OWASP O2 Platform Blog

Consuming NMAP XML files and taking screenshots of web ports

Here is an O2 Script that consumes NMap saved XML files and takes screenshots of ports 80 and 443 ( both ip and hostnames)

The script is called Tool – Take Screenshots of NMap Web Ports.h2 and this is what it looks like when executed:

You can drag and drop NMap files into the left-most TreeView. This should trigger the file load and display the resolved URLS in that TreeView.

You can click on each entry on the Urls TreeView to take a screenshot for that page, or click on the ‘take screenshots of all pages’ link to process all links

Here is the result of dropping a nmap xml from a quick scan to owasp.org (the www.google.com entry was added for testing):

If you select an node from the Screenshots treeview, you will see the actual screenshot taken (note how in the picture above the browser is now showing a local file )

How was this script/tool created?

Here is how this script evolved:

start with a saved nmap results file:

var nmapSavedFile = @"o2platform.com.xml".local(); 

create xsd file (schema)

var targetDir = @"C:\O2\O2Scripts_Database\_Scripts\3rdParty_Tools\NMap";
var xsdFile = targetDir.pathCombine("nmap.xsd");
var nmapSavedFile = @"o2platform.com.xml".local();  
return nmapSavedFile.xmlCreateXSD().saveAs(xsdFile);

Since that worked, create CSharp file and copy to the correct location

var nmapSavedFile = @"o2platform.com.xml".local();  
var createdFile = nmapSavedFile.xmlCreateCSharpFile_Patched();
var targetDir = @"C:\O2\O2Scripts_Database\_Scripts\3rdParty_Tools\NMap";

var csFile = targetDir.pathCombine("nmap.cs");
Files.MoveFile(createdFile, csFile);
var xsdFile = targetDir.pathCombine("nmap.xsd");
Files.MoveFile(nmapSavedFile + ".xsd", xsdFile);Creaate

view created nmap.cs file in source code viewer:

var nmapSavedFile = @"nmap.cs".local();  
nmapSavedFile.showInCodeViewer();

load saved nmap xml file and view its contents:

var nmapSavedFile = @"o2platform.com.xml".local();  
var nmap = nmaprun.Load(nmapSavedFile);
nmap.details();
return nmap;

show results in table list

var topPanel = panel.clear().add_Panel();
var nmapSavedFile = @"o2platform.com.xml".local();  
var nmap = nmaprun.Load(nmapSavedFile);
var tableList = topPanel.add_TableList()
                        .add_Columns("Host", "Port", "Type", "State");
                       
                       
foreach(var host in nmap.host)
    foreach(var hostPort in host.ports)
        foreach(var port in hostPort.port)
            tableList.add_Row(host.address[0].addr.str(), 
                             port.portid.str(),
                             port.service[0].name.str(),
                             port.state[0].state.str());
tableList.setWidthToContent();

calculate the urls of the web ports

var webHosts = new List<string>();
foreach(var host in nmap.host)   
    foreach(var hostPort in host.ports)
        foreach(var port in hostPort.port)
            if (port.portid == "80" || port.portid == "443")
            {
                foreach(var address in host.address)       
                    webHosts.add("<a href="http://{0}:{1}&quot;.format(address.addr">http://{0}:{1}".format(address.addr</a>, port.portid));
                foreach(var hostHostname in host.hostnames)
                    foreach(var hostname in hostHostname.hostname)                           
                            webHosts.add("<a href="http://{0}:{1}&quot;.format(hostname.name">http://{0}:{1}".format(hostname.name</a>, port.portid));
            }
 
return webHosts;  

move web mapping into a Lambda method

Func<string, List<string>> resolveWebHosts =
    (nmapSavedFile) =>{
                        var nmap = nmaprun.Load(nmapSavedFile);
                        var webHosts = new List<string>();
                        foreach(var host in nmap.host)   
                            foreach(var hostPort in host.ports)
                                foreach(var port in hostPort.port)
                                    if (port.portid == "80" || port.portid == "443")
                                    {
                                        foreach(var address in host.address)       
                                            webHosts.add("<a href="http://{0}:{1}&quot;.format(address.addr">http://{0}:{1}".format(address.addr</a>, port.portid));
                                        foreach(var hostHostname in host.hostnames)
                                            foreach(var hostname in hostHostname.hostname)                           
                                                    webHosts.add("<a href="http://{0}:{1}&quot;.format(hostname.name">http://{0}:{1}".format(hostname.name</a>, port.portid));
                                    }
                        return webHosts;
                        };
 
var testFile = @"o2platform.com.xml".local();  
var urls = resolveWebHosts(testFile);
return urls;

showing urls in treeview, adding a WebBrowser control and opening selectect url in browser

//var topPanel = O2Gui.open<Panel>("{name}",700,400);
var topPanel = panel.clear().add_Panel();
Func<string, List<string>> resolveWebHosts =
    (nmapSavedFile) =>{
                        var nmap = nmaprun.Load(nmapSavedFile);                       
                        var webHosts = new List<string>();
                        foreach(var host in nmap.host)   
                            foreach(var hostPort in host.ports)
                                foreach(var port in hostPort.port)
                                    if (port.portid == "80" || port.portid == "443")
                                    {
                                        foreach(var address in host.address)       
                                            webHosts.add("<a href="http://{0}:{1}&quot;.format(address.addr">http://{0}:{1}".format(address.addr</a>, port.portid));
                                        foreach(var hostHostname in host.hostnames)
                                            foreach(var hostname in hostHostname.hostname)                           
                                                    webHosts.add("<a href="http://{0}:{1}&quot;.format(hostname.name">http://{0}:{1}".format(hostname.name</a>, port.portid));
                                    }
                        return webHosts;
                        };
 
var testFile = @"o2platform.com.xml".local();  
var urls = resolveWebHosts(testFile);

var treeView = topPanel.insert_Left(400,"Urls").add_TreeView();
var webBrowser = topPanel.add_WebBrowser_Control();
treeView.afterSelect<string>(
    (url)=> {                               
                webBrowser.open(url);               
            });

treeView.add_Nodes(urls)
        .selectFirst();
           
//O2File:nmap.cs
//O2Ref:O2_Misc_Microsoft_MPL_Libs.dll

using O2’s IE/Watin Object instead

var testFile = @"o2platform.com.xml".local();  
var urls = resolveWebHosts(testFile);
var treeView = topPanel.insert_Left(400,"Urls").add_TreeView();
var ie = topPanel.add_IE();
treeView.afterSelect<string>(
    (url)=> {                               
                ie.open_ASync(url);                               
            });

treeView.add_Nodes(urls)
        .selectFirst();
           
//O2File:nmap.cs
//O2File:WatiN_IE_ExtensionMethods.cs
//O2Ref:O2_Misc_Microsoft_MPL_Libs.dll
//O2Ref:WatiN.Core.1x.dll

Finally …

…here is the complete source code of this script

var topPanel = O2Gui.open<Panel>("Tool - Take Screenshots of NMap Web Ports",1200,400);
topPanel.insert_LogViewer();
//var topPanel = panel.clear().add_Panel();
var actionsPanel = topPanel.insert_Above(40,"Actions");
Func<string, List<string>> resolveWebHosts =
    (nmapSavedFile) =>{
                        var nmap = nmaprun.Load(nmapSavedFile);                       
                        var webHosts = new List<string>();
                        foreach(var host in nmap.host)   
                            foreach(var hostPort in host.ports)
                                foreach(var port in hostPort.port)
                                    if (port.portid == "80" || port.portid == "443")
                                    {
                                        var type = (port.portid == "80") ? "http" : "https";
                                        foreach(var address in host.address)       
                                            webHosts.add("{0}://{1}:{2}".format(type, address.addr, port.portid));
                                        foreach(var hostHostname in host.hostnames)
                                            foreach(var hostname in hostHostname.hostname)                            
                                                    webHosts.add("{0}://{1}:{2}".format(type,hostname.name, port.portid));
                                    }
                        return webHosts;
                        };
 

var targetFolder = "_nmapScreenshots".tempDir(false);
var urls = new List<string>();
var urls_TreeView = topPanel.insert_Left(400,"Urls (click to take screenshot)").add_TreeView();
var screenshots_TreeView = topPanel.insert_Left(400, "Screenshots").add_TreeView();
var ie = topPanel.add_IE_with_NavigationBar();//.silent(true);
var alertsHandler = ie.getAlertsHandler();     // auto closes popup-windows
var stopExecution = false;

Action<string> takeScreenshotOfWebPage =
    (url)=>{
                "taking screenshot of page: {0}".debug(url);
                ie.open(url);
                var screenshot = topPanel.screenshot();
                var screenshotFile     = targetFolder.pathCombine("{0}.jpg".format(url.safeFileName()));               
                screenshot.save(screenshotFile);
                screenshots_TreeView.add_Node(url, screenshotFile);
           };
Action takeScreenShotsOfAllPages =
    ()=>{
            screenshots_TreeView.clear();
            stopExecution = false;
            foreach(var url in urls)
                if(stopExecution.isFalse())
                    takeScreenshotOfWebPage(url);           
        };
       
screenshots_TreeView.afterSelect<string>(
    (bitmapFile)=>{
                    "here".info();
                    ie.open_ASync(bitmapFile);
                   });
                  
urls_TreeView.afterSelect<string>(
    (url)=> {
                screenshots_TreeView.pink();
                O2Thread.mtaThread(
                    ()=>{
                            takeScreenshotOfWebPage(url);
                            screenshots_TreeView.white();
                        });
            });

Action<string> loadNmapXmlFile=
    (file)=>{           
                urls_TreeView.clear();
                urls = resolveWebHosts(file);
                urls.add("<a href="http://www.google.com/">http://www.google.com</a>");
                urls_TreeView.add_Nodes(urls)
                              .selectFirst();
            };

urls_TreeView.onDrop(loadNmapXmlFile);       
actionsPanel.add_Link("take screnshots of all pages", takeScreenShotsOfAllPages)
            .append_Link("stop execution", ()=> stopExecution = true)
            .append_Link("View Folder with Screenshots", ()=> targetFolder.startProcess());

            
loadNmapXmlFile(@"o2platform.com.xml".local());    
return "ok";           
//O2File:nmap.cs
//O2File:API_Cropper.cs
//O2File:WatiN_IE_ExtensionMethods.cs
//O2Ref:O2_Misc_Microsoft_MPL_Libs.dll
//O2Ref:WatiN.Core.1x.dll

Previous approach that is not working

Here are a couple scripts that document an aproach to load the nmap xml files using the DFT provided on nmap website site (which didn’t work)

download DTD from Nmap website

//var nmapDtd = "http://nmap.org/svn/docs/nmap.dtd".uri().download</a>();

Creating nmap.cs fil

var dtdFile = "nmap.xsd".local();
return dtdFile.xsdCreateCSharpFile();

Creating an empty nmap objec

var nmap = new nmaprun();
return nmap;
//using tempuri.org.nmap
//O2File:nmap.cs
//O2Ref:O2_Misc_Microsoft_MPL_Libs.dll

loading saved nmap file

var nmapSavedFile = @"o2platform.com.xml".local(); 
var nmap = nmapSavedFile.load<nmaprun>();
return nmap;

show xml in sourcecode viewer and nmap object in property grid

var nmapSavedFile = @"o2platform.com.xml".local();  
var nmap = nmapSavedFile.load<nmaprun>();
topPanel.add_SourceCodeViewer()
        .set_Text(nmapSavedFile.fileContents().xmlFormat(),".xml");
topPanel.insert_Left(400,"loaded nmap file")
        .add_PropertyGrid()
        .show(nmap);

the problem with this approach is that it is not working as expected (the xml data is not being correctly loaded into the nmap object and nmaprun.Load(..file..) throws an exception)

November 16, 2011 - Posted by | NMap, O2 Scripting, Tools

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: