Port and Vulnerability Scanner

Port Scanner

#!/usr/bin/python

from socket import *
import optparse
from threading import *

# We connect to the ports, AF_INET is for ipv4 addresses and SOCK_STREAM for tcp
def connectionScan(targetHost, targetPort):
	try:
		sock = socket(AF_INET, SOCK_STREAM)
		sock.connect((targetHost,targetPort))
		print('[+] %d/tcp open' %targetPort)
	except:
		print ('[-] %d/tcp closed' %targetPort)
	finally:
		sock.close()

# We make sure that with both IP or whatever.com we can analyse it		
def portScan(targetHost,targetPorts):
	try:
		targetIP = gethostbyname(targetHost)
	except:
		print ('Unknow Host %s ' %targetHost)
	try:
		targetName = gethostbyaddr(targetIP)
		print ('[+] Scan Results for: ' + targetName[0])
	except:
		print ('[+] Scan Results for: ' + targetIP)
	setdefaulttimeout(1)
	for targetPort in targetPorts:
		thread = Thread(target=connectionScan, args=(targetHost, int(targetPort))) 
		thread.start()

# We explain the usage and execute the above functions			
def main():
	parser = optparse.OptionParser('Usage of program: ' + '-H <target host> -p <target port>')
	parser.add_option('-H', dest='targetHost', type='string', help='specify target host')
	parser.add_option('-p', dest='targetPort', type='string', help='specify target ports separated by comma')
	(options, args) = parser.parse_args()
	targetHost = options.targetHost
	targetPorts = str(options.targetPort).split(',')
	if (targetHost == None) | (targetPorts[0] == None):
		print (parser.usage)
		exit(0)
	portScan(targetHost,targetPorts)

if __name__ == '__main__':
	main()
#!/usr/bin/python

import socket

# Returns the banner information, s.recv to get the first 1024 bits of info
# The nested try-except is to avoid an error for the codification
def getBanner(ip,port):
	try:
		socket.setdefaulttimeout(1)
		s = socket.socket()
		s.connect((ip,port))
		banner = s.recv(1024)
		try:
			return banner.decode('utf-8')
		except UnicodeDecodeError:
			return str(banner)
	except:
		return

# User is asked for target IP and the program scans the first 1000 ports
def main():
	ip = input("[*] Enter Target IP: ")
	for port in range(1,1000):
		banner = getBanner(ip,port)
		if banner:
			print ("[+]" + ip + "/" + str(port) + ": " + banner)

main()

Vulnerability scanner

#!/usr/bin/python

import socket
import os
import sys

# Same function as in the program above
def getBanner(ip,port):
	try:
		socket.setdefaulttimeout(1)
		s = socket.socket()
		s.connect((ip,port))
		banner = s.recv(1024)
		try:
			return banner.decode('utf-8')
		except UnicodeDecodeError:
			return str(banner)
	except:
		return

# Checks every line of the file we pass and the banner we got, if positive it prints it
# "r" is to read the file, it is also posible to write with "w"
def checkVulns(banner,filename):
	file = open(filename,"r")
	for line in file.readlines():
		if line.strip("\n") in banner:
			print ('[+] Server is vulnerable: ' + banner.strip("\n"))

# Checks if the 2 arguments needed are passed and if user have access to the files
def main():
	if len(sys.argv) == 2:
		filename = sys.argv[1]
		if not os.path.isfile(filename):
			print ("[-] File doesn't exist!")
			exit(0)
		if not os.access(filename, os.R_OK):
			print ("[-] You don't have access to the file!")
			exit (0)
	else:
		print('[-] Usage:' + str(sys.argv[0]) + ' <vuln filename>')
		exit(0)
	
	# Most common ports 
	portlist = [21,22,25,80,110,443,445]

	# Checks every system under the subnet we specify
	for x in range (1,255):
		ip = "#.#.#." + str(x)
		for port in portlist:
			banner = getBanner(ip,port)
			if banner:
				print ('[+] ' + ip + "/" + str(port) + ": " + banner)
				checkVulns(banner,filename)

main()

Last updated