Port and Vulnerability Scanner
Port Scanner
#!/usr/bin/python
from socket import *
import optparse
from threading import *
# We connect to the ports, AF_INET is for ipv4 addresses and SOCK_STREAM for tcp
def connectionScan(targetHost, targetPort):
try:
sock = socket(AF_INET, SOCK_STREAM)
sock.connect((targetHost,targetPort))
print('[+] %d/tcp open' %targetPort)
except:
print ('[-] %d/tcp closed' %targetPort)
finally:
sock.close()
# We make sure that with both IP or whatever.com we can analyse it
def portScan(targetHost,targetPorts):
try:
targetIP = gethostbyname(targetHost)
except:
print ('Unknow Host %s ' %targetHost)
try:
targetName = gethostbyaddr(targetIP)
print ('[+] Scan Results for: ' + targetName[0])
except:
print ('[+] Scan Results for: ' + targetIP)
setdefaulttimeout(1)
for targetPort in targetPorts:
thread = Thread(target=connectionScan, args=(targetHost, int(targetPort)))
thread.start()
# We explain the usage and execute the above functions
def main():
parser = optparse.OptionParser('Usage of program: ' + '-H <target host> -p <target port>')
parser.add_option('-H', dest='targetHost', type='string', help='specify target host')
parser.add_option('-p', dest='targetPort', type='string', help='specify target ports separated by comma')
(options, args) = parser.parse_args()
targetHost = options.targetHost
targetPorts = str(options.targetPort).split(',')
if (targetHost == None) | (targetPorts[0] == None):
print (parser.usage)
exit(0)
portScan(targetHost,targetPorts)
if __name__ == '__main__':
main()
Banner grabbing
#!/usr/bin/python
import socket
# Returns the banner information, s.recv to get the first 1024 bits of info
# The nested try-except is to avoid an error for the codification
def getBanner(ip,port):
try:
socket.setdefaulttimeout(1)
s = socket.socket()
s.connect((ip,port))
banner = s.recv(1024)
try:
return banner.decode('utf-8')
except UnicodeDecodeError:
return str(banner)
except:
return
# User is asked for target IP and the program scans the first 1000 ports
def main():
ip = input("[*] Enter Target IP: ")
for port in range(1,1000):
banner = getBanner(ip,port)
if banner:
print ("[+]" + ip + "/" + str(port) + ": " + banner)
main()
Vulnerability scanner
#!/usr/bin/python
import socket
import os
import sys
# Same function as in the program above
def getBanner(ip,port):
try:
socket.setdefaulttimeout(1)
s = socket.socket()
s.connect((ip,port))
banner = s.recv(1024)
try:
return banner.decode('utf-8')
except UnicodeDecodeError:
return str(banner)
except:
return
# Checks every line of the file we pass and the banner we got, if positive it prints it
# "r" is to read the file, it is also posible to write with "w"
def checkVulns(banner,filename):
file = open(filename,"r")
for line in file.readlines():
if line.strip("\n") in banner:
print ('[+] Server is vulnerable: ' + banner.strip("\n"))
# Checks if the 2 arguments needed are passed and if user have access to the files
def main():
if len(sys.argv) == 2:
filename = sys.argv[1]
if not os.path.isfile(filename):
print ("[-] File doesn't exist!")
exit(0)
if not os.access(filename, os.R_OK):
print ("[-] You don't have access to the file!")
exit (0)
else:
print('[-] Usage:' + str(sys.argv[0]) + ' <vuln filename>')
exit(0)
# Most common ports
portlist = [21,22,25,80,110,443,445]
# Checks every system under the subnet we specify
for x in range (1,255):
ip = "#.#.#." + str(x)
for port in portlist:
banner = getBanner(ip,port)
if banner:
print ('[+] ' + ip + "/" + str(port) + ": " + banner)
checkVulns(banner,filename)
main()
Last updated