Feature: Add additional port, service, snmp formatting

* Bugfix: PS5 doesn't process snmp communities

* Feature: Add SNMP Preset

* Feature: Extensive Rework of Output
Everything is PSObjects now
Added better default toString output for several properties
Added port Scripts formatting

* Test: Update PoshNmap Output Test

* Feature: Clean up entries

* Feature: Add additional port, service, snmp formatting

Author: JustinGrote

PoshNmap/Private/FormatNmapXml.ps1

@@ -15,7 +15,7 @@ The raw formatting is still available as the nmaprun property on the object, to
     [CmdletBinding()]
     param (
         #Nmaprun output from ConvertFrom-NmapXml. We use hashtable because it's the easiest to manipulate quickly
-        [Parameter(ValueFromPipeline)][Hashtable]$InputNmapXml,
+        [Parameter(ValueFromPipeline)]$InputNmapXml,
         #Return a summary of the scan rather than individual hosts
         [Switch]$Summary
     )
@@ -34,59 +34,82 @@ The raw formatting is still available as the nmaprun property on the object, to
         write-progress -Activity "Parsing NMAP Result" -Status "Processing Scan Entries" -CurrentOperation "Processing $i of $itotal" -PercentComplete (($i/$itotal)*100)
 
         # Init variables, with $entry being the custom object for each <host>.
-        $service = " " #service needs to be a single space.
+        $service = $null
         $entry = [ordered]@{
             PSTypeName = 'PoshNmapHost'
+            Hostname = $null
+            Status = ($hostnode.status.state.Trim() | where length -ge 2)
+            FQDNs = $hostnode.hostnames.hostname.name | select -Unique
+            FDQN = $null
+            IPv4 = $null
+            IPv6 = $null
+            MAC = $null
+            #Arraylist used for performance as this can get large quickly
+            Ports = New-Object Collections.ArrayList
+            OpenPorts = $hostnode.ports | measure | % count
         }
-
-        # Extract state element of status
-        $entry.Status = $hostnode.status.state.Trim()
-        if ($entry.Status.length -lt 2) { $entry.Status = $null }
-
-        # Extract fully-qualified domain name(s), removing any duplicates.
-        $entry.FQDNs = $hostnode.hostnames.hostname.name | select -Unique
         $entry.FQDN = $entry.FQDNs | select -first 1
+        $entry.Hostname = $entry.FQDN -replace '^(\w+)\..*$','$1'
+        FormatStringOut -InputObject $entry.Ports {$this.ports | measure | % count}
+
+        # Process each of the supplied address properties, extracting by type.
+        foreach ($addressItem in $hostnode.address) {
+            switch ($addressItem.addrtype) {
+                "ipv4" { $entry.IPv4 += $addressItem.addr}
+                "ipv6" { $entry.IPv6 += $addressItem.addr}
+                "mac" { $entry.MAC += $addressItem.addr}
+            }
+        }
 
-        # Note that this code cheats, it only gets the hostname of the first FQDN if there are multiple FQDNs.
-        if ($entry.FQDN -eq $null) { $entry.HostName = $null }
-        elseif ($entry.FQDN -like "*.*") { $entry.HostName = $entry.FQDN.Substring(0,$entry.FQDN.IndexOf(".")) }
-        else { $entry.HostName = $entry.FQDN }
+        $hostnode.ports.port | foreach-object {
+            $portResult = [pscustomobject][ordered]@{
+                PSTypeName="PoshNmapPort"
+                Protocol=$_.protocol
+                Port=$_.portid
+                Services=$_.service
+                State=$_.state
+                ScriptResult = @{}
+            }
+            $portResult | FormatStringOut -scriptblock {$this.protocol,$this.port -join ':'}
+            $portResult.state | FormatStringOut -scriptblock {$this.state}
+            $portResult.Services | FormatStringOut -scriptblock {($this.name,$this.product -join ':') + " ($($this.conf * 10)%)"}
+
+            #TODO: Refactor this now that I'm better at Powershell :)
+            # Build Services property. What a mess...but exclude non-open/non-open|filtered ports and blank service info, and exclude servicefp too for the sake of tidiness.
+            if ($_.state.state -like "open*" -and ($_.service.tunnel.length -gt 2 -or $_.service.product.length -gt 2 -or $_.service.proto.length -gt 2)) {
+
+                $entry.Services += ($_.protocol,$_.portid,$service -join ':')+
+                    ':'+
+                    ($_.service.product,$_.service.version,$_.service.tunnel,$_.service.proto,$_.service.rpcnum -join " ").Trim() +
+                    " <" +
+                    ([Int] $_.service.conf * 10) + "%-confidence>$OutputDelimiter"
+            }
 
-        # Process each of the <address> nodes, extracting by type.
-        $hostnode.address | foreach-object {
-            if ($_.addrtype -eq "ipv4") { $entry.IPv4 += $_.addr + " "}
-            if ($_.addrtype -eq "ipv6") { $entry.IPv6 += $_.addr + " "}
-            if ($_.addrtype -eq "mac")  { $entry.MAC  += $_.addr + " "}
-        }
-        if ($entry.IPv4 -eq $null) { $entry.IPv4 = $null } else { $entry.IPv4 = $entry.IPv4.Trim()}
-        if ($entry.IPv6 -eq $null) { $entry.IPv6 = $null } else { $entry.IPv6 = $entry.IPv6.Trim()}
-        if ($entry.MAC  -eq $null) { $entry.MAC  = $null }  else { $entry.MAC  = $entry.MAC.Trim()}
-
-
-        # Process all ports from <ports><port>, and note that <port> does not contain an array if it only has one item in it.
-        if ($hostnode.ports.port -eq $null) { $entry.Ports = $null ; $entry.Services = $null }
-        else
-        {
-            $entry.Ports = @()
-
-            $hostnode.ports.port | foreach-object {
-                if ($_.service.name -eq $null) { $service = "unknown" } else { $service = $_.service.name }
-                $entry.Ports += [ordered]@{
-                    Protocol=$_.protocol
-                    Port=$_.portid
-                    Service=$service
-                    State=$_.state.state
+            #Port Script Result Processing
+            foreach ($scriptItem in $_.script) {
+                $scriptResultEntry = [ordered]@{
+                    PSTypeName = 'PoshNmapScriptResult'
+                    id = $ScriptItem.id
+                    output = $ScriptItem.output
+                    table = [Collections.Arraylist]@()
                 }
 
-                # Build Services property. What a mess...but exclude non-open/non-open|filtered ports and blank service info, and exclude servicefp too for the sake of tidiness.
-                if ($_.state.state -like "open*" -and ($_.service.tunnel.length -gt 2 -or $_.service.product.length -gt 2 -or $_.service.proto.length -gt 2)) { $entry.Services += $_.protocol + ":" + $_.portid + ":" + $service + ":" + ($_.service.product + " " + $_.service.version + " " + $_.service.tunnel + " " + $_.service.proto + " " + $_.service.rpcnum).Trim() + " <" + ([Int] $_.service.conf * 10) + "%-confidence>$OutputDelimiter" }
+                #Loop through the script elements and create a hashtable for them
+                foreach ($tableitem in $scriptItem.table) {
+                    $scriptTable = @{
+                        PSTypeName = 'PoshNmapScriptTable'
+                    }
+                    foreach ($elemItem in $tableitem.elem) {
+                        $scriptTable[$elemItem.key] = $elemItem.'#text'
+                    }
+                    $scriptResultEntry.table += [PSCustomObject]$scriptTable
+                }
+
+                $portResult.scriptResult[$scriptItem.id] = [pscustomobject]$scriptResultEntry
             }
-            if ($entry.Services -eq $null) { $entry.Services = $null } else { $entry.Services = $entry.Services.Trim() }
-            #Provide a nicer ToString Output
-            $entry.Ports | Add-Member -MemberType ScriptMethod -Name ToString -Force -Value {$this.protocol,$this.port -join ':'}
-        }
 
-        $entry.OpenPorts = $entry.ports.count
+            $entry.Ports.Add($portResult) > $null
+        }
 
         # If there is 100% Accuracy OS, show it
         $CertainOS = $hostnode.os.osmatch | where {$_.accuracy -eq 100} | select -first 1
@@ -97,14 +120,6 @@ The raw formatting is still available as the nmaprun property on the object, to
         if (@($entry.OSGuesses).count -lt 1) { $entry.OS = $null }
 
 
-        # Extract script output, first for port scripts, then for host scripts.
-        $entry.Script = $null
-        $hostnode.ports.port | foreach-object {
-            if ($_.script -ne $null) {
-                $entry.Script += "<PortScript id=""" + $_.script.id + """>$OutputDelimiter" + ($_.script.output -replace "`n","$OutputDelimiter") + "$OutputDelimiter</PortScript> $OutputDelimiter $OutputDelimiter"
-            }
-        }
-
         if ($hostnode.hostscript -ne $null) {
             $hostnode.hostscript.script | foreach-object {
                 $entry.Script += '<HostScript id="' + $_.id + '">' + $OutputDelimiter + ($_.output.replace("`n","$OutputDelimiter")) + "$OutputDelimiter</HostScript> $OutputDelimiter $OutputDelimiter"

PoshNmap/Private/FormatStringOut.ps1

@@ -0,0 +1,25 @@
+function FormatStringOut () {
+<#
+.SYNOPSIS
+Change what is shown when the supplied object is cast to a string. Use $this to reference the supplied object
+.EXAMPLE
+[String](FormatStringOut (Get-Item .) {$this.name})
+#>
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory,ValueFromPipeline)]$inputObject,
+        [Parameter(Mandatory,Position=0)][ScriptBlock]$scriptBlock
+    )
+
+    process {
+        $AddMemberParams = @{
+            InputObject = $inputObject
+            MemberType = 'ScriptMethod'
+            Name = 'ToString'
+            Force = $true
+            Value = $scriptBlock
+        }
+        Add-Member @AddMemberParams
+    }
+
+}

PoshNmap/Public/ConvertFrom-NmapXML.ps1

@@ -56,15 +56,15 @@ Takes an NMAP run output and converts it into JSON
                 return $jsonResult | ConvertFrom-Json
             }
             'HashTable' {
-                #TODO: PSCore Method, add as potential feature flag
+                #TODO: PSCore Method, add as potential feature flag but for now use same method for both to avoid incompatibilities
                 #$jsonResult | ConvertFrom-Json -AsHashtable
                 return $jsonResult | ConvertFrom-Json | ConvertPSObjectToHashtable
             }
             'PoshNmap' {
-                return $jsonResult | ConvertFrom-Json | ConvertPSObjectToHashtable | FormatNmapXml
+                return $jsonResult | ConvertFrom-Json | FormatNmapXml
             }
             'Summary' {
-                return $jsonResult | ConvertFrom-Json | ConvertPSObjectToHashtable | FormatNmapXml -Summary
+                return $jsonResult | ConvertFrom-Json | FormatNmapXml -Summary
             }
         }
     }

PoshNmap/Public/Get-NmapPresetArguments.ps1

@@ -10,6 +10,7 @@ function Get-NmapPresetArguments ($Preset) {
         Quick = '-T4 -F'
         QuickPlus = '-T4 --version-intensity 2 -sV -O -F'
         QuickTraceroute = '-T4 -sn -traceroute'
+        Snmp = '-T4 -sU -p U:161'
     }
 
     #The call operator wants this as an array

PoshNmap/Public/Invoke-Nmap.ps1

@@ -50,14 +50,15 @@ function Invoke-Nmap {
         #Show all results, not just online hosts
         [Switch]$All,
 
-        #Perform an SNMP community scan
+        #Perform an SNMP community scan. This is also done automatically with the "snmp" preset
         [Switch]$Snmp,
 
         #A list of SNMP communities to scan. Defaults to public and private
         [String[]]
         [Parameter()]
-        $snmpCommunityList = @("private","public")
+        $snmpCommunityList = @("public","private")
     )
+
     if ($ArgumentList) {$ArgumentList = $ArgumentList.split(' ')}
 
     if ($Preset -and ($PSCmdlet.ParameterSetName -ne 'Custom')) {
@@ -69,9 +70,11 @@ function Invoke-Nmap {
         }
     }
 
+    if ($Preset -eq 'snmp') {$snmp = $true}
     if ($snmp) {
         $snmpCommunityFile = [io.path]::GetTempFileName()
-        $snmpCommunityList > $snmpCommunityFile
+        #Special file format required
+        ($snmpCommunityList -join "`n") + "`n" | Set-Content -NoNewLine -Encoding ASCII -Path $snmpCommunityFile -Force
         $argumentList += '--script','snmp-brute','--script-args',"snmp-brute.communitiesdb=$snmpCommunityFile"
     }
 
@@ -92,7 +95,6 @@ function Invoke-Nmap {
         if ($snmp -and (Test-Path $snmpCommunityFile)) {Remove-Item $snmpCommunityFile -Force -ErrorAction SilentlyContinue}
     }
 
-
     if (-not $nmapResult) {throwUser "NMAP did not produce any output. Please review any errors that are present above this warning."}
     switch ($OutFormat) {
         'XML' {

Tests/Invoke-Nmap.tests.ps1

@@ -28,22 +28,30 @@ import-module $moduleManifestFile
 
 Describe "Invoke-Nmap" {
     $SCRIPT:nmapResult = "Test"
-    $Mocks = (join-path $PSScriptRoot "Mocks")
+    #TODO: Figure out a better way to do this than a global variable, maybe get-variable -scope "up one"
+    $GLOBAL:NmapPesterTestMockDir = (join-path $PSScriptRoot "Mocks")
 
     Mock -Modulename PoshNmap InvokeNmapExe {
-        Get-Content -Raw "$Mocks\asusrouter.nmapxml"
-    }.GetNewClosure() #GetNewClosure "Freezes" the mock. We use this to expand the variable present inside: https://stackoverflow.com/questions/49681015/access-external-variable-from-with-in-mock-script-block-pester
+        Get-Content -Raw "$NmapPesterTestMockDir\asusrouter.nmapxml"
+    }
+    Mock -Modulename PoshNmap InvokeNmapExe -parameterFilter {$argumentlist -match 'snmp-brute'} {
+        Get-Content -Raw "$NmapPesterTestMockDir\snmpresult.nmapxml"
+    }
 
     It "Output: PSCustomObject by default" {
         $SCRIPT:nmapResult = Invoke-Nmap
         $nmapResult | Should -BeOfType [PSCustomObject]
     }
 
     It "Output: PoshNmap Output Data Sanity Check" {
-        (Invoke-Nmap -OutFormat PSObject).nmaprun.host.ports.port | where portid -match '445' | % protocol | should -be 'tcp'
+        (Invoke-Nmap).nmapresult.ports.port | where portid -match '445' | % protocol | should -be 'tcp'
     }
 
     It "Output: XML Data Sanity Check" {
         (Invoke-Nmap -OutFormat PSObject).nmaprun.host.ports.port | where portid -match '445' | % protocol | should -be 'tcp'
     }
-}
+
+    It "Output: SNMP Table output is correct" {
+        (Invoke-Nmap -snmp).ports.scriptresult.'snmp-brute'.table | where password -match 'public' | Should -Not -BeNullOrEmpty
+    }
+}

Tests/Mocks/snmpresult.nmapxml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE nmaprun>
+<?xml-stylesheet href="file:///C:/Program Files (x86)/Nmap/nmap.xsl" type="text/xsl"?>
+<!-- Nmap 7.70 scan initiated Thu Mar 21 10:00:08 2019 as: &quot;C:\\Program Files (x86)\\Nmap\\nmap.exe&quot; -T4 -sU -p 161 -&#45;script snmp-brute -oX snmpresult.nmapxml 192.168.111.1 -->
+<nmaprun scanner="nmap" args="&quot;C:\\Program Files (x86)\\Nmap\\nmap.exe&quot; -T4 -sU -p 161 -&#45;script snmp-brute -oX snmpresult.nmapxml 192.168.111.1" start="1553187608" startstr="Thu Mar 21 10:00:08 2019" version="7.70" xmloutputversion="1.04">
+<scaninfo type="udp" protocol="udp" numservices="1" services="161"/>
+<verbose level="0"/>
+<debugging level="0"/>
+<host starttime="1553187608" endtime="1553187612"><status state="up" reason="arp-response" reason_ttl="0"/>
+<address addr="192.168.111.1" addrtype="ipv4"/>
+<address addr="AC:9E:17:A7:17:88" addrtype="mac" vendor="Asustek Computer"/>
+<hostnames>
+<hostname name="router.asus.com" type="PTR"/>
+</hostnames>
+<ports><port protocol="udp" portid="161"><state state="open" reason="udp-response" reason_ttl="64"/><service name="snmp" method="table" conf="3"/><script id="snmp-brute" output="&#xa;  public - Valid credentials&#xa;  private - Valid credentials"><table>
+<elem key="password">public</elem>
+<elem key="state">Valid credentials</elem>
+</table>
+<table>
+<elem key="password">private</elem>
+<elem key="state">Valid credentials</elem>
+</table>
+</script></port>
+</ports>
+<times srtt="125" rttvar="4000" to="100000"/>
+</host>
+<runstats><finished time="1553187612" timestr="Thu Mar 21 10:00:12 2019" elapsed="4.95" summary="Nmap done at Thu Mar 21 10:00:12 2019; 1 IP address (1 host up) scanned in 4.95 seconds" exit="success"/><hosts up="1" down="0" total="1"/>
+</runstats>
+</nmaprun>