/// <summary>
/// Build an nmap context with the specified options
/// </summary>
/// <param name="scanType">The desired type of scan to perform</param>
/// <param name="ports">The ports to scan (null of empty for default ports)</param>
/// <returns>An nmap context for performing the desired scan</returns>
private NmapContext _portScanCommon(ScanType scanType, string ports)
{
NmapContext ctx = GetContext();
// We always try to detect the OS and the service versions
ctx.Options.AddAll(new[]
{
NmapFlag.ServiceVersion,
NmapFlag.OsDetection
});
// Add the appropriate flag if we're not performing a default scan
if (scanType != ScanType.Default)
{
ctx.Options.Add(_scanTypeToNmapFlag[scanType]);
}
// Unless we specify UDP only, then perform a UDP scan in the same run
if (scanType != ScanType.Default && scanType != ScanType.Udp)
{
ctx.Options.Add(NmapFlag.UdpScan);
}
// If we have a port specification, then use it
if (!string.IsNullOrEmpty(ports))
{
ctx.Options.Add(NmapFlag.PortSpecification, ports);
}
return(ctx);
}
/// <summary>
/// Perform a TCP port scan on the specified ports with service detection and OS detection.
/// </summary>
/// <param name="scanType">The type of scan to perform</param>
/// <param name="ports">A list of ports to scan</param>
/// <returns>A ScanResult object detailing the results of the port scan</returns>
public ScanResult PortScan(ScanType scanType, IEnumerable <int> ports)
{
NmapContext ctx = _portScanCommon(scanType,
string.Join(",",
ports.Select(x => x.ToString(CultureInfo.InvariantCulture))));
return(new ScanResult(ctx.Run()));
}
/// <summary>
/// Perform host discovery and OS detection on the intended target (preferably a subnet or IP range)
/// </summary>
/// <returns>A collection of Hosts detailing the results of the discovery</returns>
public IEnumerable <Host> HostDiscovery()
{
NmapContext ctx = GetContext();
ctx.Options.AddAll(new[]
{
NmapFlag.TcpSynScan,
NmapFlag.OsDetection
});
return(new ScanResult(ctx.Run()).Hosts);
}
/// <summary>
/// Perform CVE Vulnerability Scan for potential vulnerabilities
/// </summary>
/// <returns>A collection of Hosts detailing the results of the discovery</returns>
public IEnumerable <Host> VulnerabilityDiscovery()
{
NmapContext ctx = GetContext();
ctx.Options.AddAll(new[]
{
NmapFlag.TreatHostsAsOnline,
NmapFlag.ScriptVuln
});
return(new ScanResult(ctx.Run()).Hosts);
}
/// <summary>
/// Perform host discovery and OS detection on the intended target (preferably a subnet or IP range)
/// </summary>
/// <returns>A collection of Hosts detailing the results of the discovery</returns>
public IEnumerable <Host> HostDiscovery()
{
NmapContext ctx = GetContext();
ctx.Options.AddAll(new[]
{
NmapFlag.HostScan,
NmapFlag.AggressiveTiming,
});
return(new ScanResult(ctx.Run()).Hosts);
}
/// <summary>
/// Determine whether the intended target is firewalled.
/// </summary>
/// <returns>Returns true if the intended targer is firewalled and false otherwise. If used on a subnet or IP range, this determines if any host has a firewall.</returns>
public bool FirewallProtected()
{
NmapContext ctx = GetContext();
ctx.Options.AddAll(new[]
{
NmapFlag.AckScan,
NmapFlag.FragmentPackets
});
var sr = new ScanResult(ctx.Run());
return
(sr.Hosts.Any(
x =>
(x.ExtraPorts.First().Count > 0 && x.ExtraPorts.First().State == "filtered") ||
x.Ports.Any(y => y.Filtered)));
}
/// <summary>
/// Create a new NmapContext with the intended target and our persistent options
/// </summary>
/// <returns>NmapContext with the intended target and our persistent options</returns>
private NmapContext GetContext()
{
if (!NetworkInterface.GetIsNetworkAvailable())
{
throw new ApplicationException("No network reachable");
}
var ctx = new NmapContext
{
Target = Target.ToString()
};
if (PersistentOptions != null)
{
ctx.Options.AddAll(PersistentOptions);
}
return(ctx);
}
/// <summary>
/// Perform a TCP port scan on the specified ports with service detection and OS detection.
/// </summary>
/// <param name="scanType">The type of scan to perform</param>
/// <param name="ports">A string detailing which ports to scan (e.g., "10-20,33")</param>
/// <returns>A ScanResult object detailing the results of the port scan</returns>
public ScanResult PortScan(ScanType scanType, string ports)
{
NmapContext ctx = _portScanCommon(scanType, ports);
return(new ScanResult(ctx.Run()));
}
/// <summary>
/// Perform the desired scan with service detection and OS detection.
/// </summary>
/// <returns>A ScanResult object detailing the results of the port scan</returns>
public ScanResult PortScan(ScanType scanType)
{
NmapContext ctx = _portScanCommon(scanType, null);
return(new ScanResult(ctx.Run()));
}
/// <summary>
/// By default we try to find the path to the ndiff executable by searching the path and the ndiff options are empty.
/// </summary>
public NdiffContext()
{
//using NmapContext to get the path so as to not duplicate code for finding the executable in the PATH
Path = new NmapContext().GetPathToNdiff();
Options = new NdiffOptions();
}