AutoReconExploit/AutoRecon.py at master · SUPEZ/AutoReconExploit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import sys
import os
import nmap
import socket

ipTarget = 0
rangePorts = 0
ignoreIP = " "


def recon():
    try:
        nm = nmap.PortScanner()
        nm.scan(ipTarget, rangePorts)
    except nmap.PortScannerError:
        print('Nmap not found', sys.exc_info()[0])
    except:
        print("Unexpected error:", sys.exc_info()[0])
        sys.exit(0)

    for host in nm.all_hosts():
        if host == ignoreIP:
            print("Ignore " + host)
        else:
            print("---------" * 10)
            print("     Host: %s (%s)" % (host, ipTarget))
            print("     State: %s" % nm[host].state())
            mac = nm[host]['addresses']['mac']
            if mac != " ":
                print("     Mac: %s" % mac)
                print("     Machine type: %s" % nm[host]['vendor'][mac])
            print("---------" * 10)
            for proto in nm[host].all_protocols():
                print("+++++++++" * 10)
                print("     protocol : %s" % proto)
                ports = nm[host][proto].keys()
                for port in ports:
                    print("     Port : %s\tState : %s\tService : %s\tProduct : %s\tVersion : %s" % (
                        port, nm[host][proto][port]['state'], nm[host][proto][port]['name'],
                        nm[host][proto][port]['product'], nm[host][proto][port]['version']))
                    os.system("searchsploit " + nm[host][proto][port]['name'] + " "
                              + str(nm[host][proto][port]['product'].split(' ', 1)[0]))
                print("+++++++++" * 10)


def main():
    global ipTarget, rangePorts, ignoreIP
    # Get command arguments.
    if len(sys.argv) != 3:
        print("./AutoExploit.py <<IP ADDRESS>> <<PORT RANGE>>")
        sys.exit(0)

    ipTarget = sys.argv[1]
    rangePorts = sys.argv[2]
    # Ignore own IP
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    s.connect(("8.8.8.8", 80))
    ignoreIP = s.getsockname()[0]
    s.close()

    # Scanning
    print("---------" * 10)
    print("     SCANNING THE TARGET " + ipTarget)
    print("---------" * 10)
    recon()


if __name__ == "__main__":
    sys.exit(main())