Page MenuHomeVyOS Platform
Create Task
Maniphest T6181

A feature for checking popular ports.
Open, WishlistPublicFEATURE REQUEST
Actions

Description

As an additional feature, nmap can be used to scan host ports or domain names. You can create a command in the main mode of the system and bind it to a script. The script scans ports from a separate file which can be updated or added at any time to the required ports.

Also VyOS has the library - import nmap

ports.txt741 BDownload

scanport3.py1 KBDownload

Could you accept the feature to create a pull request?

root@k:/t# ./scanport3.py
Enter remote host: 1.1.1.1

Scanning completed.
Open ports:
Port    Description
53      DNS (Domain Name System)
80      HTTP (Hypertext Transfer Protocol)
443     HTTPS (HTTP Secure)
8080    HTTP Alternate

Closed ports:
Port    Description
21      FTP (File Transfer Protocol)
22      SSH (Secure Shell)
23      Telnet
25      SMTP (Simple Mail Transfer Protocol)
110     POP3 (Post Office Protocol version 3)
123     NTP (Network Time Protocol)
143     IMAP (Internet Message Access Protocol)
465     SMTPS (SMTP Secure)
500     IPSec VPN (Internet Protocol Security)
587     SMTP (Submission)
993     IMAPS (IMAP Secure)
995     POP3S (POP3 Secure)
1433    MS SQL Server
1521    Oracle Database
1701    L2TP (Layer 2 Tunneling Protocol)
1723    PPTP (Point-to-Point Tunneling Protocol)
3306    MySQL
3389    Remote Desktop Protocol (RDP)
5432    PostgreSQL
5900    VNC (Virtual Network Computing)

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

m.korobeinikov created this task.Mar 28 2024, 2:24 AM
m.korobeinikov added a subscriber: sever.

@sever what do you think about it?

pasik subscribed.Mar 28 2024, 10:26 AM
Viacheslav subscribed.Mar 31 2024, 11:28 AM

I'm not sure that a list of ports will be helpful in this way.
From time to time, we need to scan specific ports.
What about

force scan-port-host <x.x.x.x> proto <tcp|udp> port '8080-8081,9200'
force port--discovery-host <x.x.x.x> proto <tcp|udp> port '8080'
force port-scan host <x.x.x.x> proto <tcp|udp> port '8080'

And use native nmap binaries (as python3 nmap module is not installed by default)
Also, it has XML format if you want a custom table:

sudo nmap -oX - 127.0.0.1
Viacheslav triaged this task as Wishlist priority.Mar 31 2024, 11:28 AM
m.korobeinikov added a comment.Apr 1 2024, 12:58 AM

ok, i'll change a port list and nmap scenario

Apachez subscribed.Apr 1 2024, 8:11 AM

Personally I dont think its a good idea to be able to use VyOS as a jumphost towards victims of scanning.

Sure you can do this through bash mode but then also let this feature be available through bash mode only and not from regular op-mode?

That is you must have permission to enter bash mode and do sudo in order to run nmap.

syncer edited projects, added VyOS 1.4 Sagitta (1.4.0-GA); removed VyOS 1.4 Sagitta (1.4.0).May 7 2024, 8:02 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.8); removed VyOS 1.3 Equuleus.May 13 2024, 7:31 PM
m.korobeinikov added a comment.May 28 2024, 6:46 AM

@sever what about it?

image.png (537×669 px, 43 KB)

#!/usr/bin/env python3

import subprocess

def main():
    # Ask for the IP address of the host
    ip_address = input("Enter the IP address of the host to scan: ")

    # Ask for the ports to scan
    ports = input("Enter the port or list of ports (e.g., 8080-8081,9200): ")

    # Ask for the protocol to scan
    protocol = input("Which protocol to scan (TCP/UDP): ").strip().upper()

    # Form the nmap command
    if protocol == "TCP":
        nmap_command = f"nmap -sT -p {ports} {ip_address}"
    elif protocol == "UDP":
        nmap_command = f"nmap -sU -p {ports} {ip_address}"
    else:
        print("Invalid protocol. Enter TCP or UDP.")
        return

    # Execute the nmap command
    try:
        result = subprocess.run(nmap_command.split(), capture_output=True, text=True)
        print(result.stdout)
    except Exception as e:
        print(f"Error executing nmap command: {e}")

if __name__ == "__main__":
    main()
Apachez added a comment.May 28 2024, 7:34 AM

Just dont, please see my comment fro april 2024.

m.korobeinikov added a comment.May 29 2024, 5:43 AM

We will bind the code to a new command in operating mode (for example show ports). This will allow you to use the nmap command from operating mode. Just a convenient feature.