Nmap

  1. gem install ruby-nmap ronin-scanners gems

As far as you understand how to use nmap and how basically it works, you’ll find this lib is easy to use. You can do most of nmap functionality

Basic Scan

Ruby-nmap gem is a Ruby interface to nmap, the exploration tool and security / port scanner.

  • Provides a Ruby interface for running nmap.
  • Provides a Parser for enumerating nmap XML scan files.

let’s see how it dose work.

  1. require 'nmap'
  2. scan = Nmap::Program.scan(:targets => '192.168.0.15', :verbose => true)

SYN Scan

  1. require 'nmap/program'
  3. Nmap::Program.scan do |nmap|
  4.   nmap.syn_scan = true
  5.   nmap.service_scan = true
  6.   nmap.os_fingerprint = true
  7.   nmap.xml = 'scan.xml'
  8.   nmap.verbose = true
  10.   nmap.ports = [20,21,22,23,25,80,110,443,512,522,8080,1080,4444,3389]
  11.   nmap.targets = '192.168.1.*'
  12. end

each option like nmap.syn_scan or nmap.xml is considered as a Task. Documentation shows the list of scan tasks/options that are supported by the lib.

Comprehensive scan

  1. #!/usr/bin/env ruby
  2. # KING SABRI | @KINGSABRI
  3. require 'nmap/program'
  5. Nmap::Program.scan do |nmap|
  7.   # Target
  8.   nmap.targets = '192.168.0.1'
  10.   # Verbosity and Debugging
  11.   nmap.verbose = true
  12.   nmap.show_reason = true
  14.   # Port Scanning Techniques:
  15.   nmap.syn_scan = true          # You can use nmap.all like -A in nmap
  17.   # Service/Version Detection:
  18.   nmap.service_scan = true
  19.   nmap.os_fingerprint = true
  20.   nmap.version_all = true
  22.   # Script scanning
  23.   nmap.script = "all"
  25.   nmap.all_ports                # nmap.ports = (0..65535).to_a
  27.   # Firewall/IDS Evasion and Spoofing:
  28.   nmap.decoys = ["google.com","yahoo.com","hotmail.com","facebook.com"]
  29.   nmap.spoof_mac = "00:11:22:33:44:55"
  30.   # Timing and Performance
  31.   nmap.min_parallelism = 30
  32.   nmap.max_parallelism = 130
  34.   # Scan outputs
  35.   nmap.output_all = 'rubyfu_scan'
  37. end

Parsing nmap XML scan file

I made an aggressive scan on scanme.nmap.org

  1. nmap -n -v -A scanme.nmap.org -oX scanme.nmap.org.xml

I quoted the code from official documentation (https://github.com/sophsec/ruby-nmap)

  1. require 'nmap/xml'
  3. Nmap::XML.new(ARGV[0]) do |xml|
  4.   xml.each_host do |host|
  5.     puts "[#{host.ip}]"
  6.     # Print: Port/Protocol      port_status      service_name
  7.     host.each_port do |port|
  8.       puts "  #{port.number}/#{port.protocol}\t#{port.state}\t#{port.service}"
  9.     end
  10.   end
  11. end

Returns

  1. [45.33.32.156]
  2.   22/tcp        open    ssh
  3.   80/tcp        open    http
  4.   9929/tcp      open    nping-echo

https://github.com/ronin-ruby/ronin-scanners