Skip to content

Commit

Permalink
⭐️ gather nmap version information
Browse files Browse the repository at this point in the history
  • Loading branch information
chris-rock committed Dec 14, 2024
1 parent b075ae5 commit b554b17
Show file tree
Hide file tree
Showing 7 changed files with 319 additions and 3 deletions.
28 changes: 28 additions & 0 deletions providers/nmap/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -96,4 +96,32 @@ Connect to a specific IP address and display all open ports.
```shell
cnquery shell nmap host 8.8.8.8
```
## Verifying the Installation of nmap
To verify the installation of nmap, run the following command:
```shell
cnquery run nmap -c "nmap.version { * }"
nmap.version: {
compiledWithout: []
nsockEngines: [
0: "kqueue"
1: "poll"
2: "select"
]
version: "7.95"
platform: "arm-apple-darwin23.4.0"
compiledWith: [
0: "liblua-5.4.6"
1: "openssl-3.3.1"
2: "libssh2-1.11.0"
3: "libz-1.2.12"
4: "libpcre2-10.44"
5: "nmap-libpcap-1.10.4"
6: "nmap-libdnet-1.12"
7: "ipv6"
]
}
```
19 changes: 18 additions & 1 deletion providers/nmap/resources/nmap.lr
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,10 @@ option provider = "go.mondoo.com/cnquery/v11/providers/nmap"
option go_package = "go.mondoo.com/cnquery/v11/providers/nmap/resources"

// nmap
nmap {}
nmap {
// Nmap version information
version() nmap.versionInformation
}

// nmap target
nmap.target {
Expand Down Expand Up @@ -57,4 +60,18 @@ private nmap.port @defaults("port service"){
version string
// State of the port (e.g., open, closed)
state string
}

// nmap version information
private nmap.versionInformation @defaults("version") {
// Version of nmap
version string
// Platform nmap is running on
platform string
// libraries compiled with
compiledWith []string
// libraries not compiled with
compiledWithout []string
// nsock engines
nsockEngines []string
}
131 changes: 131 additions & 0 deletions providers/nmap/resources/nmap.lr.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 19 additions & 0 deletions providers/nmap/resources/nmap.lr.manifest.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ resources:
nmap:
fields:
field: {}
version:
min_mondoo_version: 9.0.0
min_mondoo_version: latest
nmap.host:
fields:
Expand Down Expand Up @@ -37,3 +39,20 @@ resources:
target: {}
warnings: {}
min_mondoo_version: latest
nmap.version:
fields:
compiledWith: {}
compiledWithout: {}
nsockEngines: {}
platform: {}
version: {}
min_mondoo_version: 9.0.0
nmap.versionInformation:
fields:
compiledWith: {}
compiledWithout: {}
nsockEngines: {}
platform: {}
version: {}
is_private: true
min_mondoo_version: 9.0.0
5 changes: 3 additions & 2 deletions providers/nmap/resources/nmap_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@ import (
"github.com/Ullaakut/nmap/v3"
)

func TestNmap(t *testing.T) {
func TestRawNmap(t *testing.T) {
// t.Skip("skipping nmap test - only used for local testing")
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()

Expand All @@ -34,7 +35,7 @@ func TestNmap(t *testing.T) {

result, warnings, err := scanner.Run()
if len(*warnings) > 0 {
log.Printf("run finished with warnings: %s\n", *warnings) // Warnings are non-critical errors from nmap.
log.Fatalf("run finished with warnings: %s\n", *warnings) // Warnings are non-critical errors from nmap.
}
if err != nil {
log.Fatalf("unable to run nmap scan: %v", err)
Expand Down
95 changes: 95 additions & 0 deletions providers/nmap/resources/nmap_version.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
// Copyright (c) Mondoo, Inc.
// SPDX-License-Identifier: BUSL-1.1

package resources

import (
"bufio"
"context"
"github.com/Ullaakut/nmap/v3"
"go.mondoo.com/cnquery/v11/llx"
"go.mondoo.com/cnquery/v11/providers-sdk/v1/util/convert"
"go.mondoo.com/cnquery/v11/types"
"io"
"strings"
"time"
)

type nmapVersion struct {
Version string
Platform string
CompiledWith []string
CompiledWithout []string
AvailableNsockEngines []string
}

func parseNmapVersionOutput(r io.Reader) nmapVersion {
version := nmapVersion{
CompiledWith: []string{},
CompiledWithout: []string{},
AvailableNsockEngines: []string{},
}
scanner := bufio.NewScanner(r)
scanner.Split(bufio.ScanLines)
for scanner.Scan() {
line := scanner.Text()
if strings.HasPrefix(line, "Nmap version") {
version.Version = strings.TrimSpace(strings.Split(line, " ")[2])
continue
}
m := strings.Split(line, ":")
if len(m) != 2 {
continue
}
key := strings.TrimSpace(m[0])
value := strings.TrimSpace(m[1])
if value == "" {
continue
}
switch key {
case "Platform":
version.Platform = value
case "Compiled with":
version.CompiledWith = strings.Split(value, " ")
case "Compiled without":
version.CompiledWithout = strings.Split(value, " ")
case "Available nsock engines":
version.AvailableNsockEngines = strings.Split(value, " ")
}
}

return version
}

func (r *mqlNmap) version() (*mqlNmapVersionInformation, error) {
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()

// retrieve nmap version
scanner, err := nmap.NewScanner(
ctx,
nmap.WithBinaryPath("/opt/homebrew/bin/nmap"),
// we can ignore the deprecation warning since the -V flag is not supported by the nmap library
nmap.WithCustomArguments("-V"),
)
if err != nil {
return nil, err
}

// NOTE: -V does not return xml output so run does not parse the output
// Therefore we cannot trust the err return value
results, _, _ := scanner.Run()

info := parseNmapVersionOutput(results.ToReader())

runtime := r.MqlRuntime
resource, err := CreateResource(runtime, "nmap.versionInformation", map[string]*llx.RawData{
"__id": llx.StringData("nmap.versionInformation"),
"version": llx.StringData(info.Version),
"platform": llx.StringData(info.Platform),
"compiledWith": llx.ArrayData(convert.SliceAnyToInterface(info.CompiledWith), types.String),
"compiledWithout": llx.ArrayData(convert.SliceAnyToInterface(info.CompiledWithout), types.String),
"nsockEngines": llx.ArrayData(convert.SliceAnyToInterface(info.AvailableNsockEngines), types.String),
})
return resource.(*mqlNmapVersionInformation), err
}
Loading

0 comments on commit b554b17

Please sign in to comment.