├── .github └── workflows │ └── test-coverage.yml ├── .gitignore ├── LICENSE ├── README.md ├── images └── logo.png ├── netbox_sync_physical_hosts ├── NetboxSync.py ├── __init__.py ├── config │ ├── __init__.py │ ├── config.py │ ├── netbox-sync.conf │ └── tests │ │ └── test_config.py ├── modules │ ├── NmapHandler.py │ ├── __init__.py │ └── tests │ │ └── test_NmapHandler.py └── netboxhandler │ ├── NetBoxHandler.py │ ├── __init__.py │ └── tests │ └── test_NetBoxHandler.py └── requirements.txt /.github/workflows/test-coverage.yml: -------------------------------------------------------------------------------- 1 | name: TestCov 2 | on: [push] 3 | 4 | env: 5 | IMAGE_NAME: netbox-sync-physical-hosts 6 | NETBOX_ADDRESS: http://test:8000 7 | NETBOX_TOKEN: 12345 8 | jobs: 9 | test: 10 | name: Coverage code 11 | runs-on: ubuntu-latest 12 | steps: 13 | - uses: actions/checkout@master 14 | - name: Setup Python 15 | uses: actions/setup-python@master 16 | with: 17 | python-version: 3.9 18 | - name: Install dependencies 19 | run: | 20 | pip install pytest 21 | pip install pytest-cov 22 | pip install -r requirements.txt 23 | - name: Add path 24 | run: | 25 | echo "PYTHONPATH=/home/runner/work/netbox-sync-physical-hosts/netbox-sync-physical-hosts:/home/runner/work/netbox-sync-physical-hosts/netbox-sync-physical-hosts/netbox-sync-physical-hosts/modules:/home/runner/work/netbox-sync-physical-hosts/netbox-sync-physical-hosts/netbox-sync-physical-hosts/netboxhandler:/home/runner/work/netbox-sync-physical-hosts/netbox-sync-physical-hosts/netbox-sync-physical-hosts/config:$PYTHONPATH" >> $GITHUB_ENV 26 | - name: Generate coverage report 27 | run: | 28 | echo $PYTHONPATH 29 | pytest --cov=./ --cov-report=xml 30 | - uses: codecov/codecov-action@v1 31 | with: 32 | token: ${{ secrets.CODECOV_TOKEN }} 33 | flags: unittests 34 | name: codecov-umbrella 35 | fail_ci_if_error: true 36 | verbose: true 37 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | pip-wheel-metadata/ 24 | share/python-wheels/ 25 | *.egg-info/ 26 | .installed.cfg 27 | *.egg 28 | MANIFEST 29 | 30 | # PyInstaller 31 | # Usually these files are written by a python script from a template 32 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 33 | *.manifest 34 | *.spec 35 | 36 | # Installer logs 37 | pip-log.txt 38 | pip-delete-this-directory.txt 39 | 40 | # Unit test / coverage reports 41 | htmlcov/ 42 | .tox/ 43 | .nox/ 44 | .coverage 45 | .coverage.* 46 | .cache 47 | nosetests.xml 48 | coverage.xml 49 | *.cover 50 | *.py,cover 51 | .hypothesis/ 52 | .pytest_cache/ 53 | 54 | # Translations 55 | *.mo 56 | *.pot 57 | 58 | # Django stuff: 59 | *.log 60 | local_settings.py 61 | db.sqlite3 62 | db.sqlite3-journal 63 | 64 | # Flask stuff: 65 | instance/ 66 | .webassets-cache 67 | 68 | # Scrapy stuff: 69 | .scrapy 70 | 71 | # Sphinx documentation 72 | docs/_build/ 73 | 74 | # PyBuilder 75 | target/ 76 | 77 | # Jupyter Notebook 78 | .ipynb_checkpoints 79 | 80 | # IPython 81 | profile_default/ 82 | ipython_config.py 83 | 84 | # pyenv 85 | .python-version 86 | 87 | # pipenv 88 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 89 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 90 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 91 | # install all needed dependencies. 92 | #Pipfile.lock 93 | 94 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow 95 | __pypackages__/ 96 | 97 | # Celery stuff 98 | celerybeat-schedule 99 | celerybeat.pid 100 | 101 | # SageMath parsed files 102 | *.sage.py 103 | 104 | # Environments 105 | .env 106 | .venv 107 | env/ 108 | venv/ 109 | ENV/ 110 | env.bak/ 111 | venv.bak/ 112 | 113 | # Spyder project settings 114 | .spyderproject 115 | .spyproject 116 | 117 | # Rope project settings 118 | .ropeproject 119 | 120 | # mkdocs documentation 121 | /site 122 | 123 | # mypy 124 | .mypy_cache/ 125 | .dmypy.json 126 | dmypy.json 127 | 128 | # Pyre type checker 129 | .pyre/ 130 | .idea/.gitignore 131 | .idea/misc.xml 132 | .idea/modules.xml 133 | .idea/netbox-sync-physical-hosts.iml 134 | .idea/vcs.xml 135 | .idea/inspectionProfiles/profiles_settings.xml 136 | .idea/inspectionProfiles/Project_Default.xml 137 | .vscode/settings.json 138 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . 675 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![codecov](https://codecov.io/gh/guanana/netbox-sync-physical-hosts/branch/main/graph/badge.svg?token=AJUM01SDMX)](https://codecov.io/gh/guanana/netbox-sync-physical-hosts) 2 | [![Known Vulnerabilities](https://snyk.io/test/github/guanana/netbox-sync-physical-hosts/badge.svg?targetFile=requirements.txt)](https://snyk.io/test/github/guanana/netbox-sync-physical-hosts?targetFile=requirements.txt) 3 |
4 |

5 | 6 | Logo 7 | 8 | 9 |

netbox-sync-physical-hosts

10 | 11 |

12 | Scan your network and populate info to Netbox, fast and reliable 13 |
14 | Report Bug 15 | · 16 | Request Feature 17 |

18 | 19 | 20 |
21 |

Table of Contents

 22 |
    23 |
  1. 24 | About The Project 25 | 28 |
    2. 29 |
  2. 30 | Getting Started 31 | 35 |
    3. 36 |
  3. 37 | Usage 38 | 43 |
    4. 44 |
  4. Contributing
    5. 45 |
  5. License
    6. 46 |
47 |
48 | 49 | 50 | ## About The Project 51 | The project is meant to be as stable as robust as possible. 52 | There's a reason behind Netbox project not wanting to create a scanner, if you use Netbox it is recommended 53 | to be your `source of truth`. In order to make that statement true we need to make sure Netbox doesn't contain 54 | outdated, not acurate or not useful info. 55 | This script aims to keep things as simple as possible and pre-populate info into Netbox to make your life easier. 56 | 57 | It's recommended to first run the script pointing at a dev instance of Netbox first. This project tries to populate 58 | info in a safe way but there's never 100% certainty and things can get ugly if you run this script directly in prod 59 | and something goes wrong. 60 | Because automated source of truth can be handy sometimes ;-) 61 | 62 | ### Built With 63 | 64 | * [Python](https://www.python.org/) 65 | * [PyNetbox](https://github.com/digitalocean/pynetbox) 66 | * [python3-nmap](https://pypi.org/project/python3-nmap/) 67 | 68 | 69 | 70 | ## Getting Started 71 | 72 | To get a local copy up and running follow these simple steps. 73 | 74 | ### Prerequisites 75 | 76 | This script works with Netbox >= 2.9 and python >=3.6 77 | In order to run the software you just need to install the requirement. 78 | * python >= 3.6 79 | ```sh 80 | pip install -r requirements.txt 81 | ``` 82 | 83 | ### Installation 84 | 85 | 1. Clone the repo 86 | ```sh 87 | git clone https://github.com/guanana/netbox-sync-physical-hosts.git 88 | ``` 89 | 2. Install python packages 90 | ```sh 91 | pip install -r requirements.txt 92 | ``` 93 | 94 | 95 | 96 | ## Usage 97 | 98 | The script can be run with multiple configuration options. 99 | Most of the configuration options can be overwrite using environment variables 100 | ```buildoutcfg 101 | [GENERAL] 102 | cleanup: false 103 | tag: nmap-sync 104 | 105 | [NETBOX] 106 | nb_url: http://your-server-here:your-port-here 107 | nb_token: your-token-here 108 | nb_ignore-tls-errors: false 109 | 110 | [NMAP] 111 | get_mac: true 112 | get_services: false 113 | networks: your-networks-separated-by-comma-here ie: (192.168.4.0/24,192.168.3.0/24) 114 | ``` 115 | ```shell 116 | export NETBOX_URL=http://your-server-here:your-port-here 117 | export NETBOX_TOKEN=your-token-here 118 | export NETWORKS=your-networks-separated-by-comma-here 119 | ``` 120 | 121 | 122 | 123 | ### Get Services 124 | 125 | Be aware that if you activate get service option `it will take between 15sec and 30sec per host` (so it can be slow) 126 | 127 | 128 | 129 | ### Get Mac address 130 | 131 | This service is pretty fast but will only work if the scan is performed from the same subnet 132 | ie: scanning subnet `192.168.1.0/24` from `192.168.1.2` 133 | 134 | 135 | 136 | ### Help 137 | 138 | ```sh 139 | python netbox-sync.py --help 140 | usage: netbox-sync.py [-h] [-c CONFIG] -u NB_URL [-l L] -p NB_TOKEN [-x] [-f] [-t TAG] -n NETWORKS [-o] [-s] 141 | 142 | Args that start with '--' (eg. -u) can also be set in a config file (./Netbox-sync-physical-hosts/netbox-sync-physical-hosts/netbox- 143 | sync.conf or specified via -c). Config file syntax allows: key=value, flag=true, stuff=[a,b,c] (for details, see syntax at https://goo.gl/R74nmi). If an arg is specified 144 | in more than one place, then commandline values override environment variables which override config file values which override defaults. 145 | 146 | optional arguments: 147 | -h, --help show this help message and exit 148 | -c CONFIG, --config CONFIG 149 | Config file path 150 | -u NB_URL, --nb_url NB_URL 151 | Netbox URL [env var: NETBOX_URL] 152 | -l L log level [env var: LOG_LEVEL] 153 | -p NB_TOKEN, --nb_token NB_TOKEN 154 | Token for Netbox connection [env var: NETBOX_TOKEN] 155 | -x, --nb_ignore-tls-errors 156 | Ignore TLS conection errors 157 | -f, --cleanup Cleanup orphans 158 | -t TAG, --tag TAG Tag to use for device identification [env var: TAG] 159 | -n NETWORKS, --networks NETWORKS 160 | Networks/Hosts to scan [env var: NETWORKS] 161 | -o, --get_mac Enable if you want the script to try to collect MAC addresses/vendor [env var: MAC_DISCOVER] 162 | -s, --get_services Enable if you want the script to discover host services [env var: SERVICE_DISCOVER] 163 | ``` 164 | 165 | 166 | 167 | ## Contributing 168 | 169 | Contributions are what make the open source community such an amazing place to be learn, inspire, and create. 170 | Any contributions you make are **greatly appreciated**. 171 | 172 | 1. Fork the Project 173 | 2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`) 174 | 3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`) 175 | 4. Push to the Branch (`git push origin feature/AmazingFeature`) 176 | 5. Open a Pull Request 177 | 178 | 179 | 180 | ## License 181 | 182 | Distributed under the GNU General Public License v3.0. 183 | See LICENSE for more information. 184 | 185 | 186 | -------------------------------------------------------------------------------- /images/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guanana/netbox-sync-physical-hosts/47a53c598616d5dc1b52445bd6eb299dc6030f60/images/logo.png -------------------------------------------------------------------------------- /netbox_sync_physical_hosts/NetboxSync.py: -------------------------------------------------------------------------------- 1 | import sys 2 | from config.config import parse_config 3 | from netboxhandler.NetBoxHandler import NetBoxHandler 4 | from modules.NmapHandler import NmapServiceScan, NmapMacScan, NmapBasic 5 | 6 | 7 | def main(conf): 8 | nb = NetBoxHandler(conf.nb_url, conf.nb_token, 9 | conf.nb_ignore_tls_errors, conf.tag, conf.cleanup) 10 | 11 | if conf.get_mac: 12 | nmap = NmapMacScan(conf.networks) 13 | hosts = nmap.run() 14 | nb.run(hosts) 15 | 16 | if conf.get_services: 17 | nmap = NmapServiceScan(conf.networks) 18 | hosts = nmap.run() 19 | nb.run(hosts) 20 | 21 | if not conf.get_mac and not conf.get_services: 22 | nmap = NmapBasic(conf.networks) 23 | hosts = nmap.run() 24 | nb.run(hosts) 25 | 26 | 27 | if __name__ == '__main__': 28 | conf = parse_config() 29 | sys.exit(main(conf)) 30 | 31 | -------------------------------------------------------------------------------- /netbox_sync_physical_hosts/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guanana/netbox-sync-physical-hosts/47a53c598616d5dc1b52445bd6eb299dc6030f60/netbox_sync_physical_hosts/__init__.py -------------------------------------------------------------------------------- /netbox_sync_physical_hosts/config/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guanana/netbox-sync-physical-hosts/47a53c598616d5dc1b52445bd6eb299dc6030f60/netbox_sync_physical_hosts/config/__init__.py -------------------------------------------------------------------------------- /netbox_sync_physical_hosts/config/config.py: -------------------------------------------------------------------------------- 1 | import logging 2 | import os 3 | import configargparse 4 | 5 | 6 | def parse_config(): 7 | current_dir = os.path.dirname(os.path.abspath(__file__)) 8 | p = configargparse.ArgParser(default_config_files=[os.path.join(current_dir, 9 | 'netbox-sync.conf')]) 10 | 11 | p.add('-c', '--config', default=os.path.join(current_dir, 'netbox-sync.conf'), 12 | is_config_file=True, 13 | help="Config file path") 14 | 15 | p.add('-u', '--nb_url', required=True, env_var='NETBOX_URL', help="Netbox URL") 16 | 17 | p.add('-l', help='log level', default=logging.INFO, 18 | env_var='LOG_LEVEL') 19 | 20 | p.add('-p', '--nb_token', required=True, help="Token for Netbox connection", 21 | env_var='NETBOX_TOKEN') 22 | 23 | p.add('-x', '--nb_ignore-tls-errors', action='store_true', 24 | help="Ignore TLS conection errors") 25 | 26 | p.add('-f', '--cleanup', action='store_true', help="Cleanup orphans") 27 | 28 | p.add('-t', '--tag', help="Tag to use for device identification", env_var="TAG") 29 | 30 | p.add('-n', '--networks', required=True, help="Networks/Hosts to scan", 31 | env_var="NETWORKS") 32 | 33 | p.add('-o', '--get_mac', action='store_true', default=False, 34 | help="Enable if you want the script to try to collect MAC addresses/vendor", 35 | env_var="MAC_DISCOVER") 36 | 37 | p.add('-s', '--get_services', action='store_true', default=False, 38 | help="Enable if you want the script to discover host services", 39 | env_var="SERVICE_DISCOVER") 40 | 41 | conf = p.parse_args() 42 | logging.basicConfig(level=conf.l) 43 | 44 | return conf 45 | -------------------------------------------------------------------------------- /netbox_sync_physical_hosts/config/netbox-sync.conf: -------------------------------------------------------------------------------- 1 | [GENERAL] 2 | cleanup: false 3 | tag: auto-sync 4 | 5 | [NETBOX] 6 | nb_url: http://localhost:8000 7 | nb_token: 0123456789abcdef0123456789abcdef01234567 8 | nb_ignore-tls-errors: false 9 | 10 | [NMAP] 11 | get_mac: true 12 | get_services: false 13 | networks: 192.168.4.0/24,192.168.3.0/24 14 | -------------------------------------------------------------------------------- /netbox_sync_physical_hosts/config/tests/test_config.py: -------------------------------------------------------------------------------- 1 | from unittest.mock import MagicMock 2 | import pytest 3 | 4 | from netbox_sync_physical_hosts.config.config import parse_config 5 | 6 | def test_get_conf_call(monkeypatch): 7 | testargs = ["prog", "-u", "http://test", "-p", "1234", "-n", "127.0.0.1"] 8 | monkeypatch.setattr('sys.argv', testargs) 9 | testconf = parse_config() 10 | assert testconf.nb_url == "http://test" 11 | assert testconf.nb_token == "1234" 12 | assert testconf.networks == "127.0.0.1" 13 | 14 | def test_failed_conf_call(monkeypatch): 15 | with pytest.raises(SystemExit) as pytest_wrapped_e: 16 | testargs = ["prog", "-c", "test"] 17 | monkeypatch.setattr('sys.argv', testargs) 18 | parse_config() 19 | assert pytest_wrapped_e.value.code == 2 20 | 21 | -------------------------------------------------------------------------------- /netbox_sync_physical_hosts/modules/NmapHandler.py: -------------------------------------------------------------------------------- 1 | import logging 2 | import getmac 3 | import nmap3 4 | from mac_vendor_lookup import MacLookup, VendorNotFoundError 5 | 6 | 7 | class NmapBasic(object): 8 | def __init__(self, networks): 9 | self.hosts = dict() 10 | self.nmap = nmap3.NmapHostDiscovery() 11 | self.networks = self.sanitaise_networks(networks) 12 | self.scan_results = self.basic_scan() 13 | 14 | @staticmethod 15 | def sanitaise_networks(networks): 16 | networks = networks.split(',') 17 | for index, item in enumerate(networks): 18 | networks[index] = item.replace('\n', '') 19 | return networks 20 | 21 | def basic_scan(self): 22 | logging.info(f"Start NMAP scan for {self.networks}") 23 | for item in self.networks: 24 | self.scan_results = self.nmap.nmap_no_portscan(item, 25 | args="-R --system-dns") 26 | self.scan_results.pop("stats") 27 | self.scan_results.pop("runtime") 28 | self.scan_results.pop("task_results") 29 | for host, v in self.scan_results.items(): 30 | self.scan_results[host]["subnet"] = item 31 | self.sanitaise_dict(host) 32 | return self.scan_results 33 | 34 | def sanitaise_dict(self, host): 35 | """ 36 | Remove unused dictionary entries 37 | :return: None 38 | """ 39 | self.scan_results[host].pop("state") 40 | self.scan_results[host].pop("ports") 41 | self.scan_results[host].pop("osmatch") 42 | if self.scan_results[host]["hostname"]: 43 | self.scan_results[host]["dns_name"] = self.scan_results[host]["hostname"][0]["name"] 44 | self.scan_results[host].pop("hostname") 45 | else: 46 | self.scan_results[host].pop("hostname") 47 | 48 | def run(self): 49 | return self.scan_results 50 | 51 | 52 | class NmapMacScan(NmapBasic): 53 | def __init__(self, networks, unknown="unknown"): 54 | super().__init__(networks) 55 | self.unknown = unknown 56 | self.mac_search = MacLookup() 57 | 58 | def update_mac(self, ip): 59 | """ 60 | Update Mac info 61 | :param ip: IP address (ie: 192.168.1.1) 62 | :return: True if MAC is found, False otherwise 63 | """ 64 | mac = getmac.get_mac_address(ip=ip) 65 | if mac is None or mac == 'ff:ff:ff:ff:ff:ff': 66 | return False 67 | else: 68 | self.scan_results[ip]["macaddress"] = mac 69 | return True 70 | 71 | def update_vendor(self, ip): 72 | """ 73 | Update MAC vendor if Mac is found 74 | :param ip: IP address (ie: 192.168.1.1) 75 | :return: None 76 | """ 77 | try: 78 | vendor_fetch = self.mac_search.lookup(self.scan_results[ip]["macaddress"]) 79 | except VendorNotFoundError: 80 | vendor_fetch = "NotFound" 81 | self.scan_results[ip]["vendor"] = vendor_fetch 82 | 83 | def correct_missing_mac(self, host): 84 | """ 85 | Correct description if macaddress is not found 86 | :param host: host key in scan_results 87 | :return: None 88 | """ 89 | if not self.scan_results[host]["macaddress"]: 90 | self.scan_results[host]["description"] = self.unknown 91 | self.scan_results[host].pop("macaddress") 92 | 93 | def scan(self): 94 | """ 95 | Scan defined networks and conditionally check for mac vendor 96 | :return: scan_results = list() 97 | """ 98 | logging.debug("Updating MAC table") 99 | self.mac_search.update_vendors() 100 | for host, v in self.scan_results.items(): 101 | if v.get("macaddress") or self.update_mac(host): 102 | self.update_vendor(ip=host) 103 | self.correct_missing_mac(host) 104 | return self.scan_results 105 | 106 | def run(self): 107 | return self.scan() 108 | 109 | 110 | class NmapServiceScan(NmapBasic): 111 | def __init__(self, networks): 112 | super().__init__(networks) 113 | self.nmap = nmap3.Nmap() 114 | self.services = dict() 115 | 116 | def scan_service(self, host): 117 | # TODO: Investigate more if this can be parallelize 118 | logging.debug(f"Scan started for host: {host}") 119 | self.services[host] = self.nmap.nmap_version_detection(host, args="-F -T4") 120 | 121 | def scan(self): 122 | logging.info(f"Starting Service scan for hosts in {self.networks}") 123 | for host in self.scan_results: 124 | self.scan_service(host) 125 | self.append_service_results() 126 | return self.scan_results 127 | 128 | def append_service_results(self): 129 | self.sanitaise_services() 130 | for host, value in self.services.items(): 131 | self.scan_results[host]["services"] = {} 132 | for service in value: 133 | try: 134 | self.scan_results[host]["services"][service['portid']] = service 135 | except TypeError: 136 | pass 137 | 138 | def sanitaise_services(self): 139 | for host, value in self.services.items(): 140 | try: 141 | self.services[host] = value[host]["ports"] 142 | except KeyError: 143 | logging.debug(f"No services detected for {host}") 144 | continue 145 | for service in self.services[host]: 146 | try: 147 | service.pop("reason") 148 | service.pop("reason_ttl") 149 | service.pop("cpe") 150 | service.pop("scripts") 151 | service["service"].pop("method") 152 | service["service"].pop("conf") 153 | except KeyError: 154 | pass 155 | 156 | def run(self): 157 | return self.scan() 158 | -------------------------------------------------------------------------------- /netbox_sync_physical_hosts/modules/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guanana/netbox-sync-physical-hosts/47a53c598616d5dc1b52445bd6eb299dc6030f60/netbox_sync_physical_hosts/modules/__init__.py -------------------------------------------------------------------------------- /netbox_sync_physical_hosts/modules/tests/test_NmapHandler.py: -------------------------------------------------------------------------------- 1 | from unittest.mock import MagicMock 2 | from netbox_sync_physical_hosts.modules.NmapHandler import NmapBasic, NmapMacScan, NmapServiceScan 3 | import pytest 4 | 5 | basic_result = { 6 | 'stats': {'scanner': 'nmap', 'args': 'test', 'start': '1609858372', 7 | 'startstr': 'Tue Jan 1 14:52:52 1988', 'version': '7.40', 8 | 'xmloutputversion': '1.04' 9 | }, 10 | 'runtime': {'time': '1609858372', 'timestr': 'Tue Jan 1 14:52:52 1988', 'elapsed': '0.01', 11 | 'summary': 'Nmap done at Tue Jan 5 14:52:52 2021; 1 IP address (1 host up) scanned in 0.01 seconds', 12 | 'exit': 'success' 13 | }, 14 | 'task_results': [{'task': 'Ping Scan', 'time': '1688348552', 'extrainfo': '128 total hosts'}, 15 | {'task': 'System DNS resolution of 128 hosts.', 'time': '1688348553'}] 16 | } 17 | service_result = {'127.0.0.1': {'osmatch': {}, 'ports': 18 | [{'protocol': 'tcp', 'portid': '22', 'state': 'open', 'reason': 'syn-ack', 'reason_ttl': '0', 19 | 'service': 20 | {'name': 'ssh', 'product': 'OpenSSH', 'version': '7.4p1 Debian 10+deb9u7', 21 | 'extrainfo': 'protocol 2.0', 'ostype': 'Linux', 'method': 'probed', 'conf': '10'}, 22 | 'scripts': []}, 23 | {'protocol': 'tcp', 'portid': '80', 'state': 'open', 'reason': 'syn-ack', 'reason_ttl': '0', 24 | 'service': {'name': 'http', 'product': 'lighttpd', 'method': 'probed', 'conf': '10'}, 25 | 'cpe': [{'cpe': 'cpe:/a:lighttpd:lighttpd'}], 'scripts': []}, 26 | {'protocol': 'tcp', 'portid': '443', 'state': 'open', 'reason': 'syn-ack', 'reason_ttl': '0', 27 | 'service': {'name': 'http', 'product': 'lighttpd', 'tunnel': 'ssl', 'method': 'probed', 28 | 'conf': '10'}, 29 | 'cpe': [{'cpe': 'cpe:/a:lighttpd:lighttpd'}], 'scripts': []}], 'hostname': [], 30 | 'macaddress': None, 31 | 'state': {'state': 'up', 'reason': 'syn-ack', 'reason_ttl': '0'}}, 32 | 'stats': {'scanner': 'nmap', 'args': '/usr/local/bin/nmap -oX - -sV -F -T4 192.168.4.1', 33 | 'start': '1609901261', 'startstr': 'Wed Jan 6 02:47:41 2021', 'version': '7.40', 34 | 'xmloutputversion': '1.04'}, 35 | 'runtime': {'time': '1609901291', 'timestr': 'Wed Jan 6 02:48:11 2021', 'elapsed': '30.27', 36 | 'summary': 'Nmap done at Wed Jan 6 02:48:11 2021; 1 IP address (1 host up) scanned in 30.27 seconds', 37 | 'exit': 'success'}} 38 | 39 | service_result_no_ports = {'127.0.0.1': {'osmatch': {}}, 40 | 'stats': {'scanner': 'nmap', 'args': '/usr/local/bin/nmap -oX - -sV -F -T4 192.168.4.1', 41 | 'start': '1609901261', 'startstr': 'Wed Jan 6 02:47:41 2021', 'version': '7.40', 42 | 'xmloutputversion': '1.04'}, 43 | 'runtime': {'time': '1609901291', 'timestr': 'Wed Jan 6 02:48:11 2021', 'elapsed': '30.27', 44 | 'summary': 'Nmap done at Wed Jan 6 02:48:11 2021; 1 IP address (1 host up) scanned in 30.27 seconds', 45 | 'exit': 'success'}} 46 | 47 | 48 | def create_result_dicts(add_dict: str): 49 | options = { 50 | 'simple_one_host': { 51 | '127.0.0.1': {'osmatch': {}, 'ports': [], 52 | 'hostname': [{'name': 'localhost', 'type': 'PTR'}], 53 | 'macaddress': None, 54 | 'state': {'state': 'up', 'reason': 'mock-test', 'reason_ttl': '0'} 55 | } 56 | }, 57 | 'simple_one_host_noDNS': { 58 | '127.0.0.1': {'osmatch': {}, 'ports': [], 59 | 'hostname': [], 60 | 'macaddress': None, 61 | 'state': {'state': 'up', 'reason': 'mock-test', 'reason_ttl': '0'} 62 | } 63 | }, 64 | 'simple_one_host_mac': { 65 | '1.1.1.1': {'osmatch': {}, 'ports': [], 66 | 'hostname': [{'name': 'localhost', 'type': 'PTR'}], 67 | 'macaddress': "00:00:00:00:00", 68 | 'state': {'state': 'up', 'reason': 'mock-test', 'reason_ttl': '0'} 69 | } 70 | }, 71 | 'simple_one_host_no_mac': { 72 | '1.1.1.1': {'osmatch': {}, 'ports': [], 'macaddress': None, 73 | 'hostname': [{'name': 'localhost', 'type': 'PTR'}], 74 | 'state': {'state': 'up', 'reason': 'mock-test', 'reason_ttl': '0'} 75 | } 76 | }, 77 | 'simple_one_host_mac_ff': { 78 | '1.1.1.1': {'osmatch': {}, 'ports': [], 'macaddress': 'ff:ff:ff:ff:ff:ff', 79 | 'hostname': [{'name': 'localhost', 'type': 'PTR'}], 80 | 'state': {'state': 'up', 'reason': 'mock-test', 'reason_ttl': '0'} 81 | } 82 | }, 83 | 'simple_one_host_service': { 84 | '127.0.0.1': {'osmatch': {}, 'ports': [], 85 | 'hostname': [{'name': 'localhost', 'type': 'PTR'}], 86 | 'macaddress': None, 87 | 'state': {'state': 'up', 'reason': 'mock-test', 'reason_ttl': '0'} 88 | } 89 | }, 90 | } 91 | fake_result = dict() 92 | fake_result.update(basic_result) 93 | fake_result.update(options[add_dict]) 94 | return fake_result 95 | 96 | 97 | def aux_mockportscan(monkeypatch, dict_mock): 98 | mock_result = MagicMock(return_value=create_result_dicts(dict_mock)) 99 | monkeypatch.setattr('nmap3.NmapHostDiscovery.nmap_no_portscan', mock_result) 100 | return mock_result 101 | 102 | 103 | def test_no_hostname(monkeypatch): 104 | aux_mockportscan(monkeypatch, "simple_one_host_noDNS") 105 | nmap = NmapBasic("test") 106 | nmap.run() 107 | assert nmap.scan_results == {'127.0.0.1': {'macaddress': None, 'subnet': 'test'}} 108 | 109 | 110 | @pytest.fixture() 111 | def mock_mac_vendor(monkeypatch): 112 | aux_mockportscan(monkeypatch, "simple_one_host_mac") 113 | mock_mac_vendor_update = MagicMock() 114 | monkeypatch.setattr("mac_vendor_lookup.MacLookup.update_vendors", mock_mac_vendor_update) 115 | mock_mac_vendor_lookup = MagicMock() 116 | monkeypatch.setattr("mac_vendor_lookup.MacLookup.lookup", mock_mac_vendor_lookup) 117 | return mock_mac_vendor_lookup 118 | 119 | 120 | def test_nmap_mac_scan_run(mock_mac_vendor): 121 | mock_mac_vendor.return_value = 'testVendor' 122 | nmap = NmapMacScan("testMac") 123 | nmap.run() 124 | assert nmap.scan_results['1.1.1.1']["vendor"] == 'testVendor' 125 | 126 | 127 | def test_nmap_mac_scan_run_no_mac(monkeypatch, mock_mac_vendor): 128 | aux_mockportscan(monkeypatch, "simple_one_host_no_mac") 129 | mock_mac_vendor.return_value = None 130 | nmap = NmapMacScan("test_no_mac") 131 | nmap.run() 132 | assert not nmap.scan_results['1.1.1.1'].get("vendor") 133 | 134 | def test_nmap_mac_scan_run_mac_ff(monkeypatch, mock_mac_vendor): 135 | aux_mockportscan(monkeypatch, "simple_one_host_mac_ff") 136 | mock_mac_vendor.return_value = None 137 | nmap = NmapMacScan("test_mac_ff") 138 | nmap.run() 139 | assert not nmap.scan_results['1.1.1.1'].get("vendor") 140 | 141 | def test_nmap_mac_scan_get_mac_from_network(monkeypatch, mock_mac_vendor): 142 | aux_mockportscan(monkeypatch, "simple_one_host_no_mac") 143 | mock_mac_vendor.return_value = None 144 | nmap = NmapMacScan("test_get_mac_from_network") 145 | mock_get_mac_address = MagicMock(return_value="00:11:22:33:44:55") 146 | monkeypatch.setattr("getmac.get_mac_address", mock_get_mac_address) 147 | nmap.run() 148 | assert not nmap.scan_results['1.1.1.1'].get("vendor") 149 | 150 | 151 | @pytest.fixture() 152 | def mock_nmap_version_detection(monkeypatch): 153 | mock_result = MagicMock() 154 | monkeypatch.setattr('nmap3.Nmap.nmap_version_detection', mock_result) 155 | return mock_result 156 | 157 | 158 | def test_nmap_service_scan_run(monkeypatch, mock_nmap_version_detection): 159 | aux_mockportscan(monkeypatch, "simple_one_host_service") 160 | mock_nmap_version_detection.return_value = service_result 161 | nmap = NmapServiceScan("test") 162 | nmap.run() 163 | assert nmap.services['127.0.0.1'][0]['service']['name'] == "ssh" 164 | 165 | 166 | def test_nmap_service_scan_run_no_services(monkeypatch, mock_nmap_version_detection): 167 | aux_mockportscan(monkeypatch, "simple_one_host") 168 | mock_nmap_version_detection.return_value = service_result_no_ports 169 | nmap = NmapServiceScan("test") 170 | nmap.run() 171 | with pytest.raises(KeyError): 172 | assert not nmap.services['127.0.0.1'][0] 173 | -------------------------------------------------------------------------------- /netbox_sync_physical_hosts/netboxhandler/NetBoxHandler.py: -------------------------------------------------------------------------------- 1 | import logging 2 | from distutils.version import StrictVersion 3 | from pynetbox.core.query import RequestError as pynetbox_RequestError 4 | import pynetbox 5 | import requests 6 | from django.utils.text import slugify 7 | 8 | 9 | def get_host_by_ip(nb_ip): 10 | try: 11 | if nb_ip and hasattr(nb_ip.assigned_object, "device"): 12 | logging.info(f"{nb_ip}: Host found => " 13 | f"{nb_ip.assigned_object.device.name}") 14 | return nb_ip.assigned_object.device, "device" 15 | elif nb_ip and hasattr(nb_ip.assigned_object, "virtual_machine"): 16 | logging.info(f"{nb_ip}: Virtual Host found => " 17 | f"{nb_ip.assigned_object.virtual_machine.name}") 18 | return nb_ip.assigned_object.virtual_machine, "virtual_machine" 19 | else: 20 | return None, None 21 | except AttributeError: 22 | logging.critical("You can only get host from a NB ip object") 23 | exit(1) 24 | 25 | 26 | class NetBoxHandler: 27 | def __init__(self, url, token, tls_verify, tag, cleanup_allowed): 28 | self.url = url 29 | self.token = token 30 | self.tls_verify = not tls_verify 31 | self.scripttag = tag 32 | self.cleanup_allowed = cleanup_allowed 33 | self.nb_con = self.nb_con() 34 | self.nb_ver = self.nb_ver() 35 | # Netbox objects 36 | logging.info("Caching all Netbox data") 37 | try: 38 | self.all_ips = list(self.nb_con.ipam.ip_addresses.all()) 39 | self.all_interfaces = list(self.nb_con.dcim.interfaces.all()) 40 | self.all_devices = list(self.nb_con.dcim.devices.all()) 41 | self.all_sites = list(self.nb_con.dcim.sites.all()) 42 | self.all_services = list(self.nb_con.ipam.services.all()) 43 | except pynetbox_RequestError: 44 | logging.critical("Invalid token") 45 | exit(1) 46 | # Netbox pre-reqs 47 | self.pre_reqs() 48 | 49 | def nb_con(self): 50 | session = requests.Session() 51 | session.verify = self.tls_verify 52 | nb_con = pynetbox.api(self.url, self.token, threading=True) 53 | nb_con.http_session = session 54 | return nb_con 55 | 56 | def nb_ver(self): 57 | try: 58 | return StrictVersion(self.nb_con.version) 59 | except ConnectionRefusedError: 60 | logging.critical("Wrong URL or TOKEN, please check your config") 61 | exit(1) 62 | except requests.exceptions.MissingSchema: 63 | logging.critical(f"{self.url}: URL format should contain http or https") 64 | exit(1) 65 | except requests.exceptions.ConnectionError: 66 | logging.critical(f"{self.url}: Impossible to contact Netbox") 67 | exit(1) 68 | 69 | def pre_reqs(self): 70 | if self.nb_ver >= StrictVersion("2.9"): 71 | self.scripttag = self.create_tag(self.scripttag, scripttag=True) 72 | else: 73 | raise Exception("This script only works with Netbox > 2.9") 74 | 75 | def create_tag(self, tag, scripttag=False): 76 | nb_tag = self.nb_con.extras.tags.get(name=tag) 77 | if not nb_tag: 78 | if scripttag: 79 | logging.info("First run on Netbox instance, creating tag") 80 | nb_tag = self.nb_con.extras.tags.create( 81 | {"name": tag, 82 | "slug": slugify(tag), 83 | "description": f"Created by {__file__.split('/')[-3]}", 84 | "color": '2196f3'} 85 | ) 86 | logging.debug(f"Tag {tag} created!") 87 | 88 | return nb_tag 89 | 90 | def set_ip_attribute(self, ip, ip_attr): 91 | pre_mask = ip_attr.get("subnet").split('/') 92 | if len(pre_mask) == 2: 93 | mask = pre_mask[-1] 94 | else: 95 | logging.error(f"Problem with IP {ip}") 96 | return None 97 | nb_attr = { 98 | "address": f"{ip}/{mask}", 99 | "tags": [self.scripttag.id], 100 | "dns_name": ip_attr.get("dns_name", ""), 101 | "description": ip_attr.get("description", "") 102 | } 103 | return nb_attr 104 | 105 | def set_service_attribute(self, host, service, device_type, ip): 106 | nb_attr = { 107 | device_type: host.id, 108 | "name": service["service"]["name"], 109 | "description": f"{service['service'].get('product')}: " 110 | f"{service['service'].get('version','version_unknown')}", 111 | "tags": [self.scripttag.id], 112 | "protocol": service["protocol"], 113 | "port": service["portid"], 114 | "ipaddresses": [ip.id] 115 | } 116 | return nb_attr 117 | 118 | def lookup_ip_address(self, ip): 119 | # nb_ip = [nb_ip for nb_ip in self.nb_con.ipam.ip_addresses.filter(address=ip)] 120 | nb_ip = [nb_ip for nb_ip in self.all_ips if nb_ip.address.startswith(f"{ip}/")] 121 | if not nb_ip: 122 | return None, True 123 | if len(nb_ip) == 1: 124 | return nb_ip[0], True 125 | else: 126 | return nb_ip, False 127 | 128 | def lookup_service(self, host, service, device_type, ip): 129 | try: 130 | if device_type == "device": 131 | nb_service = [nb_service for nb_service in self.all_services 132 | if nb_service.device == host and 133 | nb_service.port == int(service["portid"]) and 134 | [True for nb_ip in nb_service.ipaddresses 135 | if nb_ip.id == ip["id"]]][0] 136 | else: 137 | nb_service = [nb_service for nb_service in self.all_services 138 | if nb_service.virtual_machine == host and 139 | nb_service.port == int(service["portid"]) and 140 | [True for nb_ip in nb_service.ipaddresses 141 | if nb_ip.id == ip["id"]]][0] 142 | except IndexError: 143 | return 144 | return nb_service 145 | 146 | def nb_create_ip(self, ip_attr): 147 | logging.debug(f"{ip_attr.get('address')}: Not found in Netbox, creating record") 148 | nb_ip = self.nb_con.ipam.ip_addresses.create(ip_attr) 149 | logging.info(f"Record {ip_attr.get('address')} created") 150 | return nb_ip 151 | 152 | def nb_create_service(self, service_attr): 153 | logging.debug(f"{service_attr.get('name')}: Creating service") 154 | nb_service = self.nb_con.ipam.services.create(service_attr) 155 | logging.info(f"Service {service_attr.get('name')} created") 156 | return nb_service 157 | 158 | def create_service(self, host, service, device_type, nb_ip): 159 | logging.info(f"Creating service {service['portid']}") 160 | service_attr = self.set_service_attribute(host, service, device_type, nb_ip) 161 | nb_service = self.lookup_service(host, service, device_type, nb_ip) 162 | if not nb_service: 163 | nb_service = self.nb_create_service(service_attr) 164 | else: 165 | for tag in nb_service.tags: 166 | if self.scripttag.id == tag.id: 167 | nb_service.update(service_attr) 168 | return nb_service 169 | logging.info(f"Service {service['portid']} " 170 | f"found but scripttags is not present, " 171 | f"skipping update") 172 | return nb_service 173 | 174 | def run(self, scanned_hosts): 175 | logging.debug(f"Netbox version: {self.nb_ver}") 176 | for ip, attr in scanned_hosts.items(): 177 | nb_ip, single = self.lookup_ip_address(ip) 178 | if not single: 179 | logging.warning(f"Found {ip} duplicated, skipping") 180 | continue 181 | if nb_ip: 182 | nb_host, device_type = get_host_by_ip(nb_ip) 183 | if not nb_host: 184 | logging.debug(f"Not host found for {ip}") 185 | continue 186 | else: 187 | if attr.get("services"): 188 | for port, service in attr["services"].items(): 189 | self.create_service(nb_host, service, device_type, nb_ip) 190 | logging.debug(f"Found ports: {nb_host} with ip {ip}") 191 | # TODO: Check what to do 192 | logging.debug(f"Found host: {nb_host} with ip {ip}") 193 | else: 194 | ip_attr = self.set_ip_attribute(ip, attr) 195 | if ip_attr: 196 | self.nb_create_ip(ip_attr) 197 | else: 198 | logging.error(f"Problem found, IP not created") 199 | -------------------------------------------------------------------------------- /netbox_sync_physical_hosts/netboxhandler/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/guanana/netbox-sync-physical-hosts/47a53c598616d5dc1b52445bd6eb299dc6030f60/netbox_sync_physical_hosts/netboxhandler/__init__.py -------------------------------------------------------------------------------- /netbox_sync_physical_hosts/netboxhandler/tests/test_NetBoxHandler.py: -------------------------------------------------------------------------------- 1 | import logging 2 | 3 | import pytest 4 | from unittest.mock import MagicMock, PropertyMock 5 | from netbox_sync_physical_hosts.netboxhandler.NetBoxHandler import get_host_by_ip, NetBoxHandler 6 | # NB Model classes 7 | 8 | class Device: 9 | name = "test" 10 | id = 1 11 | 12 | 13 | class Dcim: 14 | device = Device() 15 | 16 | 17 | class Ip: 18 | def __init__(self, address, assign_host=True, virtual=False): 19 | self.address = address 20 | if assign_host: 21 | if virtual: 22 | self.assigned_object = VirtualMachine() 23 | else: 24 | self.assigned_object = Dcim() 25 | else: 26 | self.assigned_object = None 27 | self.id = 1 28 | 29 | def __getitem__(self, item): 30 | if item == "id": 31 | return 1 32 | 33 | 34 | class VirtualMachine: 35 | virtual_machine = Device() 36 | 37 | 38 | class WrongObject: 39 | assigned_object = "test" 40 | 41 | 42 | class Tag: 43 | def __init__(self, id, name): 44 | self.id = id 45 | self.name = name 46 | 47 | 48 | class Service: 49 | def __init__(self, device, portid, ip, tag): 50 | self.virtual_machine = device 51 | self.device = device 52 | self.port = int(portid) 53 | self.ipaddresses = ip 54 | self.tags = tag 55 | 56 | def update(self, test): 57 | return 58 | 59 | scan_host_service = {'127.0.0.1': 60 | {'macaddress': None, 'subnet': 'test', 'dns_name': 'localhost', 61 | 'services': 62 | {'22': 63 | {'protocol': 'tcp', 'portid': '22', 'state': 'open', 64 | 'service': {'name': 'ssh', 'product': 'OpenSSH', 65 | 'version': '7.4p1 Debian 10+deb9u7', 66 | 'extrainfo': 'protocol 2.0', 'ostype': 'Linux', 67 | 'method': 'probed', 'conf': '10'}, 'scripts': []}, 68 | '80': {'protocol': 'tcp', 'portid': '80', 'state': 'open', 69 | 'service': {'name': 'http', 'product': 'lighttpd'}}, 70 | '443': {'protocol': 'tcp', 'portid': '443', 'state': 'open', 71 | 'service': {'name': 'http', 'product': 'lighttpd', 'tunnel': 'ssl'}}}}} 72 | 73 | 74 | def test_invalid_get_host_by_ip(): 75 | with pytest.raises(SystemExit) as pytest_wrapped_e: 76 | get_host_by_ip("wrong") 77 | assert pytest_wrapped_e.value.code == 1 78 | 79 | 80 | def test_invalid_object_get_host_by_ip(): 81 | test, device_type = get_host_by_ip(WrongObject()) 82 | assert not test 83 | assert not device_type 84 | 85 | 86 | @pytest.fixture() 87 | def mock_pynetbox_con(monkeypatch): 88 | mock_pynetbox_con = MagicMock() 89 | monkeypatch.setattr('pynetbox.api', mock_pynetbox_con) 90 | mock_pynetbox_con.return_value.extras.tags.get.return_value = Tag(1, "test") 91 | type(mock_pynetbox_con.return_value).version = PropertyMock(return_value="2.9") 92 | return mock_pynetbox_con 93 | 94 | 95 | def test_nb_host_unreachable(): 96 | with pytest.raises(SystemExit): 97 | NetBoxHandler("http://unresolvable:8000", "1234", False, "test", False) 98 | 99 | 100 | def test_nb_wrong_schema(): 101 | with pytest.raises(SystemExit): 102 | NetBoxHandler("test", "1234", False, "test", False) 103 | 104 | 105 | # TODO: PENDING TO IMPLEMENT 106 | # def test_nb_invalid_token(mock_pynetbox_session): 107 | # with pytest.raises(SystemExit) as pytest_wrapped_e: 108 | # NetBoxHandler("http://test:8000", "1234", 109 | # False, "test", False) 110 | # assert pytest_wrapped_e.value.code == 1 111 | 112 | 113 | def test_nb_wrong_version(mock_pynetbox_con): 114 | type(mock_pynetbox_con.return_value).version = PropertyMock(return_value="2.8") 115 | with pytest.raises(Exception): 116 | NetBoxHandler("http://test:8000", "1234", False, "test", False) 117 | 118 | 119 | @pytest.fixture() 120 | def nb(mock_pynetbox_con): 121 | nb = NetBoxHandler("http://test:8000", "1234", False, "test", False) 122 | return nb 123 | 124 | 125 | def test_netboxhandler_run_ip_no_host(caplog, nb): 126 | ip = Ip("127.0.0.1/32", assign_host=False) 127 | nb.all_ips = [ip] 128 | with caplog.at_level(logging.DEBUG): 129 | nb.run({"127.0.0.1": {}}) 130 | assert [True for record in caplog.records if record.message == 'Not host found for 127.0.0.1'] 131 | 132 | 133 | 134 | def test_create_ip(nb): 135 | nb.all_ips = [] 136 | nb.run({'192.168.4.1': {'macaddress': "00:11:22:33:44:55", 'subnet': '192.168.4.0/24'}}) 137 | nb.run({'192.168.4.2': {'macaddress': None, 'subnet': '192.168.4.0/24', 'dns_name': 'test.test.local'}}) 138 | 139 | 140 | def test_create_ip_with_no_mask(caplog, nb): 141 | nb.all_ips = [] 142 | with caplog.at_level(logging.DEBUG): 143 | nb.run({'192.168.4.1': {'macaddress': "00:11:22:33:44:55", 'subnet': '192.168.4.0'}}) 144 | assert [True for record in caplog.records if record.message == 'Problem with IP 192.168.4.1'] 145 | 146 | 147 | def test_netboxhandler_creation_scripttag(mock_pynetbox_con): 148 | mock_pynetbox_con.return_value.extras.tags.get.return_value = None 149 | mock_pynetbox_con.return_value.extras.tags.create.return_value = True 150 | NetBoxHandler("http://test:8000", "1234", False, "test_tag", False) 151 | mock_pynetbox_con.return_value.extras.tags.get.assert_called_with(name="test_tag") 152 | 153 | 154 | @pytest.fixture() 155 | def aux_create_service(mock_pynetbox_con): 156 | nb = NetBoxHandler("http://test:8000", "1234", False, "test_tag", False) 157 | mock_pynetbox_con.return_value.ipam.services.update.return_value = True 158 | return nb 159 | 160 | 161 | def aux_add_ips_and_services(nb, ips:list, services:list): 162 | nb.all_ips = ips 163 | nb.all_services = services 164 | 165 | 166 | def test_netboxhandler_create_service(aux_create_service, mock_pynetbox_con): 167 | nb = aux_create_service 168 | ip = Ip("127.0.0.1/32") 169 | device = ip.assigned_object.device 170 | nb_service = Service(device, 22, [ip], [Tag(1, "test_tag")]) 171 | aux_add_ips_and_services(nb, [ip],[nb_service]) 172 | nb.run(scan_host_service) 173 | assert mock_pynetbox_con.return_value.ipam.services.create.call_count == 2 174 | assert mock_pynetbox_con.return_value.ipam.services.update.call_count == 0 175 | 176 | 177 | def test_netboxhandler_create_service_virtual_machine(aux_create_service, mock_pynetbox_con): 178 | nb = aux_create_service 179 | virtual_ip = Ip("127.0.0.1/32", virtual=True) 180 | device = virtual_ip.assigned_object.virtual_machine 181 | nb_service = Service(device, 22, [virtual_ip], [Tag(1, "test_tag")]) 182 | aux_add_ips_and_services(nb, [virtual_ip],[nb_service]) 183 | nb.run(scan_host_service) 184 | print(nb) 185 | assert mock_pynetbox_con.return_value.ipam.services.create.call_count == 2 186 | assert mock_pynetbox_con.return_value.ipam.services.update.call_count == 0 187 | 188 | 189 | def test_netboxhandler_try_update_service_no_tag(caplog, mock_pynetbox_con): 190 | nb = NetBoxHandler("http://test:8000", "1234", False, "test_tag", False) 191 | ip = Ip("127.0.0.1/32") 192 | device = ip.assigned_object.device 193 | service_tag = Tag(2, "no_matching_tag_id") 194 | nb_service22 = Service(device, 22, [ip], [service_tag]) 195 | nb_service80 = Service(device, 80, [ip], []) 196 | nb_service443 = Service(device, 443, [ip], [service_tag]) 197 | nb.all_ips = [ip] 198 | nb.all_services = [nb_service22, nb_service80, nb_service443] 199 | nb.run(scan_host_service) 200 | assert mock_pynetbox_con.return_value.ipam.services.create.call_count == 0 201 | assert mock_pynetbox_con.return_value.ipam.services.update.call_count == 0 202 | 203 | 204 | 205 | def test_netboxhandler_duplicated_ip(caplog, mock_pynetbox_con): 206 | ip = Ip("127.0.0.1/32") 207 | ip2 = Ip("127.0.0.1/32") 208 | with caplog.at_level(logging.WARNING): 209 | nb = NetBoxHandler("http://test:8000", "1234", False, "test_tag", False) 210 | nb.all_ips = [ip, ip2] 211 | nb.run({"127.0.0.1": {}}) 212 | assert [True for record in caplog.records if record.message == 'Found 127.0.0.1 duplicated, skipping'] 213 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | pynetbox~=7.0.1 2 | requests~=2.31.0 3 | ConfigArgParse~=1.2.3 4 | python3-nmap 5 | mac-vendor-lookup 6 | getmac~=0.8.2 7 | chardet==3.0.4 8 | Django~=3.2.22 9 | aiohttp>=3.9.0 # not directly required, pinned by Snyk to avoid a vulnerability 10 | sqlparse>=0.5.0 # not directly required, pinned by Snyk to avoid a vulnerability 11 | --------------------------------------------------------------------------------