From bd3c1c29094169d27f409a9f0760c9c84ba1bdb0 Mon Sep 17 00:00:00 2001 From: Dan Goldsmith Date: Wed, 6 Oct 2021 21:58:59 +0100 Subject: [PATCH 1/3] Task 2 completed --- README.md | 20 ++++++++++++++++++++ scanner.py | 33 ++++++++++++++++++++++++++++++--- 2 files changed, 50 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 4925827..97bc29b 100644 --- a/README.md +++ b/README.md @@ -7,3 +7,23 @@ Different iterations are in branches. ## Branches + - InitialVersion: Base Code from the Site + - Reserved Ports: **Task 2** Scan all the reseved ports (1-1024) + + + +## Output + +## Task 2 + +Just Reserved Ports code + +``` +dang@danglaptop ~/Coding/PortScanner$ python scanner.py +PORT 21 is Open +PORT 22 is Open +PORT 25 is Open +PORT 80 is Open +``` + +## Task 3 diff --git a/scanner.py b/scanner.py index c030ad5..2db04d7 100644 --- a/scanner.py +++ b/scanner.py @@ -1,4 +1,11 @@ import socket +import logging + + + +IPADDR = "127.0.0.1" #Target IP Address + + def checkPort(target, port): """ @@ -17,7 +24,27 @@ def checkPort(target, port): #111 is connection refused (ie Closed) return False - + +def scanReserved(): + """ + Scan just the reserved ports + + This will scan the first 1024 ports, and print the ones that are open + """ + + for x in range(1024): + logging.debug("Scanning port %s", x) + if checkPort(IPADDR, x): + print (f"PORT {x} is Open") + if __name__ == "__main__": - isOpen = checkPort("127.0.0.1", 8000) - print ("Port 8000 on Localhost open {0}".format(isOpen)) + + #Print debug messages, + #We can use this to show / hide debugging messages + #logging.basicConfig(level=logging.DEBUG) #Hide + logging.basicConfig(level=logging.INFO) + + scanReserved() + + #isOpen = checkPort("127.0.0.1", 8000) + #print ("Port 8000 on Localhost open {0}".format(isOpen)) From dd3fc7ffd93fa0a8e23aa7e5253d71a8d28475c7 Mon Sep 17 00:00:00 2001 From: Dan Goldsmith Date: Wed, 6 Oct 2021 22:38:56 +0100 Subject: [PATCH 2/3] Banner Grabbing Implemented --- scanner.py | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 67 insertions(+), 3 deletions(-) diff --git a/scanner.py b/scanner.py index 2db04d7..2c3bc0e 100644 --- a/scanner.py +++ b/scanner.py @@ -5,6 +5,13 @@ import logging IPADDR = "127.0.0.1" #Target IP Address +#Lookup table, String -> Service +LOOKUPS = { b"Welcome to Pure-FTPd" : "FTP", + b"OpenSSH": "SSH", + b"Postfix": "SMTP", + b"Apache" : "HTTP (Apache)" + } + def checkPort(target, port): @@ -16,18 +23,61 @@ def checkPort(target, port): """ sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) returnCode = sock.connect_ex((target, port)) + sock.close() #Best to tidy up + #A return code of 0 means we have a successful connection + if returnCode == 0: + return True + elif returnCode == 111: + #111 is connection refused (ie Closed) + return False + +def checkPort_Banner(target, port): + """ + Port scanning with banner grabbing (TASK 3) + + As well as scanning the port, we do some banner grabbing. + If we see what messages we are given by the service when we connect + We may be able to identify services + + For HTTP, the server doesn't do anything until we send it a message. + SO our read will fail. + We are just going to send a junk packet for HTTP, as the + error message actually gives us more info + """ + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + + sock.settimeout(1) + returnCode = sock.connect_ex((target, port)) #A return code of 0 means we have a successful connection if returnCode == 0: + logging.debug("Port %s Open", port) + + #Attempt to read some data from the socket + try: + data = sock.recv(1024) + except:# socket.timeout: + #If we get a timeout no data has been recived + logging.debug("Socket Timeout, on %s Send HTTP", port) + out = sock.sendall(b"GET / HTTP/1.0\n\n") #Remove the b for python 2 + data = sock.recv(1024) #Really we should also look for error here, but Meh + + logging.debug("Data %s", data) + + #Then do the Lookup + for key, value in LOOKUPS.items(): + if key in data: + print (f"Service {value} Found on port {port}") return True elif returnCode == 111: #111 is connection refused (ie Closed) return False + def scanReserved(): """ - Scan just the reserved ports + Scan just the reserved ports (TASK 2) This will scan the first 1024 ports, and print the ones that are open """ @@ -36,7 +86,20 @@ def scanReserved(): logging.debug("Scanning port %s", x) if checkPort(IPADDR, x): print (f"PORT {x} is Open") + +def scanBanners(): + """ + Scan just the reserved ports (TASK 2) + + This will scan the first 1024 ports, and print the ones that are open + """ + + for x in range(1024): + #logging.debug("Scanning port %s", x) + if checkPort_Banner(IPADDR, x): + print (f"PORT {x} is Open") + if __name__ == "__main__": #Print debug messages, @@ -44,7 +107,8 @@ if __name__ == "__main__": #logging.basicConfig(level=logging.DEBUG) #Hide logging.basicConfig(level=logging.INFO) - scanReserved() - + #scanReserved() + scanBanners() + #checkPort_Banner("127.0.0.1", 80) #isOpen = checkPort("127.0.0.1", 8000) #print ("Port 8000 on Localhost open {0}".format(isOpen)) From d1be166e9d8b1d246d5945d7214dde9e9662c01f Mon Sep 17 00:00:00 2001 From: Dan Goldsmith Date: Wed, 6 Oct 2021 22:40:49 +0100 Subject: [PATCH 3/3] README upated --- README.md | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 97bc29b..b21f331 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Different iterations are in branches. - InitialVersion: Base Code from the Site - Reserved Ports: **Task 2** Scan all the reseved ports (1-1024) - + - Banner Grabbing: **Tasks 3 and 4** (as they are linked, the issue in task 3 leads to 4 ## Output @@ -26,4 +26,16 @@ PORT 25 is Open PORT 80 is Open ``` -## Task 3 +## Task 3 and 4 + +``` +dang@danglaptop ~/Coding/PortScanner$ python scanner.py ✹ ✭BannerGrabbing +Service SMTP Found on port 25 +PORT 25 is Open +Service SSH Found on port 242 +PORT 242 is Open +Service HTTP (Apache) Found on port 443 +PORT 443 is Open +``` + +