[ Home ] [ Architecture ] [ FAQ ] [ Implementation ] [ Tutorial ]
Creating a scan.
This example is based upon the sys_runningProc.py scan provided in the scans.zip file.
1 author = "Wayne Pierce" 2 license = "GNU GPL v2" 3 date = "19 June 2004" 4 version = "0" 5 status = "production" 6 platform = ["win32"] 7 category = ["system"] 8 description = "Return a listing of the running processes on a system." 9 def check(host,tFile,verbose): 10 import wmi 11 12 c = wmi.WMI () 13 14 # Write a header to show what scan this is. 15 tFile.write("\n\tsys_runningProc\n") 16 17 # TODO - Put a try: block around this. 18 # Get the running processes 19 for process in c.Win32_Process (): 20 # Write the results 21 line = "\t\t%s-%s\n" % (process.ProcessId,process.Name) 22 tFile.write(line) 23 24 tFile.flush() 25 26 return (1,"")
Lines 1 through 8 are variables available to scan.py before executing the function check. Some of these items are required, others are suggested and any variable can be added in this section.
The status variable must be present and set to "production" or the scan will be skipped. A feature will eventually be added to run scans that are not marked as production.
The platform variable on line 6 is required and should be in the form of a Python Array of strings. Each entry represents the platforms this script has been tested on and known to work. You should use the text format returned by Python's sys.platform .
The category variable in line 7 is required and should be in the form of a Python Array of strings. Each entry represents the categories this script belongs in, there is also an option to only run a specific category of scan.
Every scan must also have a function called check that takes three variables, host, tFile and verbose. These three variables are set by scan.py, host is the host to be scanned, tFile is the open file pipe to write results to and verbose is a boolean flag to determine if verbose output should be printed.
For Microsoft Windows scans, heavy use is made of Tim Golden's wmi.py module.
The check function should return a tuple where the first value is numeric and the second a string of text. A return code of 1 represents success.