6 minutes
Hades - a wrapper for NMAP written in Elixir
“Green rope meshwork” by Clint Adair
NMAP
Nmap (network mapper), the god of port scanners used for network discovery and the basis for most security enumeration during the initial stages of a penetration test. The tool was written and maintained by Fyodor AKA Gordon Lyon.
Nmap displays exposed services on a target machine along with other useful information such as the verion and OS detection.
Nmap has made twelve movie appearances, including The Matrix Reloaded, Die Hard 4, Girl With the Dragon Tattoo, and The Bourne Ultimatum.
Why a wrapper for NMAP?
Recently I had the need for a project at the university to encapsulate the results of NMAP directly in a web application. I thought it would be nice to be able to trigger various NMAP commands directly from the web interface. This will allow users who are not familiar with the command line or nmap in general to use this great networking tool more easily.
Used version: Nmap 7.80
The documentation of the project can be found here: https://hexdocs.pm/hades
INFO:
Hades
is still under development and by far not complete. Feel free to contribute.
See General Informations for more about this project
Installation
To use Hades in your Mix projects, first add Hades as a dependency.
|
|
Prerequisites
NMAP must be installed.
Add nmap command to sudoers
Some of the NMAP
commands require sudo
to be executed. In order to process such commands with Hades
you need to add those commads.
The following shows an example on how to add one to sudoers:
|
|
If you want to know more about NMAP sudo
behaviour you can find a thread on SuperUser
here:
different behavior: “sudo nmap” vs just “nmap”?
Configuration
You can optionally specify the timeout
and the output_path
in config.exs
:
|
|
The timeout
is specified in milliseconds. If unspecified, return the default timeout
which is currently 300_000
(corresponds to 5 minutes). This timeout
is propagated to the function Task.await()
. If the specified timeout
period is exceeded, it is assumed that the process running the NMAP command has timed out.
The output_path
is the place where the XML output of the executed NMAP
command gets stored. If there is nothing specified in the config then the default path (which is located in the tmp
folder) will be returned.
Examples
Simple ping scan
The snippet below ping scans the network, and lists the target machine if it responds to ping.
|
|
Using the script argument
The execution of nmap -sV -version-all -script vulners
in Hades
looks like the following:
|
|
Here the nmap-vulners NSE script is used to provide informations on vulnerabilities of well-known services that are running on the target host.
General Informations
I started implementing this wrapper because I needed to reliably execute ‘NMAP’ commands in an ‘Elixir/Phoenix’ project. Currently not 100% of the NMAP
functionality is implemented, because the current state is sufficient for the current project. But I will complete the functionality as soon as I find the time. In the meantime, if anyone would like to add anything, feel free to do so.
Release notes
See the changelog for changes between versions.
Disclaimer
Hades is not affiliated with nor endorsed by the NMAP project.
NMAP was created and is mainted by Gordon Lyon. You can contact him via fyodor@nmap.org.
Some of the documentation parts were copyed from the linux man pages nmap(1) - Linux man page