Python Port Scanner

February 27, 2018 | Views: 8569

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hello everyone, great to meet you



In this first article of series of python for hacker we are going to see how to write a port scanner with python.



I) what is Scanning ?



Reconnaissance is the first step of the kill chain when conducting a penetration or an attack against a network or server target. An attacker will typically dedicate up to seventy-five percent of the overall work effort for a penetration test to reconnaissance, as it is this phase that allows the target to be defined, mapped, and explored for the vulnerabilities that will eventually lead to exploitation. There are two types of reconnaissance:


– passive reconnaissance


– active reconnaissance.


And scanning is the active reconnaissance



Scanning is the phase that attacker or penetration tester actively interact with target and during this phase most systems will log all users activity, triggering alarms by protective devices, such as firewalls and IDS(Intrusion Detection System).



The important thing to know is that we are scanning devices that are connected on the network and we are looking for breach (port open, weak services, type of services, operating system, etc) to compromise the device and why not all the system. So we can say that scanning tell us what is going on and which service and operating system version is running. With this information the attacker can know what to do and how to compromise the system.



II) Scanning techniques



Here we are not going to talk about scanning technique in deep because is not the goal of this article maybe next time but we are going to enumerate some common scan technique.



– UDP port scan


– TCP port scan


– Stealth scan


– Sync scan


– ping sweep


– Xmas scan


– Fin scan


– Zombie scan



There are many tools that you can use to test this different techniques but here are my favorite :


nmap, hping3 .



Before writing our script let talk about three-way handshake.



Is not a standard nor a protocol but just the procedure that two devices on the network use to make sure that there are alive before starting conversation.


To be clear let take an example with two persons (you and me ) that want to talk by phone. If I know your number and I want to talk with you, the first thing to do is to dial your number and wait you to answer; when you pit up the first thing to say (not always) is “hello me” and I will answer “hello you” then the conversation can start. That is the same way that three-way handshake work. When computer A want to communicate with computer B he first sent SYN packet to computer B for synchronization and if computer B is alive he will answer with SYN/ACK for a synchronization acknowledge then computer A sent ACK packet and now they can start conversation. That is all you have to know about three-way handshake.


Now we can start coding and I’m not going to start from beginning about python but if you don’t know anything about it there are full of article talking about it and how to install it so just google and you will be stupefy about number of documents about. All I can say here is that python is a high level programming language create in 1991 by GUIDO VAN rosum and is wildly use for security purpose and other.







To be sure you have you python install to your computer enter this command


python –version


if all things are alright you will have things like this Python 2.7.14+( python version 2.7) or Python 3.6.4 (python version 3.5+), the answer depend of the version you have install.


About text editor I’m using PyCharm but use the one that you feel good with it. Open you python favorite text editor and let start

#! /usr/bin/python3

import socket
import sys

if len(sys.argv) != 3: # to verify if all arguments
print(“Usage python [ip] [ports]”)
print(“Exemple python 21,22,25”)
ports = sys.argv[2].split(“,”) # assign port to ports variable
ports=[int(p) for p in ports] # cast list items to integer type
ip=sys.argv[1] # assign ip address
i=1 # variable use to print once

for port in ports: # starting port scanning
try: # exception

sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)# socket object initiate
rep=sock.connect_ex((ip,port)) # connecting to target
if rep==0: # check the respond after connection attemp
if i==1: # just to print once
print(“Report for {0}:”.format(ip))

print(“Port {0} Open”.format(port)) # print if port open
print(“Port {0} close”.format(port)) # print if port close
except Exception as e:

sock.close()# close socket

as you can see I have comment all the code but if you have a problem I’m there for you


Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. hello
    is there any way to do the same thing for remote IP. for example, imagine you want to scan google IP address. how do you do that?

    Thanks in advance

    • yes you can scan a remote IP. for example imagine you want to scan google IP address. you can just enter “python3 80” or ping google and take his ip address and enter it

  2. hello
    is there any way to do the same thing for remote IP. for example, imagine you want to scan google IP address. how do you do that?

    Thanks in advnce

  3. Thanks for sharing

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?