Netscan

Here is a sample of some the capabilities of the netscan library.



In [2]:

    
from __future__ import print_function
from netscan.lib import WhoIs, GetHostName, MacLookup, Commands
import pprint as pp

Get host info

On macOS or Linux, GetHostName should be able to resolve a computer's IP address to a hostname.



In [3]:

    
print(GetHostName('192.168.1.13').name)
print(GetHostName('127.0.0.1').name)









    



bender.local
Tardis.local

WhoIs uses a REST API to recover a current record of an external IP address.



In [10]:

    
pp.pprint(WhoIs('216.58.217.4').record)









    



{u'CIDR': u'216.58.192.0/19',
 u'NetHandle': u'NET-216-58-192-0-1',
 u'NetName': u'GOOGLE',
 u'NetRange': u'216.58.192.0 - 216.58.223.255',
 u'NetType': u'Direct Allocation',
 u'Organization': u'Google Inc. (GOGL)',
 u'OriginAS': u'AS15169',
 u'Parent': u'NET216 (NET-216-0-0-0-0)',
 u'Ref': u'https',
 u'RegDate': u'2012-01-27',
 u'Updated': u'2012-01-27'}



In [8]:

    
info = WhoIs('216.58.217.4')
print('CIDR:', info.CIDR)
print('Organization:', info.Organization)









    



CIDR: 216.58.192.0/19
Organization: Google Inc. (GOGL)

MacLookup uses a REST API to turn a MAC address into a vendor name.



In [40]:

    
print(MacLookup('58:b0:35:f2:55:88').vendor)









    



{'company': u'Apple'}

Commands

Unfortunately it is difficult in python to execute simple commands and get the returned output. This is a simple wrapper around the obnoxiously complex subprocess command in Python.



In [9]:

    
cmd = Commands()
ret = cmd.getoutput('ls -alh')
print(ret)

print(Commands().getoutput('echo hi'))









    



total 16
drwxr-xr-x   4 kevin  staff   136B Nov 23 22:34 .
drwxr-xr-x  17 kevin  staff   578B Nov 21 21:02 ..
drwxr-xr-x   3 kevin  staff   102B Nov 23 21:16 .ipynb_checkpoints
-rw-r--r--   1 kevin  staff   7.6K Nov 23 22:34 netscan.ipynb

hi

Passive Scanning

Unfortunately I currently don't know how to run python code in a jupyter notebook using sudo. Therefore I can't do live captures. Instead I will use a pcap.



In [31]:

    
from netscan.PassiveScan import PassiveMapper



In [32]:

    
nmap = []
pm = PassiveMapper()
nmap = pm.pcap('../tests/test.pcap')
nmap = pm.filter(nmap)
nmap = pm.combine(nmap)
nmap = pm.combine(nmap)
pp.pprint(nmap)









    



[{'hostname': 'bender.local',
  'ipv4': '192.168.1.13',
  'ipv6': 'fe80::733e:f915:e4de:6207',
  'mac': 'b8:27:eb:8f:23:20',
  'tcp': [{'port': 548, 'srv': '_afpovertcp'}],
  'type': 'arp',
  'udp': []},
 {'hostname': 'calculon.local',
  'ipv4': '192.168.1.8',
  'ipv6': 'fe80::ba27:ebff:fe0a:5a17',
  'mac': 'b8:27:eb:0a:5a:17',
  'tcp': [{'port': 548, 'srv': '_afpovertcp'}],
  'type': 'arp',
  'udp': []},
 {'hostname': 'Dalek.local',
  'tcp': [{'port': 445, 'srv': '_smb'}],
  'type': 'rr',
  'udp': []},
 {'ipv4': '192.168.1.2', 'mac': 'c8:2a:14:1f:18:69', 'type': 'arp'},
 {'hostname': 'Apple-TV.local',
  'ipv6': 'fe80::18b5:5727:6dbe:d109',
  'tcp': [{'port': 5000, 'srv': '_raop'},
          {'port': 3689, 'srv': '_touch-able'},
          {'port': 3689, 'srv': '_appletv-v2'}],
  'type': 'rr',
  'udp': []},
 {'hostname': 'hypnotoad.local',
  'ipv4': '192.168.1.72',
  'ipv6': 'fe80::e4cb:e6a2:8693:9651',
  'tcp': [{'port': 548, 'srv': '_afpovertcp'}],
  'type': 'rr',
  'udp': []},
 {'ipv4': '192.168.1.3', 'mac': 'f8:1e:df:ea:68:20', 'type': 'arp'},
 {'ipv4': '192.168.1.1', 'mac': '6c:70:9f:ce:da:85', 'type': 'arp'}]

Active Scanning

Don't know how to do this using sudo.



In [34]:

    
from netscan.ActiveScan import ActiveMapper



In [35]:

    
am = ActiveMapper(range(1, 1024))
hosts = am.scan('en1')
pp.pprint(hosts)









    



['']
Found 0 hosts
[]



In [37]:

    
print(GetHostName('192.168.1.13').name)









    



bender.local



In [ ]: