Skip to main content

Class Definition

class NmapScanner:
    def __init__(self, target_ip)
Network scanner that performs comprehensive host discovery, port scanning, service detection, and OS fingerprinting using Nmap.

Constructor

__init__(target_ip)

Initializes the NmapScanner with a target IP address.
target_ip
str
required
The IP address of the target host to scan
Attributes:
  • target_ip (str): Target IP address
  • output_dir (Path): Directory for storing scan results ({Config.OUTPUT_BASE}/nmap)
Example: 
scanner = NmapScanner("192.168.56.101")

Methods

full_scan()

Performs a comprehensive Nmap scan including service detection and OS fingerprinting. 
def full_scan(self) -> Host
Scan Parameters:
  • Ports: 1-1000 (top 1000 ports)
  • Arguments: -sV -sC -O --top-ports 1000
    • -sV: Service version detection
    • -sC: Default script scanning
    • -O: OS detection
return
Host
A Host object containing:
  • ip: Target IP address
  • os_detection: Detected OS with accuracy percentage
  • ports_open: Dictionary of open ports with service information
Port Information Structure: 
{
    port_number: {
        'state': 'open',
        'service': 'http',
        'version': '2.4.41',
        'product': 'Apache httpd',
        'extra': '(Ubuntu)'
    }
}
Example: 
scanner = NmapScanner("192.168.56.101")
host = scanner.full_scan()

print(f"OS: {host.os_detection}")
for port, info in host.ports_open.items():
    print(f"Port {port}: {info['service']} {info['version']}")
Console Output: 
📡 Nmap Top 1000 + Servicios + OS Detection...
🖥️  OS Detectado: Linux 3.X (95%)
✅ 5 servicios detectados

PORT         STATE      SERVICE         VERSION
────────────────────────────────────────────────────────────
21/tcp       open       ftp             vsftpd 2.3.4
22/tcp       open       ssh             OpenSSH 7.9
80/tcp       open       http            Apache httpd 2.4.41

discover_network(network)

Static method to auto-discover active hosts in a network range. 
@staticmethod
def discover_network(network='192.168.56.0/24') -> list[str]
network
str
default:"192.168.56.0/24"
Network range in CIDR notation (e.g., “192.168.1.0/24”)
Scan Method:
  • Uses nmap -sn (ping scan) for host discovery
  • Filters out gateway (.1) and network (.0) addresses
  • Timeout: 30 seconds
return
list[str]
List of discovered IP addresses in the network
Example: 
hosts = NmapScanner.discover_network('192.168.56.0/24')
print(f"Found {len(hosts)} hosts: {hosts}")
# Output: Found 3 hosts: ['192.168.56.101', '192.168.56.102', '192.168.56.103']
Fallback Behavior: If discovery fails (timeout, error), returns [Config.DEFAULT_TARGET] as fallback.

Implementation Details

OS Detection Logic

  1. Primary: Uses osmatch field from Nmap results 
    os_matches = nm[target_ip].get('osmatch', [])
best = os_matches[0]
os_detection = f"{best.get('name')} ({best.get('accuracy')}%)"
  2. Fallback: Uses osclass if osmatch unavailable 
    os_class = nm[target_ip].get('osclass', [])
os_detection = f"{oc.get('osfamily')} {oc.get('osgen')}"

Service Detection

Extracts detailed service information for each open port: 
service = nm[target_ip][proto][port]
host.ports_open[int(port)] = {
    'state': service['state'],
    'service': service.get('name', 'unknown'),
    'version': service.get('version', ''),
    'product': service.get('product', ''),
    'extra': service.get('extrainfo', '')
}

Dependencies

  • nmap: Python library for Nmap integration
  • pathlib.Path: File system operations
  • subprocess: Network discovery execution
  • config.Config: Configuration settings
  • models.host.Host: Host data model
  • rich.print: Formatted console output

Build docs developers (and LLMs) love

Get started for freeTalk to us