-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcdpscanner.py
295 lines (274 loc) · 10.7 KB
/
cdpscanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
#!/usr/bin/env python
import os
try:
from netmiko import ConnectHandler
except ImportError:
print('[!] Looks like you are missing the paramiko library. run \'pip install netmiko\'')
if os.name == 'nt':
print('[!] *NOTE* you must install the Microsoft Visual C++ Compiler for Python 2.7 ' \
'before installing netmiko.\r\n' \
'This can be found at http://www.microsoft.com/en-us/download/details.aspx?id=44266')
import getopt
import sys
import re
import getpass
import socket
from openpyxl import Workbook
import threading
import Queue
import ipaddress
class WorkerThread(threading.Thread):
def __init__(self, queue):
threading.Thread.__init__(self)
self.queue = queue
def run(self):
while True:
host = self.queue.get()
connect_to_device(host)
self.queue.task_done()
# help message
def helpmsg():
print('Usage: cdpscanner.py [Options]' \
' Note: All options are optional. User is prompted or defaults are used.' \
' -h or --help: This help screen\n' \
' -i or --inputfile: specifies a file containing hosts to connect to.\n' \
' -u or --username: specifies a username to use\n' \
' -p or --password: Specifies the password to use\n' \
' -v or --verbose: Enables verbose output\n' \
' -t or --telnet: Enables fallback to telnet\n' \
' -o or --output: Prints the inventory of all of the devices at the end\n' \
' -H or --hosts: specifies hosts via comma seperated values\n' \
' -e or --exclusions: specifies hosts/networks to exclude from scan via comma seperated values\n' \
' -T or --threads: specifices the number of threads (defaults to 8)\n'\
' -g or --graph: enables graphing of the network and specifices the output file\n')
def getinfo(username, password, host, commands, mode):
global seen_before
all_output = []
row = []
if mode == "SSH":
device = {
'device_type': 'cisco_ios',
'ip': host,
'username': username,
'password': password,
'port': 22, # optional, defaults to 22
'secret': '', # optional, defaults to ''
'verbose': False, # optional, defaults to False
}
elif mode == "Telnet":
device = {
'device_type': 'cisco_ios_telnet',
'ip': host,
'username': username,
'password': password,
'port': 23, # optional, defaults to 22
'secret': '', # optional, defaults to ''
'verbose': False, # optional, defaults to False
}
print('Connecting to %s with %s' % (host, mode))
# Create instance of SSHClient object
net_connect = ConnectHandler(**device)
# Automatically add untrusted hosts (make sure okay for security policy in your environment)
print('%s connection established to %s' % (mode, host))
# Use invoke_shell to establish an 'interactive session'
a = re.search(r'(.*)[#>]', net_connect.find_prompt())
hostname = a.group(1)
seen_before.append(hostname)
ip_lines = net_connect.send_command('show ip int brief | ex unass')
for line in ip_lines.split('\n'):
a = re.search(r'([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)', line)
if a is not None:
seen_before.append(a.group(1))
for command in commands:
output = net_connect.send_command(command)
all_output.append(output)
if command == 'show inventory':
lines = output.split('\n\n')
for line in lines:
new_line = line.replace('\n', '')
a = re.search(r'NAME:\ ?(\S+).*PID:\ ?(\S+).*SN:\ ?(\S+)', new_line)
if a is not None:
pid = a.group(2)
serial = a.group(3)
row.append([hostname, pid, serial])
if verbose_mode:
print(output)
return all_output, row
def validate_host(host):
try:
socket.inet_aton(host)
return True
except:
try:
ip_from_host = socket.gethostbyname(device)
return True
except:
print("%s is not a valid host name or IP address" % device)
sys.exit(2)
def find_hosts_from_output(output):
neighbor_list = []
global queue
global seen_before
cdp_regex = re.compile(
r'Device ID:\ *(\S+)(?:[^\r\n]*\r?\n){1,4}'
r'[\ ]*IP(?:v4)* [aA]ddress:\ (\S+)\r?\n'
r'Platform: (?:cisco )*(\S+),[\ ]*Capabilities:.*(Switch)')
for item in output:
split_output = ['Device ID:'+ e for e in item.split('Device ID:') if e != '']
for single_device in split_output:
matches = re.search(cdp_regex, single_device)
if matches is not None:
hostname = matches.group(1).split('.')[0]
fqdn = matches.group(1)
ip_address = matches.group(2)
device_model = matches.group(3)
if hostname not in seen_before and ip_address not in seen_before and fqdn not in seen_before and \
ip_address not in excluded_devices:
queue.put(matches.group(2))
seen_before.append(hostname)
seen_before.append(fqdn)
seen_before.append(ip_address)
neighbor_list.append([hostname, ip_address, device_model])
return neighbor_list
def connect_to_device(host):
global seen_before
global neighbor_list
global failed_ssh
global errors_ws
global inventory_list
# remove the host you are going to connect to from the set.
device_output = ''
seen_before.append(host)
try:
# Try SSH and if that fails try telnet.
device_output, inventory_rows = getinfo(username, password, host, commands, 'SSH')
neighbor_rows = find_hosts_from_output(device_output)
for neighbor in neighbor_rows:
neighbor.insert(0,unicode(inventory_rows[0][0]))
neighbor.insert(1,unicode(host))
neighbor_list.append(neighbor)
[inventory_list.append(row) for row in inventory_rows if row not in inventory_list]
# Check output for new hostnames
except Exception as e:
print("SSH connection to %s failed" % host)
print(e)
failed_ssh.append(host)
errors_ws.append([host, unicode(e), 'SSH'])
if telnet_enabled:
try:
device_output, inventory_rows = getinfo(username, password, host, commands, 'Telnet')
neighbor_rows = find_hosts_from_output(device_output)
for neighbor in neighbor_rows:
neighbor.insert(0, unicode(inventory_rows[0][0]))
neighbor.insert(1, unicode(host))
neighbor_ws.append(neighbor)
[inventory_list.append(row) for row in inventory_rows if row not in inventory_list]
except Exception as e:
print("telnet connection to %s failed" % host)
failed_telnet.append(host)
errors_ws.append([host, unicode(e), 'telnet'])
else:
pass
# Declaration of global variables
inputfile = None
host_set = set()
username = ''
password = ''
failed_hosts = set()
verbose_mode = False
telnet_enabled = False
graph_output = ''
seen_before = []
device = []
failed_telnet = []
failed_ssh = []
outputfile = 'output.xlsx'
inventory_list = []
neighbor_list = []
commands = ['show cdp neighbor detail',
'show inventory']
thread_num = 8
excluded_devices = []
# setup excel workbook for output
wb = Workbook()
inventory_ws = wb.active
inventory_ws.title = u'Inventory'
neighbor_ws = wb.create_sheet("Neighbors")
errors_ws = wb.create_sheet("Errors")
# Add headers to worksheets
inventory_list.append(['Hostname', 'Device Model', 'Serial Number'])
neighbor_ws.append(['Hostname','IP Address', 'Neighbor Hostname', 'Neighbor IP', 'Neighbor Model'])
errors_ws.append(['Hostname', 'Error', 'Protocol'])
# Run CLI parser function to set variables altered from defaults by CLI arguments.
try:
opts, args = getopt.getopt(sys.argv[1:], "i:u:p:hvtH:o:T:g:e:",
["input=", "user=", "password=", "verbose", "telnet","hosts=", "output=","threads=",
"graph=","exclusions="])
except getopt.GetoptError:
helpmsg()
sys.exit(2)
for opt, arg in opts:
if opt == '-h':
helpmsg()
sys.exit()
elif opt in ('-i', '--input'):
inputfile = arg
with open(inputfile, 'rb') as hostfile:
for line in hostfile:
device = line.rstrip()
validate_host(device)
host_set.add(device)
elif opt in ('-t', '--telnet'):
telnet_enabled = True
elif opt in ('-T', '--threads'):
thread_num = arg
elif opt in ('-v', '--verbose'):
verbose_mode = True
elif opt in ('-o', '--output'):
outputfile = arg
elif opt in ('-u', '--user'):
username = arg
elif opt in ('-p', '--password'):
password = arg
elif opt in ('-g', '--graph'):
from gengraph import creategraph
graph_output = arg
elif opt in ('-H', '--hosts'):
for i in arg.split(','):
host_set.add(i)
elif opt in ('-e', '--exclusions'):
for i in arg.split(','):
network_address = ipaddress.IPv4Network(unicode(i))
if network_address.num_addresses > 1:
[excluded_devices.append(str(host)) for host in network_address.hosts()]
else:
excluded_devices.append(str(network_address).split('/')[0])
if __name__ == "__main__":
# Set list of IP addreses to connect to if the -i input file is not used
if not host_set:
host_set.add(raw_input("Enter Switch Hostname or IP Address: ").upper())
if not username:
username = raw_input("Enter Username: ")
if not password:
password = getpass.getpass()
queue = Queue.Queue()
for i in range(int(thread_num)):
worker = WorkerThread(queue)
worker.setDaemon(True)
worker.start()
for x in host_set:
if x not in excluded_devices:
queue.put(x)
queue.join()
for host in failed_ssh:
if host in failed_telnet:
print('[!] %s failed both ssh and telnet' % host)
inventory_dedupe = []
[inventory_dedupe.append(i) for i in inventory_list if i not in inventory_dedupe]
[inventory_ws.append(row) for row in inventory_list]
neighbor_dedupe = []
[neighbor_dedupe.append(i) for i in neighbor_list if i not in neighbor_dedupe]
[neighbor_ws.append(row) for row in neighbor_dedupe]
wb.save(outputfile)
if graph_output:
creategraph(outputfile,graph_output)