├── LICENSE ├── README.md ├── cmd └── smap │ └── main.go ├── go.mod ├── go.sum ├── internal ├── core │ ├── argparser.go │ ├── common.go │ ├── correlate.go │ ├── manager.go │ └── shodan.go ├── db │ ├── help_text.go │ ├── nmap_sigs.go │ └── nmap_table.go ├── global │ ├── types.go │ └── variables.go ├── output │ ├── common.go │ ├── grep.go │ ├── json.go │ ├── nmap.go │ ├── pair.go │ ├── smap.go │ └── xml.go └── util │ └── util.go └── static ├── smap-demo.png └── smap-logo.png /LICENSE: -------------------------------------------------------------------------------- 1 | GNU AFFERO GENERAL PUBLIC LICENSE 2 | Version 3, 19 November 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU Affero General Public License is a free, copyleft license for 11 | software and other kinds of works, specifically designed to ensure 12 | cooperation with the community in the case of network server software. 13 | 14 | The licenses for most software and other practical works are designed 15 | to take away your freedom to share and change the works. By contrast, 16 | our General Public Licenses are intended to guarantee your freedom to 17 | share and change all versions of a program--to make sure it remains free 18 | software for all its users. 19 | 20 | When we speak of free software, we are referring to freedom, not 21 | price. Our General Public Licenses are designed to make sure that you 22 | have the freedom to distribute copies of free software (and charge for 23 | them if you wish), that you receive source code or can get it if you 24 | want it, that you can change the software or use pieces of it in new 25 | free programs, and that you know you can do these things. 26 | 27 | Developers that use our General Public Licenses protect your rights 28 | with two steps: (1) assert copyright on the software, and (2) offer 29 | you this License which gives you legal permission to copy, distribute 30 | and/or modify the software. 31 | 32 | A secondary benefit of defending all users' freedom is that 33 | improvements made in alternate versions of the program, if they 34 | receive widespread use, become available for other developers to 35 | incorporate. Many developers of free software are heartened and 36 | encouraged by the resulting cooperation. However, in the case of 37 | software used on network servers, this result may fail to come about. 38 | The GNU General Public License permits making a modified version and 39 | letting the public access it on a server without ever releasing its 40 | source code to the public. 41 | 42 | The GNU Affero General Public License is designed specifically to 43 | ensure that, in such cases, the modified source code becomes available 44 | to the community. It requires the operator of a network server to 45 | provide the source code of the modified version running there to the 46 | users of that server. Therefore, public use of a modified version, on 47 | a publicly accessible server, gives the public access to the source 48 | code of the modified version. 49 | 50 | An older license, called the Affero General Public License and 51 | published by Affero, was designed to accomplish similar goals. This is 52 | a different license, not a version of the Affero GPL, but Affero has 53 | released a new version of the Affero GPL which permits relicensing under 54 | this license. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | TERMS AND CONDITIONS 60 | 61 | 0. Definitions. 62 | 63 | "This License" refers to version 3 of the GNU Affero General Public License. 64 | 65 | "Copyright" also means copyright-like laws that apply to other kinds of 66 | works, such as semiconductor masks. 67 | 68 | "The Program" refers to any copyrightable work licensed under this 69 | License. Each licensee is addressed as "you". "Licensees" and 70 | "recipients" may be individuals or organizations. 71 | 72 | To "modify" a work means to copy from or adapt all or part of the work 73 | in a fashion requiring copyright permission, other than the making of an 74 | exact copy. The resulting work is called a "modified version" of the 75 | earlier work or a work "based on" the earlier work. 76 | 77 | A "covered work" means either the unmodified Program or a work based 78 | on the Program. 79 | 80 | To "propagate" a work means to do anything with it that, without 81 | permission, would make you directly or secondarily liable for 82 | infringement under applicable copyright law, except executing it on a 83 | computer or modifying a private copy. Propagation includes copying, 84 | distribution (with or without modification), making available to the 85 | public, and in some countries other activities as well. 86 | 87 | To "convey" a work means any kind of propagation that enables other 88 | parties to make or receive copies. Mere interaction with a user through 89 | a computer network, with no transfer of a copy, is not conveying. 90 | 91 | An interactive user interface displays "Appropriate Legal Notices" 92 | to the extent that it includes a convenient and prominently visible 93 | feature that (1) displays an appropriate copyright notice, and (2) 94 | tells the user that there is no warranty for the work (except to the 95 | extent that warranties are provided), that licensees may convey the 96 | work under this License, and how to view a copy of this License. If 97 | the interface presents a list of user commands or options, such as a 98 | menu, a prominent item in the list meets this criterion. 99 | 100 | 1. Source Code. 101 | 102 | The "source code" for a work means the preferred form of the work 103 | for making modifications to it. "Object code" means any non-source 104 | form of a work. 105 | 106 | A "Standard Interface" means an interface that either is an official 107 | standard defined by a recognized standards body, or, in the case of 108 | interfaces specified for a particular programming language, one that 109 | is widely used among developers working in that language. 110 | 111 | The "System Libraries" of an executable work include anything, other 112 | than the work as a whole, that (a) is included in the normal form of 113 | packaging a Major Component, but which is not part of that Major 114 | Component, and (b) serves only to enable use of the work with that 115 | Major Component, or to implement a Standard Interface for which an 116 | implementation is available to the public in source code form. A 117 | "Major Component", in this context, means a major essential component 118 | (kernel, window system, and so on) of the specific operating system 119 | (if any) on which the executable work runs, or a compiler used to 120 | produce the work, or an object code interpreter used to run it. 121 | 122 | The "Corresponding Source" for a work in object code form means all 123 | the source code needed to generate, install, and (for an executable 124 | work) run the object code and to modify the work, including scripts to 125 | control those activities. However, it does not include the work's 126 | System Libraries, or general-purpose tools or generally available free 127 | programs which are used unmodified in performing those activities but 128 | which are not part of the work. For example, Corresponding Source 129 | includes interface definition files associated with source files for 130 | the work, and the source code for shared libraries and dynamically 131 | linked subprograms that the work is specifically designed to require, 132 | such as by intimate data communication or control flow between those 133 | subprograms and other parts of the work. 134 | 135 | The Corresponding Source need not include anything that users 136 | can regenerate automatically from other parts of the Corresponding 137 | Source. 138 | 139 | The Corresponding Source for a work in source code form is that 140 | same work. 141 | 142 | 2. Basic Permissions. 143 | 144 | All rights granted under this License are granted for the term of 145 | copyright on the Program, and are irrevocable provided the stated 146 | conditions are met. This License explicitly affirms your unlimited 147 | permission to run the unmodified Program. The output from running a 148 | covered work is covered by this License only if the output, given its 149 | content, constitutes a covered work. This License acknowledges your 150 | rights of fair use or other equivalent, as provided by copyright law. 151 | 152 | You may make, run and propagate covered works that you do not 153 | convey, without conditions so long as your license otherwise remains 154 | in force. You may convey covered works to others for the sole purpose 155 | of having them make modifications exclusively for you, or provide you 156 | with facilities for running those works, provided that you comply with 157 | the terms of this License in conveying all material for which you do 158 | not control copyright. Those thus making or running the covered works 159 | for you must do so exclusively on your behalf, under your direction 160 | and control, on terms that prohibit them from making any copies of 161 | your copyrighted material outside their relationship with you. 162 | 163 | Conveying under any other circumstances is permitted solely under 164 | the conditions stated below. Sublicensing is not allowed; section 10 165 | makes it unnecessary. 166 | 167 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 168 | 169 | No covered work shall be deemed part of an effective technological 170 | measure under any applicable law fulfilling obligations under article 171 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 172 | similar laws prohibiting or restricting circumvention of such 173 | measures. 174 | 175 | When you convey a covered work, you waive any legal power to forbid 176 | circumvention of technological measures to the extent such circumvention 177 | is effected by exercising rights under this License with respect to 178 | the covered work, and you disclaim any intention to limit operation or 179 | modification of the work as a means of enforcing, against the work's 180 | users, your or third parties' legal rights to forbid circumvention of 181 | technological measures. 182 | 183 | 4. Conveying Verbatim Copies. 184 | 185 | You may convey verbatim copies of the Program's source code as you 186 | receive it, in any medium, provided that you conspicuously and 187 | appropriately publish on each copy an appropriate copyright notice; 188 | keep intact all notices stating that this License and any 189 | non-permissive terms added in accord with section 7 apply to the code; 190 | keep intact all notices of the absence of any warranty; and give all 191 | recipients a copy of this License along with the Program. 192 | 193 | You may charge any price or no price for each copy that you convey, 194 | and you may offer support or warranty protection for a fee. 195 | 196 | 5. Conveying Modified Source Versions. 197 | 198 | You may convey a work based on the Program, or the modifications to 199 | produce it from the Program, in the form of source code under the 200 | terms of section 4, provided that you also meet all of these conditions: 201 | 202 | a) The work must carry prominent notices stating that you modified 203 | it, and giving a relevant date. 204 | 205 | b) The work must carry prominent notices stating that it is 206 | released under this License and any conditions added under section 207 | 7. This requirement modifies the requirement in section 4 to 208 | "keep intact all notices". 209 | 210 | c) You must license the entire work, as a whole, under this 211 | License to anyone who comes into possession of a copy. This 212 | License will therefore apply, along with any applicable section 7 213 | additional terms, to the whole of the work, and all its parts, 214 | regardless of how they are packaged. This License gives no 215 | permission to license the work in any other way, but it does not 216 | invalidate such permission if you have separately received it. 217 | 218 | d) If the work has interactive user interfaces, each must display 219 | Appropriate Legal Notices; however, if the Program has interactive 220 | interfaces that do not display Appropriate Legal Notices, your 221 | work need not make them do so. 222 | 223 | A compilation of a covered work with other separate and independent 224 | works, which are not by their nature extensions of the covered work, 225 | and which are not combined with it such as to form a larger program, 226 | in or on a volume of a storage or distribution medium, is called an 227 | "aggregate" if the compilation and its resulting copyright are not 228 | used to limit the access or legal rights of the compilation's users 229 | beyond what the individual works permit. Inclusion of a covered work 230 | in an aggregate does not cause this License to apply to the other 231 | parts of the aggregate. 232 | 233 | 6. Conveying Non-Source Forms. 234 | 235 | You may convey a covered work in object code form under the terms 236 | of sections 4 and 5, provided that you also convey the 237 | machine-readable Corresponding Source under the terms of this License, 238 | in one of these ways: 239 | 240 | a) Convey the object code in, or embodied in, a physical product 241 | (including a physical distribution medium), accompanied by the 242 | Corresponding Source fixed on a durable physical medium 243 | customarily used for software interchange. 244 | 245 | b) Convey the object code in, or embodied in, a physical product 246 | (including a physical distribution medium), accompanied by a 247 | written offer, valid for at least three years and valid for as 248 | long as you offer spare parts or customer support for that product 249 | model, to give anyone who possesses the object code either (1) a 250 | copy of the Corresponding Source for all the software in the 251 | product that is covered by this License, on a durable physical 252 | medium customarily used for software interchange, for a price no 253 | more than your reasonable cost of physically performing this 254 | conveying of source, or (2) access to copy the 255 | Corresponding Source from a network server at no charge. 256 | 257 | c) Convey individual copies of the object code with a copy of the 258 | written offer to provide the Corresponding Source. This 259 | alternative is allowed only occasionally and noncommercially, and 260 | only if you received the object code with such an offer, in accord 261 | with subsection 6b. 262 | 263 | d) Convey the object code by offering access from a designated 264 | place (gratis or for a charge), and offer equivalent access to the 265 | Corresponding Source in the same way through the same place at no 266 | further charge. You need not require recipients to copy the 267 | Corresponding Source along with the object code. If the place to 268 | copy the object code is a network server, the Corresponding Source 269 | may be on a different server (operated by you or a third party) 270 | that supports equivalent copying facilities, provided you maintain 271 | clear directions next to the object code saying where to find the 272 | Corresponding Source. Regardless of what server hosts the 273 | Corresponding Source, you remain obligated to ensure that it is 274 | available for as long as needed to satisfy these requirements. 275 | 276 | e) Convey the object code using peer-to-peer transmission, provided 277 | you inform other peers where the object code and Corresponding 278 | Source of the work are being offered to the general public at no 279 | charge under subsection 6d. 280 | 281 | A separable portion of the object code, whose source code is excluded 282 | from the Corresponding Source as a System Library, need not be 283 | included in conveying the object code work. 284 | 285 | A "User Product" is either (1) a "consumer product", which means any 286 | tangible personal property which is normally used for personal, family, 287 | or household purposes, or (2) anything designed or sold for incorporation 288 | into a dwelling. In determining whether a product is a consumer product, 289 | doubtful cases shall be resolved in favor of coverage. For a particular 290 | product received by a particular user, "normally used" refers to a 291 | typical or common use of that class of product, regardless of the status 292 | of the particular user or of the way in which the particular user 293 | actually uses, or expects or is expected to use, the product. A product 294 | is a consumer product regardless of whether the product has substantial 295 | commercial, industrial or non-consumer uses, unless such uses represent 296 | the only significant mode of use of the product. 297 | 298 | "Installation Information" for a User Product means any methods, 299 | procedures, authorization keys, or other information required to install 300 | and execute modified versions of a covered work in that User Product from 301 | a modified version of its Corresponding Source. The information must 302 | suffice to ensure that the continued functioning of the modified object 303 | code is in no case prevented or interfered with solely because 304 | modification has been made. 305 | 306 | If you convey an object code work under this section in, or with, or 307 | specifically for use in, a User Product, and the conveying occurs as 308 | part of a transaction in which the right of possession and use of the 309 | User Product is transferred to the recipient in perpetuity or for a 310 | fixed term (regardless of how the transaction is characterized), the 311 | Corresponding Source conveyed under this section must be accompanied 312 | by the Installation Information. But this requirement does not apply 313 | if neither you nor any third party retains the ability to install 314 | modified object code on the User Product (for example, the work has 315 | been installed in ROM). 316 | 317 | The requirement to provide Installation Information does not include a 318 | requirement to continue to provide support service, warranty, or updates 319 | for a work that has been modified or installed by the recipient, or for 320 | the User Product in which it has been modified or installed. Access to a 321 | network may be denied when the modification itself materially and 322 | adversely affects the operation of the network or violates the rules and 323 | protocols for communication across the network. 324 | 325 | Corresponding Source conveyed, and Installation Information provided, 326 | in accord with this section must be in a format that is publicly 327 | documented (and with an implementation available to the public in 328 | source code form), and must require no special password or key for 329 | unpacking, reading or copying. 330 | 331 | 7. Additional Terms. 332 | 333 | "Additional permissions" are terms that supplement the terms of this 334 | License by making exceptions from one or more of its conditions. 335 | Additional permissions that are applicable to the entire Program shall 336 | be treated as though they were included in this License, to the extent 337 | that they are valid under applicable law. If additional permissions 338 | apply only to part of the Program, that part may be used separately 339 | under those permissions, but the entire Program remains governed by 340 | this License without regard to the additional permissions. 341 | 342 | When you convey a copy of a covered work, you may at your option 343 | remove any additional permissions from that copy, or from any part of 344 | it. (Additional permissions may be written to require their own 345 | removal in certain cases when you modify the work.) You may place 346 | additional permissions on material, added by you to a covered work, 347 | for which you have or can give appropriate copyright permission. 348 | 349 | Notwithstanding any other provision of this License, for material you 350 | add to a covered work, you may (if authorized by the copyright holders of 351 | that material) supplement the terms of this License with terms: 352 | 353 | a) Disclaiming warranty or limiting liability differently from the 354 | terms of sections 15 and 16 of this License; or 355 | 356 | b) Requiring preservation of specified reasonable legal notices or 357 | author attributions in that material or in the Appropriate Legal 358 | Notices displayed by works containing it; or 359 | 360 | c) Prohibiting misrepresentation of the origin of that material, or 361 | requiring that modified versions of such material be marked in 362 | reasonable ways as different from the original version; or 363 | 364 | d) Limiting the use for publicity purposes of names of licensors or 365 | authors of the material; or 366 | 367 | e) Declining to grant rights under trademark law for use of some 368 | trade names, trademarks, or service marks; or 369 | 370 | f) Requiring indemnification of licensors and authors of that 371 | material by anyone who conveys the material (or modified versions of 372 | it) with contractual assumptions of liability to the recipient, for 373 | any liability that these contractual assumptions directly impose on 374 | those licensors and authors. 375 | 376 | All other non-permissive additional terms are considered "further 377 | restrictions" within the meaning of section 10. If the Program as you 378 | received it, or any part of it, contains a notice stating that it is 379 | governed by this License along with a term that is a further 380 | restriction, you may remove that term. If a license document contains 381 | a further restriction but permits relicensing or conveying under this 382 | License, you may add to a covered work material governed by the terms 383 | of that license document, provided that the further restriction does 384 | not survive such relicensing or conveying. 385 | 386 | If you add terms to a covered work in accord with this section, you 387 | must place, in the relevant source files, a statement of the 388 | additional terms that apply to those files, or a notice indicating 389 | where to find the applicable terms. 390 | 391 | Additional terms, permissive or non-permissive, may be stated in the 392 | form of a separately written license, or stated as exceptions; 393 | the above requirements apply either way. 394 | 395 | 8. Termination. 396 | 397 | You may not propagate or modify a covered work except as expressly 398 | provided under this License. Any attempt otherwise to propagate or 399 | modify it is void, and will automatically terminate your rights under 400 | this License (including any patent licenses granted under the third 401 | paragraph of section 11). 402 | 403 | However, if you cease all violation of this License, then your 404 | license from a particular copyright holder is reinstated (a) 405 | provisionally, unless and until the copyright holder explicitly and 406 | finally terminates your license, and (b) permanently, if the copyright 407 | holder fails to notify you of the violation by some reasonable means 408 | prior to 60 days after the cessation. 409 | 410 | Moreover, your license from a particular copyright holder is 411 | reinstated permanently if the copyright holder notifies you of the 412 | violation by some reasonable means, this is the first time you have 413 | received notice of violation of this License (for any work) from that 414 | copyright holder, and you cure the violation prior to 30 days after 415 | your receipt of the notice. 416 | 417 | Termination of your rights under this section does not terminate the 418 | licenses of parties who have received copies or rights from you under 419 | this License. If your rights have been terminated and not permanently 420 | reinstated, you do not qualify to receive new licenses for the same 421 | material under section 10. 422 | 423 | 9. Acceptance Not Required for Having Copies. 424 | 425 | You are not required to accept this License in order to receive or 426 | run a copy of the Program. Ancillary propagation of a covered work 427 | occurring solely as a consequence of using peer-to-peer transmission 428 | to receive a copy likewise does not require acceptance. However, 429 | nothing other than this License grants you permission to propagate or 430 | modify any covered work. These actions infringe copyright if you do 431 | not accept this License. Therefore, by modifying or propagating a 432 | covered work, you indicate your acceptance of this License to do so. 433 | 434 | 10. Automatic Licensing of Downstream Recipients. 435 | 436 | Each time you convey a covered work, the recipient automatically 437 | receives a license from the original licensors, to run, modify and 438 | propagate that work, subject to this License. You are not responsible 439 | for enforcing compliance by third parties with this License. 440 | 441 | An "entity transaction" is a transaction transferring control of an 442 | organization, or substantially all assets of one, or subdividing an 443 | organization, or merging organizations. If propagation of a covered 444 | work results from an entity transaction, each party to that 445 | transaction who receives a copy of the work also receives whatever 446 | licenses to the work the party's predecessor in interest had or could 447 | give under the previous paragraph, plus a right to possession of the 448 | Corresponding Source of the work from the predecessor in interest, if 449 | the predecessor has it or can get it with reasonable efforts. 450 | 451 | You may not impose any further restrictions on the exercise of the 452 | rights granted or affirmed under this License. For example, you may 453 | not impose a license fee, royalty, or other charge for exercise of 454 | rights granted under this License, and you may not initiate litigation 455 | (including a cross-claim or counterclaim in a lawsuit) alleging that 456 | any patent claim is infringed by making, using, selling, offering for 457 | sale, or importing the Program or any portion of it. 458 | 459 | 11. Patents. 460 | 461 | A "contributor" is a copyright holder who authorizes use under this 462 | License of the Program or a work on which the Program is based. The 463 | work thus licensed is called the contributor's "contributor version". 464 | 465 | A contributor's "essential patent claims" are all patent claims 466 | owned or controlled by the contributor, whether already acquired or 467 | hereafter acquired, that would be infringed by some manner, permitted 468 | by this License, of making, using, or selling its contributor version, 469 | but do not include claims that would be infringed only as a 470 | consequence of further modification of the contributor version. For 471 | purposes of this definition, "control" includes the right to grant 472 | patent sublicenses in a manner consistent with the requirements of 473 | this License. 474 | 475 | Each contributor grants you a non-exclusive, worldwide, royalty-free 476 | patent license under the contributor's essential patent claims, to 477 | make, use, sell, offer for sale, import and otherwise run, modify and 478 | propagate the contents of its contributor version. 479 | 480 | In the following three paragraphs, a "patent license" is any express 481 | agreement or commitment, however denominated, not to enforce a patent 482 | (such as an express permission to practice a patent or covenant not to 483 | sue for patent infringement). To "grant" such a patent license to a 484 | party means to make such an agreement or commitment not to enforce a 485 | patent against the party. 486 | 487 | If you convey a covered work, knowingly relying on a patent license, 488 | and the Corresponding Source of the work is not available for anyone 489 | to copy, free of charge and under the terms of this License, through a 490 | publicly available network server or other readily accessible means, 491 | then you must either (1) cause the Corresponding Source to be so 492 | available, or (2) arrange to deprive yourself of the benefit of the 493 | patent license for this particular work, or (3) arrange, in a manner 494 | consistent with the requirements of this License, to extend the patent 495 | license to downstream recipients. "Knowingly relying" means you have 496 | actual knowledge that, but for the patent license, your conveying the 497 | covered work in a country, or your recipient's use of the covered work 498 | in a country, would infringe one or more identifiable patents in that 499 | country that you have reason to believe are valid. 500 | 501 | If, pursuant to or in connection with a single transaction or 502 | arrangement, you convey, or propagate by procuring conveyance of, a 503 | covered work, and grant a patent license to some of the parties 504 | receiving the covered work authorizing them to use, propagate, modify 505 | or convey a specific copy of the covered work, then the patent license 506 | you grant is automatically extended to all recipients of the covered 507 | work and works based on it. 508 | 509 | A patent license is "discriminatory" if it does not include within 510 | the scope of its coverage, prohibits the exercise of, or is 511 | conditioned on the non-exercise of one or more of the rights that are 512 | specifically granted under this License. You may not convey a covered 513 | work if you are a party to an arrangement with a third party that is 514 | in the business of distributing software, under which you make payment 515 | to the third party based on the extent of your activity of conveying 516 | the work, and under which the third party grants, to any of the 517 | parties who would receive the covered work from you, a discriminatory 518 | patent license (a) in connection with copies of the covered work 519 | conveyed by you (or copies made from those copies), or (b) primarily 520 | for and in connection with specific products or compilations that 521 | contain the covered work, unless you entered into that arrangement, 522 | or that patent license was granted, prior to 28 March 2007. 523 | 524 | Nothing in this License shall be construed as excluding or limiting 525 | any implied license or other defenses to infringement that may 526 | otherwise be available to you under applicable patent law. 527 | 528 | 12. No Surrender of Others' Freedom. 529 | 530 | If conditions are imposed on you (whether by court order, agreement or 531 | otherwise) that contradict the conditions of this License, they do not 532 | excuse you from the conditions of this License. If you cannot convey a 533 | covered work so as to satisfy simultaneously your obligations under this 534 | License and any other pertinent obligations, then as a consequence you may 535 | not convey it at all. For example, if you agree to terms that obligate you 536 | to collect a royalty for further conveying from those to whom you convey 537 | the Program, the only way you could satisfy both those terms and this 538 | License would be to refrain entirely from conveying the Program. 539 | 540 | 13. Remote Network Interaction; Use with the GNU General Public License. 541 | 542 | Notwithstanding any other provision of this License, if you modify the 543 | Program, your modified version must prominently offer all users 544 | interacting with it remotely through a computer network (if your version 545 | supports such interaction) an opportunity to receive the Corresponding 546 | Source of your version by providing access to the Corresponding Source 547 | from a network server at no charge, through some standard or customary 548 | means of facilitating copying of software. This Corresponding Source 549 | shall include the Corresponding Source for any work covered by version 3 550 | of the GNU General Public License that is incorporated pursuant to the 551 | following paragraph. 552 | 553 | Notwithstanding any other provision of this License, you have 554 | permission to link or combine any covered work with a work licensed 555 | under version 3 of the GNU General Public License into a single 556 | combined work, and to convey the resulting work. The terms of this 557 | License will continue to apply to the part which is the covered work, 558 | but the work with which it is combined will remain governed by version 559 | 3 of the GNU General Public License. 560 | 561 | 14. Revised Versions of this License. 562 | 563 | The Free Software Foundation may publish revised and/or new versions of 564 | the GNU Affero General Public License from time to time. Such new versions 565 | will be similar in spirit to the present version, but may differ in detail to 566 | address new problems or concerns. 567 | 568 | Each version is given a distinguishing version number. If the 569 | Program specifies that a certain numbered version of the GNU Affero General 570 | Public License "or any later version" applies to it, you have the 571 | option of following the terms and conditions either of that numbered 572 | version or of any later version published by the Free Software 573 | Foundation. If the Program does not specify a version number of the 574 | GNU Affero General Public License, you may choose any version ever published 575 | by the Free Software Foundation. 576 | 577 | If the Program specifies that a proxy can decide which future 578 | versions of the GNU Affero General Public License can be used, that proxy's 579 | public statement of acceptance of a version permanently authorizes you 580 | to choose that version for the Program. 581 | 582 | Later license versions may give you additional or different 583 | permissions. However, no additional obligations are imposed on any 584 | author or copyright holder as a result of your choosing to follow a 585 | later version. 586 | 587 | 15. Disclaimer of Warranty. 588 | 589 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 590 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 591 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 592 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 593 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 594 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 595 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 596 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 597 | 598 | 16. Limitation of Liability. 599 | 600 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 601 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 602 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 603 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 604 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 605 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 606 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 607 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 608 | SUCH DAMAGES. 609 | 610 | 17. Interpretation of Sections 15 and 16. 611 | 612 | If the disclaimer of warranty and limitation of liability provided 613 | above cannot be given local legal effect according to their terms, 614 | reviewing courts shall apply local law that most closely approximates 615 | an absolute waiver of all civil liability in connection with the 616 | Program, unless a warranty or assumption of liability accompanies a 617 | copy of the Program in return for a fee. 618 | 619 | END OF TERMS AND CONDITIONS 620 | 621 | How to Apply These Terms to Your New Programs 622 | 623 | If you develop a new program, and you want it to be of the greatest 624 | possible use to the public, the best way to achieve this is to make it 625 | free software which everyone can redistribute and change under these terms. 626 | 627 | To do so, attach the following notices to the program. It is safest 628 | to attach them to the start of each source file to most effectively 629 | state the exclusion of warranty; and each file should have at least 630 | the "copyright" line and a pointer to where the full notice is found. 631 | 632 | 633 | Copyright (C) 634 | 635 | This program is free software: you can redistribute it and/or modify 636 | it under the terms of the GNU Affero General Public License as published 637 | by the Free Software Foundation, either version 3 of the License, or 638 | (at your option) any later version. 639 | 640 | This program is distributed in the hope that it will be useful, 641 | but WITHOUT ANY WARRANTY; without even the implied warranty of 642 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 643 | GNU Affero General Public License for more details. 644 | 645 | You should have received a copy of the GNU Affero General Public License 646 | along with this program. If not, see . 647 | 648 | Also add information on how to contact you by electronic and paper mail. 649 | 650 | If your software can interact with users remotely through a computer 651 | network, you should also make sure that it provides a way for users to 652 | get its source. For example, if your program is a web application, its 653 | interface could display a "Source" link that leads users to an archive 654 | of the code. There are many ways you could offer source, and different 655 | solutions will be better for different programs; see section 13 for the 656 | specific requirements. 657 | 658 | You should also get your employer (if you work as a programmer) or school, 659 | if any, to sign a "copyright disclaimer" for the program, if necessary. 660 | For more information on this, and how to apply and follow the GNU AGPL, see 661 | . 662 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 |
3 | Smap logo 4 |

5 | 6 |

passive Nmap like scanner built with shodan.io

7 | 8 |

9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 |

22 | 23 |

Smap demo

24 | 25 | --- 26 | 27 | Smap is a replica of Nmap which uses shodan.io's free API for port scanning. It takes same command line arguments as Nmap and produces the same output which makes it a drop-in replacament for Nmap. 28 | 29 | ## Features 30 | - Scans 200 hosts per second 31 | - Doesn't require any account/api key 32 | - Vulnerability detection 33 | - Supports all nmap's output formats 34 | - Service and version fingerprinting 35 | - Makes no contact to the targets 36 | 37 | ## Installation 38 | ### Manual 39 | `go install -v github.com/s0md3v/smap/cmd/smap@latest` 40 | 41 | Confused? For more detailed instructions, [click here](https://github.com/s0md3v/Smap/wiki/FAQ#how-do-i-install-smap) 42 | ### AUR pacakge 43 | Smap is available on AUR as [smap-git](https://aur.archlinux.org/packages/smap-git). 44 | 45 | ## Usage 46 | Smap takes the same arguments as Nmap but options other than `-p`, `-h`, `-o*`, `-iL` are ignored. If you are unfamiliar with Nmap, here's how to use Smap. 47 | 48 | ### Specifying targets 49 | ``` 50 | smap 127.0.0.1 127.0.0.2 51 | ``` 52 | You can also use a list of targets, seperated by newlines. 53 | ``` 54 | smap -iL targets.txt 55 | ``` 56 | **Supported formats** 57 | 58 | ``` 59 | 1.1.1.1 // IPv4 address 60 | example.com // hostname 61 | 178.23.56.0/8 // CIDR 62 | ``` 63 | 64 | ### Output 65 | Smap supports 6 output formats which can be used with the `-o* ` as follows 66 | ``` 67 | smap example.com -oX output.xml 68 | ``` 69 | If you want to print the output to terminal, use hyphen (`-`) as filename. 70 | 71 | **Supported formats** 72 | ``` 73 | oX // nmap's xml format 74 | oG // nmap's greppable format 75 | oN // nmap's default format 76 | oA // output in all 3 formats above at once 77 | oP // IP:PORT pairs seperated by newlines 78 | oS // custom smap format 79 | oJ // json 80 | ``` 81 | 82 | > Note: Since Nmap doesn't scan/display vulnerabilities and tags, that data is not available in nmap's formats. Use `-oS` to view that info. 83 | 84 | ### Specifying ports 85 | Smap scans these [1237 ports](https://api.shodan.io/shodan/ports) by default. If you want to display results for certain ports, use the `-p` option. 86 | 87 | ``` 88 | smap -p21-30,80,443 -iL targets.txt 89 | ``` 90 | 91 | ## Considerations 92 | Since Smap simply fetches existent port data from shodan.io, it is super fast but there's more to it. You should use Smap if: 93 | 94 | #### You want 95 | - vulnerability detection 96 | - a super fast port scanner 97 | - results for most common ports (top 1237) 98 | - no connections to be made to the targets 99 | 100 | #### You are okay with 101 | - not being able to scan IPv6 addresses 102 | - results being up to 7 days old 103 | - a few false negatives 104 | -------------------------------------------------------------------------------- /cmd/smap/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "github.com/s0md3v/smap/internal/core" 5 | ) 6 | 7 | func main() { 8 | core.Init() 9 | } 10 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/s0md3v/smap 2 | 3 | go 1.13 4 | 5 | require ( 6 | github.com/weppos/publicsuffix-go v0.15.0 7 | golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect 8 | ) 9 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/weppos/publicsuffix-go v0.15.0 h1:2uQCwDczZ8YZe5uD0mM3sXRoZYA74xxPuiKK8LdPcGQ= 2 | github.com/weppos/publicsuffix-go v0.15.0/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE= 3 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 4 | golang.org/x/net v0.0.0-20200202094626-16171245cfb2 h1:CCH4IOTTfewWjGOlSp+zGcjutRKlBEZQ6wTn8ozI/nI= 5 | golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 6 | golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc= 7 | golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= 8 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 9 | golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 10 | golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 11 | golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= 12 | golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= 13 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 14 | golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= 15 | golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= 16 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 17 | -------------------------------------------------------------------------------- /internal/core/argparser.go: -------------------------------------------------------------------------------- 1 | package core 2 | 3 | import ( 4 | "os" 5 | "regexp" 6 | "strings" 7 | ) 8 | 9 | var reValidPair = regexp.MustCompile(`^([-]{1,2}[A-Za-z-]+)(\d.*)?`) 10 | 11 | var validArgs = map[string]bool{ // name : is_boolean_type 12 | "iL": false, 13 | "iR": false, 14 | "exclude": false, 15 | "excludefile": false, 16 | "sL": true, 17 | "sn": true, 18 | "Pn": true, 19 | "PS": true, 20 | "PA": true, 21 | "PU": true, 22 | "PY": true, 23 | "PE": true, 24 | "PP": true, 25 | "PM": true, 26 | "PO": true, 27 | "n": true, 28 | "R": true, 29 | "dns-servers": false, 30 | "system-dns": true, 31 | "traceroute": true, 32 | "sS": true, 33 | "sT": true, 34 | "sA": true, 35 | "sW": true, 36 | "sM": true, 37 | "sU": true, 38 | "sN": true, 39 | "sF": true, 40 | "sX": true, 41 | "scanflags": false, 42 | "sI": false, 43 | "sY": true, 44 | "sZ": true, 45 | "sO": true, 46 | "b": false, 47 | "p": false, 48 | "exclude-ports": false, 49 | "F": true, 50 | "r": true, 51 | "top-ports": false, 52 | "port-ratio": false, 53 | "sV": true, 54 | "version-intensity": false, 55 | "version-light": true, 56 | "version-all": true, 57 | "version-trace": true, 58 | "sC": true, 59 | "script": true, 60 | "script-args": true, 61 | "script-args-file": true, 62 | "script-trace": true, 63 | "script-updatedb": true, 64 | "script-help": true, 65 | "O": true, 66 | "osscan-limit": true, 67 | "osscan-guess": true, 68 | "T": false, 69 | "min-hostgroup": false, 70 | "max-hostgroup": false, 71 | "min-parallelism": false, 72 | "max-parallelism": false, 73 | "min-rtt-timeout": false, 74 | "max-rtt-timeout": false, 75 | "initial-rtt-timeout": false, 76 | "max-retries": false, 77 | "host-timeout": false, 78 | "scan-delay": false, 79 | "max-scan-delay": false, 80 | "min-rate": false, 81 | "max-rate": false, 82 | "f": true, 83 | "D": false, 84 | "S": false, 85 | "e": false, 86 | "g": false, 87 | "source-port": false, 88 | "proxies": false, 89 | "data": false, 90 | "data-string": false, 91 | "data-length": false, 92 | "ip-options": false, 93 | "ttl": false, 94 | "spoof-mac": false, 95 | "badsum": true, 96 | "oN": false, 97 | "oX": false, 98 | "oS": false, 99 | "oG": false, 100 | "oA": false, 101 | "oJ": false, 102 | "oP": false, 103 | "v": true, 104 | "d": true, 105 | "reason": true, 106 | "open": true, 107 | "packet-trace": true, 108 | "iflist": true, 109 | "append-output": true, 110 | "resume": false, 111 | "stylesheet": false, 112 | "webxml": true, 113 | "no-stylesheet": true, 114 | "6": true, 115 | "A": true, 116 | "datadir": false, 117 | "send-eth": true, 118 | "send-ip": true, 119 | "privileged": true, 120 | "unprivileged": true, 121 | "V": true, 122 | "h": true, 123 | } 124 | 125 | func whatToDo(token string, lastAction int) (string, int) { 126 | /* 127 | -1 = error 128 | 0 = look for next arg 129 | 1 = look for arg's value 130 | 2 = treat as extra data 131 | */ 132 | if strings.HasPrefix(token, "-") { 133 | if lastAction == 1 { 134 | if token == "-" { 135 | return token, 0 136 | } 137 | return token, -1 138 | } 139 | newToken := strings.TrimPrefix(strings.TrimPrefix(token, "-"), "-") 140 | if newToken == "6" { 141 | return newToken, 0 142 | } 143 | argName := strings.Replace(newToken, "_", "-", -1) 144 | if boolType, ok := validArgs[argName]; ok { 145 | if boolType { 146 | return argName, 0 147 | } 148 | return argName, 1 149 | } 150 | return argName, -1 151 | } else if lastAction == 1 { 152 | return token, 0 153 | } 154 | return token, 2 155 | } 156 | 157 | func ParseArgs() (map[string]string, []string, bool) { 158 | var lastAction int 159 | var lastArg string 160 | var extra []string 161 | argPair := map[string]string{} 162 | for _, token := range os.Args[1:] { 163 | groups := reValidPair.FindStringSubmatch(token) 164 | if strings.HasPrefix(token, "-") && (strings.Contains(token, "=") || groups != nil) { 165 | if lastAction == 1 { 166 | return argPair, extra, true 167 | } 168 | thisArgName := strings.Split(token, "=")[0] 169 | if groups != nil { 170 | thisArgName = groups[1] 171 | } 172 | cleaned, action := whatToDo(thisArgName, lastAction) 173 | if action == 1 { 174 | if groups != nil { 175 | argPair[cleaned] = groups[2] 176 | } else { 177 | argPair[cleaned] = strings.Replace(token, thisArgName+"=", "", 1) 178 | } 179 | } else if action == 0 { 180 | argPair[cleaned] = "" 181 | } else if action == 2 { 182 | extra = append(extra, cleaned) 183 | } else if action == -1 { 184 | return argPair, extra, true 185 | } 186 | lastArg = cleaned 187 | lastAction = action 188 | continue 189 | } 190 | cleaned, action := whatToDo(token, lastAction) 191 | if action == 2 { 192 | extra = append(extra, cleaned) 193 | } else if action == 1 { 194 | lastArg = cleaned 195 | } else if action == -1 { 196 | return argPair, extra, true 197 | } else if action == 0 && lastAction == 1 { 198 | argPair[lastArg] = cleaned 199 | } 200 | lastAction = action 201 | } 202 | if lastAction == 1 { 203 | return argPair, extra, true 204 | } 205 | return argPair, extra, false 206 | } 207 | -------------------------------------------------------------------------------- /internal/core/common.go: -------------------------------------------------------------------------------- 1 | package core 2 | 3 | type Contender struct { 4 | Service string `json:"service"` 5 | Cpes []string `json:"cpes"` 6 | Protocol string `json:"protocol"` 7 | Softmatch bool `json:"softmatch"` 8 | Product string `json:"product,omitempty"` 9 | Heuristic []int `json:"heuristic,omitempty"` 10 | Os string `json:"os,omitempty"` 11 | Devicetype string `json:"devicetype,omitempty"` 12 | Ports []int `json:"ports,omitempty"` 13 | Sslports []int `json:"sslports,omitempty"` 14 | Ssl bool `json:"ssl,omitempty"` 15 | Score int `json:"score,omitempty"` 16 | } 17 | -------------------------------------------------------------------------------- /internal/core/correlate.go: -------------------------------------------------------------------------------- 1 | package core 2 | 3 | import ( 4 | "strconv" 5 | "strings" 6 | 7 | g "github.com/s0md3v/smap/internal/global" 8 | ) 9 | 10 | var Probes []g.Contender 11 | var Table map[string]string 12 | 13 | func deleteString(s []string, i int) []string { 14 | return append(s[:i], s[i+1:]...) 15 | } 16 | 17 | func containsInt(array []int, item int) bool { 18 | for _, thisItem := range array { 19 | if thisItem == item { 20 | return true 21 | } 22 | } 23 | return false 24 | } 25 | 26 | func Correlate(ports []int, cpes []string) ([]g.Port, g.OS) { 27 | contenders := map[int]g.Contender{} 28 | used_cpes := map[string]int{} 29 | result := []g.Port{} 30 | var thisOS g.OS 31 | duplicateMap := map[string][]int{} // {joined_cpe: [score, port]} 32 | for _, service := range Probes { 33 | cpeMatched := false 34 | thisContender := service 35 | for _, cpe := range service.Cpes { 36 | minus := len(service.Cpes) 37 | for _, shodanCpe := range cpes { 38 | if strings.HasPrefix(shodanCpe, cpe) { 39 | minus-- 40 | if strings.HasPrefix(shodanCpe, "cpe:/a") { 41 | cpeMatched = true 42 | } 43 | if strings.Count(cpe, ":") < 3 { 44 | thisContender.Score += 1 45 | } else { 46 | thisContender.Score += 2 47 | } 48 | } 49 | } 50 | thisContender.Score -= minus 51 | } 52 | if !cpeMatched { 53 | continue 54 | } 55 | if !service.Softmatch { 56 | thisContender.Score-- 57 | } 58 | for _, port := range ports { 59 | tempContender := thisContender 60 | if containsInt(service.Heuristic, port) { 61 | tempContender.Score += 3 62 | } 63 | if containsInt(service.Ports, port) { 64 | tempContender.Score += 2 65 | } 66 | if containsInt(service.Sslports, port) { 67 | tempContender.Score += 2 68 | tempContender.Ssl = true 69 | } 70 | if tempContender.Score > contenders[port].Score { 71 | failed := false 72 | for _, cpe := range tempContender.Cpes { 73 | if bestScore, ok := used_cpes[cpe]; ok { 74 | if tempContender.Score < bestScore { 75 | failed = true 76 | } 77 | } 78 | } 79 | if failed { 80 | continue 81 | } 82 | joinedCpes := strings.Join(tempContender.Cpes, "") 83 | if scoreAndPort, ok := duplicateMap[joinedCpes]; ok { 84 | localScore, localPort := scoreAndPort[0], scoreAndPort[1] 85 | if tempContender.Score > localScore { 86 | duplicateMap[joinedCpes] = []int{tempContender.Score, port} 87 | delete(contenders, localPort) 88 | } else { 89 | continue 90 | } 91 | } else { 92 | duplicateMap[joinedCpes] = []int{tempContender.Score, port} 93 | } 94 | if tempContender.OS != "" { 95 | thisOS.Port = port 96 | thisOS.Name = tempContender.OS 97 | thisOS.Cpes = []string{} 98 | for _, cpe := range tempContender.Cpes { 99 | if strings.HasPrefix(cpe, "cpe:/o") { 100 | thisOS.Cpes = append(thisOS.Cpes, cpe) 101 | } 102 | } 103 | } 104 | tempContender.Ports = []int{} 105 | tempContender.Sslports = []int{} 106 | tempContender.Heuristic = []int{} 107 | contenders[port] = tempContender 108 | for _, cpe := range tempContender.Cpes { 109 | used_cpes[cpe] = tempContender.Score 110 | } 111 | } 112 | } 113 | } 114 | orphan_ports := []int{} 115 | for port, contender := range contenders { 116 | thisPort := g.Port{} 117 | thisPort.Port = port 118 | thisPort.Service = contender.Service 119 | thisPort.Protocol = contender.Protocol 120 | thisPort.Product = contender.Product 121 | thisPort.Ssl = contender.Ssl 122 | thisPort.Cpes = []string{} 123 | replaceWith := cpes 124 | for _, cpe := range contender.Cpes { 125 | cpes = replaceWith 126 | for index, shodanCpe := range cpes { 127 | if strings.HasPrefix(shodanCpe, cpe) { 128 | thisPort.Cpes = append(thisPort.Cpes, shodanCpe) 129 | if strings.Count(shodanCpe, ":") > 3 { 130 | thisPort.Version = strings.Split(shodanCpe, ":")[4] 131 | } 132 | replaceWith = deleteString(cpes, index) 133 | break 134 | } 135 | } 136 | } 137 | result = append(result, thisPort) 138 | } 139 | for _, port := range ports { 140 | if _, ok := contenders[port]; !ok { 141 | orphan_ports = append(orphan_ports, port) 142 | } 143 | } 144 | for _, port := range orphan_ports { 145 | dummyPort := g.Port{} 146 | dummyPort.Port = port 147 | if value, ok := Table[strconv.Itoa(port)]; ok { 148 | dummyPort.Service = value + "?" 149 | } 150 | dummyPort.Protocol = "tcp" 151 | result = append(result, dummyPort) 152 | } 153 | return result, thisOS 154 | } 155 | -------------------------------------------------------------------------------- /internal/core/manager.go: -------------------------------------------------------------------------------- 1 | package core 2 | 3 | import ( 4 | "bufio" 5 | "fmt" 6 | "net" 7 | "os" 8 | "regexp" 9 | "strconv" 10 | "strings" 11 | "sync" 12 | "time" 13 | 14 | "encoding/json" 15 | 16 | "github.com/s0md3v/smap/internal/db" 17 | g "github.com/s0md3v/smap/internal/global" 18 | o "github.com/s0md3v/smap/internal/output" 19 | "github.com/weppos/publicsuffix-go/publicsuffix" 20 | ) 21 | 22 | var ( 23 | activeScans sync.WaitGroup 24 | activeOutputs sync.WaitGroup 25 | activeEnders sync.WaitGroup 26 | activeObjects sync.WaitGroup 27 | targetsChannel = make(chan scanObject, 3) 28 | outputChannel = make(chan g.Output, 1000) 29 | reAddressRange = regexp.MustCompile(`^\d{1,3}(-\d{1,3})?\.\d{1,3}(-\d{1,3})?\.\d{1,3}(-\d{1,3})?\.\d{1,3}(-\d{1,3})?$`) 30 | ) 31 | 32 | type scanObject struct { 33 | IP string 34 | Ports []int 35 | Hostname string 36 | } 37 | 38 | type respone struct { 39 | Cpes []string `json:"cpes"` 40 | Hostnames []string `json:"hostnames"` 41 | IP string `json:"ip"` 42 | Ports []int `json:"ports"` 43 | Tags []string `json:"tags"` 44 | Vulns []string `json:"vulns"` 45 | } 46 | 47 | func getPorts() []int { 48 | thesePorts := []int{} 49 | if value, ok := g.Args["p"]; ok { 50 | for _, port := range strings.Split(value, ",") { 51 | intPort, err := strconv.Atoi(port) 52 | if err == nil && intPort >= 0 && intPort <= 65535 { 53 | thesePorts = append(thesePorts, intPort) 54 | } else { 55 | fmt.Fprint(os.Stderr, "' ' is not a valid port number.\nQUITTING!\n") 56 | os.Exit(1) 57 | } 58 | } 59 | } 60 | return thesePorts 61 | } 62 | 63 | func isIPv4(str string) bool { 64 | parsed := net.ParseIP(str) 65 | if parsed == nil { 66 | return false 67 | } 68 | return reAddressRange.MatchString(str) 69 | } 70 | 71 | func isHostname(str string) bool { 72 | _, err := publicsuffix.Domain(str) 73 | return err == nil 74 | } 75 | 76 | func isAddressRange(str string) bool { 77 | if !reAddressRange.MatchString(str) { 78 | return false 79 | } 80 | for _, part := range strings.Split(str, ".") { 81 | for _, each := range strings.Split(part, "-") { 82 | if each[0] == 48 { // 48 is 0 in decimal 83 | return false 84 | } 85 | n, _ := strconv.Atoi(each) 86 | if n > 255 { 87 | return false 88 | } 89 | } 90 | } 91 | return true 92 | } 93 | 94 | func hostnameToIP(hostname string) string { 95 | ips, _ := net.LookupIP(hostname) 96 | if len(ips) > 0 { 97 | return ips[0].String() 98 | } 99 | return "" 100 | } 101 | 102 | func incIP(ip net.IP) { 103 | for j := len(ip) - 1; j >= 0; j-- { 104 | ip[j]++ 105 | if ip[j] > 0 { 106 | break 107 | } 108 | } 109 | } 110 | 111 | func handleOutput() { 112 | var ( 113 | startOutput []func() 114 | continueOutput []func(g.Output) 115 | endOutput []func() 116 | ) 117 | 118 | activeEnders.Add(1) 119 | if value, ok := g.Args["oA"]; ok { 120 | activeEnders.Add(2) 121 | if value == "-" { 122 | fmt.Fprint(os.Stderr, "Cannot display multiple output types to stdout.\nQUITTING!\n") 123 | os.Exit(1) 124 | } else { 125 | g.XmlFilename = value + ".xml" 126 | g.GrepFilename = value + ".gnmap" 127 | g.Args["oN"] = value + ".nmap" 128 | } 129 | startOutput = []func(){o.StartXML, o.StartGrep, o.StartNmap} 130 | continueOutput = []func(g.Output){o.ContinueXML, o.ContinueGrep, o.ContinueNmap} 131 | endOutput = []func(){o.EndXML, o.EndGrep, o.EndNmap} 132 | } else if value, ok := g.Args["oX"]; ok { 133 | startOutput = []func(){o.StartXML} 134 | continueOutput = []func(g.Output){o.ContinueXML} 135 | endOutput = []func(){o.EndXML} 136 | g.XmlFilename = value 137 | } else if value, ok := g.Args["oG"]; ok { 138 | startOutput = []func(){o.StartGrep} 139 | continueOutput = []func(g.Output){o.ContinueGrep} 140 | endOutput = []func(){o.EndGrep} 141 | g.GrepFilename = value 142 | } else if value, ok := g.Args["oJ"]; ok { 143 | startOutput = []func(){o.StartJson} 144 | continueOutput = []func(g.Output){o.ContinueJson} 145 | endOutput = []func(){o.EndJson} 146 | g.JsonFilename = value 147 | } else if value, ok := g.Args["oS"]; ok { 148 | startOutput = []func(){o.StartSmap} 149 | continueOutput = []func(g.Output){o.ContinueSmap} 150 | endOutput = []func(){o.EndSmap} 151 | g.SmapFilename = value 152 | } else if value, ok := g.Args["oP"]; ok { 153 | startOutput = []func(){o.StartPair} 154 | continueOutput = []func(g.Output){o.ContinuePair} 155 | endOutput = []func(){o.EndPair} 156 | g.PairFilename = value 157 | } else { 158 | startOutput = []func(){o.StartNmap} 159 | continueOutput = []func(g.Output){o.ContinueNmap} 160 | endOutput = []func(){o.EndNmap} 161 | } 162 | for _, function := range startOutput { 163 | function() 164 | } 165 | for output := range outputChannel { 166 | for _, function := range continueOutput { 167 | function(output) 168 | } 169 | activeOutputs.Done() 170 | } 171 | for _, function := range endOutput { 172 | function() 173 | activeEnders.Done() 174 | } 175 | } 176 | 177 | func scanner() { 178 | threads := make(chan bool, 3) 179 | for target := range targetsChannel { 180 | threads <- true 181 | go func(target scanObject) { 182 | processScanObject(target) 183 | activeScans.Done() 184 | <-threads 185 | }(target) 186 | } 187 | } 188 | 189 | func createScanObjects(object string) { 190 | activeScans.Add(1) 191 | var oneObject scanObject 192 | oneObject.Ports = g.PortList 193 | if isIPv4(object) { 194 | oneObject.IP = object 195 | targetsChannel <- oneObject 196 | } else if strings.Contains(object, "/") && isIPv4(strings.Split(object, "/")[0]) { 197 | activeScans.Done() 198 | ip, ipnet, err := net.ParseCIDR(object) 199 | if err != nil { 200 | return 201 | } 202 | for ip := ip.Mask(ipnet.Mask); ipnet.Contains(ip); incIP(ip) { 203 | oneObject.IP = ip.String() 204 | activeScans.Add(1) 205 | targetsChannel <- oneObject 206 | } 207 | } else if isHostname(object) { 208 | ip := hostnameToIP(object) 209 | if ip != "" { 210 | oneObject.IP = ip 211 | oneObject.Hostname = object 212 | targetsChannel <- oneObject 213 | } else { 214 | activeScans.Done() 215 | } 216 | } else if isAddressRange(object) { 217 | return 218 | } else { 219 | activeScans.Done() 220 | } 221 | } 222 | 223 | func processScanObject(object scanObject) { 224 | g.Increment(0) 225 | scanStarted := time.Now() 226 | response := Query(object.IP) 227 | var output g.Output 228 | if len(response) < 50 { 229 | return 230 | } else { 231 | activeOutputs.Add(1) 232 | } 233 | var data respone 234 | json.Unmarshal(response, &data) 235 | output.IP = data.IP 236 | output.Tags = data.Tags 237 | output.Vulns = data.Vulns 238 | output.Hostnames = data.Hostnames 239 | output.UHostname = object.Hostname 240 | filteredPorts := []int{} 241 | if len(object.Ports) > 0 { 242 | for _, port := range data.Ports { 243 | if containsInt(object.Ports, port) { 244 | filteredPorts = append(filteredPorts, port) 245 | } 246 | } 247 | if len(filteredPorts) == 0 { 248 | return 249 | } 250 | } else { 251 | filteredPorts = data.Ports 252 | } 253 | output.Ports, output.OS = Correlate(filteredPorts, data.Cpes) 254 | output.Start = scanStarted 255 | output.End = time.Now() 256 | g.Increment(1) 257 | outputChannel <- output 258 | } 259 | 260 | func Init() { 261 | args, extra, invalid := ParseArgs() 262 | if invalid { 263 | fmt.Println("One or more of your arguments are invalid. Refer to docs.\nQUITTING!") 264 | os.Exit(1) 265 | } else if _, ok := args["h"]; ok || len(os.Args) == 1 { 266 | fmt.Print(db.HelpText) 267 | os.Exit(0) 268 | } 269 | g.Args = args 270 | json.Unmarshal(db.NmapSigs, &Probes) 271 | json.Unmarshal(db.NmapTable, &Table) 272 | g.PortList = getPorts() 273 | g.ScanStartTime = time.Now() 274 | go scanner() 275 | go handleOutput() 276 | if value, ok := g.Args["iL"]; ok { 277 | scanner := bufio.NewScanner(os.Stdin) 278 | if value != "-" { 279 | file, err := os.Open(value) 280 | if err != nil { 281 | os.Exit(1) 282 | } 283 | defer file.Close() 284 | scanner = bufio.NewScanner(file) 285 | } 286 | for scanner.Scan() { 287 | createScanObjects(scanner.Text()) 288 | } 289 | 290 | if err := scanner.Err(); err != nil { 291 | os.Exit(1) 292 | } 293 | } else if len(extra) != 0 { 294 | threads := make(chan bool, 3) 295 | for _, arg := range extra { 296 | activeObjects.Add(1) 297 | threads <- true 298 | go func(object string) { 299 | createScanObjects(object) 300 | <-threads 301 | activeObjects.Done() 302 | }(arg) 303 | } 304 | activeObjects.Wait() 305 | } else { 306 | fmt.Println("WARNING: No targets were specified, so 0 hosts scanned.") 307 | } 308 | activeScans.Wait() 309 | close(targetsChannel) 310 | g.ScanEndTime = time.Now() 311 | activeOutputs.Wait() 312 | close(outputChannel) 313 | activeEnders.Wait() 314 | } 315 | -------------------------------------------------------------------------------- /internal/core/shodan.go: -------------------------------------------------------------------------------- 1 | package core 2 | 3 | import ( 4 | "net" 5 | "time" 6 | 7 | "io/ioutil" 8 | "net/http" 9 | ) 10 | 11 | var client = &http.Client{ 12 | Transport: &http.Transport{ 13 | Dial: (&net.Dialer{ 14 | Timeout: 8 * time.Second, 15 | }).Dial, 16 | TLSHandshakeTimeout: 3 * time.Second, 17 | ResponseHeaderTimeout: 5 * time.Second, 18 | ExpectContinueTimeout: 1 * time.Second, 19 | }, 20 | } 21 | 22 | func Query(ip string) []byte { 23 | url := "https://internetdb.shodan.io/" + ip 24 | req, err := http.NewRequest("GET", url, nil) 25 | resp, err := client.Do(req) 26 | if err != nil { 27 | return []byte{} 28 | } 29 | content, err := ioutil.ReadAll(resp.Body) 30 | if err != nil { 31 | return []byte{} 32 | } 33 | req.Close = true 34 | defer resp.Body.Close() 35 | return content 36 | } 37 | -------------------------------------------------------------------------------- /internal/db/help_text.go: -------------------------------------------------------------------------------- 1 | package db 2 | 3 | import ( 4 | "fmt" 5 | g "github.com/s0md3v/smap/internal/global" 6 | ) 7 | 8 | var HelpText = fmt.Sprintf(`Smap %s 9 | Usage: smap 10 | TARGET SPECIFICATION: 11 | Valid targets are hostnames, IP addresses, networks, etc. 12 | Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1 13 | -iL : Input from list of hosts/networks. Use - as filename to use stdin input. 14 | OUTPUT: 15 | Specify a file to write the output or use - as filename to write it to stdout (terminal). 16 | Ex: -oX 17 | -oX XML 18 | -oG Greppable 19 | -oN Nmap 20 | -oA All 3 above 21 | -oJ JSON 22 | -oS Smap format 23 | -oP ip:port pairs 24 | `, g.Version) -------------------------------------------------------------------------------- /internal/global/types.go: -------------------------------------------------------------------------------- 1 | package global 2 | 3 | import ( 4 | "time" 5 | ) 6 | 7 | type Contender struct { 8 | Service string `json:"service"` 9 | Cpes []string `json:"cpes"` 10 | Protocol string `json:"protocol"` 11 | Softmatch bool `json:"softmatch"` 12 | Product string `json:"product,omitempty"` 13 | Heuristic []int `json:"heuristic,omitempty"` 14 | OS string `json:"os,omitempty"` 15 | Devicetype string `json:"devicetype,omitempty"` 16 | Ports []int `json:"ports,omitempty"` 17 | Sslports []int `json:"sslports,omitempty"` 18 | Ssl bool `json:"ssl,omitempty"` 19 | Score int `json:"score,omitempty"` 20 | } 21 | 22 | type OS struct { 23 | Name string `json:"name"` 24 | Cpes []string `json:"cpes"` 25 | Port int `json:"port"` 26 | } 27 | type Output struct { 28 | IP string `json:"ip"` 29 | Hostnames []string `json:"hostnames"` 30 | UHostname string `json:"user_hostname,omitempty"` 31 | Ports []Port `json:"ports"` 32 | Tags []string `json:"tags,omitempty"` 33 | Vulns []string `json:"vulns,omitempty"` 34 | Start time.Time `json:"start_time"` 35 | End time.Time `json:"end_time"` 36 | OS OS `json:"os,omitempty"` 37 | } 38 | 39 | type Port struct { 40 | Port int `json:"port"` 41 | Service string `json:"service"` 42 | Cpes []string `json:"cpes"` 43 | Protocol string `json:"protocol"` 44 | Product string `json:"product,omitempty"` 45 | Version string `json:"version,omitempty"` 46 | Ssl bool `json:"ssl,omitempty"` 47 | } 48 | -------------------------------------------------------------------------------- /internal/global/variables.go: -------------------------------------------------------------------------------- 1 | package global 2 | 3 | import ( 4 | "sync/atomic" 5 | "time" 6 | ) 7 | 8 | type count32 int32 9 | 10 | func (c *count32) inc() int32 { 11 | return atomic.AddInt32((*int32)(c), 1) 12 | } 13 | 14 | func Increment(counterType int) { 15 | if counterType == 0 { 16 | TotalHosts.inc() 17 | } else { 18 | AliveHosts.inc() 19 | } 20 | } 21 | 22 | var ( 23 | PortList []int 24 | ScanStartTime time.Time 25 | ScanEndTime time.Time 26 | XmlFilename string 27 | GrepFilename string 28 | NmapFilename string 29 | JsonFilename string 30 | SmapFilename string 31 | PairFilename string 32 | Args map[string]string 33 | TotalHosts count32 34 | AliveHosts count32 35 | Version = "0.1.0-rc" 36 | ) 37 | -------------------------------------------------------------------------------- /internal/output/common.go: -------------------------------------------------------------------------------- 1 | package output 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "strings" 7 | "time" 8 | ) 9 | 10 | func GetCommand() string { 11 | return "nmap " + strings.Join(os.Args[1:], " ") 12 | } 13 | 14 | func ConvertTime(unixTime time.Time, format string) string { 15 | if format == "nmap-file" { 16 | parts := strings.Split(strings.Replace(unixTime.Format(time.RFC1123), ",", "", 1), " ") 17 | return fmt.Sprintf("%s %s %s %s %s", parts[0], parts[2], parts[1], parts[4], parts[3]) 18 | } else if format == "nmap-stdout" { 19 | rawDate := strings.Split(unixTime.Format(time.RFC3339), "T")[0] 20 | formattedDate := strings.Replace(rawDate, ":", "-", -1) 21 | parts := strings.Split(unixTime.Format(time.RFC822), " ") 22 | return fmt.Sprintf("%s %s %s", formattedDate, parts[3], parts[4]) 23 | } 24 | return fmt.Sprintf("%d", unixTime.Unix()) 25 | } 26 | 27 | func OpenFile(filepath string) *os.File { 28 | f, err := os.OpenFile(filepath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644) 29 | if err != nil { 30 | fmt.Fprint(os.Stderr, fmt.Sprintf("Failed to open output file %s for writing\n", filepath)) 31 | fmt.Fprint(os.Stderr, "QUITTING!\n") 32 | os.Exit(1) 33 | } 34 | return f 35 | } 36 | 37 | func Write(str string, dest string, openedFile *os.File) { 38 | if dest == "-" { 39 | fmt.Print(str) 40 | return 41 | } 42 | openedFile.WriteString(str) 43 | } 44 | -------------------------------------------------------------------------------- /internal/output/grep.go: -------------------------------------------------------------------------------- 1 | package output 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "strings" 7 | "time" 8 | 9 | g "github.com/s0md3v/smap/internal/global" 10 | ) 11 | 12 | var openedGrepFile *os.File 13 | 14 | func StartGrep() { 15 | if g.GrepFilename != "-" { 16 | openedGrepFile = OpenFile(g.GrepFilename) 17 | } 18 | startstr := ConvertTime(g.ScanStartTime, "nmap-file") 19 | Write(fmt.Sprintf("# Nmap 9.99 scan initiated %s as: %s\n", startstr, GetCommand()), g.GrepFilename, openedGrepFile) 20 | } 21 | 22 | func ContinueGrep(result g.Output) { 23 | hostname := "" 24 | if len(result.Hostnames) > 0 { 25 | hostname = result.Hostnames[0] 26 | } 27 | hostPrefix := fmt.Sprintf("Host: %s (%s)", result.IP, hostname) 28 | if hostname == "" { 29 | hostPrefix += " " 30 | } 31 | entireString := fmt.Sprintf("%s Status: Up\n", hostPrefix) 32 | thesePorts := []string{} 33 | for _, port := range result.Ports { 34 | thisPort := fmt.Sprintf("%d/open/%s//%s//%s", port.Port, port.Protocol, port.Service, port.Product) 35 | if port.Version != "" { 36 | thisPort += fmt.Sprintf(" %s/", port.Version) 37 | } else { 38 | thisPort += "/" 39 | } 40 | thesePorts = append(thesePorts, thisPort) 41 | } 42 | entireString += fmt.Sprintf("%s Ports: %s\n", hostPrefix, strings.Join(thesePorts, ", ")) 43 | Write(entireString, g.GrepFilename, openedGrepFile) 44 | } 45 | 46 | func EndGrep() { 47 | elapsed := fmt.Sprintf("%.2f", time.Since(g.ScanStartTime).Seconds()) 48 | esTotal := "" 49 | if g.TotalHosts > 1 { 50 | esTotal = "es" 51 | } 52 | sAlive := "" 53 | if g.AliveHosts > 1 { 54 | sAlive = "s" 55 | } 56 | Write(fmt.Sprintf("# Nmap done at %s -- %d IP address%s (%d host%s up) scanned in %s seconds\n", ConvertTime(g.ScanEndTime, "nmap-file"), g.TotalHosts, esTotal, g.AliveHosts, sAlive, elapsed), g.GrepFilename, openedGrepFile) 57 | defer openedGrepFile.Close() 58 | } 59 | -------------------------------------------------------------------------------- /internal/output/json.go: -------------------------------------------------------------------------------- 1 | package output 2 | 3 | import ( 4 | "encoding/json" 5 | "os" 6 | 7 | g "github.com/s0md3v/smap/internal/global" 8 | ) 9 | 10 | var firstDone = false 11 | var openedJsonFile *os.File 12 | 13 | func StartJson() { 14 | if g.JsonFilename != "-" { 15 | openedGrepFile = OpenFile(g.JsonFilename) 16 | } 17 | Write("[", g.JsonFilename, openedJsonFile) 18 | } 19 | 20 | func ContinueJson(result g.Output) { 21 | prefix := "" 22 | if firstDone { 23 | prefix = "," 24 | } 25 | firstDone = true 26 | jsoned, _ := json.Marshal(&result) 27 | Write(prefix+string(jsoned), g.JsonFilename, openedJsonFile) 28 | } 29 | 30 | func EndJson() { 31 | Write("]", g.JsonFilename, openedJsonFile) 32 | defer openedJsonFile.Close() 33 | } 34 | -------------------------------------------------------------------------------- /internal/output/nmap.go: -------------------------------------------------------------------------------- 1 | package output 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "strconv" 7 | "strings" 8 | "time" 9 | 10 | g "github.com/s0md3v/smap/internal/global" 11 | ) 12 | 13 | var openedNmapFile *os.File 14 | 15 | func pad(str string, n int) string { 16 | return strings.Repeat(" ", n) + str 17 | } 18 | 19 | func StartNmap() { 20 | if value, ok := g.Args["oN"]; ok { 21 | openedNmapFile = OpenFile(value) 22 | startstr := ConvertTime(g.ScanStartTime, "nmap-file") 23 | Write(fmt.Sprintf("# Starting Nmap 9.99 ( https://nmap.org ) at %s as: %s\n", startstr, GetCommand()), value, openedNmapFile) 24 | } else { 25 | startstr := ConvertTime(g.ScanStartTime, "nmap-stdout") 26 | Write(fmt.Sprintf("Starting Nmap 9.99 ( https://nmap.org ) at %s\n", startstr), "-", openedNmapFile) 27 | } 28 | } 29 | 30 | func ContinueNmap(result g.Output) { 31 | longestPort := 5 32 | longestService := 7 33 | for _, port := range result.Ports { 34 | strPort := strconv.Itoa(port.Port) 35 | if len(strPort)+4 > longestPort { 36 | longestPort = len(strPort) + 4 37 | } 38 | if len(port.Service) > longestService { 39 | longestService = len(port.Service) 40 | } 41 | } 42 | thisOutput := "" 43 | if result.UHostname != "" { 44 | thisOutput += fmt.Sprintf("Nmap scan report for %s (%s)\nHost is up.\n", result.UHostname, result.IP) 45 | if len(result.Hostnames) > 0 { 46 | thisOutput += fmt.Sprintf("rDNS record for %s: %s\n\n", result.IP, result.Hostnames[0]) 47 | } 48 | } else if len(result.Hostnames) > 0 { 49 | thisOutput += fmt.Sprintf("Nmap scan report for %s (%s)\nHost is up.\n\n", result.Hostnames[0], result.IP) 50 | } else { 51 | thisOutput += fmt.Sprintf("Nmap scan report for %s\nHost is up.\n\n", result.IP) 52 | } 53 | thisOutput += fmt.Sprintf("PORT %sSTATE SERVICE %sVERSION\n", pad("", longestPort-4), pad(" ", longestService-7)) 54 | serviceString := "" 55 | for _, port := range result.Ports { 56 | strPort := fmt.Sprintf("%d/%s", port.Port, port.Protocol) 57 | productLine := "" 58 | if port.Product != "" { 59 | productLine += port.Product 60 | if port.Version != "" { 61 | productLine += " " + port.Version 62 | } 63 | } 64 | thisOutput += fmt.Sprintf("%s%s %s%s\n", strPort, pad("open", longestPort-len(strPort)+1), port.Service, pad(productLine, longestService-len(port.Service)+2)) 65 | if result.OS.Name != "" && result.OS.Port == port.Port { 66 | serviceString += fmt.Sprintf("Service Info: OS: %s", result.OS.Name) 67 | if len(result.OS.Cpes) > 0 { 68 | for _, cpe := range result.OS.Cpes { 69 | if strings.Contains(cpe, strings.ToLower(result.OS.Name)) { 70 | serviceString += fmt.Sprintf("; CPE: %s", cpe) 71 | break 72 | } 73 | } 74 | } 75 | serviceString += "\n" 76 | } 77 | } 78 | thisOutput += serviceString 79 | thisOutput += "\n" 80 | if value, ok := g.Args["oN"]; ok { 81 | Write(thisOutput, value, openedNmapFile) 82 | } else { 83 | Write(thisOutput, "-", openedNmapFile) 84 | } 85 | } 86 | 87 | func EndNmap() { 88 | elapsed := fmt.Sprintf("%.2f", time.Since(g.ScanStartTime).Seconds()) 89 | footer := "Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .\n" 90 | esTotal := "" 91 | if g.TotalHosts > 1 { 92 | esTotal = "es" 93 | } 94 | sAlive := "" 95 | if g.AliveHosts > 1 { 96 | sAlive = "s" 97 | } 98 | if value, ok := g.Args["oN"]; ok { 99 | endstr := ConvertTime(g.ScanEndTime, "nmap-file") 100 | footer += fmt.Sprintf("# Nmap done at %s -- %d IP address%s (%d host%s up) scanned in %s seconds\n", endstr, g.TotalHosts, esTotal, g.AliveHosts, sAlive, elapsed) 101 | Write(footer, value, openedNmapFile) 102 | } else { 103 | footer += fmt.Sprintf("Nmap done: %d IP address%s (%d host%s up) scanned in %s seconds\n", g.TotalHosts, esTotal, g.AliveHosts, sAlive, elapsed) 104 | Write(footer, "-", openedNmapFile) 105 | } 106 | defer openedNmapFile.Close() 107 | } 108 | -------------------------------------------------------------------------------- /internal/output/pair.go: -------------------------------------------------------------------------------- 1 | package output 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | 7 | g "github.com/s0md3v/smap/internal/global" 8 | ) 9 | 10 | var openedPairFile *os.File 11 | 12 | func StartPair() { 13 | if g.PairFilename != "-" { 14 | openedPairFile = OpenFile(g.PairFilename) 15 | } 16 | } 17 | 18 | func ContinuePair(result g.Output) { 19 | thisString := "" 20 | for _, port := range result.Ports { 21 | thisString += fmt.Sprintf("%s:%d\n", result.IP, port.Port) 22 | } 23 | Write(thisString, g.PairFilename, openedPairFile) 24 | } 25 | 26 | func EndPair() { 27 | } 28 | -------------------------------------------------------------------------------- /internal/output/smap.go: -------------------------------------------------------------------------------- 1 | package output 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "strings" 7 | 8 | g "github.com/s0md3v/smap/internal/global" 9 | ) 10 | 11 | var openedSmapFile *os.File 12 | 13 | func StartSmap() { 14 | if g.SmapFilename != "-" { 15 | openedSmapFile = OpenFile(g.SmapFilename) 16 | } 17 | Write(fmt.Sprintf("\n\tSmap (%s)\n", g.Version), g.SmapFilename, openedSmapFile) 18 | } 19 | 20 | func ContinueSmap(result g.Output) { 21 | thisString := "" 22 | hostnames := result.Hostnames 23 | if result.UHostname != "" { 24 | hostnames = append(hostnames, result.UHostname) 25 | } 26 | if len(hostnames) != 0 { 27 | thisString += fmt.Sprintf("\n+ %s (%s)\n", result.IP, strings.Join(hostnames, ", ")) 28 | } else { 29 | thisString += fmt.Sprintf("%s\n", result.IP) 30 | } 31 | if result.OS.Name != "" { 32 | thisString += fmt.Sprintf(" - OS: %s\n", result.OS.Name) 33 | } 34 | if len(result.Tags) != 0 { 35 | thisString += fmt.Sprintf(" - Tags: %s\n", strings.Join(result.Tags, ", ")) 36 | } 37 | thisString += " + Ports:\n" 38 | for _, port := range result.Ports { 39 | thisString += fmt.Sprintf(" - %d %s", port.Port, port.Protocol) 40 | if port.Service != "" { 41 | thisString += fmt.Sprintf("/%s ", port.Service) 42 | } else { 43 | thisString += " " 44 | } 45 | if len(port.Cpes) != 0 { 46 | thisString += strings.Join(port.Cpes, " ") 47 | } 48 | thisString += "\n" 49 | } 50 | if len(result.Vulns) != 0 { 51 | thisString += fmt.Sprintf(" - Vulns: %s\n", strings.Join(result.Vulns, ", ")) 52 | } 53 | Write(thisString, g.SmapFilename, openedSmapFile) 54 | } 55 | 56 | func EndSmap() { 57 | } 58 | -------------------------------------------------------------------------------- /internal/output/xml.go: -------------------------------------------------------------------------------- 1 | package output 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "strings" 7 | "time" 8 | 9 | g "github.com/s0md3v/smap/internal/global" 10 | ) 11 | 12 | var openedXmlFile *os.File 13 | var shodanPortList = "0,7,11,13,15,17,19-26,37-38,43,49,51,53,69-70,79-92,95-100,102,104,106,110-111,113,119,121,123,129,131,135,137,139,143,154,161,175,179-180,195,199,211,221-222,225,263-264,311,340,389,443-445,447-450,465,491,500,502-503,515,520,522-523,541,548,554-555,587,593,623,626,631,636,646,666,675,685,771-772,777,789,800-801,805-806,808,830,843,873,880,888,902,943,990,992-995,999-1000,1010,1012,1022-1029,1050,1063,1080,1099,1110-1111,1119,1167,1177,1194,1200,1234,1250,1290,1311,1344,1355,1366,1388,1400,1433-1434,1471,1494,1500,1515,1521,1554,1588,1599,1604,1650,1660,1723,1741,1777,1800,1820,1830,1833,1883,1900-1901,1911,1935,1947,1950-1951,1962,1981,1990-1991,2000-2003,2006,2008,2010,2012,2018,2020-2022,2030,2048-2070,2077,2079-2083,2086-2087,2095-2096,2100,2111,2121-2123,2126,2150,2152,2181,2200-2202,2211,2220-2223,2225,2232-2233,2250,2259,2266,2320,2323,2332,2345,2351-2352,2375-2376,2379,2382,2404,2443,2455,2480,2506,2525,2548-2563,2566-2570,2572,2598,2601-2602,2626,2628,2650,2701,2709,2761-2762,2806,2985,3000-3002,3005,3048-3063,3066-3121,3128-3129,3200,3211,3221,3260,3270,3283,3299,3306-3307,3310-3311,3333,3337,3352,3386,3388-3389,3391,3400-3410,3412,3443,3460,3479,3498,3503,3521-3524,3541-3542,3548-3552,3554-3563,3566-3570,3671,3689-3690,3702,3749,3780,3784,3790-3794,3838,3910,3922,3950-3954,4000-4002,4010,4022,4040,4042-4043,4063-4064,4070,4100,4117-4118,4157,4190,4200,4242-4243,4282,4321,4369,4430,4433,4443-4445,4482,4500,4505-4506,4523-4524,4545,4550,4567,4643,4646,4664,4700,4730,4734,4747,4782,4786,4800,4808,4840,4848,4911,4949,4999-5010,5025,5050,5060,5070,5080,5090,5094,5122,5150,5172,5190,5201,5209,5222,5269,5280,5321,5353,5357,5400,5431-5432,5443,5446,5454,5494,5500,5542,5552,5555,5560,5567-5569,5577,5590-5609,5632,5672-5673,5683-5684,5800-5801,5822,5853,5858,5900-5901,5906-5910,5938,5984-5986,6000-6010,6036,6080,6102,6161,6262,6264,6308,6352,6363,6379,6443,6464,6503,6510-6512,6543,6550,6560-6561,6565,6580-6581,6588,6590,6600-6603,6605,6622,6650,6662,6664,6666-6668,6697,6748,6789,6881,6887,6955,6969,6998,7000-7005,7010,7014,7070-7071,7080-7081,7090,7170-7171,7218,7401,7415,7433,7443-7445,7465,7474,7493,7500,7510,7535,7537,7547-7548,7634,7654,7657,7676,7700,7776-7779,7788,7887,7979,7998-8058,8060,8064,8066,8069,8071-8072,8080-8112,8118,8123,8126,8139-8140,8143,8159,8180-8182,8184,8190,8200,8222,8236-8239,8241,8243,8248-8249,8251-8252,8282,8291,8333-8334,8383,8401-8433,8442-8448,8500,8513,8545,8553-8554,8585-8586,8590,8602,8621-8623,8637,8649,8663,8666,8686,8688,8700,8733,8765-8767,8779,8782,8784,8787-8791,8800-8881,8885,8887-8891,8899,8935,8969,8988-8991,8993,8999-9051,9070,9080,9082,9084,9088-9111,9119,9136,9151,9160,9189,9191,9199-9222,9251,9295,9299-9311,9389,9418,9433,9443-9445,9500,9527,9530,9550,9595,9600,9606,9633,9663,9682,9690,9704,9743,9761,9765,9861,9869,9876,9898-9899,9943-9944,9950,9955,9966,9981,9988,9990-9994,9997-10001,10134,10243,10250,10443,10554,11112,11211,11300,12000,12345,13579,14147,14265,14344,16010,16464,16992-16993,17000,18081,18245,20000,20087,20256,20547,21025,21379,22222,23023,23424,25105,25565,27015-27017,27036,28015,28017,30718,32400,32764,33060,33338,37215,37777,41794,44818,47808,48899,49152-49153,50000,50050,50070,50100,51106,51235,52869,53413,54138,54984,55442-55443,55553-55554,60001,60129,62078,64738" 14 | 15 | func StartXML() { 16 | if g.XmlFilename != "-" { 17 | openedXmlFile = OpenFile(g.XmlFilename) 18 | } 19 | portsLen := 1237 20 | portsStr := shodanPortList 21 | if value, ok := g.Args["p"]; ok { 22 | portsLen = len(g.PortList) 23 | portsStr = value 24 | } 25 | startstr := ConvertTime(g.ScanStartTime, "nmap-file") 26 | Write(fmt.Sprintf(` 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | `, startstr, GetCommand(), GetCommand(), g.ScanStartTime.Unix(), startstr, portsLen, portsStr), g.XmlFilename, openedXmlFile) 35 | } 36 | 37 | func portToXML(port g.Port, result g.Output) string { 38 | thisString := fmt.Sprintf(``, port.Protocol, port.Port) 39 | if port.Service != "" { 40 | thisString += fmt.Sprintf(``, result.OS.Name) 52 | } else if strings.HasSuffix(port.Service, "?") { 53 | thisString += ` method="table" conf="3">` 54 | } else { 55 | thisString += ` method="probed" conf="8">` 56 | } 57 | for _, cpe := range port.Cpes { 58 | thisString += fmt.Sprintf(`%s`, cpe) 59 | } 60 | thisString += "\n" 61 | } 62 | return thisString 63 | } 64 | 65 | func ContinueXML(result g.Output) { 66 | thisOutput := "" 67 | thisOutput += fmt.Sprintf(` 68 |
69 | 70 | `, result.Start.Unix(), result.End.Unix(), result.IP) 71 | for _, hostname := range result.Hostnames { 72 | thisOutput += fmt.Sprintf("\n", hostname) 73 | } 74 | if result.UHostname != "" { 75 | thisOutput += fmt.Sprintf("\n", result.UHostname) 76 | } 77 | thisOutput += "\n" 78 | for _, port := range result.Ports { 79 | thisOutput += portToXML(port, result) 80 | } 81 | thisOutput += "\n\n\n" 82 | Write(thisOutput, g.XmlFilename, openedXmlFile) 83 | } 84 | 85 | func EndXML() { 86 | timestr := ConvertTime(g.ScanEndTime, "nmap-file") 87 | elapsed := fmt.Sprintf("%.2f", time.Since(g.ScanStartTime).Seconds()) 88 | Write(fmt.Sprintf(` 89 | 90 | 91 | `, g.ScanEndTime.Unix(), timestr, elapsed, timestr, g.TotalHosts, g.AliveHosts, elapsed, g.AliveHosts, g.TotalHosts-g.AliveHosts, g.TotalHosts), g.XmlFilename, openedXmlFile) 92 | defer openedXmlFile.Close() 93 | } 94 | -------------------------------------------------------------------------------- /internal/util/util.go: -------------------------------------------------------------------------------- 1 | package util 2 | 3 | import ( 4 | "fmt" 5 | "net" 6 | "os" 7 | "strconv" 8 | "strings" 9 | "time" 10 | ) 11 | 12 | func RemoveByIndex(array []string, index int) []string { 13 | array[index] = array[len(array)-1] 14 | return array[:len(array)-1] 15 | } 16 | 17 | func Contains(array []string, item string) bool { 18 | for _, thisItem := range array { 19 | if thisItem == item { 20 | return true 21 | } 22 | } 23 | return false 24 | } 25 | -------------------------------------------------------------------------------- /static/smap-demo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackhatethicalhacking/Smap/dab48f2a6d2e868c6c0c98417154235d472c1614/static/smap-demo.png -------------------------------------------------------------------------------- /static/smap-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blackhatethicalhacking/Smap/dab48f2a6d2e868c6c0c98417154235d472c1614/static/smap-logo.png --------------------------------------------------------------------------------