Python Port Scanner

Hello everyone, great to meet you

  

In this first article of series of python for hacker we are going to see how to write a port scanner with python.

  

I) what is Scanning ?

  

Reconnaissance is the first step of the kill chain when conducting a penetration or an attack against a network or server target. An attacker will typically dedicate up to seventy-five percent of the overall work effort for a penetration test to reconnaissance, as it is this phase that allows the target to be defined, mapped, and explored for the vulnerabilities that will eventually lead to exploitation. There are two types of reconnaissance:

 

- passive reconnaissance

 

- active reconnaissance.

 

And scanning is the active reconnaissance

  

Scanning is the phase that attacker or penetration tester actively interact with target and during this phase most systems will log all users activity, triggering alarms by protective devices, such as firewalls and IDS(Intrusion Detection System).

  

The important thing to know is that we are scanning devices that are connected on the network and we are looking for breach (port open, weak services, type of services, operating system, etc) to compromise the device and why not all the system. So we can say that scanning tell us what is going on and which service and operating system version is running. With this information the attacker can know what to do and how to compromise the system.

  

II) Scanning techniques

  

Here we are not going to talk about scanning technique in deep because is not the goal of this article maybe next time but we are going to enumerate some common scan technique.

  

- UDP port scan

 

- TCP port scan

 

- Stealth scan

 

- Sync scan

 

- ping sweep

 

- Xmas scan

 

- Fin scan

 

- Zombie scan

  

There are many tools that you can use to test this different techniques but here are my favorite :

 

nmap, hping3 .

  

Before writing our script let talk about three-way handshake.

  

Is not a standard nor a protocol but just the procedure that two devices on the network use to make sure that there are alive before starting conversation.

 

To be clear let take an example with two persons (you and me ) that want to talk by phone. If I know your number and I want to talk with you, the first thing to do is to dial your number and wait you to answer; when you pit up the first thing to say (not always) is “hello me” and I will answer “hello you” then the conversation can start. That is the same way that three-way handshake work. When computer A want to communicate with computer B he first sent SYN packet to computer B for synchronization and if computer B is alive he will answer with SYN/ACK for a synchronization acknowledge then computer A sent ACK packet and now they can start conversation. That is all you have to know about three-way handshake.

 

Now we can start coding and I'm not going to start from beginning about python but if you don’t know anything about it there are full of article talking about it and how to install it so just google and you will be stupefy about number of documents about. All I can say here is that python is a high level programming language create in 1991 by GUIDO VAN rosum and is wildly use for security purpose and other.

   

III) WRITING OUR SCRIPT

  

To be sure you have you python install to your computer enter this command

 

python --version

 

if all things are alright you will have things like this Python 2.7.14+( python version 2.7) or Python 3.6.4 (python version 3.5+), the answer depend of the version you have install.

 

About text editor I’m using PyCharm but use the one that you feel good with it. Open you python favorite text editor and let start

#! /usr/bin/python3

import socketimport sysif len(sys.argv) != 3:# to verify if all argumentsprint("Usage python Psanner.py [ip] [ports]")print("Exemple python Pscanner.py 192.168.1.10 21,22,25")sys.exit()ports = sys.argv[2].split(",")# assign port to ports variableports=[int(p) for p in ports]# cast list items to integer typeip=sys.argv[1]# assign ip addressi=1# variable use to print oncefor port in ports:# starting port scanningtry:# exceptionsock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)# socket object initiaterep=sock.connect_ex((ip,port))# connecting to targetif rep==0:# check the respond after connection attempif i==1:# just to print onceprint("Report for {0}:".format(ip))i=i-1print("Port {0} Open".format(port))# print if port openelse:print("Port {0} close".format(port))# print if port closeexcept Exception as e:passsock.close()# close socketprint("thewind")

as you can see I have comment all the code but if you have a problem I'm there for you