Being able to use and control external tools within a programming language is a valuable resource. Obviously its ideal to have libraries and modules for such things, but sometimes when you’re trying to move fast, it may be easier to interact with a command line tool directly than implement a library/module. I’ll be going over to use nmap using the subprocess module in Python.
Subprocess in Python
First we can import our subprocess module. This is built into the standard library in Python so it doesn’t require any external dependencies.
import subprocess
From there we can start to build out our command. Let’s say we wanted to scan for some hosts on a local network. We can set up a variable like so:
bashCommand = "for i in {0..255}; do nmap -sV -p22 192.168.0.$i -open; done"
One of the neat things here is we can dynamically generate this since it’s just a string. If we wanted to parallelize this, we could do so easily by breaking the IP blocks we want to handle into manageable chunks and generating multiple strings from that. This would just end up being multiple subprocess commands being called.
Now we need a way to handle the output from the command. In this case, I’m going to output it to a file where it can be read in by another script to be processed. So our file setup would look something like this:
f = open("/host/path/file","w")
Now we’re ready to piece this all together in the subprocess call:
subprocess.run(bashCommand, shell=True, stdout=f)
Additional Resources
Now I want to stress that this is a very basic example. The subprocess module has quite verbose docs on all of its capabilities (https://docs.python.org/3/library/subprocess.html). For instance, instead of writing our output to a file, we could open a pipe to the standard output or use the output from the completed process class that is returned by the run command. There’s a lot you can do and if you’re looking to use subprocess in one of your projects, I recommend skimming through these docs to get some ideas on what you can do.