forked from Abacus-Group-RTO/legion
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathbuildHugeNmapTest.py
177 lines (155 loc) · 7.06 KB
/
buildHugeNmapTest.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
import xml.etree.ElementTree as ET
from random import randint, choice, choices, sample
import datetime
def generate_nmap_xml(num_hosts=1000, base_subnet="172.16"):
"""
Generate a full sample nmap XML file with session information included.
Parameters:
num_hosts (int): Number of hosts to generate.
base_subnet (str): Base subnet for the hosts.
Returns:
str: XML content as a string.
"""
# XML header
xml_header = '''<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE nmaprun>
<?xml-stylesheet href="file:///C:/Program Files (x86)/Nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 7.94 scan initiated as: nmap -sV -oX -->'''
# Create root element
nmaprun = ET.Element("nmaprun", {
"scanner": "nmap",
"args": "nmap -sV -oX",
"start": "123456789",
"startstr": "Mon Nov 20 13:33:54 2023",
"version": "7.94",
"xmloutputversion": "1.05"
})
# Create scaninfo, verbose, and debugging elements
scaninfo = ET.SubElement(nmaprun, "scaninfo", {
"type": "syn",
"protocol": "tcp",
"numservices": "1000",
"services": "1-65535"
})
ET.SubElement(nmaprun, "verbose", {"level": "0"})
ET.SubElement(nmaprun, "debugging", {"level": "0"})
# OS, services, and port mapping
os_services = {
"Linux": {"http": 80, "ssh": 22, "smtp": 25, "ftp": 21, "telnet": 23},
"Windows": {"http": 80, "msrpc": 135, "netbios-ssn": 139, "rdp": 3389, "smb": 445},
"Solaris": {"http": 80, "ssh": 22, "telnet": 23, "netbios-ssn": 139, "ftp": 21},
"Darwin": {"http": 80, "netbios-ssn": 139, "ipp": 631, "afp": 548, "ssh": 22}
}
# Service products and versions
service_info = {
"http": {"product": "Apache httpd", "version": "2.4.41"},
"ssh": {"product": "OpenSSH", "version": "8.0"},
"smtp": {"product": "Postfix SMTP", "version": "3.4.8"},
"ftp": {"product": "vsftpd", "version": "3.0.3"},
"telnet": {"product": "Telnet Server", "version": "1.2"},
"msrpc": {"product": "Microsoft RPC", "version": "5.0"},
"netbios-ssn": {"product": "Samba smbd", "version": "4.10.10"},
"rdp": {"product": "Microsoft Terminal Service", "version": "10.0"},
"smb": {"product": "Microsoft SMB", "version": "3.1.1"},
"ipp": {"product": "CUPS", "version": "2.3.0"},
"afp": {"product": "Netatalk AFP", "version": "3.1.12"}
}
# Expanded lists for generating hostnames
colors = ["Red", "Blue", "Green", "Yellow", "Purple", "Orange", "Cyan", "Magenta", "Lime", "Pink"]
foods = ["Apple", "Burger", "Cake", "Dumpling", "Eclair", "Pizza", "Sushi", "Taco", "Waffle", "Bagel"]
cities = ["Tokyo", "Paris", "London", "NewYork", "Sydney", "Berlin", "Rome", "Madrid", "Moscow", "Beijing"]
verbs = ["Jumping", "Running", "Flying", "Swimming", "Dancing", "Singing", "Playing", "Walking", "Reading", "Writing"]
# Unique hostname tracker
generated_hostnames = set()
# Function to create unique random hostnames
def generate_hostname():
while True:
parts = [choice(colors), choice(foods), choice(cities), choice(verbs)]
hostname = '.'.join(parts)
# Ensure uniqueness by appending a number if needed
if hostname not in generated_hostnames:
generated_hostnames.add(hostname)
return hostname
else:
hostname += str(randint(0, 9999))
if hostname not in generated_hostnames:
generated_hostnames.add(hostname)
return hostname
# Function to create a random IP address within the extended subnet range
def random_ip(base_subnet, host_number):
subnet_third_octet = host_number // 254
host_fourth_octet = host_number % 254 + 1
return f"{base_subnet}.{subnet_third_octet}.{host_fourth_octet}"
# Generating hosts with updated IP address and hostname method
for i in range(num_hosts):
host_os = choice(list(os_services.keys()))
host = ET.Element("host")
ET.SubElement(host, "status", {"state": "up", "reason": "arp-response", "reason_ttl": "0"})
ET.SubElement(host, "address", {"addr": random_ip(base_subnet, i), "addrtype": "ipv4"})
# Hostnames
hostnames = ET.SubElement(host, "hostnames")
num_hostnames = randint(1, 3) # Random number of hostnames per host
for _ in range(num_hostnames):
ET.SubElement(hostnames, "hostname", {"name": generate_hostname(), "type": "user"})
# Ports
ports = ET.SubElement(host, "ports")
open_ports_count = randint(1, 5) # Random number of open ports (1 to 5)
services = sample(list(os_services[host_os].items()), open_ports_count)
for service, port in services:
port_element = ET.SubElement(ports, "port", {"protocol": "tcp", "portid": str(port)})
ET.SubElement(port_element, "state", {"state": "open", "reason": "syn-ack", "reason_ttl": "64"})
service_element = ET.SubElement(port_element, "service", {
"name": service,
"product": service_info[service]["product"],
"version": service_info[service]["version"],
"ostype": host_os
})
# OS element with osmatch
os = ET.SubElement(host, "os")
osclass = ET.SubElement(os, "osclass", {
"type": "general purpose",
"vendor": host_os,
"osfamily": host_os,
"osgen": "Unknown", # OS generation can be set accordingly
"accuracy": "98"
})
ET.SubElement(osclass, "cpe", text=f"cpe:/o:{host_os.lower()}:{host_os.lower()}")
osmatch = ET.SubElement(os, "osmatch", {
"name": f"{host_os} Generic Match",
"accuracy": str(randint(90, 100)),
"line": str(randint(1000, 2000))
})
ET.SubElement(osmatch, "osclass", {
"type": "general purpose",
"vendor": host_os,
"osfamily": host_os,
"osgen": "Unknown",
"accuracy": "98"
})
nmaprun.append(host)
# Runstats
runstats = ET.SubElement(nmaprun, "runstats")
ET.SubElement(runstats, "finished", {
"time": "123456790",
"timestr": "Mon Nov 20 13:34:10 2023",
"summary": f"Nmap done; {num_hosts} IP addresses ({num_hosts} hosts up) scanned in 16.42 seconds",
"elapsed": "16.42",
"exit": "success"
})
ET.SubElement(runstats, "hosts", {
"up": str(num_hosts),
"down": "0",
"total": str(num_hosts)
})
# Convert the XML to string
xml_str = xml_header + '\n' + ET.tostring(nmaprun, encoding='unicode', method='xml')
return xml_str
def save_nmap_xml(filename, num_hosts=200, base_subnet="172.16"):
# Generate the XML content
xml_content = generate_nmap_xml(num_hosts, base_subnet)
# Save the content to the specified file
with open(filename, "w") as file:
file.write(xml_content)
# Specify the filename and call the function to save the file
filename = "huge_nmap.xml"
save_nmap_xml(filename)