2021SC@SDUSC
ControlNmap.py
OSSIM-agent源代码分析(八)
简述
OSSIM Agent的主要职责是收集网络上存在的各种设备发送的所有数据,然后按照一种标准方式(standardized way)有序的发送给OSSIM Server,Agent收集到数据后在发送给Server之前要对这些数据进行标准化处理,这样Server就可以依一种统一的方式来处理这些信息,并且也简化了Server的处理过程,
map是一个网络连接端扫描软件,用来扫描网上电脑开放的网络连接端。确定哪些服务运行在哪些连接端,并且推断计算机运行哪个操作系统(这是亦称 fingerprinting)。它是网络管理员必用的软件之一,以及用以评估网络系统安全。所以在ossim中nmap是一个非常重要的模块,而这个文件就是进行相关nmap模块管理的
相关代码
初始导报
import datetime, os, re, threading, time
import subprocess, shlex
from xml.dom.minidom import parse
import ControlError
import ControlUtil
from Logger import Logger
import Utils
全局变量
logger = Logger.logger
Nmap管理类
class NmapManager:
__nmap_bin_path = ""
__nmap_report_path = ""
__nmap = None
初始化函数主要是抓取nmap的bin路径和报告路径
def __init__(self, conf):
if self.__nmap == None:
logger.info("Initialising Nmap Manager.")
self.__nmap_bin_path = "/usr/bin/nmap"
if os.path.exists(self.__nmap_bin_path):
logger.info('Nmap binary path: %s' % self.__nmap_bin_path)
else:
logger.error('Nmap binary path "%s" does not exist or has restricted privileges!' % self.__nmap_bin_path)
self.__nmap_report_path = "/tmp"
if os.path.exists(self.__nmap_report_path):
logger.info("Nmap report path: %s" % self.__nmap_report_path)
else:
logger.error('Nmap report path "%s" does not exist or has restricted privileges!' % self.__nmap_bin_path)
self.__nmap = DoNmap(self.__nmap_bin_path, self.__nmap_report_path)
self.__nmap.start()
logger.debug("Nmap Manager initialised.")
进程函数,初始变量声明
def process(self, data, base_response):
logger.debug("Nmap Manager: Processing: %s" % data)
response = []
action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)
将nmap扫码相关的参数,通过正则表达式进行处理,和具体设置
if action == "nmap_scan":
target = Utils.get_var("target=\"([\s0-9a-fA-F\.:/\-]+)\"" , data)
scan_type = Utils.get_var("type=\"(ping|0|fast|1|normal|2|full|3|custom|4)\"" , data)
scan_timming = Utils.get_var("timming=\"(T0|T1|T2|T3|T4|T5)\"" , data)
autodect = Utils.get_var("autodetect=\"(enable|disable|enabled|disabled)\"" , data)
scan_ports = Utils.get_var("scan_ports=\"([0-9\-\,]+)\"" , data)
rdns = Utils.get_var("rdns=\"(enable|disable|enabled|disabled)\"" , data)
report_prefix = Utils.get_var("report_prefix=\"([\s0-9a-fA-F\.:/\-]+)\"" , data)
if autodect == "":
autodect = "enable"
if rdns == "":
rdns = "disable"
if scan_timming == "":
scan_timming = "T3"
if scan_type == "":
scan_type = "ping"
if report_prefix == "":
response.append(base_response + ' status="%d" %s ackend\n' % (self.__nmap.status(), ControlError.get(2007)))
return response
self.__nmap.set_report_prefix(report_prefix)
self.__nmap.set_scan_type(scan_type)
self.__nmap.set_scan_timming(scan_timming)
self.__nmap.set_scan_autodetect(autodect)
self.__nmap.set_scan_ports(scan_ports)
self.__nmap.set_scan_rdsn(rdns)
if scan_type == "custom" and scan_ports=="":
response.append(base_response + ' status="%d" %s ackend\n' % (self.__nmap.status(), ControlError.get(2006)))
return response
处理重复运行
if len(target):
if self.__nmap.status() > 0:
logger.info("Scan already in progress: %i" % self.__nmap.status())
response.append<