Commits

Tim Tomes committed a68e7aa

minor bug fix in the nmap parser.

Comments (0)

Files changed (1)

 #=================================================
 
 def parseNmap(root):
+    http_ports = [80,8000,8080,8081,8082]
+    https_ports = [443,8443]
     targets = []
     # iterate through all host nodes
     for host in root.iter('host'):
         hostname = host.find('address').get('addr')
-        # hostname node doesn't always exist. when it does, overwrite address previosuly assigned to hostanme
+        # hostname node doesn't always exist. when it does, overwrite address previously assigned to hostanme
         hostname_node = host.find('hostnames').find('hostname')
         if hostname_node is not None: hostname = hostname_node.get('name')
         # iterate through all port nodes reported for the current host
         for item in host.iter('port'):
             state = item.find('state').get('state')
-            service_node = item.find('service')
-            # service node doesn't always exist when a port is open. assume not http if no service is found
-            if service_node is None: continue
-            service = service_node.get('name')
-            # if the service is unknown, then use the fingerprint
-            if service.lower() == 'unknown': service = item.find('service').get('servicefp')
-            if (state.lower() == 'open' and 'http' in service.lower()):
+            if state.lower() == 'open':
+                #service_node = item.find('service')
+                # service node doesn't always exist when a port is open. assume not http if no service is found
+                #if service_node is not None:
+                #service = service_node.get('name')
+                service = item.find('service').get('name')
                 port = item.get('portid')
-                proto = 'http'
-                #if item.find('service').get('tunnel'):
-                if 'https' in service.lower():
-                    proto = 'https'
-                url = '%s://%s:%s' % (proto, hostname, port)
-                if not url in targets:
-                    targets.append(url)
+                #print '%s%s' % (port.ljust(10), service)
+                if 'http' in service.lower() or int(port) in (http_ports + https_ports):
+                    proto = 'http'
+                    if 'https' in service.lower() or int(port) in https_ports:
+                        proto = 'https'
+                    url = '%s://%s:%s' % (proto, hostname, port)
+                    if not url in targets:
+                        targets.append(url)
     return targets
 
 def parseNessus(root):