libnmap is a python library enabling python developers to manipulate nmap process and data.
libnmap is what you were looking for if you need to implement the following:
- automate or schedule nmap scans on a regular basis
- manipulate nmap scans results to do reporting
- compare and diff nmap scans to generate graphs
- batch process scan reports
- …
The above uses cases will be easy to implement with the help of the libnmap modules.
The lib currently offers the following modules:
- process: enables you to launch nmap scans
- parse: enables you to parse nmap reports or scan results (only XML so far) from a file, a string,…
- report: enables you to manipulate a parsed scan result and de/serialize scan results in a json format
- diff: enables you to see what changed between two scans
- common: contains basic nmap objects like NmapHost and NmapService. It is to note that each object can be "diff()ed" with another similar object.
- plugins: enables you to support datastores for your scan results
directly in the "NmapReport" object. from report module:
- mongodb: insert/get/getAll/delete
- sqlalchemy: insert/get/getAll/delete
- aws s3: insert/get/getAll/delete (not supported for python3 since boto is not supporting py3)
- csv: todo (easy to implement)
- elastic search: todo
All the documentation is available on read the docs. This documentation contains small code samples that you directly reuse.
libnmap has by default no dependencies, except defusedxml if you need to import untrusted XML scans data.
The only additional python modules you’ll have to install depends if you wish to use libnmap to store reports on an exotic data store via libnmap’s independents plugins.
Below the list of optional dependencies:
- sqlalchemy (+the driver ie:MySQL-python)
- pymongo
- boto
If you are importing/parsing untrusted XML scan outputs with python-libnmap, install defusedxml library:
ronald@brouette:~/dev$ pip install defusedxml
This will prevent you from being vulnerable to XML External Entities attacks.
For more information, read the official libnmap documentation
This note relates to a cascaded CVE vulnerability from the python core library XML ElementTree. Nevertheless, python-libnmap has been assigned an official CVE to track this issue.
This CVE is addressed from v0.7.2.
The libnmap code is tested against the following python interpreters:
- Python 2.7
- Python 3.6
- Python 3.7
- Python 3.8
You can install libnmap via pip:
ronald@brouette:~$ pip install python-libnmap
or via git and dist utils (à l’ancienne):
ronald@brouette:~$ git clone https://github.com/savon-noir/python-libnmap.git
ronald@brouette:~$ cd python-libnmap
ronald@brouette:~$ python setup.py install
or via git and pip:
ronald@brouette:~$ git clone https://github.com/savon-noir/python-libnmap.git
ronald@brouette:~$ cd python-libnmap
ronald@brouette:~$ pip install .
Some codes samples are available in the examples directory or in the documentation.
Among other example, you notice an sample code pushing nmap scan reports in an ElasticSearch instance and allowing you to create fancy dashboards in Kibana like the screenshot below:
Mike @bmx0r Boutillier for S3 and SQL-Alechemy plugins and for the constructive critics. Thanks!