2.6. Scripts¶
- Nmapthon supports two types of scripts:
- NSE scripts. Which are LUA scripts that can be execute through the
--script
argument from the nmap tool. - PyNSE scripts. Which are python functions that are registered as “NSE scripts”. See PyNSEEngine to learn how they work.
- NSE scripts. Which are LUA scripts that can be execute through the
Whatever type of script you are executing, each script has a name. In case of NSE scripts, the script name will be the argument(s) passed to the --script
argument like --script ssl-cert
.
On the other hand, PyNSE scripts have a mandatory name
parameter.
When retrieving a script output, it needs to be referenced by its name. Nmapthon has several ways of retrieving those scripts:
host_script(host:str, script_name:str)
: Returns the host script output for a given script name. If the target does not have any information about that script, it will raise aNmapScanError
.port_script(host:str, proto:str, port:(str,int), script_name:str)
: Returns the port script output for a given script name, associated with a protocol and a port. If the target does not have any information about that script, it will raise aNmapScanError
.host_scripts(host:str, script_name:str=None)
: Yields a tuple with(script_name, script_output)
for every host script from a particular host. Ifscript_name
is specified, then it will only yield scripts whose names contain that string.port_scripts(host:str, proto:str, port:(str,int), script_name:str=None)
: Yields a tuple with(script_name, script_output)
for every port script from a particular host, port and protocol. Ifscript_name
is specified, then it will only yield scripts whose names contain that string.
Note
host_script()
and port_script()
functions must raise a NmapScanError
to indicate “missing” scripts. The None
return value is not possible,
since a PyNSE script may return a None value if the user defines it to do so, and may confuse the real script output with the “missing script” situation.
Note
Apart from that, we can get the scripts from a Service
instance, as explained in the previous page.
2.6.1. Example¶
import nmapthon as nm
sc = nm.NmapScanner('10.10.10-15.2-254', ports=[443, 80, 53], arguments='-sV --script=ssl-cert,dns-brute')
sc.run()
for i in sc.scanned_hosts():
for port in sc.scanned_ports(i, 'tcp'):
for n, o in sc.port_scripts(i, 'tcp', port):
print('Name: {}\nOutput: {}'.format(n, o))
# Check unique script output
print('{}'.format(sc.port_script('10.10.10.4', 'tcp', 443, 'ssl-cert')))
# Check unique script from service
service_example = sc.service('10.10.10.4', 'tcp', 443)
if service_example is not None:
print('{}'.format(service_example['ssl-cert']))