Skip to main content

Nmap Python Script

One of my goals lately has being to learn how to program and what better way than to just find something that you can automate/improve and try to code it out. In this case, I wanted to create a nmap script that would do a quick scan mostly to just find out what ports where open, it is like a ping scan but it is full handshake. After it grabs all the open ports, then it will do a more comprehensive scan with the -sV argument and the default and safe nmap scripts. Here is the code I came up with, with some help of Copilot:

#!/usr/bin/python3

import subprocess
import os
import argparse
import shutil

# Create ArgumentParser object
parser = argparse.ArgumentParser(description='Perform nmap scan.')
group = parser.add_mutually_exclusive_group(required=True)
group.add_argument('-ip', help='Single IP address to scan')
group.add_argument('-f', '--file', help='File with list of hosts to scan, one per line')
parser.add_argument('-s', '--save', help='Directory to save the output files (optional)')
args = parser.parse_args()

# Check if nmap is installed on the host
if not shutil.which("nmap"):
    print("nmap not found. Please install nmap and try again.")
    exit(1)

# Create the directory if it doesn't exist
if args.save:
    os.makedirs(args.save, exist_ok=True)

try:
    hosts = []
    if args.ip:
        hosts.append(args.ip)
    elif args.file:
        with open(args.file, 'r') as file:
            hosts = file.read().splitlines()

    for ip in hosts:
        print(f"Scanning {ip}...")

        # Perform quick scan
        print("Performing quick scan of ALL ports...")
        quickScanResult = subprocess.run(["nmap", "-Pn", "-p-", "--min-rate=1000", "-T4", ip], capture_output=True, text=True)

        # Extract open ports
        open_ports = [line.split("/")[0] for line in quickScanResult.stdout.split("\n") if "open" in line]
        print("Open ports:", ",".join(open_ports))

        # Perform more comprehensive scan
        print("\nPerforming comprehensive scan with Default and safe nmap script...\n")
        comprehensiveScanResults = subprocess.run(["nmap", "-Pn", "-sV", "-p" + ",".join(open_ports), "--script=default,vuln", ip], capture_output=True)

        # Save results of comprehensive scan to file
        if args.save:
            underscoreIP = ip.replace(".", "_")
            output_file = os.path.join(args.save, "nmapComprehensive-" + underscoreIP + ".txt")
            with open(output_file, "w") as file:
                file.write(comprehensiveScanResults.stdout.decode())

        # Print results of comprehensive scan
        print(comprehensiveScanResults.stdout.decode())

except Exception as e:
    print(f"An error occurred: {e}")