Feature: nmap scanner to scan all the found IPs
Closed this issue · 4 comments
PurplePanda should get all the public IPs found, and call nmap using some python lib and create the following relations with the output of nmap (check the relations purplepanda is already creating with shodan).
Hi @carlospolop, hope you're doing well.
I spent some time today reviewing the code and understanding the flow of data in it to recognize the area where I need to make changes.
I configured PurplePanda by exporting GITHUB_DISCOVERY and ran the github only command with github in platform list.
It called the file intel/github/discovery/analyze_results.py but the function that is responsible for scanning ports (using shodan) is called by /home/cybersoldier/Documents/PurplePanda/intel/generic/discovery/analyze_results.py at line 67. The function is in /home/cybersoldier/Documents/PurplePanda/core/utils/purplepanda.py named get_open_ports
I believe this is the function I need to make changes in, with probably writing a separate function for shodan one. But currently I am unable to invoke this function. Can you please tell me what command will invoke this function and how can I get IPs in there?
I have experience only with Github so thats the only platform I can pass to PurplePanda. The command I ran is python3 main.py -p github --github-only-org -e but it did not invoke the generic analyze results file.
Hi @njmulsqb,
So, I think it would be a good idea to just leave the function get_open_ports calling 2 other functions: get_open_ports_shodan (which would be the current implementation) and get_open_ports_nmap (the new function to create).
To test that function you need to have at least 1 objet of type PublicIP inside the database. Running something like MERGE (ip: PublicIP {name: "1.1.1.1"}) RETURN ip in neo4j should create one object of that type.
The github module is never going to create an object of that type, so I it's worthless to enumerate a github account for this purpose.
My recommendation would be to enumerate to call PurplePanda as you were doing, but comment the lines
Line 188 in b7457a4
Line 191 in b7457a4
Then the line
AnalyzeResults().discover() which, amog other things, will call the function to get open ports.Neat, can you tell me what will be the command I need to execute? As you mentioned I dont need to enumerate github so should I include -e or just --analyze will do the job?
Execute the same command as before, as the script will complain if you don't give any platform. As commented the indicated lines github info won't be gathered, so you won't lose time waiting here.