Python and nmap: Scanning For Hosts (Python)

nmap scanning multiple hosts, entering each host individually

nmap is a powerful software tool that can be used to scan a network for hosts, see what ports they have open and even try to identify what operating system the hosts have running. I previously created a basic port scanner in Python, but in this blog post I am going to look at using Python with nmap to see some of what it can do.

Before proceeding I need to make this very clear:

DO NOT USE THE BELOW INFORMATION TO ATTACK, MONITOR OR BREAK INTO ANY COMPUTER / NETWORK / DEVICE THAT DOES NOT BELONG TO YOU. I TAKE NO RESPONSIBILITY FOR YOUR ACTIONS.

For this project I am using my home test network and running Python 3 on a Raspberry Pi (Raspbian Linux). The same details should work on the majority of Linux systems with Python, although you may need to replace apt with yum etc… in commands.

This project requires nmap and the Python nmap library. If you don’t have these installed then:

Installing nmap

sudo apt-get install nmap
sudo apt-get install nmap
sudo apt-get install nmap

nmap is a program that can be used without having to write any Python and at some point in the future I may do a blog post on it. If you want to use nmap on its own, then open a terminal / command line and type nmap.

Installing Python Nmap

pip3 install python-nmap
pip3 install python-nmap
pip3 install python-nmap

Be careful at this stage; Python has a package called nmap which is not the package we are looking for. Make sure pip3 installs python-nmap. If you want to see what the difference between the packages is:

If you install the wrong library via pip3, then use pip3 uninstall library_name, e.g. pip3 uninstall nmap to uninstall the library.

Using Python To Scan A Single Host

For my first Python script I am going to scan a Raspberry Pi that is on IP address 192.168.0.28.

#!/usr/bin/python3

# geektechstuff nmap

import nmap

nm = nmap.PortScanner()

scan_range = nm.scan(hosts="192.168.0.28")

print (scan_range['scan'])
geektechstuff_nmap_python_scan_host
Using nmap in Python to scan a host

Note: nmap can take a few minutes to scan an individual host depending on the options given to it.

The results from the scan will be outputted in JSON format.

geektechstuff_nmap_python_scan_host_1
nmap scan results
{'192.168.0.28': {'hostnames': [{'name': '', 'type': ''}], 'addresses': {'ipv4': '192.168.0.28'}, 'vendor': {}, 'status': {'state': 'up', 'reason': 'conn-refused'}, 'tcp': {22: {'state': 'open', 'reason': 'syn-ack', 'name': 'ssh', 'product': 'OpenSSH', 'version': '7.9p1 Raspbian 10+deb10u2', 'extrainfo': 'protocol 2.0', 'conf': '10', 'cpe': 'cpe:/o:linux:linux_kernel'}}}}

As can be seen from the returned JSON, nmap managed to see 192.168.0.28, could tell the device was up, that port 22 (SSH) was open, the type of SSH in use (OpenSSH) and the operating system (Raspbian) in use.

Using Python To Scan Multiple Hosts

Multiple Individual Hosts

The above Python code can be changed to scan multiple hosts instead of one single host, just with an alteration to the line that begins scan_range and adding a space in between each host.

scan_range = nm.scan(hosts="192.168.0.28 192.168.0.1 192.168.0.2")
geektechstuff_nmap_python_scanning_multiple_hosts_1
nmap scanning multiple hosts, entering each host individually

In the above example nmap will scan 192.168.0.28, 192.168.0.1 and 192.168.0.2

A Range Of Hosts

If the hosts you want to scan are in a range (i.e. 192.168.0.1 to 192.168.0.10) then nmap can be given the range to scan rather than typing in each individual host.

scan_range = nm.scan(hosts="192.168.0.1-10")
geektechstuff_nmap_python_scanning_multiple_hosts_2
nmap scanning multiple hosts, entering a range of hosts

The above example will scan all the hosts on IP addresses between (and including) 192.168.0.1 and 192.168.0.10

A CIDR Range

If Classless Inter Domain Routing (CIDR) is more your style and you know the CIDR notation of the network you want to scan then that can be used instead.

scan_range = nm.scan(hosts="192.168.0.1/24")
geektechstuff_nmap_python_scanning_multiple_hosts_3
nmap scanning multiple hosts using a CIDR range

In the above example nmap will scan 192.168.0.1/24 , i.e. 192.168.0.1 to 192.168.0.255

One thought on “Python and nmap: Scanning For Hosts (Python)

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.