python scanner

1. import socket
2. import os
3. import struct
4. import threading
5.  
6. from netaddr import IPNetwork,IPAddress
7. from ctypes import *
8.  
9. # host to listen on
10. host = "192.168.0.187"
11.  
12. # subnet to target
13. subnet = "192.168.0.0/24"
14.  
15. # magic we'll check ICMP responses for
16. magic_message = "PYTHONRULES!"
17.  
18. def udp_sender(subnet,magic_message):
19. sender = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
20.  
21. for ip in IPNetwork(subnet):
22. try:
23. sender.sendto(magic_message,("%s" % ip,65212))
24. except:
25. pass
26.  
27.  
28. class IP(Structure):
29.  
30. _fields_ = [
31. ("ihl", c_ubyte, 4),
32. ("version", c_ubyte, 4),
33. ("tos", c_ubyte),
34. ("len", c_ushort),
35. ("id", c_ushort),
36. ("offset", c_ushort),
37. ("ttl", c_ubyte),
38. ("protocol_num", c_ubyte),
39. ("sum", c_ushort),
40. ("src", c_ulong),
41. ("dst", c_ulong)
42. ]
43.  
44. def __new__(self, socket_buffer=None):
45. return self.from_buffer_copy(socket_buffer)
46.  
47. def __init__(self, socket_buffer=None):
48.  
49. # map protocol constants to their names
50. self.protocol_map = {1:"ICMP", 6:"TCP", 17:"UDP"}
51.  
52. # human readable IP addresses
53. self.src_address = socket.inet_ntoa(struct.pack("<L",self.src))
54. self.dst_address = socket.inet_ntoa(struct.pack("<L",self.dst))
55.  
56. # human readable protocol
57. try:
58. self.protocol = self.protocol_map[self.protocol_num]
59. except:
60. self.protocol = str(self.protocol_num)
61.  
62.  
63.  
64. class ICMP(Structure):
65.  
66. _fields_ = [
67. ("type", c_ubyte),
68. ("code", c_ubyte),
69. ("checksum", c_ushort),
70. ("unused", c_ushort),
71. ("next_hop_mtu", c_ushort)
72. ]
73.  
74. def __new__(self, socket_buffer):
75. return self.from_buffer_copy(socket_buffer)
76.  
77. def __init__(self, socket_buffer):
78. pass
79.  
80. # create a raw socket and bind it to the public interface
81. if os.name == "nt":
82. socket_protocol = socket.IPPROTO_IP
83. else:
84. socket_protocol = socket.IPPROTO_ICMP
85.  
86. sniffer = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket_protocol)
87.  
88. sniffer.bind((host, 0))
89.  
90. # we want the IP headers included in the capture
91. sniffer.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
92.  
93. # if we're on Windows we need to send some ioctls
94. # to setup promiscuous mode
95. if os.name == "nt":
96. sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON)
97.  
98.  
99. # start sending packets
100. t = threading.Thread(target=udp_sender,args=(subnet,magic_message))
101. t.start()
102.  
103. try:
104. while True:
105.  
106. # read in a single packet
107. raw_buffer = sniffer.recvfrom(65565)[0]
108.  
109. # create an IP header from the first 20 bytes of the buffer
110. ip_header = IP(raw_buffer[0:20])
111.  
112. #print "Protocol: %s %s -> %s" % (ip_header.protocol, ip_header.src_address, ip_header.dst_address)
113.  
114. # if it's ICMP we want it
115. if ip_header.protocol == "ICMP":
116.  
117. # calculate where our ICMP packet starts
118. offset = ip_header.ihl * 4
119. buf = raw_buffer[offset:offset + sizeof(ICMP)]
120.  
121. # create our ICMP structure
122. icmp_header = ICMP(buf)
123.  
124. #print "ICMP -> Type: %d Code: %d" % (icmp_header.type, icmp_header.code)
125.  
126. # now check for the TYPE 3 and CODE 3 which indicates
127. # a host is up but no port available to talk to
128. if icmp_header.code == 3 and icmp_header.type == 3:
129.  
130. # check to make sure we are receiving the response
131. # that lands in our subnet
132. if IPAddress(ip_header.src_address) in IPNetwork(subnet):
133.  
134. # test for our magic message
135. if raw_buffer[len(raw_buffer)-len(magic_message):] == magic_message:
136. print "Host Up: %s" % ip_header.src_address
137. # handle CTRL-C
138. except KeyboardInterrupt:
139. # if we're on Windows turn off promiscuous mode
140. if os.name == "nt":
141. sniffer.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF)