/// <summary> /// Build an nmap context with the specified options /// </summary> /// <param name="scanType">The desired type of scan to perform</param> /// <param name="ports">The ports to scan (null of empty for default ports)</param> /// <returns>An nmap context for performing the desired scan</returns> private NmapContext _portScanCommon(ScanType scanType, string ports) { NmapContext ctx = GetContext(); // We always try to detect the OS and the service versions ctx.Options.AddAll(new[] { NmapFlag.ServiceVersion, NmapFlag.OsDetection }); // Add the appropriate flag if we're not performing a default scan if (scanType != ScanType.Default) { ctx.Options.Add(_scanTypeToNmapFlag[scanType]); } // Unless we specify UDP only, then perform a UDP scan in the same run if (scanType != ScanType.Default && scanType != ScanType.Udp) { ctx.Options.Add(NmapFlag.UdpScan); } // If we have a port specification, then use it if (!string.IsNullOrEmpty(ports)) { ctx.Options.Add(NmapFlag.PortSpecification, ports); } return(ctx); }
/// <summary> /// Perform a TCP port scan on the specified ports with service detection and OS detection. /// </summary> /// <param name="scanType">The type of scan to perform</param> /// <param name="ports">A list of ports to scan</param> /// <returns>A ScanResult object detailing the results of the port scan</returns> public ScanResult PortScan(ScanType scanType, IEnumerable <int> ports) { NmapContext ctx = _portScanCommon(scanType, string.Join(",", ports.Select(x => x.ToString(CultureInfo.InvariantCulture)))); return(new ScanResult(ctx.Run())); }
/// <summary> /// Perform host discovery and OS detection on the intended target (preferably a subnet or IP range) /// </summary> /// <returns>A collection of Hosts detailing the results of the discovery</returns> public IEnumerable <Host> HostDiscovery() { NmapContext ctx = GetContext(); ctx.Options.AddAll(new[] { NmapFlag.TcpSynScan, NmapFlag.OsDetection }); return(new ScanResult(ctx.Run()).Hosts); }
/// <summary> /// Perform CVE Vulnerability Scan for potential vulnerabilities /// </summary> /// <returns>A collection of Hosts detailing the results of the discovery</returns> public IEnumerable <Host> VulnerabilityDiscovery() { NmapContext ctx = GetContext(); ctx.Options.AddAll(new[] { NmapFlag.TreatHostsAsOnline, NmapFlag.ScriptVuln }); return(new ScanResult(ctx.Run()).Hosts); }
/// <summary> /// Perform host discovery and OS detection on the intended target (preferably a subnet or IP range) /// </summary> /// <returns>A collection of Hosts detailing the results of the discovery</returns> public IEnumerable <Host> HostDiscovery() { NmapContext ctx = GetContext(); ctx.Options.AddAll(new[] { NmapFlag.HostScan, NmapFlag.AggressiveTiming, }); return(new ScanResult(ctx.Run()).Hosts); }
/// <summary> /// Determine whether the intended target is firewalled. /// </summary> /// <returns>Returns true if the intended targer is firewalled and false otherwise. If used on a subnet or IP range, this determines if any host has a firewall.</returns> public bool FirewallProtected() { NmapContext ctx = GetContext(); ctx.Options.AddAll(new[] { NmapFlag.AckScan, NmapFlag.FragmentPackets }); var sr = new ScanResult(ctx.Run()); return (sr.Hosts.Any( x => (x.ExtraPorts.First().Count > 0 && x.ExtraPorts.First().State == "filtered") || x.Ports.Any(y => y.Filtered))); }
/// <summary> /// Create a new NmapContext with the intended target and our persistent options /// </summary> /// <returns>NmapContext with the intended target and our persistent options</returns> private NmapContext GetContext() { if (!NetworkInterface.GetIsNetworkAvailable()) { throw new ApplicationException("No network reachable"); } var ctx = new NmapContext { Target = Target.ToString() }; if (PersistentOptions != null) { ctx.Options.AddAll(PersistentOptions); } return(ctx); }
/// <summary> /// Perform a TCP port scan on the specified ports with service detection and OS detection. /// </summary> /// <param name="scanType">The type of scan to perform</param> /// <param name="ports">A string detailing which ports to scan (e.g., "10-20,33")</param> /// <returns>A ScanResult object detailing the results of the port scan</returns> public ScanResult PortScan(ScanType scanType, string ports) { NmapContext ctx = _portScanCommon(scanType, ports); return(new ScanResult(ctx.Run())); }
/// <summary> /// Perform the desired scan with service detection and OS detection. /// </summary> /// <returns>A ScanResult object detailing the results of the port scan</returns> public ScanResult PortScan(ScanType scanType) { NmapContext ctx = _portScanCommon(scanType, null); return(new ScanResult(ctx.Run())); }
/// <summary> /// By default we try to find the path to the ndiff executable by searching the path and the ndiff options are empty. /// </summary> public NdiffContext() { //using NmapContext to get the path so as to not duplicate code for finding the executable in the PATH Path = new NmapContext().GetPathToNdiff(); Options = new NdiffOptions(); }