Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
6005-Solutions/PortScanner/scanner.py
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
114 lines (86 sloc)
3.27 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
import logging | |
IPADDR = "127.0.0.1" #Target IP Address | |
#Lookup table, String -> Service | |
LOOKUPS = { b"Welcome to Pure-FTPd" : "FTP", | |
b"OpenSSH": "SSH", | |
b"Postfix": "SMTP", | |
b"Apache" : "HTTP (Apache)" | |
} | |
def checkPort(target, port): | |
""" | |
Attempt to open a socket based connection to a host and port | |
If the port is open on the target return True | |
Otherwise return False | |
""" | |
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
returnCode = sock.connect_ex((target, port)) | |
sock.close() #Best to tidy up | |
#A return code of 0 means we have a successful connection | |
if returnCode == 0: | |
return True | |
elif returnCode == 111: | |
#111 is connection refused (ie Closed) | |
return False | |
def checkPort_Banner(target, port): | |
""" | |
Port scanning with banner grabbing (TASK 3) | |
As well as scanning the port, we do some banner grabbing. | |
If we see what messages we are given by the service when we connect | |
We may be able to identify services | |
For HTTP, the server doesn't do anything until we send it a message. | |
SO our read will fail. | |
We are just going to send a junk packet for HTTP, as the | |
error message actually gives us more info | |
""" | |
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
sock.settimeout(1) | |
returnCode = sock.connect_ex((target, port)) | |
#A return code of 0 means we have a successful connection | |
if returnCode == 0: | |
logging.debug("Port %s Open", port) | |
#Attempt to read some data from the socket | |
try: | |
data = sock.recv(1024) | |
except:# socket.timeout: | |
#If we get a timeout no data has been recived | |
logging.debug("Socket Timeout, on %s Send HTTP", port) | |
out = sock.sendall(b"GET / HTTP/1.0\n\n") #Remove the b for python 2 | |
data = sock.recv(1024) #Really we should also look for error here, but Meh | |
logging.debug("Data %s", data) | |
#Then do the Lookup | |
for key, value in LOOKUPS.items(): | |
if key in data: | |
print (f"Service {value} Found on port {port}") | |
return True | |
elif returnCode == 111: | |
#111 is connection refused (ie Closed) | |
return False | |
def scanReserved(): | |
""" | |
Scan just the reserved ports (TASK 2) | |
This will scan the first 1024 ports, and print the ones that are open | |
""" | |
for x in range(1024): | |
logging.debug("Scanning port %s", x) | |
if checkPort(IPADDR, x): | |
print (f"PORT {x} is Open") | |
def scanBanners(): | |
""" | |
Scan just the reserved ports (TASK 2) | |
This will scan the first 1024 ports, and print the ones that are open | |
""" | |
for x in range(1024): | |
#logging.debug("Scanning port %s", x) | |
if checkPort_Banner(IPADDR, x): | |
print (f"PORT {x} is Open") | |
if __name__ == "__main__": | |
#Print debug messages, | |
#We can use this to show / hide debugging messages | |
#logging.basicConfig(level=logging.DEBUG) #Hide | |
logging.basicConfig(level=logging.INFO) | |
#scanReserved() | |
scanBanners() | |
#checkPort_Banner("127.0.0.1", 80) | |
#isOpen = checkPort("127.0.0.1", 8000) | |
#print ("Port 8000 on Localhost open {0}".format(isOpen)) |