Consuming NMAP XML files and taking screenshots of web ports
Here is an O2 Script that consumes NMap saved XML files and takes screenshots of ports 80 and 443 ( both ip and hostnames)
The script is called Tool – Take Screenshots of NMap Web Ports.h2 and this is what it looks like when executed:
You can drag and drop NMap files into the left-most TreeView. This should trigger the file load and display the resolved URLS in that TreeView.
You can click on each entry on the Urls TreeView to take a screenshot for that page, or click on the ‘take screenshots of all pages’ link to process all links
Here is the result of dropping a nmap xml from a quick scan to owasp.org (the www.google.com entry was added for testing):
If you select an node from the Screenshots treeview, you will see the actual screenshot taken (note how in the picture above the browser is now showing a local file )
How was this script/tool created?
Here is how this script evolved:
start with a saved nmap results file:
var nmapSavedFile = @"o2platform.com.xml".local();
create xsd file (schema)
var targetDir = @"C:\O2\O2Scripts_Database\_Scripts\3rdParty_Tools\NMap";
var xsdFile = targetDir.pathCombine("nmap.xsd");
var nmapSavedFile = @"o2platform.com.xml".local();
return nmapSavedFile.xmlCreateXSD().saveAs(xsdFile);
Since that worked, create CSharp file and copy to the correct location
var nmapSavedFile = @"o2platform.com.xml".local();
var createdFile = nmapSavedFile.xmlCreateCSharpFile_Patched();
var targetDir = @"C:\O2\O2Scripts_Database\_Scripts\3rdParty_Tools\NMap";
var csFile = targetDir.pathCombine("nmap.cs");
Files.MoveFile(createdFile, csFile);
var xsdFile = targetDir.pathCombine("nmap.xsd");
Files.MoveFile(nmapSavedFile + ".xsd", xsdFile);Creaate
view created nmap.cs file in source code viewer:
var nmapSavedFile = @"nmap.cs".local(); nmapSavedFile.showInCodeViewer();
load saved nmap xml file and view its contents:
var nmapSavedFile = @"o2platform.com.xml".local(); var nmap = nmaprun.Load(nmapSavedFile); nmap.details(); return nmap;
show results in table list
var topPanel = panel.clear().add_Panel();
var nmapSavedFile = @"o2platform.com.xml".local();
var nmap = nmaprun.Load(nmapSavedFile);
var tableList = topPanel.add_TableList()
.add_Columns("Host", "Port", "Type", "State");
foreach(var host in nmap.host)
foreach(var hostPort in host.ports)
foreach(var port in hostPort.port)
tableList.add_Row(host.address[0].addr.str(),
port.portid.str(),
port.service[0].name.str(),
port.state[0].state.str());
tableList.setWidthToContent();
calculate the urls of the web ports
var webHosts = new List<string>();
foreach(var host in nmap.host)
foreach(var hostPort in host.ports)
foreach(var port in hostPort.port)
if (port.portid == "80" || port.portid == "443")
{
foreach(var address in host.address)
webHosts.add("<a href="http://{0}:{1}".format(address.addr">http://{0}:{1}".format(address.addr</a>, port.portid));
foreach(var hostHostname in host.hostnames)
foreach(var hostname in hostHostname.hostname)
webHosts.add("<a href="http://{0}:{1}".format(hostname.name">http://{0}:{1}".format(hostname.name</a>, port.portid));
}
return webHosts;
move web mapping into a Lambda method
Func<string, List<string>> resolveWebHosts =
(nmapSavedFile) =>{
var nmap = nmaprun.Load(nmapSavedFile);
var webHosts = new List<string>();
foreach(var host in nmap.host)
foreach(var hostPort in host.ports)
foreach(var port in hostPort.port)
if (port.portid == "80" || port.portid == "443")
{
foreach(var address in host.address)
webHosts.add("<a href="http://{0}:{1}".format(address.addr">http://{0}:{1}".format(address.addr</a>, port.portid));
foreach(var hostHostname in host.hostnames)
foreach(var hostname in hostHostname.hostname)
webHosts.add("<a href="http://{0}:{1}".format(hostname.name">http://{0}:{1}".format(hostname.name</a>, port.portid));
}
return webHosts;
};
var testFile = @"o2platform.com.xml".local();
var urls = resolveWebHosts(testFile);
return urls;
showing urls in treeview, adding a WebBrowser control and opening selectect url in browser
//var topPanel = O2Gui.open<Panel>("{name}",700,400);
var topPanel = panel.clear().add_Panel();
Func<string, List<string>> resolveWebHosts =
(nmapSavedFile) =>{
var nmap = nmaprun.Load(nmapSavedFile);
var webHosts = new List<string>();
foreach(var host in nmap.host)
foreach(var hostPort in host.ports)
foreach(var port in hostPort.port)
if (port.portid == "80" || port.portid == "443")
{
foreach(var address in host.address)
webHosts.add("<a href="http://{0}:{1}".format(address.addr">http://{0}:{1}".format(address.addr</a>, port.portid));
foreach(var hostHostname in host.hostnames)
foreach(var hostname in hostHostname.hostname)
webHosts.add("<a href="http://{0}:{1}".format(hostname.name">http://{0}:{1}".format(hostname.name</a>, port.portid));
}
return webHosts;
};
var testFile = @"o2platform.com.xml".local();
var urls = resolveWebHosts(testFile);
var treeView = topPanel.insert_Left(400,"Urls").add_TreeView();
var webBrowser = topPanel.add_WebBrowser_Control();
treeView.afterSelect<string>(
(url)=> {
webBrowser.open(url);
});
treeView.add_Nodes(urls)
.selectFirst();
//O2File:nmap.cs
//O2Ref:O2_Misc_Microsoft_MPL_Libs.dll
using O2’s IE/Watin Object instead
var testFile = @"o2platform.com.xml".local();
var urls = resolveWebHosts(testFile);
var treeView = topPanel.insert_Left(400,"Urls").add_TreeView();
var ie = topPanel.add_IE();
treeView.afterSelect<string>(
(url)=> {
ie.open_ASync(url);
});
treeView.add_Nodes(urls)
.selectFirst();
//O2File:nmap.cs
//O2File:WatiN_IE_ExtensionMethods.cs
//O2Ref:O2_Misc_Microsoft_MPL_Libs.dll
//O2Ref:WatiN.Core.1x.dll
Finally …
…here is the complete source code of this script
var topPanel = O2Gui.open<Panel>("Tool - Take Screenshots of NMap Web Ports",1200,400);
topPanel.insert_LogViewer();
//var topPanel = panel.clear().add_Panel();
var actionsPanel = topPanel.insert_Above(40,"Actions");
Func<string, List<string>> resolveWebHosts =
(nmapSavedFile) =>{
var nmap = nmaprun.Load(nmapSavedFile);
var webHosts = new List<string>();
foreach(var host in nmap.host)
foreach(var hostPort in host.ports)
foreach(var port in hostPort.port)
if (port.portid == "80" || port.portid == "443")
{
var type = (port.portid == "80") ? "http" : "https";
foreach(var address in host.address)
webHosts.add("{0}://{1}:{2}".format(type, address.addr, port.portid));
foreach(var hostHostname in host.hostnames)
foreach(var hostname in hostHostname.hostname)
webHosts.add("{0}://{1}:{2}".format(type,hostname.name, port.portid));
}
return webHosts;
};
var targetFolder = "_nmapScreenshots".tempDir(false);
var urls = new List<string>();
var urls_TreeView = topPanel.insert_Left(400,"Urls (click to take screenshot)").add_TreeView();
var screenshots_TreeView = topPanel.insert_Left(400, "Screenshots").add_TreeView();
var ie = topPanel.add_IE_with_NavigationBar();//.silent(true);
var alertsHandler = ie.getAlertsHandler(); // auto closes popup-windows
var stopExecution = false;
Action<string> takeScreenshotOfWebPage =
(url)=>{
"taking screenshot of page: {0}".debug(url);
ie.open(url);
var screenshot = topPanel.screenshot();
var screenshotFile = targetFolder.pathCombine("{0}.jpg".format(url.safeFileName()));
screenshot.save(screenshotFile);
screenshots_TreeView.add_Node(url, screenshotFile);
};
Action takeScreenShotsOfAllPages =
()=>{
screenshots_TreeView.clear();
stopExecution = false;
foreach(var url in urls)
if(stopExecution.isFalse())
takeScreenshotOfWebPage(url);
};
screenshots_TreeView.afterSelect<string>(
(bitmapFile)=>{
"here".info();
ie.open_ASync(bitmapFile);
});
urls_TreeView.afterSelect<string>(
(url)=> {
screenshots_TreeView.pink();
O2Thread.mtaThread(
()=>{
takeScreenshotOfWebPage(url);
screenshots_TreeView.white();
});
});
Action<string> loadNmapXmlFile=
(file)=>{
urls_TreeView.clear();
urls = resolveWebHosts(file);
urls.add("<a href="http://www.google.com/">http://www.google.com</a>");
urls_TreeView.add_Nodes(urls)
.selectFirst();
};
urls_TreeView.onDrop(loadNmapXmlFile);
actionsPanel.add_Link("take screnshots of all pages", takeScreenShotsOfAllPages)
.append_Link("stop execution", ()=> stopExecution = true)
.append_Link("View Folder with Screenshots", ()=> targetFolder.startProcess());
loadNmapXmlFile(@"o2platform.com.xml".local());
return "ok";
//O2File:nmap.cs
//O2File:API_Cropper.cs
//O2File:WatiN_IE_ExtensionMethods.cs
//O2Ref:O2_Misc_Microsoft_MPL_Libs.dll
//O2Ref:WatiN.Core.1x.dll
Previous approach that is not working
Here are a couple scripts that document an aproach to load the nmap xml files using the DFT provided on nmap website site (which didn’t work)
download DTD from Nmap website
//var nmapDtd = "http://nmap.org/svn/docs/nmap.dtd".uri().download</a>();
Creating nmap.cs fil
var dtdFile = "nmap.xsd".local(); return dtdFile.xsdCreateCSharpFile();
Creating an empty nmap objec
var nmap = new nmaprun(); return nmap; //using tempuri.org.nmap //O2File:nmap.cs //O2Ref:O2_Misc_Microsoft_MPL_Libs.dll
loading saved nmap file
var nmapSavedFile = @"o2platform.com.xml".local(); var nmap = nmapSavedFile.load<nmaprun>(); return nmap;
show xml in sourcecode viewer and nmap object in property grid
var nmapSavedFile = @"o2platform.com.xml".local(); var nmap = nmapSavedFile.load<nmaprun>(); topPanel.add_SourceCodeViewer() .set_Text(nmapSavedFile.fileContents().xmlFormat(),".xml"); topPanel.insert_Left(400,"loaded nmap file") .add_PropertyGrid() .show(nmap);
the problem with this approach is that it is not working as expected (the xml data is not being correctly loaded into the nmap object and nmaprun.Load(..file..) throws an exception)
About
The O2 platform represents a new paradigm for how to perform, document and distribute Web Application security reviews. O2 is designed to Automate Security Consultants Knowledge and Workflows and to Allow non-security experts to access and consume Security Knowledge.
O2 can also be a very powerful prototyping and fast-development tool for .NET. Most O2 APIs are written using a Fluent API design, and its core has been published as a separate project called FluentSharp (hosted at CodePlex)
Download
Windows ClickOnce Installer:
Mailing List
The best place to keep updated with the lastest news and developers it to subscribe to the OWASP O2 Platform Mailing list (you can read its archives here)
OWASP O2 Platform Blog 