v2

casperklein · casperklein · commit e7a1f717ba68 · 2020-12-07T02:04:25.000+01:00
diff --git a/.netbox-scanner.conf b/.netbox-scanner.conf
diff --git a/Dockerfile b/Dockerfile
@@ -2,23 +2,20 @@ FROM	debian:10-slim as build
 
 ENV	USER="casperklein"
 ENV	NAME="netbox-scanner"
-ENV	VERSION="0.1.1"
+ENV	VERSION="2.0.0"
 
 ENV	PACKAGES="python3 python3-pip nmap"
 
 ENV	GIT_USER="lopes"
 ENV	GIT_REPO="netbox-scanner"
-ENV	GIT_COMMIT="438016caea3e975ce2cae34c443d661ee7b66b20"
+ENV	GIT_COMMIT="af65c252776127d2ab3505862fca7670e299c45c"
 ENV	GIT_ARCHIVE="https://github.com/$GIT_USER/$GIT_REPO/archive/$GIT_COMMIT.tar.gz"
 
 # Install packages
 RUN	apt-get update \
 &&	apt-get -y install $PACKAGES \
 &&	rm -rf /var/lib/apt/lists/*
 
-# Copy root filesystem
-COPY	rootfs /
-
 # Download source
 WORKDIR	/$GIT_REPO
 ADD	$GIT_ARCHIVE /
@@ -30,8 +27,12 @@ RUN	pip3 install -r requirements.txt
 # Cleanup
 RUN	find /usr/ -name '*.pyc' -delete
 
+# Copy root filesystem
+COPY	rootfs /
+
 # Build final image
 FROM	scratch
-COPY	--from=build / /
 
 CMD	["/run.sh"]
+
+COPY	--from=build / /
diff --git a/Makefile b/Makefile
@@ -6,13 +6,13 @@ NAME := $(shell grep -P 'ENV\s+NAME=".+?"' Dockerfile | cut -d'"' -f2)
 VERSION := $(shell grep -P 'ENV\s+VERSION=".+?"' Dockerfile | cut -d'"' -f2)
 
 build:
-	./build.sh
+	@./build.sh
 
 clean:
 	docker rmi $(USER)/$(NAME):$(VERSION)
 
 scan:
-	./scan.sh
+	@./scan.sh
 
 push:
 	docker push $(USER)/$(NAME):$(VERSION)
diff --git a/README.md b/README.md
@@ -1,12 +1,20 @@
 # docker-netbox-scanner
 
+Docker version of [netbox-scanner](https://github.com/lopes/netbox-scanner). Scan networks and add them to Netbox.
+
 ## Build (optional)
 
     make
- 
-## Setup
- 
-Configure *address*, *token* and *networks* in ``.netbox-scanner.conf``.
+
+## Setup Netbox
+
+1. Goto `Organization / Tags` and create a new tag: `nmap`.
+1. Goto `Profile / API Tokens` and create a token, for use with netbox-scanner.
+
+## Setup Netbox-Scanner
+
+1. Configure *address* and API *token* in `netbox-scanner.conf`.
+1. Configure the networks to scan in `networks.txt`.
 
 ## Start scan
 
diff --git a/netbox-scanner.conf b/netbox-scanner.conf
@@ -0,0 +1,29 @@
+[NETBOX]
+address    = <server>
+token      = <token>
+logs       = logs/
+# use lowercase no if you want to skip ssl verification.
+# any other value will verify the server ssl certificate.
+tls_verify = no
+
+[NMAP]
+path     = ./
+unknown  = autodiscovered:netbox-scanner
+tag      = nmap
+cleanup  = no
+
+[NETXMS]
+address    = https://netxms.domain
+username   =
+password   =
+unknown    = autodiscovered:netbox-scanner
+tag        = netxms
+cleanup    = yes
+
+[PRIME]
+address    = https://prime.domain/webacs/api/v4
+username   =
+password   =
+unknown    = autodiscovered:netbox-scanner
+tag        = prime
+cleanup    = yes
diff --git a/networks.txt b/networks.txt
@@ -0,0 +1,2 @@
+192.168.0.0/24
+192.168.1.0/24
diff --git a/rootfs/netbox-scanner/nmap-scan.sh b/rootfs/netbox-scanner/nmap-scan.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+#
+# This is just an example.
+#
+# Since scanning many networks can produce huge XML files,
+# the idea is to create one XML file per network, then
+# use all of them as input to nbs.nmap.Nmap().
+#
+# If you scan few networks with few hosts or if you just
+# want to experiment, feel free to use the `-iL` option of
+# Nmap, passing a list of all networks and hosts to be
+# scanned.
+#
+# If you have a large number of networks, use the mapfile option.
+# In order to use mapfile, populate your networks, one per line,
+# in a file called networks.txt.
+#
+# If you have a small number of networks, comment out the mapfile
+# lines, and uncomment the "small array" line.
+#
+# For the purpose of this example, assume that netbox-scanner
+# is configured to use the same directory of this script
+# to look for XML files.
+##
+
+# mapfile
+declare -a NETWORKS
+mapfile -t NETWORKS < networks.txt
+
+# small array
+#NETWORKS="192.168.3.0/24 192.168.252.0/24"
+
+for net in "${NETWORKS[@]}"; do
+    echo "Scan network $net"
+    NETNAME=$(echo $net | tr -s '/' '-')
+    # requires sudo
+    nmap "$net" -T4 -O -F --host-timeout 30s -oX nmap-"$NETNAME".xml
+    # does not require sudo
+    #nmap "$net" -T4 -sn --host-timeout 30s -oX nmap-"$NETNAME".xml
+done
+echo
+
+echo "Send networks to Netbox.."
+python3 netbox-scanner.py nmap
diff --git a/rootfs/run.sh b/rootfs/run.sh
@@ -1,10 +1,19 @@
 #!/bin/bash
 
-echo 'a9ebfa600ece03fb0005080c3b1184dfe52cea87  /root/.netbox-scanner.conf' | sha1sum -c &> /dev/null && {
-	echo -e "Error: You have to configure at least ADDRESS, TOKEN and NETWORKS in '.netbox-scanner.conf'.\n" >&2
+set -ueo pipefail
+
+if [ ! -s /netbox-scanner/networks.txt ]; then
+	echo "Error: 'networks.txt' is empty."
+	echo
+	exit 1
+fi >&2
+
+echo '4de64ad74607f128bdb5873497a9d85d27e52c0a96dc994016488d050a55dd6c  /root/.netbox-scanner.conf' | sha256sum -c &> /dev/null && {
+	echo "Error: You have to configure at least ADDRESS and TOKEN in 'netbox-scanner.conf'."
+	echo
 	exit 1
-}
+} >&2
 
-echo 'Netbox-scanner running..'
+cd /netbox-scanner
 
-exec python3 /netbox-scanner/netbox-scanner/nbscanner
+./nmap-scan.sh
diff --git a/scan.sh b/scan.sh
@@ -11,4 +11,4 @@ DIR=${0%/*}
 cd "$DIR"
 
 echo "Starting Netbox-Scanner.."
-docker run --rm -it -v "$PWD"/.netbox-scanner.conf:/root/.netbox-scanner.conf:ro "$TAG"
+docker run --rm -it -v "$PWD"/netbox-scanner.conf:/root/.netbox-scanner.conf:ro -v "$PWD"/networks.txt:/netbox-scanner/networks.txt:ro "$TAG"
