DocsRelease Notes

Nmap Container Task

Suggest Edits

Overview

The Nmap container task is built with Fyodor's Nmap and Alexandre Norman's python-nmap library.

The source code for the Nmap container task is available here: https://github.com/havocsh/havoc-attack-containers/tree/main/nmap
The container image for the Nmap container task is available here: https://gallery.ecr.aws/havoc_sh/nmap

Launching an Nmap Container Task

To launch an Nmap container task as an ECS task within the AWS account of your ./havoc deployment, use the task_startup or run_task command:

task_startup --task_name=<task_name> --task_type=nmap --task_host_name=<task_host_name> --task_domain_name=<task_domain_name> --portgroups=<portgroup1,portgroup2,...> --end_time=<time_string>

run_task --task_name=<task_name> --task_type=nmap --task_host_name=<task_host_name> --task_domain_name=<task_domain_name> --portgroups=<portgroup1,portgroup2,...> --end_time=<time_string>

To launch an Nmap container task as a remote container task on any system that can run Docker containers, use the docker run command:

sudo docker run -d \
  --name=<container-name> \
  --network host \
  --cap-add SYS_ADMIN \
  -e "LOCAL_IP=$(hostname -I)" \
  -e "CAMPAIGN_ID=<campaign-id>" \
  -e "USER_ID=<campaign-user-id>" \
  -e "TASK_NAME=<task-name>" \
  -e "TASK_CONTEXT=<task-context>" \
  -e "REMOTE_TASK=true" \
  -e "API_KEY=<api-key>" \
  -e "SECRET=<secret>" \
  -e "API_DOMAIN_NAME=<api-domain-name>" \
  -e "API_REGION=<api-region>" \
  public.ecr.aws/havoc_sh/nmap:latest \
  /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf

Refer to the Usage Through CLI Console and Usage Through SDK pages for more details about the run_task and docker run commands.

Available Commands

These commands are available to be passed as the instruct_command in the instruct_task method call. The sub-bullets under the commands are the arguments for the command that should be passed in the instruct_args parameter. See the Usage Through CLI Console and Usage Through SDK pages for more details on how to use instruct_args.

  • run_scan - instruct the Nmap container task to run an Nmap scan of a target host.
    • target - (Required) the target IP address or hostname to scan.
    • options - (Optional) the options that tell Nmap what type of scan to run.
  • get_scan_info - get the target and options details of the previously run scan.
  • get_scan_results - get the results of the previously run scan.
  • echo - get an arbitrary response from the container task (can be used to check if the container is responsive to commands).
  • sync_from_workspace - download all files from the Campaign's workspace to the local workspace directory on the container task.

    Note that this will overwrite any existing files with the same name in the container task's local workspace.

  • sync_to_workspace - upload all files from the container task's local workspace directory to the Campaign's workspace.

    Note that this will overwrite any existing files with the same name in the Campaign's workspace.

  • download_from_workspace - download a specific file from the Campaign's workspace to the container task's local workspace directory.
    • file_name - the name of the file to be downloaded.

      Note that this will overwrite any existing file with the same name in the container task's local workspace.

  • upload_to_workspace - upload a specific file from the container task's local workspace directory to the Campaign's workspace.
    • file_name - the name of the file to be uploaded.

      Note that this will overwrite any existing file with the same name in the Campaign's workspace.

  • ls - list files of the container task's local shared directory.
  • del - delete a file from the container task's local shared directory.
    • file_name - the name of the file to be deleted.
  • terminate - instruct the container task to shutdown.

Updated 7 months ago