Forensic Blogs

An aggregator for digital forensics blogs

by

Python & Nmap

Automated Network Scanner! Team

 

Network Scanning Overview

So far, the Automated Network Scanning Team ! has learned about Python and Nmap. We are planning to use Python to create an automated network scanner and report generator with Nmap. To do this, we had to learn how to install various Python packages, such as libnmap, a package that enables the execution of Nmap. We also installed argparse, which allows users to change how a program runs without changing the code of the program, and smtplib, which allows Python to send emails from an SMTP server.

Python

The Python scanning portion will first take inputs from the command line using the argparse package, allowing the user to run it with different inputs, specify target IP’s, and identify the output destination of the email report. The team added these features  to the program. Which was intended to run remotely from a Raspberry Pi integrated into a network. After the user specifies these parameters, the program launches a scan utilizing the libnmap package. Unlike all the other packages, to install libnmap we had to learn how to use pip, a python package installation tool. This was a new experience for the team, but we successfully learned how to install packages using pip.

After the scan completes, it is re-organized for readability, and then the smtplib package is used to send the results in .csv file to the target destination. Throughout this process, we had to learn from the documentation of all three of these packages, which we had never worked with before. It improved our understanding of the Python language and sharpened our programming skills.

Network Mapper – Nmap

While using Nmap, we studied different types of scans to obtain all the information needed to compile a full report. We began by examining a ping scan, which scans through a range of IP’s for promising IP addresses to scan. A ping scan uses the same packets as a standard ping request. This scan was done first in our program in order to discover any viable hosts that were up and running, while being relatively fast compared to other host discovery scans. It also provided enough information to execute our next scans. The next scan that ran was the OS Fingerprinting scan.

This scan sent packets to a host, then ran dozens of tests on that host. After this, Nmap compared the results to a database of more than 2,600 OS fingerprints, trying to find a good match. We used this scan type to gather additional information on the target hosts/network.

Conclusion

One added feature of our automated network scanner is to find known vulnerabilities. We decided to scan for a cryptographic vulnerability, the Heartbleed Bug. This vulnerability allows the stealing of information encrypted with OpenSSL, a popular encryption protocol. There are Nmap scripts designed to scan for targets that are vulnerable to this bug. Nmap maintains a database of scripts that other users have found useful for security applications, and individual users can expand their nmap abilities by scripting to obtain new and different information.

Throughout the past few weeks, our Automated Network Scanning Team has learned about several Python packages, like libnmap, argparse, and smtplib. We have explored the functionalities of Nmap, bringing both together in our Python automated network scanner.

 

To learn more about this and other blogs of the LCDI visit us here: LCDI Blog.

Stay in the loop on our current and upcoming projects and events by following us on Facebook,  Twitter, or Instagram. 

The post Python & Nmap appeared first on The Leahy Center for Digital Investigation.