Consuming NMAP XML files and taking screenshots of web ports
Here is an O2 Script that consumes NMap saved XML files and takes screenshots of ports 80 and 443 ( both ip and hostnames)
The script is called Tool – Take Screenshots of NMap Web Ports.h2 and this is what it looks like when executed:
You can drag and drop NMap files into the left-most TreeView. This should trigger the file load and display the resolved URLS in that TreeView.
You can click on each entry on the Urls TreeView to take a screenshot for that page, or click on the ‘take screenshots of all pages’ link to process all links
Here is the result of dropping a nmap xml from a quick scan to owasp.org (the www.google.com entry was added for testing):
If you select an node from the Screenshots treeview, you will see the actual screenshot taken (note how in the picture above the browser is now showing a local file )
How was this script/tool created?
Here is how this script evolved:
start with a saved nmap results file:
var nmapSavedFile = @"o2platform.com.xml".local();
create xsd file (schema)
var targetDir = @"C:\O2\O2Scripts_Database\_Scripts\3rdParty_Tools\NMap"; var xsdFile = targetDir.pathCombine("nmap.xsd"); var nmapSavedFile = @"o2platform.com.xml".local(); return nmapSavedFile.xmlCreateXSD().saveAs(xsdFile);
Since that worked, create CSharp file and copy to the correct location
var nmapSavedFile = @"o2platform.com.xml".local(); var createdFile = nmapSavedFile.xmlCreateCSharpFile_Patched(); var targetDir = @"C:\O2\O2Scripts_Database\_Scripts\3rdParty_Tools\NMap"; var csFile = targetDir.pathCombine("nmap.cs"); Files.MoveFile(createdFile, csFile); var xsdFile = targetDir.pathCombine("nmap.xsd"); Files.MoveFile(nmapSavedFile + ".xsd", xsdFile);Creaate
view created nmap.cs file in source code viewer:
var nmapSavedFile = @"nmap.cs".local(); nmapSavedFile.showInCodeViewer();
load saved nmap xml file and view its contents:
var nmapSavedFile = @"o2platform.com.xml".local(); var nmap = nmaprun.Load(nmapSavedFile); nmap.details(); return nmap;
show results in table list
var topPanel = panel.clear().add_Panel(); var nmapSavedFile = @"o2platform.com.xml".local(); var nmap = nmaprun.Load(nmapSavedFile); var tableList = topPanel.add_TableList() .add_Columns("Host", "Port", "Type", "State"); foreach(var host in nmap.host) foreach(var hostPort in host.ports) foreach(var port in hostPort.port) tableList.add_Row(host.address[0].addr.str(), port.portid.str(), port.service[0].name.str(), port.state[0].state.str()); tableList.setWidthToContent();
calculate the urls of the web ports
var webHosts = new List<string>(); foreach(var host in nmap.host) foreach(var hostPort in host.ports) foreach(var port in hostPort.port) if (port.portid == "80" || port.portid == "443") { foreach(var address in host.address) webHosts.add("<a href="http://{0}:{1}".format(address.addr">http://{0}:{1}".format(address.addr</a>, port.portid)); foreach(var hostHostname in host.hostnames) foreach(var hostname in hostHostname.hostname) webHosts.add("<a href="http://{0}:{1}".format(hostname.name">http://{0}:{1}".format(hostname.name</a>, port.portid)); } return webHosts;
move web mapping into a Lambda method
Func<string, List<string>> resolveWebHosts = (nmapSavedFile) =>{ var nmap = nmaprun.Load(nmapSavedFile); var webHosts = new List<string>(); foreach(var host in nmap.host) foreach(var hostPort in host.ports) foreach(var port in hostPort.port) if (port.portid == "80" || port.portid == "443") { foreach(var address in host.address) webHosts.add("<a href="http://{0}:{1}".format(address.addr">http://{0}:{1}".format(address.addr</a>, port.portid)); foreach(var hostHostname in host.hostnames) foreach(var hostname in hostHostname.hostname) webHosts.add("<a href="http://{0}:{1}".format(hostname.name">http://{0}:{1}".format(hostname.name</a>, port.portid)); } return webHosts; }; var testFile = @"o2platform.com.xml".local(); var urls = resolveWebHosts(testFile); return urls;
showing urls in treeview, adding a WebBrowser control and opening selectect url in browser
//var topPanel = O2Gui.open<Panel>("{name}",700,400); var topPanel = panel.clear().add_Panel(); Func<string, List<string>> resolveWebHosts = (nmapSavedFile) =>{ var nmap = nmaprun.Load(nmapSavedFile); var webHosts = new List<string>(); foreach(var host in nmap.host) foreach(var hostPort in host.ports) foreach(var port in hostPort.port) if (port.portid == "80" || port.portid == "443") { foreach(var address in host.address) webHosts.add("<a href="http://{0}:{1}".format(address.addr">http://{0}:{1}".format(address.addr</a>, port.portid)); foreach(var hostHostname in host.hostnames) foreach(var hostname in hostHostname.hostname) webHosts.add("<a href="http://{0}:{1}".format(hostname.name">http://{0}:{1}".format(hostname.name</a>, port.portid)); } return webHosts; }; var testFile = @"o2platform.com.xml".local(); var urls = resolveWebHosts(testFile); var treeView = topPanel.insert_Left(400,"Urls").add_TreeView(); var webBrowser = topPanel.add_WebBrowser_Control(); treeView.afterSelect<string>( (url)=> { webBrowser.open(url); }); treeView.add_Nodes(urls) .selectFirst(); //O2File:nmap.cs //O2Ref:O2_Misc_Microsoft_MPL_Libs.dll
using O2’s IE/Watin Object instead
var testFile = @"o2platform.com.xml".local(); var urls = resolveWebHosts(testFile); var treeView = topPanel.insert_Left(400,"Urls").add_TreeView(); var ie = topPanel.add_IE(); treeView.afterSelect<string>( (url)=> { ie.open_ASync(url); }); treeView.add_Nodes(urls) .selectFirst(); //O2File:nmap.cs //O2File:WatiN_IE_ExtensionMethods.cs //O2Ref:O2_Misc_Microsoft_MPL_Libs.dll //O2Ref:WatiN.Core.1x.dll
Finally …
…here is the complete source code of this script
var topPanel = O2Gui.open<Panel>("Tool - Take Screenshots of NMap Web Ports",1200,400); topPanel.insert_LogViewer(); //var topPanel = panel.clear().add_Panel(); var actionsPanel = topPanel.insert_Above(40,"Actions"); Func<string, List<string>> resolveWebHosts = (nmapSavedFile) =>{ var nmap = nmaprun.Load(nmapSavedFile); var webHosts = new List<string>(); foreach(var host in nmap.host) foreach(var hostPort in host.ports) foreach(var port in hostPort.port) if (port.portid == "80" || port.portid == "443") { var type = (port.portid == "80") ? "http" : "https"; foreach(var address in host.address) webHosts.add("{0}://{1}:{2}".format(type, address.addr, port.portid)); foreach(var hostHostname in host.hostnames) foreach(var hostname in hostHostname.hostname) webHosts.add("{0}://{1}:{2}".format(type,hostname.name, port.portid)); } return webHosts; }; var targetFolder = "_nmapScreenshots".tempDir(false); var urls = new List<string>(); var urls_TreeView = topPanel.insert_Left(400,"Urls (click to take screenshot)").add_TreeView(); var screenshots_TreeView = topPanel.insert_Left(400, "Screenshots").add_TreeView(); var ie = topPanel.add_IE_with_NavigationBar();//.silent(true); var alertsHandler = ie.getAlertsHandler(); // auto closes popup-windows var stopExecution = false; Action<string> takeScreenshotOfWebPage = (url)=>{ "taking screenshot of page: {0}".debug(url); ie.open(url); var screenshot = topPanel.screenshot(); var screenshotFile = targetFolder.pathCombine("{0}.jpg".format(url.safeFileName())); screenshot.save(screenshotFile); screenshots_TreeView.add_Node(url, screenshotFile); }; Action takeScreenShotsOfAllPages = ()=>{ screenshots_TreeView.clear(); stopExecution = false; foreach(var url in urls) if(stopExecution.isFalse()) takeScreenshotOfWebPage(url); }; screenshots_TreeView.afterSelect<string>( (bitmapFile)=>{ "here".info(); ie.open_ASync(bitmapFile); }); urls_TreeView.afterSelect<string>( (url)=> { screenshots_TreeView.pink(); O2Thread.mtaThread( ()=>{ takeScreenshotOfWebPage(url); screenshots_TreeView.white(); }); }); Action<string> loadNmapXmlFile= (file)=>{ urls_TreeView.clear(); urls = resolveWebHosts(file); urls.add("<a href="http://www.google.com/">http://www.google.com</a>"); urls_TreeView.add_Nodes(urls) .selectFirst(); }; urls_TreeView.onDrop(loadNmapXmlFile); actionsPanel.add_Link("take screnshots of all pages", takeScreenShotsOfAllPages) .append_Link("stop execution", ()=> stopExecution = true) .append_Link("View Folder with Screenshots", ()=> targetFolder.startProcess()); loadNmapXmlFile(@"o2platform.com.xml".local()); return "ok"; //O2File:nmap.cs //O2File:API_Cropper.cs //O2File:WatiN_IE_ExtensionMethods.cs //O2Ref:O2_Misc_Microsoft_MPL_Libs.dll //O2Ref:WatiN.Core.1x.dll
Previous approach that is not working
Here are a couple scripts that document an aproach to load the nmap xml files using the DFT provided on nmap website site (which didn’t work)
download DTD from Nmap website
//var nmapDtd = "http://nmap.org/svn/docs/nmap.dtd".uri().download</a>();
Creating nmap.cs fil
var dtdFile = "nmap.xsd".local(); return dtdFile.xsdCreateCSharpFile();
Creating an empty nmap objec
var nmap = new nmaprun(); return nmap; //using tempuri.org.nmap //O2File:nmap.cs //O2Ref:O2_Misc_Microsoft_MPL_Libs.dll
loading saved nmap file
var nmapSavedFile = @"o2platform.com.xml".local(); var nmap = nmapSavedFile.load<nmaprun>(); return nmap;
show xml in sourcecode viewer and nmap object in property grid
var nmapSavedFile = @"o2platform.com.xml".local(); var nmap = nmapSavedFile.load<nmaprun>(); topPanel.add_SourceCodeViewer() .set_Text(nmapSavedFile.fileContents().xmlFormat(),".xml"); topPanel.insert_Left(400,"loaded nmap file") .add_PropertyGrid() .show(nmap);
the problem with this approach is that it is not working as expected (the xml data is not being correctly loaded into the nmap object and nmaprun.Load(..file..) throws an exception)