Commits

Tim Tomes committed c490dbb

added the ability to import nmap files.

Comments (0)

Files changed (1)

  - PhantomJS
  - cURL
 
-$ %prog <mode> <path>"""
+$ python ./%prog <mode> <path>"""
     parser = optparse.OptionParser(usage=usage)
-    parser.add_option('-l', help='file input mode. Path to input file.', dest='list_file', type='string', action='store')
-    parser.add_option('-n', help='Nessus input mode. Path to Nessus XML file.', dest='nessus_file', type='string', action='store')
+    parser.add_option('-l', help='list input mode. Path to list file.', dest='list_file', type='string', action='store')
+    parser.add_option('-x', help='xml input mode. Path to Nessus/Nmap XML file.', dest='xml_file', type='string', action='store')
     parser.add_option('-s', help='single input mode. Path to target, remote URL or local path.', dest='target', type='string', action='store')
     parser.add_option('-t', help='socket timeout in seconds. Default is 8 seconds.', dest='timeout', type='int', action='store')
     (opts, args) = parser.parse_args()
         except IOError:
             print '[!] Invalid path to list file: \'%s\'' % opts.list_file
             return
-    elif opts.nessus_file:
+    elif opts.xml_file:
         # optimized portion of Peeper (https://github.com/invisiblethreat/peeper) by Scott Walsh (@blacktip)
         import xml.etree.ElementTree as ET
-        try:
-            tree = ET.parse(opts.nessus_file)
+        try: tree = ET.parse(opts.xml_file)
         except IOError:
-            print '[!] Invalid path to Nessus file: \'%s\'' % opts.nessus_file
+            print '[!] Invalid path to XML file: \'%s\'' % opts.xml_file
             return
         except ET.ParseError:
-            print '[!] Not a valid Nessus file: \'%s\'' % opts.nessus_file
+            print '[!] Not a valid XML file: \'%s\'' % opts.xml_file
             return
         root = tree.getroot()
-        targets = []
-        for host in root.iter('ReportHost'):
-            name = host.get('name')
-            for item in host.iter('ReportItem'):
-                svc = item.attrib['svc_name']
-                plugname = item.attrib['pluginName']
-                if (svc in ['www','http?','https?'] and plugname.lower().startswith('service detection')):
-                    port = item.attrib['port']
-                    output = item.find('plugin_output').text.strip()
-                    proto = guessProto(output)
-                    url = '%s://%s:%s' % (proto, name, port)
-                    if not url in targets:
-                        targets.append(url)
+        if root.tag == 'nmaprun':
+            # parse nmap file
+            targets = parseNmap(root)
+        else:
+            # parse nessus file
+            targets = parseNessus(root)
     elif opts.target:
         targets = [opts.target]
     else:
 # SUPPORT FUNCTIONS
 #=================================================
 
+def parseNmap(root):
+    targets = []
+    for host in root.iter('host'):
+        hostname = host.find('address').get('addr')
+        hostname_node = host.find('hostnames').find('hostname')
+        if hostname_node is not None:
+            hostname = hostname_node.get('name')
+        for item in host.iter('port'):
+            state = item.find('state').get('state')
+            service = item.find('service').get('name')
+            if (state.lower() == 'open' and 'http' in service.lower()):
+                port = item.get('portid')
+                proto = 'http'
+                if item.find('service').get('tunnel'):
+                    proto = 'https'
+                url = '%s://%s:%s' % (proto, hostname, port)
+                if not url in targets:
+                    targets.append(url)
+    return targets
+
+def parseNessus(root):
+    targets = []
+    for host in root.iter('ReportHost'):
+        name = host.get('name')
+        for item in host.iter('ReportItem'):
+            svc = item.get('svc_name')
+            plugname = item.get('pluginName')
+            if (svc in ['www','http?','https?'] and plugname.lower().startswith('service detection')):
+                port = item.get('port')
+                output = item.find('plugin_output').text.strip()
+                proto = guessProto(output)
+                url = '%s://%s:%s' % (proto, name, port)
+                if not url in targets:
+                    targets.append(url)
+    return targets
+
 def guessProto(output):
     # optimized portion of Peeper (https://github.com/invisiblethreat/peeper) by Scott Walsh (@blacktip)
     secure = re.search('TLS|SSL', output)