
Research
/Security News
Toptal’s GitHub Organization Hijacked: 10 Malicious Packages Published
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
Python NMAP library enabling you to start async nmap tasks, parse and compare/diff scan results
|preflight-check| |Coverage Status| |License|
libnmap is a python library enabling python developers to manipulate nmap process and data.
libnmap is what you were looking for if you need to implement the following:
The above uses cases will be easy to implement with the help of the libnmap modules.
The lib currently offers the following modules:
process: enables you to launch nmap scans
parse: enables you to parse nmap reports or scan results (only XML so far) from a file, a string,…
report: enables you to manipulate a parsed scan result and de/serialize scan results in a json format
diff: enables you to see what changed between two scans
common: contains basic nmap objects like NmapHost and NmapService. It is to note that each object can be "diff()ed" with another similar object.
plugins: enables you to support datastores for your scan results directly in the "NmapReport" object. from report module:
All the documentation is available on read the docs <https://libnmap.readthedocs.org>
__. This documentation contains
small code samples that you directly reuse.
libnmap has by default no dependencies, except defusedxml if you need to import untrusted XML scans data.
The only additional python modules you’ll have to install depends if you wish to use libnmap to store reports on an exotic data store via libnmap’s independents plugins.
Below the list of optional dependencies:
sqlalchemy <https://github.com/zzzeek/sqlalchemy>
__ (+the driver
ie:MySQL-python)pymongo <https://github.com/mongodb/mongo-python-driver/>
__boto <https://github.com/boto/boto>
__If you are importing/parsing untrusted XML scan outputs with python-libnmap, install defusedxml library:
.. code:: bash
ronald@brouette:~/dev$ pip install defusedxml
This will prevent you from being vulnerable to XML External Entities attacks <https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing>
__.
For more information, read the official libnmap documentation <https://libnmap.readthedocs.io/en/latest/parser.html#security-note-for-libnmap-parser>
__
This note relates to a cascaded CVE vulnerability from the python core
library XML ElementTree. Nevertheless, python-libnmap has been assigned
an official CVE <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010017>
__
to track this issue.
This CVE is addressed from v0.7.2.
The libnmap code is tested against the following python interpreters:
You can install libnmap via pip:
.. code:: bash
ronald@brouette:~$ pip install python-libnmap
or via git and dist utils (à l’ancienne):
.. code:: bash
ronald@brouette:$ git clone https://github.com/savon-noir/python-libnmap.git
ronald@brouette:$ cd python-libnmap
ronald@brouette:~$ python setup.py install
or via git and pip:
.. code:: bash
ronald@brouette:$ git clone https://github.com/savon-noir/python-libnmap.git
ronald@brouette:$ cd python-libnmap
ronald@brouette:~$ pip install .
Some codes samples are available in the examples directory or in the
documentation <https://libnmap.readthedocs.org>
__.
Among other example, you notice an sample code pushing nmap scan reports in an ElasticSearch instance and allowing you to create fancy dashboards in Kibana like the screenshot below:
.. figure:: https://github.com/savon-noir/python-libnmap/blob/es/examples/kibanalibnmap.png :alt: Kibanane
Mike @bmx0r Boutillier for S3 and SQL-Alechemy plugins and for the constructive critics. Thanks!
.. |preflight-check| image:: https://github.com/savon-noir/python-libnmap/workflows/Preflight%20Check/badge.svg .. |Coverage Status| image:: https://coveralls.io/repos/github/savon-noir/python-libnmap/badge.svg?branch=master :target: https://coveralls.io/github/savon-noir/python-libnmap?branch=master .. |License| image:: https://img.shields.io/badge/License-Apache%202.0-blue.svg :target: https://opensource.org/licenses/Apache-2.0
FAQs
Python NMAP library enabling you to start async nmap tasks, parse and compare/diff scan results
We found that python-libnmap demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Threat actors hijacked Toptal’s GitHub org, publishing npm packages with malicious payloads that steal tokens and attempt to wipe victim systems.
Research
/Security News
Socket researchers investigate 4 malicious npm and PyPI packages with 56,000+ downloads that install surveillance malware.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.