THREAD: [Python] Port Scanner
  1. 11-09-2015, 03:37 AM
    Python's Avatar
    Python
    Bebe Snek
    Python's Avatar
    Python
    Bebe Snek
    864
    Posts
    25,567
    Reputation
    Nov 2011
    NextGenUpdate
    New Tutorials Every day or so



    In this tutorial we will demonstrate how to make network connections with Python by building a basic port scanner. What we will be doing is making a network socket connection over and over again based on a ip/port combination. In order to accomplish this we will introduce a new concept, the for loop

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    >>>
    >>> for port in range(1000,1024):
    ... print "[+] The port is: "+str(port)
    ...
    [+] The port is: 1000
    [+] The port is: 1001
    [+] The port is: 1002
    [+] The port is: 1003
    [+] The port is: 1004
    [+] The port is: 1005
    [+] The port is: 1006
    [+] The port is: 1007
    [+] The port is: 1008
    [+] The port is: 1009
    [+] The port is: 1010
    [+] The port is: 1011
    [+] The port is: 1012
    [+] The port is: 1013
    [+] The port is: 1014
    [+] The port is: 1015
    [+] The port is: 1016
    [+] The port is: 1017
    [+] The port is: 1018
    [+] The port is: 1019
    [+] The port is: 1020
    [+] The port is: 1021
    [+] The port is: 1022
    [+] The port is: 1023


    Note that in the code snippet above the body of the for loop is indented. Normally people indent by 2 spaces or with a tab, it doesn’t matter as long as you are consistent throughout the script. To make the simple port scanner we will replace the print statement with a code snippet that makes a socket connection. The code below shows how to make a socket connection using the built-in socket module:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    >>>
    >>> import socket
    >>>
    >>> s = socket.socket()
    >>> s.connect(('127.0.0.1', 22))
    >>> s.send('Primal Security \n'Winky Winky
    17
    >>> banner = s.recv(1024)
    >>> print banner
    OpenSSH


    Above we import the socket module and call the connect() function to connect to the given IP address and port number. This will establish a TCP connection (SYN/SYN-ACK/ACK) and we actually send data to the given service with the send() function, and print the response with recv(). Now socket will throw an exception if the port isn’t open

    1
    2
    3
    4
    5
    6
    >>>
    >>> s.connect(('127.0.0.1', 23))
    Traceback (most recent call last):
    File "<stdin>", line 1, in ?
    File "<string>", line 1, in connect
    socket.error: (111, 'Connection refused'Winky Winky


    This can be solved in a number of ways. For now we will use a very simple way and use a “try/except” loop and just pass the exception

    1
    2
    3
    4
    5
    6
    >>>
    >>> try:
    ... s.connect(('127.0.0.1', 23))
    ... except: pass
    ...
    >>>


    Notice no errors! Great way to make your code look like its working Smile. Now lets combine all these concepts and make a quick for loop port scanner

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    >>>
    >>> for port in range(20,25):
    ... try:
    ... print "[+] Attempting to connect to 127.0.0.1:"+str(port)
    ... s.connect(('127.0.0.1', port))
    ... s.send('Primal Security \n'Winky Winky
    ... banner = s.recv(1024)
    ... if banner:
    ... print "[+] Port "+str(port)+" open: "+banner
    ... s.close()
    ... except: pass
    ...
    17
    [+] Attempting to connect to 127.0.0.1:20
    [+] Attempting to connect to 127.0.0.1:21
    [+] Attempting to connect to 127.0.0.1:22
    [+] Port 22 open: OpenSSH
    [+] Attempting to connect to 127.0.0.1:23
    [+] Attempting to connect to 127.0.0.1:24
    [+] Attempting to connect to 127.0.0.1:25


    Above we demonstrate the basic usage of the “try/except” loop to pass the exception thrown by socket when the port is closed. We also show how to leverage a basic conditional statement with “if” to only attempt to print the port is open if the port responded to our probe. Another way to create a port scanner would be to define a list of ports you’d like scanned with an array and then loop through the array

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    >>>
    >>> ports = [22, 445, 80, 443, 3389]
    >>> for port in ports:
    ... print port
    ...
    22
    445
    80
    443
    3389
    >>>


    If we wanted to handle multiple hosts at once we would leverage a nested for loop. This will involve an outter layer for loop that will loop through the hosts and an inner for loop that will loop through the ports. Below is a basic example of how a nested for loop can be leveraged to make a slightly more complex scanner

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    >>>
    >>> hosts = ['127.0.0.1', '192.168.1.5', '10.0.0.1']
    >>>
    >>> ports = [22, 445, 80, 443, 3389]
    >>>
    >>> for host in hosts:
    ... for port in ports:
    ... try:
    ... print "[+] Connecting to "+host+":"+str(port)
    ... s.connect((host, port))
    ... s.send('Primal Security \n'Winky Winky
    ... banner = s.recv(1024)
    ... if banner:
    ... print "[+] Port "+str(port)+" open: "+banner
    ... s.close()
    ... except:pass
    ...
    [+] Connecting to 127.0.0.1:22
    [+] Port 22 open: OpenSSH
    [+] Connecting to 127.0.0.1:445
    [+] Connecting to 127.0.0.1:80
    [+] Connecting to 127.0.0.1:443
    [+] Connecting to 127.0.0.1:3389
    [+] Connecting to 192.168.1.5:22
    [+] Connecting to 192.168.1.5:445
    [+] Connecting to 192.168.1.5:80
    [+] Connecting to 192.168.1.5:443
    [+] Connecting to 192.168.1.5:3389
    [+] Connecting to 10.0.0.1:22
    [+] Connecting to 10.0.0.1:445
    [+] Connecting to 10.0.0.1:80
    [+] Connecting to 10.0.0.1:443
    [+] Connecting to 10.0.0.1:3389


    As you can see by the output, it loops the hosts array and attempts each port in the ports array then moves on to the next host. For the final port scanner you might want to modify your print statements to only print ports that are open.

    At the end of the day you will find that Nmap is still a far better option for port scanning, but we will build on these concepts in later tutorials to accomplish some more practical use cases.

    I will post more tutorials. Some will be personal and some will be from ebooks that I have. But anyway I hope you enjoy Happy.
  2. The Following 3 Users Say Thank You to Python For This Useful Post:

    , ,

  3. The Following User Groaned Python For This Awful Post:


  4. 11-16-2015, 05:45 PM
    Kas's Avatar
    Kas
    Guest
    Kas's Avatar
    Kas
    Guest
    n/a
    Posts
    n/a
    Reputation
    Once upon a time...
    NextGenUpdate
    Originally Posted by Python View Post
    New Tutorials Every day or so



    In this tutorial we will demonstrate how to make network connections with Python by building a basic port scanner. What we will be doing is making a network socket connection over and over again based on a ip/port combination. In order to accomplish this we will introduce a new concept, the for loop

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    >>>
    >>> for port in range(1000,1024):
    ... print "[+] The port is: "+str(port)
    ...
    [+] The port is: 1000
    [+] The port is: 1001
    [+] The port is: 1002
    [+] The port is: 1003
    [+] The port is: 1004
    [+] The port is: 1005
    [+] The port is: 1006
    [+] The port is: 1007
    [+] The port is: 1008
    [+] The port is: 1009
    [+] The port is: 1010
    [+] The port is: 1011
    [+] The port is: 1012
    [+] The port is: 1013
    [+] The port is: 1014
    [+] The port is: 1015
    [+] The port is: 1016
    [+] The port is: 1017
    [+] The port is: 1018
    [+] The port is: 1019
    [+] The port is: 1020
    [+] The port is: 1021
    [+] The port is: 1022
    [+] The port is: 1023


    Note that in the code snippet above the body of the for loop is indented. Normally people indent by 2 spaces or with a tab, it doesn’t matter as long as you are consistent throughout the script. To make the simple port scanner we will replace the print statement with a code snippet that makes a socket connection. The code below shows how to make a socket connection using the built-in socket module:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    >>>
    >>> import socket
    >>>
    >>> s = socket.socket()
    >>> s.connect(('127.0.0.1', 22))
    >>> s.send('Primal Security \n'Winky Winky
    17
    >>> banner = s.recv(1024)
    >>> print banner
    OpenSSH


    Above we import the socket module and call the connect() function to connect to the given IP address and port number. This will establish a TCP connection (SYN/SYN-ACK/ACK) and we actually send data to the given service with the send() function, and print the response with recv(). Now socket will throw an exception if the port isn’t open

    1
    2
    3
    4
    5
    6
    >>>
    >>> s.connect(('127.0.0.1', 23))
    Traceback (most recent call last):
    File "<stdin>", line 1, in ?
    File "<string>", line 1, in connect
    socket.error: (111, 'Connection refused'Winky Winky


    This can be solved in a number of ways. For now we will use a very simple way and use a “try/except” loop and just pass the exception

    1
    2
    3
    4
    5
    6
    >>>
    >>> try:
    ... s.connect(('127.0.0.1', 23))
    ... except: pass
    ...
    >>>


    Notice no errors! Great way to make your code look like its working Smile. Now lets combine all these concepts and make a quick for loop port scanner

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    >>>
    >>> for port in range(20,25):
    ... try:
    ... print "[+] Attempting to connect to 127.0.0.1:"+str(port)
    ... s.connect(('127.0.0.1', port))
    ... s.send('Primal Security \n'Winky Winky
    ... banner = s.recv(1024)
    ... if banner:
    ... print "[+] Port "+str(port)+" open: "+banner
    ... s.close()
    ... except: pass
    ...
    17
    [+] Attempting to connect to 127.0.0.1:20
    [+] Attempting to connect to 127.0.0.1:21
    [+] Attempting to connect to 127.0.0.1:22
    [+] Port 22 open: OpenSSH
    [+] Attempting to connect to 127.0.0.1:23
    [+] Attempting to connect to 127.0.0.1:24
    [+] Attempting to connect to 127.0.0.1:25


    Above we demonstrate the basic usage of the “try/except” loop to pass the exception thrown by socket when the port is closed. We also show how to leverage a basic conditional statement with “if” to only attempt to print the port is open if the port responded to our probe. Another way to create a port scanner would be to define a list of ports you’d like scanned with an array and then loop through the array

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    >>>
    >>> ports = [22, 445, 80, 443, 3389]
    >>> for port in ports:
    ... print port
    ...
    22
    445
    80
    443
    3389
    >>>


    If we wanted to handle multiple hosts at once we would leverage a nested for loop. This will involve an outter layer for loop that will loop through the hosts and an inner for loop that will loop through the ports. Below is a basic example of how a nested for loop can be leveraged to make a slightly more complex scanner

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    >>>
    >>> hosts = ['127.0.0.1', '192.168.1.5', '10.0.0.1']
    >>>
    >>> ports = [22, 445, 80, 443, 3389]
    >>>
    >>> for host in hosts:
    ... for port in ports:
    ... try:
    ... print "[+] Connecting to "+host+":"+str(port)
    ... s.connect((host, port))
    ... s.send('Primal Security \n'Winky Winky
    ... banner = s.recv(1024)
    ... if banner:
    ... print "[+] Port "+str(port)+" open: "+banner
    ... s.close()
    ... except:pass
    ...
    [+] Connecting to 127.0.0.1:22
    [+] Port 22 open: OpenSSH
    [+] Connecting to 127.0.0.1:445
    [+] Connecting to 127.0.0.1:80
    [+] Connecting to 127.0.0.1:443
    [+] Connecting to 127.0.0.1:3389
    [+] Connecting to 192.168.1.5:22
    [+] Connecting to 192.168.1.5:445
    [+] Connecting to 192.168.1.5:80
    [+] Connecting to 192.168.1.5:443
    [+] Connecting to 192.168.1.5:3389
    [+] Connecting to 10.0.0.1:22
    [+] Connecting to 10.0.0.1:445
    [+] Connecting to 10.0.0.1:80
    [+] Connecting to 10.0.0.1:443
    [+] Connecting to 10.0.0.1:3389


    As you can see by the output, it loops the hosts array and attempts each port in the ports array then moves on to the next host. For the final port scanner you might want to modify your print statements to only print ports that are open.

    At the end of the day you will find that Nmap is still a far better option for port scanning, but we will build on these concepts in later tutorials to accomplish some more practical use cases.

    I will post more tutorials. Some will be personal and some will be from ebooks that I have. But anyway I hope you enjoy Happy.


    Copied You must login or register to view this content. word for word, nice.
  5. 11-16-2015, 07:16 PM
    Python's Avatar
    Python
    Bebe Snek
    Python's Avatar
    Python
    Bebe Snek
    864
    Posts
    25,567
    Reputation
    Nov 2011
    NextGenUpdate
    Originally Posted by Kas View Post
    Copied You must login or register to view this content. word for word, nice.


    You must login or register to view this content.
  6. 11-16-2015, 07:17 PM
    Kas's Avatar
    Kas
    Guest
    Kas's Avatar
    Kas
    Guest
    n/a
    Posts
    n/a
    Reputation
    Once upon a time...
    NextGenUpdate
    Originally Posted by Python View Post
    You must login or register to view this content.


    Not the only one that I have found is copy and pasted. Nearly if not all of them are.
  7. 11-17-2015, 02:59 PM
    Python's Avatar
    Python
    Bebe Snek
    Python's Avatar
    Python
    Bebe Snek
    864
    Posts
    25,567
    Reputation
    Nov 2011
    NextGenUpdate
    Originally Posted by Kas View Post
    Not the only one that I have found is copy and pasted. Nearly if not all of them are.


    Thank you for your feedback Happy I think I've cleared some things up in this thread You must login or register to view this content.
  8. 11-17-2015, 05:22 PM
    Bitwise's Avatar
    Bitwise
    Mario!
    Bitwise's Avatar
    Bitwise
    Mario!
    345
    Posts
    3,274
    Reputation
    Mar 2014
    NextGenUpdate
    Lol script kiddie detected.