

type CPE

type CPE string

CPE (Common Platform Enumeration) is a standardized way to name software applications, operating systems and hardware platforms.

type Debugging

type Debugging struct {
	Level int `xml:"level,attr" json:"level"`
}

Debugging contains the debugging level of the scan.

type Distance

type Distance struct {
	Value int `xml:"value,attr" json:"value"`
}

Distance is the amount of hops to a particular host.

type Element

type Element struct {
	Key   string `xml:"key,attr,omitempty" json:"key,omitempty"`
	Value string `xml:",innerxml" json:"value"`
}

Element is the smallest building block for scripts/tables. It can optionally(!) have a key.

type ExtraPort

type ExtraPort struct {
	State   string   `xml:"state,attr" json:"state"`
	Count   int      `xml:"count,attr" json:"count"`
	Reasons []Reason `xml:"extrareasons" json:"reasons"`
}

ExtraPort contains the information about the closed and filtered ports.

type Finished

type Finished struct {
	Time     Timestamp `xml:"time,attr" json:"time"`
	TimeStr  string    `xml:"timestr,attr" json:"time_str"`
	Elapsed  float32   `xml:"elapsed,attr" json:"elapsed"`
	Summary  string    `xml:"summary,attr" json:"summary"`
	Exit     string    `xml:"exit,attr" json:"exit"`
	ErrorMsg string    `xml:"errormsg,attr" json:"error_msg"`
}

Finished contains detailed statistics regarding a finished scan.

type Hop

type Hop struct {
	TTL    float32 `xml:"ttl,attr" json:"ttl"`
	RTT    string  `xml:"rtt,attr" json:"rtt"`
	IPAddr string  `xml:"ipaddr,attr" json:"ip_addr"`
	Host   string  `xml:"host,attr" json:"host"`
}

Hop is an IP hop to a host.

type Host

type Host struct {
	Distance      Distance      `xml:"distance" json:"distance"`
	EndTime       Timestamp     `xml:"endtime,attr,omitempty" json:"end_time"`
	IPIDSequence  IPIDSequence  `xml:"ipidsequence" json:"ip_id_sequence"`
	OS            OS            `xml:"os" json:"os"`
	StartTime     Timestamp     `xml:"starttime,attr,omitempty" json:"start_time"`
	Status        Status        `xml:"status" json:"status"`
	TCPSequence   TCPSequence   `xml:"tcpsequence" json:"tcp_sequence"`
	TCPTSSequence TCPTSSequence `xml:"tcptssequence" json:"tcp_ts_sequence"`
	Times         Times         `xml:"times" json:"times"`
	Trace         Trace         `xml:"trace" json:"trace"`
	Uptime        Uptime        `xml:"uptime" json:"uptime"`
	Comment       string        `xml:"comment,attr" json:"comment"`
	Addresses     []Address     `xml:"address" json:"addresses"`
	ExtraPorts    []ExtraPort   `xml:"ports>extraports" json:"extra_ports"`
	Hostnames     []Hostname    `xml:"hostnames>hostname" json:"hostnames"`
	HostScripts   []Script      `xml:"hostscript>script" json:"host_scripts"`
	Ports         []Port        `xml:"ports>port" json:"ports"`
	Smurfs        []Smurf       `xml:"smurf" json:"smurfs"`
}

Host represents a host that was scanned.

type HostStats

type HostStats struct {
	Up    int `xml:"up,attr" json:"up"`
	Down  int `xml:"down,attr" json:"down"`
	Total int `xml:"total,attr" json:"total"`
}

HostStats contains the amount of up and down hosts and the total count.

type Hostname

type Hostname struct {
	Name string `xml:"name,attr" json:"name"`
	Type string `xml:"type,attr" json:"type"`
}

Hostname is a name for a host.

func (Hostname) String

func (h Hostname) String() string

type IPIDSequence

type IPIDSequence Sequence

IPIDSequence represents a detected IP ID sequence.

type OS

type OS struct {
	PortsUsed    []PortUsed      `xml:"portused" json:"ports_used"`
	Matches      []OSMatch       `xml:"osmatch" json:"os_matches"`
	Fingerprints []OSFingerprint `xml:"osfingerprint" json:"os_fingerprints"`
}

OS contains the fingerprinted operating system for a host.

type OSClass

type OSClass struct {
	Vendor       string `xml:"vendor,attr" json:"vendor"`
	OSGeneration string `xml:"osgen,attr" json:"os_generation"`
	Type         string `xml:"type,attr" json:"type"`
	Accuracy     int    `xml:"accuracy,attr" json:"accuracy"`
	Family       string `xml:"osfamily,attr" json:"os_family"`
	CPEs         []CPE  `xml:"cpe" json:"cpes"`
}

OSClass contains vendor information about an operating system.

func (OSClass) OSFamily

func (o OSClass) OSFamily() family.OSFamily

OSFamily returns the OS family in an enumerated format.

type OSFingerprint

type OSFingerprint struct {
	Fingerprint string `xml:"fingerprint,attr" json:"fingerprint"`
}

OSFingerprint is the actual fingerprint string of an operating system.

type OSMatch

type OSMatch struct {
	Name     string    `xml:"name,attr" json:"name"`
	Accuracy int       `xml:"accuracy,attr" json:"accuracy"`
	Line     int       `xml:"line,attr" json:"line"`
	Classes  []OSClass `xml:"osclass" json:"os_classes"`
}

OSMatch contains detailed information regarding an operating system fingerprint.

type Owner

type Owner struct {
	Name string `xml:"name,attr" json:"name"`
}

Owner contains the name of a port's owner.

func (Owner) String

func (o Owner) String() string

type Port

type Port struct {
	ID       uint16   `xml:"portid,attr" json:"id"`
	Protocol string   `xml:"protocol,attr" json:"protocol"`
	Owner    Owner    `xml:"owner" json:"owner"`
	Service  Service  `xml:"service" json:"service"`
	State    State    `xml:"state" json:"state"`
	Scripts  []Script `xml:"script" json:"scripts"`
}

Port contains all the information about a scanned port.

func (Port) Status

func (p Port) Status() PortStatus

Status returns the status of a port.

type PortStatus

type PortStatus string

PortStatus represents a port's state.

const (
	Open       PortStatus = "open"
	Closed     PortStatus = "closed"
	Filtered   PortStatus = "filtered"
	Unfiltered PortStatus = "unfiltered"
)

Enumerates the different possible state values.

type PortUsed

type PortUsed struct {
	State string `xml:"state,attr" json:"state"`
	Proto string `xml:"proto,attr" json:"proto"`
	ID    int    `xml:"portid,attr" json:"port_id"`
}

PortUsed is the port used to fingerprint an operating system.

type Reason

type Reason struct {
	Reason string `xml:"reason,attr" json:"reason"`
	Count  int    `xml:"count,attr" json:"count"`
}

Reason represents a reason why a port is closed or filtered. This won't be in the scan results unless WithReason is used.

type Run

type Run struct {
	XMLName xml.Name `xml:"nmaprun"`

	Args             string         `xml:"args,attr" json:"args"`
	ProfileName      string         `xml:"profile_name,attr" json:"profile_name"`
	Scanner          string         `xml:"scanner,attr" json:"scanner"`
	StartStr         string         `xml:"startstr,attr" json:"start_str"`
	Version          string         `xml:"version,attr" json:"version"`
	XMLOutputVersion string         `xml:"xmloutputversion,attr" json:"xml_output_version"`
	Debugging        Debugging      `xml:"debugging" json:"debugging"`
	Stats            Stats          `xml:"runstats" json:"run_stats"`
	ScanInfo         ScanInfo       `xml:"scaninfo" json:"scan_info"`
	Start            Timestamp      `xml:"start,attr" json:"start"`
	Verbose          Verbose        `xml:"verbose" json:"verbose"`
	Hosts            []Host         `xml:"host" json:"hosts"`
	PostScripts      []Script       `xml:"postscript>script" json:"post_scripts"`
	PreScripts       []Script       `xml:"prescript>script" json:"pre_scripts"`
	Targets          []Target       `xml:"target" json:"targets"`
	TaskBegin        []Task         `xml:"taskbegin" json:"task_begin"`
	TaskProgress     []TaskProgress `xml:"taskprogress" json:"task_progress"`
	TaskEnd          []Task         `xml:"taskend" json:"task_end"`

	NmapErrors []string
	// contains filtered or unexported fields
}

Run represents an nmap scanning run.

func Parse

func Parse(content []byte) (*Run, error)

Parse takes a byte array of nmap xml data and unmarshals it into a Run struct.

func (Run) ToFile

func (r Run) ToFile(filePath string) error

ToFile writes a Run as XML into the specified file path.

func (Run) ToReader

func (r Run) ToReader() io.Reader

ToReader writes the raw XML into an streamable buffer.

type ScanInfo

type ScanInfo struct {
	NumServices int    `xml:"numservices,attr" json:"num_services"`
	Protocol    string `xml:"protocol,attr" json:"protocol"`
	ScanFlags   string `xml:"scanflags,attr" json:"scan_flags"`
	Services    string `xml:"services,attr" json:"services"`
	Type        string `xml:"type,attr" json:"type"`
}

ScanInfo represents the scan information.

type ScanRunner

type ScanRunner interface {
	Run() (result *Run, warnings []string, err error)
}

ScanRunner represents something that can run a scan.

type Scanner

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner represents an Nmap scanner.

Example (Filters)

A scanner can be given custom idiomatic filters for both hosts and ports.

s, err := NewScanner(
	WithTargets("google.com", "facebook.com"),
	WithPorts("843"),
	WithFilterHost(func(h Host) bool {
		// Filter out hosts with no open ports.
		for idx := range h.Ports {
			if h.Ports[idx].Status() == "closed" {
				return true
			}
		}
		return false
	}),
)
if err != nil {
	log.Fatalf("unable to create nmap scanner: %v", err)
}

scanResult, _, err := s.Run()
if err != nil {
	log.Fatalf("nmap encountered an error: %v", err)
}

fmt.Printf(
	"Filtered out hosts %d / Original number of hosts: %d\n",
	len(scanResult.Hosts),
	scanResult.Stats.Hosts.Total,
)
Output:

Filtered out hosts 1 / Original number of hosts: 2
Example (Simple)

A scanner can be instantiated with options to set the arguments that are given to nmap.

s, err := NewScanner(
	WithTargets("google.com", "facebook.com", "youtube.com"),
	WithCustomDNSServers("8.8.8.8", "8.8.4.4"),
	WithTimingTemplate(TimingFastest),
	WithTCPScanFlags(FlagACK, FlagNULL, FlagRST),
)
if err != nil {
	log.Fatalf("unable to create nmap scanner: %v", err)
}

scanResult, _, err := s.Run()
if err != nil {
	log.Fatalf("nmap encountered an error: %v", err)
}

fmt.Printf(
	"Scan successful: %d hosts up\n",
	scanResult.Stats.Hosts.Up,
)
Output:

Scan successful: 3 hosts up

func NewScanner

func NewScanner(options ...func(*Scanner)) (*Scanner, error)

NewScanner creates a new Scanner, and can take options to apply to the scanner.

func (*Scanner) AddOptions

func (s *Scanner) AddOptions(options ...func(*Scanner))

AddOptions sets more scan options after the scan is created.

func (*Scanner) GetStderr

func (s *Scanner) GetStderr() bufio.Scanner

GetStderr returns stderr variable for scanner.

func (*Scanner) GetStdout

func (s *Scanner) GetStdout() bufio.Scanner

GetStdout returns stdout variable for scanner.

func (*Scanner) Run

func (s *Scanner) Run() (result *Run, warnings []string, err error)

Run runs nmap synchronously and returns the result of the scan.

func (*Scanner) RunAsync

func (s *Scanner) RunAsync() error

RunAsync runs nmap asynchronously and returns error. TODO: RunAsync should return warnings as well.

func (*Scanner) RunWithProgress added in v2.0.3

func (s *Scanner) RunWithProgress(liveProgress chan<- float32) (result *Run, warnings []string, err error)

RunWithProgress runs nmap synchronously and returns the result of the scan. It needs a channel to constantly stream the progress.

func (*Scanner) Wait

func (s *Scanner) Wait() error

Wait waits for the cmd to finish and returns error.

type Script

type Script struct {
	ID       string    `xml:"id,attr" json:"id"`
	Output   string    `xml:"output,attr" json:"output"`
	Elements []Element `xml:"elem,omitempty" json:"elements,omitempty"`
	Tables   []Table   `xml:"table,omitempty" json:"tables,omitempty"`
}

Script represents an Nmap Scripting Engine script. The inner elements can be an arbitrary collection of Tables and Elements. Both of them can also be empty.

type Sequence

type Sequence struct {
	Class  string `xml:"class,attr" json:"class"`
	Values string `xml:"values,attr" json:"values"`
}

Sequence represents a detected sequence.

type Service

type Service struct {
	DeviceType    string `xml:"devicetype,attr" json:"device_type"`
	ExtraInfo     string `xml:"extrainfo,attr" json:"extra_info"`
	HighVersion   string `xml:"highver,attr" json:"high_version"`
	Hostname      string `xml:"hostname,attr" json:"hostname"`
	LowVersion    string `xml:"lowver,attr" json:"low_version"`
	Method        string `xml:"method,attr" json:"method"`
	Name          string `xml:"name,attr" json:"name"`
	OSType        string `xml:"ostype,attr" json:"os_type"`
	Product       string `xml:"product,attr" json:"product"`
	Proto         string `xml:"proto,attr" json:"proto"`
	RPCNum        string `xml:"rpcnum,attr" json:"rpc_num"`
	ServiceFP     string `xml:"servicefp,attr" json:"service_fp"`
	Tunnel        string `xml:"tunnel,attr" json:"tunnel"`
	Version       string `xml:"version,attr" json:"version"`
	Configuration int    `xml:"conf,attr" json:"configuration"`
	CPEs          []CPE  `xml:"cpe" json:"cpes"`
}

Service contains detailed information about a service on an open port.

func (Service) String

func (s Service) String() string

type Smurf

type Smurf struct {
	Responses string `xml:"responses,attr" json:"responses"`
}

Smurf contains responses from a smurf attack.

type State

type State struct {
	State     string  `xml:"state,attr" json:"state"`
	Reason    string  `xml:"reason,attr" json:"reason"`
	ReasonIP  string  `xml:"reason_ip,attr" json:"reason_ip"`
	ReasonTTL float32 `xml:"reason_ttl,attr" json:"reason_ttl"`
}

State contains information about a given port's status. State will be open, closed, etc.

func (State) String

func (s State) String() string

type Stats

type Stats struct {
	Finished Finished  `xml:"finished" json:"finished"`
	Hosts    HostStats `xml:"hosts" json:"hosts"`
}

Stats contains statistics for an nmap scan.

type Status

type Status struct {
	State     string  `xml:"state,attr" json:"state"`
	Reason    string  `xml:"reason,attr" json:"reason"`
	ReasonTTL float32 `xml:"reason_ttl,attr" json:"reason_ttl"`
}

Status represents a host's status.

func (Status) String

func (s Status) String() string

type TCPFlag

type TCPFlag int

TCPFlag represents a TCP flag.

const (
	FlagNULL TCPFlag = 0
	FlagFIN  TCPFlag = 1
	FlagSYN  TCPFlag = 2
	FlagRST  TCPFlag = 4
	FlagPSH  TCPFlag = 8
	FlagACK  TCPFlag = 16
	FlagURG  TCPFlag = 32
	FlagECE  TCPFlag = 64
	FlagCWR  TCPFlag = 128
	FlagNS   TCPFlag = 256
)

Flag enumerations.

type TCPSequence

type TCPSequence struct {
	Index      int    `xml:"index,attr" json:"index"`
	Difficulty string `xml:"difficulty,attr" json:"difficulty"`
	Values     string `xml:"values,attr" json:"values"`
}

TCPSequence represents a detected TCP sequence.

type TCPTSSequence

type TCPTSSequence Sequence

TCPTSSequence represents a detected TCP TS sequence.

type Table

type Table struct {
	Key      string    `xml:"key,attr,omitempty" json:"key,omitempty"`
	Tables   []Table   `xml:"table,omitempty" json:"tables,omitempty"`
	Elements []Element `xml:"elem,omitempty" json:"elements,omitempty"`
}

Table is an arbitrary collection of (sub-)Tables and Elements. All its fields can be empty.

type Target

type Target struct {
	Specification string `xml:"specification,attr" json:"specification"`
	Status        string `xml:"status,attr" json:"status"`
	Reason        string `xml:"reason,attr" json:"reason"`
}

Target represents a target, how it was specified when passed to nmap, its status and the reason for its status. Example: <target specification="domain.does.not.exist" status="skipped" reason="invalid"/>

type Task

type Task struct {
	Time      Timestamp `xml:"time,attr" json:"time"`
	Task      string    `xml:"task,attr" json:"task"`
	ExtraInfo string    `xml:"extrainfo,attr" json:"extra_info"`
}

Task contains information about a task.

type TaskProgress

type TaskProgress struct {
	Percent   float32   `xml:"percent,attr" json:"percent"`
	Remaining int       `xml:"remaining,attr" json:"remaining"`
	Task      string    `xml:"task,attr" json:"task"`
	Etc       Timestamp `xml:"etc,attr" json:"etc"`
	Time      Timestamp `xml:"time,attr" json:"time"`
}

TaskProgress contains information about the progression of a task.

type Times

type Times struct {
	SRTT string `xml:"srtt,attr" json:"srtt"`
	RTT  string `xml:"rttvar,attr" json:"rttv"`
	To   string `xml:"to,attr" json:"to"`
}

Times contains time statistics for an nmap scan.

type Timestamp

type Timestamp time.Time

Timestamp represents time as a UNIX timestamp in seconds.

func (Timestamp) FormatTime

func (t Timestamp) FormatTime() string

FormatTime formats the time.Time value as a UNIX timestamp string.

func (Timestamp) MarshalJSON

func (t Timestamp) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface.

func (Timestamp) MarshalXMLAttr

func (t Timestamp) MarshalXMLAttr(name xml.Name) (xml.Attr, error)

MarshalXMLAttr implements the xml.MarshalerAttr interface.

func (*Timestamp) ParseTime

func (t *Timestamp) ParseTime(s string) error

ParseTime converts a UNIX timestamp string to a time.Time.

func (*Timestamp) UnmarshalJSON

func (t *Timestamp) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Unmarshaler interface.

func (*Timestamp) UnmarshalXMLAttr

func (t *Timestamp) UnmarshalXMLAttr(attr xml.Attr) (err error)

UnmarshalXMLAttr implements the xml.UnmarshalXMLAttr interface.

type Timing

type Timing int16

Timing represents a timing template for nmap. These are meant to be used with the WithTimingTemplate method.

const (
	// TimingSlowest also called paranoiac		NO PARALLELISM | 5min  timeout | 100ms to 10s    round-trip time timeout	| 5mn   scan delay
	TimingSlowest Timing = 0
	// TimingSneaky 							NO PARALLELISM | 15sec timeout | 100ms to 10s    round-trip time timeout	| 15s   scan delay
	TimingSneaky Timing = 1
	// TimingPolite 							NO PARALLELISM | 1sec  timeout | 100ms to 10s    round-trip time timeout	| 400ms scan delay
	TimingPolite Timing = 2
	// TimingNormal 							PARALLELISM	   | 1sec  timeout | 100ms to 10s    round-trip time timeout	| 0s    scan delay
	TimingNormal Timing = 3
	// TimingAggressive 						PARALLELISM	   | 500ms timeout | 100ms to 1250ms round-trip time timeout	| 0s    scan delay
	TimingAggressive Timing = 4
	// TimingFastest also called insane			PARALLELISM	   | 250ms timeout |  50ms to 300ms  round-trip time timeout	| 0s    scan delay
	TimingFastest Timing = 5
)

type Trace

type Trace struct {
	Proto string `xml:"proto,attr" json:"proto"`
	Port  int    `xml:"port,attr" json:"port"`
	Hops  []Hop  `xml:"hop" json:"hops"`
}

Trace represents the trace to a host, including the hops.

type Uptime

type Uptime struct {
	Seconds  int    `xml:"seconds,attr" json:"seconds"`
	Lastboot string `xml:"lastboot,attr" json:"last_boot"`
}

Uptime is the amount of time the host has been up.

type Verbose

type Verbose struct {
	Level int `xml:"level,attr" json:"level"`
}

Verbose contains the verbosity level of the scan.

Directories

Path Synopsis
examples
pkg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL