All,
Is there an easy way to access/utilize the nse packages from python?
Thanks
You can use python-nmap package for that,
Here is an example:
>>> import nmap
>>> nm=nmap.PortScanner()
>>> nm.scan('192.168.1.212', '445',
arguments='--script=/usr/local/share/nmap/scripts/smb-os-discovery.nse')
Output:
{'nmap': {'command_line': u'nmap -oX - -p 445 --script=/usr/local/share/nmap/scripts/smb-os-discovery.nse 192.168.1.212',
'scaninfo': {u'tcp': {'method': u'syn', 'services': u'445'}},
'scanstats': {'downhosts': u'0',
'elapsed': u'0.28',
'timestr': u'Fri Aug 31 21:33:19 2012',
'totalhosts': u'1',
'uphosts': u'1'}},
'scan': {u'192.168.1.212': {'hostname': u'BookLife',
'script': {u'smb-os-discovery': u'\n OS: Unix (Samba 3.2.5)\n Computer name: localhost\n Domain name: localdomain\n FQDN: localhost.localdomain\n NetBIOS computer name: \n System time: 2012-07-19 09:27:12 UTC+7\n'},
'status': {'reason': u'arp-response', 'state': u'up'},
u'tcp': {445: {'name': u'microsoft-ds',
'product': None,
'reason': u'syn-ack',
'state': u'open',
'version': None}}}}}
Yeah i would suggest calling subprocess and calling nmap that way.
example
import subprocess
subprocess.call('nmap', '-sS', '127.0.0.1')
While there are some libraries for integrating Lua into Python programs, the Nmap Scripting Engine (NSE) is tightly integrated into the Nmap scanner itself, and can't really be separated. As Pol mentioned, running Nmap as an external command is entirely possible, and the script results could be parsed from the output.
Related
We try to configure an Azure VM using an Azure DevOps pipeline. We first create the machine using Terraform and then we need to configure it. Right now the pipeline is functional when we use a customized Ubuntu Azure DevOps agent (a VM we setup ourselves in Azure).
We prefer to use a Microsoft Hosted Ubuntu Agent. When we try to run our pipeline using the Microsoft Hosted Ubuntu agent we fail with a message "winrm or requests is not installed".
We have done a lot of research and attempts to install the needed components, but none have been fruitful.
All the examples and documentation on the internet we can find don't mention our specific use case. Ansible configuration of Windows VMs in Azure from a Microsoft Hosted Ubuntu agent. Isn't it possible for some reason?
If it is, any pointers in the right direction will be much appreciated!
The error we see in the Azure DevOps pipeline is this:
ansible-playbook -vvvv -i inventory/hosts.cfg main.yml --extra-vars '{"customer_name": "<REMOVED>" }'
ansible-playbook [core 2.12.5]
config file = None
configured module search path = ['/home/vsts/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/vsts/.local/lib/python3.8/site-packages/ansible
ansible collection location = /home/vsts/.ansible/collections:/usr/share/ansible/collections
executable location = /home/vsts/.local/bin/ansible-playbook
python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC 9.4.0]
jinja version = 2.10.1
libyaml = True
No config file found; using defaults
setting up inventory plugins
host_list declined parsing /home/vsts/work/1/s/ansible/inventory/hosts.cfg as it did not pass its verify_file() method
auto declined parsing /home/vsts/work/1/s/ansible/inventory/hosts.cfg as it did not pass its verify_file() method
yaml declined parsing /home/vsts/work/1/s/ansible/inventory/hosts.cfg as it did not pass its verify_file() method
Parsed /home/vsts/work/1/s/ansible/inventory/hosts.cfg inventory source with ini plugin
Loading collection ansible.windows from /home/vsts/.local/lib/python3.8/site-packages/ansible_collections/ansible/windows
Loading collection community.windows from /home/vsts/.local/lib/python3.8/site-packages/ansible_collections/community/windows
redirecting (type: modules) ansible.builtin.win_service to ansible.windows.win_service
redirecting (type: modules) ansible.builtin.win_service to ansible.windows.win_service
redirecting (type: modules) ansible.builtin.win_service to ansible.windows.win_service
redirecting (type: modules) ansible.builtin.win_service to ansible.windows.win_service
redirecting (type: modules) ansible.builtin.win_service to ansible.windows.win_service
Loading callback plugin default of type stdout, v2.0 from /home/vsts/.local/lib/python3.8/site-packages/ansible/plugins/callback/default.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: main.yml *************************************************************
Positional arguments: main.yml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/home/vsts/work/1/s/ansible/inventory/hosts.cfg',)
extra_vars: ('{"customer_name": "<REMOVED>"}',)
forks: 5
1 plays in main.yml
PLAY [windows:pro] *********************************************************
TASK [Gathering Facts] *********************************************************
task path: /home/vsts/work/1/s/ansible/main.yml:1
redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
Using module file /home/vsts/.local/lib/python3.8/site-packages/ansible_collections/ansible/windows/plugins/modules/setup.ps1
Pipelining is enabled.
**fatal: [51.144.125.149]: FAILED! => {
"msg": "winrm or requests is not installed: No module named 'winrm'"
}**
PLAY RECAP *********************************************************************
51.144.125.149 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
We tried to fix the problem by installing various potentially relevant components in the pipeline just before running the ansible-playbook command, for instance this one
pip3 install pywinrm
Later, based on input on this SO question we tried this in the pipeline:
python3 -m pip install --ignore-installed pywinrm
find / -name winrm.py
ansible-playbook -vvv -i inventory/hosts.cfg main.yml
The find command finds winrm.py here:
/opt/pipx/venvs/ansible-core/lib/python3.8/site-packages/ansible/plugins/connection/winrm.py
The ansible-playbook configuration we are using is:
ansible-playbook [core 2.12.5]
config file = None
configured module search path =
['/home/vsts/.ansible/plugins/modules',
'/usr/share/ansible/plugins/modules']
ansible python module location = /opt/pipx/venvs/ansible-
core/lib/python3.8/site-packages/ansible
ansible collection location =
/home/vsts/.ansible/collections:/usr/share/ansible/collections
executable location = /opt/pipx_bin/ansible-playbook
python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC
9.4.0]
jinja version = 3.1.2
libyaml = True
No config file found; using defaults
The error we get is:
task path: /home/vsts/work/1/s/ansible/main.yml:1
redirecting (type: modules) ansible.builtin.setup to
ansible.windows.setup
Using module file /opt/pipx/venvs/ansible-
core/lib/python3.8/site-
packages/ansible_collections/ansible/windows/plugins/modules/
setup.ps1
Pipelining is enabled.
fatal: [13.73.148.141]: FAILED! => {
"msg": "winrm or requests is not installed: No module named
'winrm'"
}
you can try solution in RedHat knowledgebase
https://access.redhat.com/solutions/3356681
Last comment suggestion (replace yum with apt commands)
I was getting this error even if python2-winrm version 0.3.0 is
already installed via yum
yum list installed | grep winrm python2-winrm.noarch
0.3.0-1.el7 #epel
pip install "pywinrm>=0.2.2" only resulted in "Requirement already
satisfied"
I ran this to resolve the error -
yum autoremove python2-winrm.noarch
pip install "pywinrm>=0.2.2"
Then ping: pong worked just fine over https, port=5986
ram#thinkred1cartoon$ ansible all -i hosts.txt -m win_ping
172.16.96.135 | SUCCESS => {
"changed": false,
"ping": "pong" }
conversely, if you don't want to run command 1, then command 2 won't
work for you. In that case, run command 3
3 ) pip install --ignore-installed "pywinrm>=0.2.2"
It seems that the ansible lookup plugin does not adhere to privilege escalation and it is not clear to me if this is by design.
I have looked for an answer to this, but though I have found many similar questions, I haven't yet seen one which seems to answers why the following playbook behaves like it does.
---
- hosts: localhost
become: 1
tasks:
- name: cat file
command: cat /home/bob/.ssh/id_rsa.pub
register: cat
- debug:
msg: |
dog: {{ cat.stdout }}
- name: add the variable
set_fact:
rsa_key: "{{ lookup('file', '/home/bob/.ssh/id_rsa.pub') }}"
delegate_to: localhost
The result of running this play is that the command module "works" while the lookup module does not:
PLAY [localhost] *************************************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
TASK [cat file] **************************************************************************************************************************************************************************************************************************************************************
changed: [localhost]
TASK [debug] *****************************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
"msg": "dog: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCl+xAFC2hwsLaWvCEOFHEz96AU8ltF1fA8ZNQp9Mkl6FFZUEFu2rAl+imSXm+xAPrWhqOoLgkYZKq6qAsqG3SqSisrr4uHGdC4F/5NBlgR7OqfAU76VfJRmcq4F01caXBJVuciZ0EX7KQcC6ixNpZweLPoRDBNntDJnDKVIbx8h7w3qAYRbYOsLv6OT7BLgldSrJSOYBOJ0/SLZIUDAvewPnPppkwZgMAMV12bXHzn5Imsn9S6K5riZ/n3oenOgW787w5XQI0xKsxO6g4NjzciMELafXfoq07+Gz53NMyo9/DHag2w8y6m+Js4axazMFFgcnS3Hrbc/tSejvarEynEktN1/+JTu8eEdKxtZYr2ez55SW+MOxZr14isQJDc0btduO4yJfXvJ6KooULVbqZyVnmun6pKgecsCDTy6kYQVV0oJgpixiquoLAMPN+nKzufaSgGTRbKnQuf+7w6X94ci3iIkpS7qxvQsZ/P61q7uQjhtsmG6qsk6/M9nIruJY0= ansible-generated on rh1.local.home\n"
}
TASK [add the variable] ******************************************************************************************************************************************************************************************************************************************************
[WARNING]: Unable to find '/home/bob/.ssh/id_rsa.pub' in expected paths (use -vvvvv to see paths)
fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /home/bob/.ssh/id_rsa.pub"}
PLAY RECAP *******************************************************************************************************************************************************************************************************************************************************************
localhost : ok=3 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
I'm running this under a user, which is NOT "bob", and with become_user = root and become_method = sudo. Any ideas or a confirmation that indeed the lookup plugin ignores privilege escalation statements, would be appreciated.
Looking into to the actually code and commands to be found for the standard plugins for ansible I found this:
As all lookups, this runs on the Ansible host as the user running the playbook, and "become" does not apply, the target file must be readable by the playbook user, or, if it does not exist, the playbook user must have sufficient privileges to create it. (So, for example, attempts to write into areas such as /etc will fail unless the entire playbook is being run as root).'
Inside the password plugin. Hence, lookup plugins indeed ignore "become" escalation directives and hence it is "by design" this behavior though I find it rather counter intuitive, not well documented, and dislike it since it forces me to write ugly code to get around it ;-).
I am trying to deploy a Django REST API using Azure App Service on Linux. I am using a postgresql Database and deploy via pipeline. Azure has postgresql 9.6. After running my pipeline, the Website shows an Server Error (500).
The AppLogs show, that the Container couldn't be started due an failed import of psycopg2.
[ERROR] Exception in worker process
Traceback (most recent call last):
File "/home/site/wwwroot/antenv/lib/python3.7/site-packages/django/db/backends/postgresql/base.py", line 25, in
import psycopg2 as Database
File "/home/site/wwwroot/antenv/lib/python3.7/site-packages/psycopg2/__init__.py", line 50, in
from psycopg2._psycopg import ( # noqa
ImportError: /home/site/wwwroot/antenv/lib/python3.7/site-packages/psycopg2/_psycopg.cpython-37m-x86_64-linux-gnu.so: undefined symbol: PQencryptPasswordConn
In the Build-stage of my pipeline, I set up my environment (python3.7) like this:
- script: |
python -m venv antenv
source antenv/bin/activate
python -m pip install --upgrade pip
pip install setup
pip install -r requirements.txt
Where requirements.txt looks like this:
Django==3.0.2
djangorestframework==3.11.0
psycopg2-binary==2.8.4
pandas==0.25.3
pytest==5.3.5
pytest-django==3.8.0
pytest-mock==2.0.0
python-dateutil==2.8.1
sqlparse==0.3.0
whitenoise==5.0.1
BuildJob and DeploymentJob seem to run flawless. the Build-logs indicate that psycopg2_binary-2.8.4-cp37-cp37m-manylinux1_x86_64.whl was correctly downloaded and installed.
Also the App runs fine on my machine when using the database on azure by configuring in the settings.py:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql',
'NAME': 'databasename',
'USER': 'user#postgresqlserver',
'PASSWORD': 'Password',
'HOST': 'postgresqlserver.postgres.database.azure.com',
'PORT': '',
'OPTIONS': {'sslmode': 'require'}
}
} # Of course the info is actually saved in environment variables
This gives me the feeling, that something with the psycopg2 installation is not working... For others the *psycopg2-binary seemed to do the trick but unfortunateley not for me.
Am I right to assume that on azure I'm nether able to install postgresql10 as suggested here https://github.com/psycopg/psycopg2/issues/983 nor can install from source like suggested here https://github.com/psycopg/psycopg2/issues/1018?
There must be something I am missing, I would be grateful for any advice!
EDIT:
Taking a look at the library (as suggested here https://stackoverflow.com/a/59652816/13183775) I found that I don't have a PQencryptPasswordConn function but only a PQencryptPassword function. I have the feeling that this is expected for Postgresql9.6 (https://github.com/psycopg/psycopg2/blob/cb3353be1f10590cdc2a894ada42c3b4c171feb7/psycopg/psycopgmodule.c#L466).
To check, whether there are multiple versions libpq:
/>find . -name "libpq*"
./var/lib/dpkg/info/libpq5:amd64.symbols
./var/lib/dpkg/info/libpq5:amd64.shlibs
./var/lib/dpkg/info/libpq5:amd64.list
./var/lib/dpkg/info/libpq5:amd64.triggers
./var/lib/dpkg/info/libpq-dev.list
./var/lib/dpkg/info/libpq5:amd64.md5sums
./var/lib/dpkg/info/libpq-dev.md5sums
./usr/share/doc/libpq5
./usr/share/doc/libpq-dev
./usr/share/locale/ko/LC_MESSAGES/libpq5-9.6.mo
./usr/share/locale/it/LC_MESSAGES/libpq5-9.6.mo
./usr/share/locale/pl/LC_MESSAGES/libpq5-9.6.mo
./usr/share/locale/zh_TW/LC_MESSAGES/libpq5-9.6.mo
./usr/share/locale/tr/LC_MESSAGES/libpq5-9.6.mo
./usr/share/locale/cs/LC_MESSAGES/libpq5-9.6.mo
./usr/share/locale/de/LC_MESSAGES/libpq5-9.6.mo
./usr/share/locale/ru/LC_MESSAGES/libpq5-9.6.mo
./usr/share/locale/sv/LC_MESSAGES/libpq5-9.6.mo
./usr/share/locale/pt_BR/LC_MESSAGES/libpq5-9.6.mo
./usr/share/locale/fr/LC_MESSAGES/libpq5-9.6.mo
./usr/share/locale/es/LC_MESSAGES/libpq5-9.6.mo
./usr/share/locale/zh_CN/LC_MESSAGES/libpq5-9.6.mo
./usr/share/locale/ja/LC_MESSAGES/libpq5-9.6.mo
./usr/lib/x86_64-linux-gnu/pkgconfig/libpq.pc
./usr/lib/x86_64-linux-gnu/libpq.so.5
./usr/lib/x86_64-linux-gnu/libpq.so
./usr/lib/x86_64-linux-gnu/libpq.so.5.9
./usr/lib/x86_64-linux-gnu/libpq.a
./usr/include/postgresql/libpq-events.h
./usr/include/postgresql/libpq-fe.h
./usr/include/postgresql/libpq
./usr/include/postgresql/libpq/libpq-fs.h
./usr/include/postgresql/internal/libpq
./usr/include/postgresql/internal/libpq-int.h>
Sadly I'm not able to see here wether there are multiple libpq versions...
I have written a simple Perl script to launch google. But it terminates with an error - Could not connect to SeleniumWebDriver at C:/perl/lib/Selenium/Remote/Driver.pm line 220
I am using selenium server version - 2.31
OS - windows7 (32 bit)
Perl Code
use warnings;
use strict;
use Selenium::Remote::Driver;
my $driver = Selenium::Remote::Driver->new( browser_name => 'firefox', port => 4444,
platform => 'ANY');
$driver->get('http://www.google.com');
sleep(5);
print $driver->get_title();
$driver->quit();
When i execute perl script, at each instance, on server command prompt i could see this line -
14:07:23.325 INFO - Executing: org.openqa.selenium.remote.server.handler.Status#
8e96fc at URL: /status)
14:07:23.327 INFO - Done: /status
But browser is not getting launched. Please can anybody help me about the issue?
Did you start the selenium server on a machine with firefox and X (assuming Linux)
and maybe add the proxy in
{remote_server_addr=>'localhost', port=>4444,proxy => { 'proxyType' => 'system' }}
can you post how you're starting selenium
I started the selenium server using command
"java -jar selenium-server-standalone-2.31.0.jar"
But the issue get resolved now. I guess it was Perl issue. I was using Active Perl V 5.16.
Then i installed Strawberry Perl V 5.18 and it worked.
Thank you!
I am trying to use LWP::Simple to make a GET request to a REST service. Here's the simple code:
use LWP::Simple;
$uri = "http://api.stackoverflow.com/0.8/questions/tagged/php";
$jsonresponse= get $uri;
print $jsonresponse;
On my local machine, running Ubuntu 10.4, and Perl version 5.10.1:
farhan#farhan-lnx:~$ perl --version
This is perl, v5.10.1 (*) built for x86_64-linux-gnu-thread-multi
I can get the correct response and have it printed on the screen. E.g.:
farhan#farhan-lnx:~$ head -10 output.txt
{
"total": 1000,
"page": 1,
"pagesize": 30,
"questions": [
{
"tags": [
"php",
"arrays",
"coding-style"
(... snipped ...)
But on my host's machine to which I SSH into, I get garbage printed on the screen for the same exact code. I am assuming it has something to do with the encoding, but the REST service does not return the character set type in the response, so how do I force LWP::Simple to use the correct encoding? Any ideas what may be going on here?
Here's the version of Perl on my host's machine:
[dredd]$ perl --version
This is perl, v5.8.8 built for x86_64-linux-gnu-thread-multi
I happen to have a 64 bit RHEL 5.4 box which has Perl 5.8.8 on it. I took your code and got the exact same result. I tried using Data::Dumper to dump the data, but that didn't change anything. I then went to the command line and did this:
wget -O jsonfile http://api.stackoverflow.com/0.8/questions/tagged/php
--2010-05-26 11:42:41-- http://api.stackoverflow.com/0.8/questions/tagged/php
Resolving api.stackoverflow.com... 69.59.196.211
Connecting to api.stackoverflow.com|69.59.196.211|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5430 (5.3K) [application/json]
Saving to: `jsonfile'
2010-05-26 11:42:42 (56.9 KB/s) - `jsonfile' saved [5430/5430]
When I did this:
file jsonfile
I got:
jsonfile: gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), max speed
So, the JSON data was gzipped by the web server. I tried this:
gzip -dc jsonfile
and lo and behold the results are the JSON data as you would expect.
What you can do now is to either use another module to ungzip the data, or you can check out this other thread which shows how to accept gzip using LWP::UserAgent and handle the request that way
This is bug 44435. Upgrade libwww-perl to version 5.827 or better.