Add top ports to agent nmap

README.md

@@ -35,6 +35,7 @@ Supported agent flags:
 
 * `fast_mode` (`-F`): Fast mode scans fewer ports than the default mode.
 * `ports` (`-p`): List of ports to scan.
+* `top_ports` (`--top-ports`): Top ports to scan.
 * `no_ping` (`-Pn`): Treat all hosts as online, skip host discovery.
 * `version_info` (`-sV`): Probe open ports to determine service/version info.
 * `timing_template` (`-Tx`): Template of timing settings (T0, T1, ... T5)..

agent/nmap_agent.py

@@ -155,6 +155,7 @@ def _scan_host(self, host: str, mask: int) -> Tuple[Dict[str, Any], str]:
         options = nmap_options.NmapOptions(
             dns_resolution=False,
             ports=self.args.get("ports"),
+            top_ports=self.args.get("top_ports"),
             fast_mode=self.args.get("fast_mode", False),
             no_ping=self.args.get("no_ping", False),
             timing_template=nmap_options.TimingTemplate[self.args["timing_template"]],
@@ -172,6 +173,7 @@ def _scan_domain(self, domain_name: str) -> Tuple[Dict[str, Any], str]:
         options = nmap_options.NmapOptions(
             dns_resolution=False,
             ports=self.args.get("ports"),
+            top_ports=self.args.get("top_ports"),
             fast_mode=self.args.get("fast_mode", False),
             no_ping=self.args.get("no_ping", False),
             timing_template=nmap_options.TimingTemplate[self.args["timing_template"]],

agent/nmap_options.py

@@ -44,7 +44,8 @@ class NmapOptions:
 
     dns_resolution: bool = True
     dns_servers: List[str] | None = None
-    ports: Optional[str] | None = None
+    ports: Optional[str] = None
+    top_ports: Optional[int] = None
     fast_mode: bool = False
     timing_template: TimingTemplate = TimingTemplate.T3
     script_default: bool = False
@@ -97,6 +98,8 @@ def _set_ports_option(self) -> List[str]:
         """Appends the ports option to the list of nmap options."""
         if self.fast_mode is True:
             return ["-F"]
+        elif self.top_ports is not None:
+            return ["--top-ports", str(self.top_ports)]
         elif self.ports is not None:
             return ["-p", self.ports]
         else:

agent/nmap_wrapper.py

@@ -39,7 +39,7 @@ def __init__(self, options: nmap_options.NmapOptions) -> None:
         """
         self._options = options
 
-    def _construct_command_host(self, host: str, mask: int) -> List[str]:
+    def construct_command_host(self, host: str, mask: int) -> List[str]:
         """
         Construct the Nmap command to be run.
 
@@ -96,7 +96,7 @@ def scan_hosts(self, hosts: str, mask: int) -> Tuple[Dict[str, Any], str]:
             result of the scan.
         """
         logger.info("running the nmap scan")
-        command = self._construct_command_host(hosts, mask)
+        command = self.construct_command_host(hosts, mask)
 
         subprocess.run(command, check=True)
 

ostorlab.yaml

@@ -19,6 +19,7 @@ description: |
 
   * `fast_mode` (`-F`): Fast mode scans fewer ports than the default mode.
   * `ports` (`-p`): List of ports to scan.
+  * `top_ports` (`--top-ports`): Top ports to scan.
   * `no_ping` (`-Pn`): Treat all hosts as online, skip host discovery.
   * `version_info` (`-sV`): Probe open ports to determine service/version info.
   * `timing_template` (`-Tx`): Template of timing settings (T0, T1, ... T5)..
@@ -84,6 +85,9 @@ args:
     type: "string"
     description: "List of ports to scan."
     value: "0-65535"
+  - name: "top_ports"
+    type: "int"
+    description: "Top ports to scan."
   - name: "no_ping"
     description: "Treat all hosts as online, skip host discovery."
     type: "boolean"

tests/configs/all_ports.yaml

@@ -0,0 +1,127 @@
+kind: Agent
+name: nmap
+version: 0.10.2
+image: images/logo.png
+description: |
+  This repository is an implementation of [Ostorlab Agent](https://pypi.org/project/ostorlab/) for the [Nmap Scanner](https://github.com/projectdiscovery/nmap) by Project Discovery.
+  ## Getting Started
+  To perform your first scan, simply run the following command:
+  ```shell
+  ostorlab scan run --install --agent agent/ostorlab/nmap ip 8.8.8.8
+  ```
+  This command will download and install `agent/ostorlab/nmap` and target the ip `8.8.8.8`.
+  For more information, please refer to the [Ostorlab Documentation](https://github.com/Ostorlab/ostorlab/blob/main/README.md)
+  ## Usage
+
+  Agent Nmap can be installed directly from the ostorlab agent store or built from this repository.
+
+  Supported agent flags:
+
+  * `fast_mode` (`-F`): Fast mode scans fewer ports than the default mode.
+  * `ports` (`-p`): List of ports to scan.
+  * `top_ports` (`--top-ports`): Top ports to scan.
+  * `no_ping` (`-Pn`): Treat all hosts as online, skip host discovery.
+  * `version_info` (`-sV`): Probe open ports to determine service/version info.
+  * `timing_template` (`-Tx`): Template of timing settings (T0, T1, ... T5)..
+  * `script_default` (`-sC`): Script scan, equivalent to --script=default.
+  * `scripts` (`--script`): List of scripts to run using Nmap.
+
+   ### Install directly from ostorlab agent store
+   ```shell
+   ostorlab agent install agent/ostorlab/nmap
+   ```
+  You can then run the agent with the following command:
+  ```shell
+  ostorlab scan run --agent agent/ostorlab/nmap ip 8.8.8.8
+  ```
+  ### Build directly from the repository
+   1. To build the nmap agent you need to have [ostorlab](https://pypi.org/project/ostorlab/) installed in your machine.  if you have already installed ostorlab, you can skip this step.
+  ```shell
+  pip3 install ostorlab
+  ```
+   2. Clone this repository.
+  ```shell
+  git clone https://github.com/Ostorlab/agent_nmap.git && cd agent_nmap
+  ```
+   3. Build the agent image using ostorlab cli.
+   ```shell
+   ostorlab agent build --file=ostorlab.yaml
+   ```
+   You can pass the optional flag `--organization` to specify your organisation. The organization is empty by default.
+   4. Run the agent using on of the following commands:
+     * If you did not specify an organization when building the image:
+      ```shell
+      ostorlab scan run --agent agent//nmap ip 8.8.8.8
+      ```
+     * If you specified an organization when building the image:
+      ```shell
+      ostorlab scan run --agent agent/[ORGANIZATION]/nmap ip 8.8.8.8
+      ```
+  ## License
+  [Apache-2.0](./LICENSE)
+license: Apache-2.0
+source: https://github.com/Ostorlab/agent_nmap
+in_selectors:
+  - v3.asset.ip.v4
+  - v3.asset.ip.v6
+  - v3.asset.domain_name
+  - v3.asset.link
+out_selectors:
+  - v3.asset.ip.v4.port.service
+  - v3.asset.ip.v6.port.service
+  - v3.asset.domain_name.service
+  - v3.report.vulnerability
+  - v3.fingerprint.ip.v4.service.library
+  - v3.fingerprint.ip.v6.service.library
+  - v3.fingerprint.domain_name.service.library
+docker_file_path : Dockerfile
+docker_build_root : .
+args:
+  - name: "fast_mode"
+    description: "Fast mode scans fewer ports than the default mode."
+    type: "boolean"
+    value: false
+  - name: "ports"
+    type: "string"
+    description: "List of ports to scan."
+    value: "0-65535"
+  - name: "top_ports"
+    type: "int"
+    description: "Top ports to scan."
+  - name: "no_ping"
+    description: "Treat all hosts as online, skip host discovery."
+    type: "boolean"
+    value: false
+  - name: "version_info"
+    description: "Probe open ports to determine service/version info."
+    type: "boolean"
+    value: true
+  - name: "timing_template"
+    type: "string"
+    description: "Template of timing settings (T0, T1, ... T5)."
+    value: "T3"
+  - name: "script_default"
+    type: "bool"
+    description: "Script scan, equivalent to --script=default"
+    value: true
+  - name: "scripts"
+    type: "array"
+    description: "List of scripts to run using Nmap"
+    value: ['banner']
+  - name: "max_network_mask_ipv4"
+    type: "int"
+    description: "When scanning an IP range, maximum network size, if the network is above max, network in divided into subnetworks."
+    value: 26
+  - name: "max_network_mask_ipv6"
+    type: "int"
+    description: "When scanning an IP range, maximum network size, if the network is above max, network in divided into subnetworks."
+    value: 112
+  - name: "scope_domain_regex"
+    type: "string"
+    description: "Regular expression to define domain scanning scope."
+  - name: "vpn_config"
+    type: "string"
+    description: "Vpn configuration."
+  - name: "dns_config"
+    type: "string"
+    description: "DNS configuration."

tests/configs/fast_mode.yaml

@@ -0,0 +1,127 @@
+kind: Agent
+name: nmap
+version: 0.10.2
+image: images/logo.png
+description: |
+  This repository is an implementation of [Ostorlab Agent](https://pypi.org/project/ostorlab/) for the [Nmap Scanner](https://github.com/projectdiscovery/nmap) by Project Discovery.
+  ## Getting Started
+  To perform your first scan, simply run the following command:
+  ```shell
+  ostorlab scan run --install --agent agent/ostorlab/nmap ip 8.8.8.8
+  ```
+  This command will download and install `agent/ostorlab/nmap` and target the ip `8.8.8.8`.
+  For more information, please refer to the [Ostorlab Documentation](https://github.com/Ostorlab/ostorlab/blob/main/README.md)
+  ## Usage
+
+  Agent Nmap can be installed directly from the ostorlab agent store or built from this repository.
+
+  Supported agent flags:
+
+  * `fast_mode` (`-F`): Fast mode scans fewer ports than the default mode.
+  * `ports` (`-p`): List of ports to scan.
+  * `top_ports` (`--top-ports`): Top ports to scan.
+  * `no_ping` (`-Pn`): Treat all hosts as online, skip host discovery.
+  * `version_info` (`-sV`): Probe open ports to determine service/version info.
+  * `timing_template` (`-Tx`): Template of timing settings (T0, T1, ... T5)..
+  * `script_default` (`-sC`): Script scan, equivalent to --script=default.
+  * `scripts` (`--script`): List of scripts to run using Nmap.
+
+   ### Install directly from ostorlab agent store
+   ```shell
+   ostorlab agent install agent/ostorlab/nmap
+   ```
+  You can then run the agent with the following command:
+  ```shell
+  ostorlab scan run --agent agent/ostorlab/nmap ip 8.8.8.8
+  ```
+  ### Build directly from the repository
+   1. To build the nmap agent you need to have [ostorlab](https://pypi.org/project/ostorlab/) installed in your machine.  if you have already installed ostorlab, you can skip this step.
+  ```shell
+  pip3 install ostorlab
+  ```
+   2. Clone this repository.
+  ```shell
+  git clone https://github.com/Ostorlab/agent_nmap.git && cd agent_nmap
+  ```
+   3. Build the agent image using ostorlab cli.
+   ```shell
+   ostorlab agent build --file=ostorlab.yaml
+   ```
+   You can pass the optional flag `--organization` to specify your organisation. The organization is empty by default.
+   4. Run the agent using on of the following commands:
+     * If you did not specify an organization when building the image:
+      ```shell
+      ostorlab scan run --agent agent//nmap ip 8.8.8.8
+      ```
+     * If you specified an organization when building the image:
+      ```shell
+      ostorlab scan run --agent agent/[ORGANIZATION]/nmap ip 8.8.8.8
+      ```
+  ## License
+  [Apache-2.0](./LICENSE)
+license: Apache-2.0
+source: https://github.com/Ostorlab/agent_nmap
+in_selectors:
+  - v3.asset.ip.v4
+  - v3.asset.ip.v6
+  - v3.asset.domain_name
+  - v3.asset.link
+out_selectors:
+  - v3.asset.ip.v4.port.service
+  - v3.asset.ip.v6.port.service
+  - v3.asset.domain_name.service
+  - v3.report.vulnerability
+  - v3.fingerprint.ip.v4.service.library
+  - v3.fingerprint.ip.v6.service.library
+  - v3.fingerprint.domain_name.service.library
+docker_file_path : Dockerfile
+docker_build_root : .
+args:
+  - name: "fast_mode"
+    description: "Fast mode scans fewer ports than the default mode."
+    type: "boolean"
+    value: true
+  - name: "ports"
+    type: "string"
+    description: "List of ports to scan."
+    value: "0-65535"
+  - name: "top_ports"
+    type: "int"
+    description: "Top ports to scan."
+  - name: "no_ping"
+    description: "Treat all hosts as online, skip host discovery."
+    type: "boolean"
+    value: false
+  - name: "version_info"
+    description: "Probe open ports to determine service/version info."
+    type: "boolean"
+    value: true
+  - name: "timing_template"
+    type: "string"
+    description: "Template of timing settings (T0, T1, ... T5)."
+    value: "T3"
+  - name: "script_default"
+    type: "bool"
+    description: "Script scan, equivalent to --script=default"
+    value: true
+  - name: "scripts"
+    type: "array"
+    description: "List of scripts to run using Nmap"
+    value: ['banner']
+  - name: "max_network_mask_ipv4"
+    type: "int"
+    description: "When scanning an IP range, maximum network size, if the network is above max, network in divided into subnetworks."
+    value: 26
+  - name: "max_network_mask_ipv6"
+    type: "int"
+    description: "When scanning an IP range, maximum network size, if the network is above max, network in divided into subnetworks."
+    value: 112
+  - name: "scope_domain_regex"
+    type: "string"
+    description: "Regular expression to define domain scanning scope."
+  - name: "vpn_config"
+    type: "string"
+    description: "Vpn configuration."
+  - name: "dns_config"
+    type: "string"
+    description: "DNS configuration."