Stealth Port Scanner (Scapy and Python)

1. #! /usr/bin/python
2. from logging import getLogger, ERROR # Import Logging Things
3. getLogger("scapy.runtime").setLevel(ERROR) # Get Rid if IPv6 Warning
4. from scapy.all import * # The One and Only Scapy
5. import sys
6. from datetime import datetime # Other stuff
7. from time import strftime
8.  
9. try:
10.     target = raw_input("[*] Enter Target IP Address: ") # Get Target Address
11.     min_port = raw_input("[*] Enter Minumum Port Number: ") # Get Min. Port Num.
12.     max_port = raw_input("[*] Enter Maximum Port Number: ") # Get Max. Port Num.
13.     try:
14.         if int(min_port) >= 0 and int(max_port) >= 0 and int(max_port) >= int(min_port): # Test for valid range of ports
15.             pass
16.         else: # If range didn't raise error, but didn't meet criteria
17.             print "\n[!] Invalid Range of Ports"
18.             print "[!] Exiting..."
19.             sys.exit(1)
20.     except Exception: # If input range raises an error
21.         print "\n[!] Invalid Range of Ports"
22.         print "[!] Exiting..."
23.         sys.exit(1)    
24. except KeyboardInterrupt: # In case the user wants to quit
25.     print "\n[*] User Requested Shutdown..."
26.     print "[*] Exiting..."
27.     sys.exit(1)
28.  
29. ports = range(int(min_port), int(max_port)+1) # Build range from given port numbers
30. start_clock = datetime.now() # Start clock for scan time
31. SYNACK = 0x12 # Set flag values for later reference
32. RSTACK = 0x14
33.  
34. def checkhost(ip): # Function to check if target is up
35.     conf.verb = 0 # Hide output
36.     try:
37.         ping = sr1(IP(dst = ip)/ICMP()) # Ping the target
38.         print "\n[*] Target is Up, Beginning Scan..."
39.     except Exception: # If ping fails
40.         print "\n[!] Couldn't Resolve Target"
41.         print "[!] Exiting..."
42.         sys.exit(1)
43.  
44. def scanport(port): # Function to scan a given port
45.     try:
46.         srcport = RandShort() # Generate Port Number
47.         conf.verb = 0 # Hide output
48.         SYNACKpkt = sr1(IP(dst = target)/TCP(sport = srcport, dport = port, flags = "S")) # Send SYN and recieve RST-ACK or SYN-ACK
49.         pktflags = SYNACKpkt.getlayer(TCP).flags # Extract flags of recived packet
50.         if pktflags == SYNACK: # Cross reference Flags
51.             return True # If open, return true
52.         else:
53.             return False # If closed, return false
54.         RSTpkt = IP(dst = target)/TCP(sport = srcport, dport = port, flags = "R") # Construct RST packet
55.         send(RSTpkt) # Send RST packet
56.     except KeyboardInterrupt: # In case the user needs to quit
57.         RSTpkt = IP(dst = target)/TCP(sport = srcport, dport = port, flags = "R") # Built RST packet
58.         send(RSTpkt) # Send RST packet to whatever port is currently being scanned
59.         print "\n[*] User Requested Shutdown..."
60.         print "[*] Exiting..."
61.         sys.exit(1)
62.  
63. checkhost(target) # Run checkhost() function from earlier
64. print "[*] Scanning Started at " + strftime("%H:%M:%S") + "!\n" # Confirm scan start
65.  
66. for port in ports: # Iterate through range of ports
67.     status = scanport(port) # Feed each port into scanning function
68.     if status == True: # Test result
69.         print "Port " + str(port) + ": Open" # Print status
70.  
71. stop_clock = datetime.now() # Stop clock for scan time
72. total_time = stop_clock - start_clock # Calculate scan time
73. print "\n[*] Scanning Finished!" # Confirm scan stop
74. print "[*] Total Scan Duration: " + str(total_time) # Print scan time