|
Anthony,
I looked at the examples and I tried to make them work but to no avail. Let me try to explain a little better and give some of my source code to figure out if what I'm trying to do is possible. By looking at the code, I'm calling the parsescan and sub host_handler that you created. Then inside of host_handler, I want to call the parsescan and sub host_pingsweep to check and see if the next IP address is up or down. After the host_pingsweep is finished, I want the host_handler function to continue scanning the remaining network for OS detection. So it is essentially, a nested nmap scan which I'm not sure if it is possible. Below the code is my output that shows the original OS scan and the pingsweep scan but it does not return to the OS detection scan. Thank you for all your help.
-Chris Hecker
Code:
...... More stuff......
$np->callback(\&host_handler);
$np->parsescan($G{nmap},'-sS -sV -O -PI -PT',@ARGV);
sub host_handler {
my $host = shift;
print ' > '.$host->ipv4_addr."\n";
print "\t[+] Status: (".uc($host->status).")\n";
if($host->status eq 'up'){
my $os = $host->os_sig();
tab_print("Hostname(s)",$host->all_hostnames());
tab_print("Uptime",($host->uptime_seconds())." seconds") if($host->uptime_seconds());
tab_print("Last Rebooted",$host->uptime_lastboot()) if($host->uptime_lastboot);
tab_print("OS Signatures",$os->name());
$ip_address = $host->ipv4_addr;
$input2 = $host->ipv4_addr;
$pattern2 = '^\d{1,3}\.\d{1,3}\.\d{1,3}\.';
$ip_address =~ s/$pattern2//s;
$ip_address++;
$pattern3 = '\d{1,3}$';
$input2 =~ s/$pattern3/$ip_address/s;
$np2->callback(\&host_pingsweep);
$np2->parsescan($G{nmap},'-sP',$input2);
$np2->callback(); #I tried this to try and reset the callback but that didn't work also.
print OUTFILE "bind $input2 ".$os->osfamily()."$num\n";
}
print "\n\n";
}
sub host_pingsweep {
my $host2 = shift;
my $ping_count=0;
do {
$ping_count++;
print ' > '.$host2->ipv4_addr."\n";
print "\t[+] Status: (".uc($host2->status).")\n";
} until ($host2->status eq 'down' || $ping_count >3);
}
Actual Run:
Using nmap exe for TCP scan and honeyd config. file: /usr/bin/nmap
137.229.49.49
[+] Status: (UP)
[+] Hostname(s) :
49-49.wireless.uaf.edu
[+] Uptime :
161567 seconds
[+] Last Rebooted :
Sun Feb 19 14:16:16 2006
[+] OS Signatures :
Linux 2.5.25 - 2.6.8 or Gentoo 1.2 Linux 2.4.19 rc1-rc7
[+] TCP Ports :
22 (ssh) OpenSSH 3.9p1
111 (rpcbind) 2
876 (status) 1
137.229.49.50
[+] Status: (UP)
137.229.49.50
[+] Status: (UP)
137.229.49.50
[+] Status: (UP)
137.229.49.50
[+] Status: (UP)
|
(1)
]
