Skip to content
Permalink
Browse files
Merge pull request #1 from aa9863/BannerGrabbing 
Banner grabbing
  • Loading branch information
@aa9863
aa9863 committed Oct 7, 2021
2 parents 978a19a + d1be166 commit 01f38a4a2b803ec9f625999969e509c76163e9e1
Show file tree
Hide file tree
Showing 2 changed files with 126 additions and 3 deletions.
32 README.md
View file
@@ -7,3 +7,35 @@ Different iterations are in branches.

## Branches

- InitialVersion: Base Code from the Site
- Reserved Ports: **Task 2** Scan all the reseved ports (1-1024)
- Banner Grabbing: **Tasks 3 and 4** (as they are linked, the issue in task 3 leads to 4


## Output

## Task 2

Just Reserved Ports code

```
dang@danglaptop ~/Coding/PortScanner$ python scanner.py
PORT 21 is Open
PORT 22 is Open
PORT 25 is Open
PORT 80 is Open
```

## Task 3 and 4

```
dang@danglaptop ~/Coding/PortScanner$ python scanner.py ✹ ✭BannerGrabbing
Service SMTP Found on port 25
PORT 25 is Open
Service SSH Found on port 242
PORT 242 is Open
Service HTTP (Apache) Found on port 443
PORT 443 is Open
```


97 scanner.py
View file
@@ -1,4 +1,18 @@
import socket
import logging



IPADDR = "127.0.0.1" #Target IP Address

#Lookup table, String -> Service
LOOKUPS = { b"Welcome to Pure-FTPd" : "FTP",
b"OpenSSH": "SSH",
b"Postfix": "SMTP",
b"Apache" : "HTTP (Apache)"
}



def checkPort(target, port):
"""
@@ -9,15 +23,92 @@ def checkPort(target, port):
"""
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
returnCode = sock.connect_ex((target, port))
sock.close() #Best to tidy up
#A return code of 0 means we have a successful connection
if returnCode == 0:
return True
elif returnCode == 111:
#111 is connection refused (ie Closed)
return False

def checkPort_Banner(target, port):
"""
Port scanning with banner grabbing (TASK 3)
As well as scanning the port, we do some banner grabbing.
If we see what messages we are given by the service when we connect
We may be able to identify services
For HTTP, the server doesn't do anything until we send it a message.
SO our read will fail.
We are just going to send a junk packet for HTTP, as the
error message actually gives us more info
"""
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

sock.settimeout(1)
returnCode = sock.connect_ex((target, port))

#A return code of 0 means we have a successful connection
if returnCode == 0:
logging.debug("Port %s Open", port)

#Attempt to read some data from the socket
try:
data = sock.recv(1024)
except:# socket.timeout:
#If we get a timeout no data has been recived
logging.debug("Socket Timeout, on %s Send HTTP", port)
out = sock.sendall(b"GET / HTTP/1.0\n\n") #Remove the b for python 2
data = sock.recv(1024) #Really we should also look for error here, but Meh

logging.debug("Data %s", data)

#Then do the Lookup
for key, value in LOOKUPS.items():
if key in data:
print (f"Service {value} Found on port {port}")
return True
elif returnCode == 111:
#111 is connection refused (ie Closed)
return False




def scanReserved():
"""
Scan just the reserved ports (TASK 2)
This will scan the first 1024 ports, and print the ones that are open
"""

for x in range(1024):
logging.debug("Scanning port %s", x)
if checkPort(IPADDR, x):
print (f"PORT {x} is Open")

def scanBanners():
"""
Scan just the reserved ports (TASK 2)
This will scan the first 1024 ports, and print the ones that are open
"""

for x in range(1024):
#logging.debug("Scanning port %s", x)
if checkPort_Banner(IPADDR, x):
print (f"PORT {x} is Open")


if __name__ == "__main__":
isOpen = checkPort("127.0.0.1", 8000)
print ("Port 8000 on Localhost open {0}".format(isOpen))

#Print debug messages,
#We can use this to show / hide debugging messages
#logging.basicConfig(level=logging.DEBUG) #Hide
logging.basicConfig(level=logging.INFO)

#scanReserved()
scanBanners()
#checkPort_Banner("127.0.0.1", 80)
#isOpen = checkPort("127.0.0.1", 8000)
#print ("Port 8000 on Localhost open {0}".format(isOpen))

0 comments on commit 01f38a4

Please sign in to comment.