Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # Visit Codingsec.net > https://codingsec.net/2016/05/create-port-scanner-python/
- # HISTORY
- #
- # V1.01 - 2017-01-25:
- # + Scan subnet except for 1 IP only with module ipaddress. Install this module (`sudo pip install ipaddress`) before using it.
- # + Ping before scanning (use pyping). Note that ICMP messages can only be send from processes running as root.
- # + Add some well-known ports with ref https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers#Well-known_ports
- # Importing the modules
- # socket :=> This is what we use to create a socket connection
- # argparse is used to parse arguments. This is not important now
- # and it is out of the scope of this post
- import socket,sys,time,datetime,argparse,os
- import ipaddress
- import pyping
- # This dictionary contains the most popular ports used
- # You can add ports here.
- # The key is the port number and the values is the service used by that port
- common_ports = {
- '21': 'FTP',
- '22': 'SSH',
- '23': 'TELNET',
- '25': 'SMTP',
- '53': 'DNS',
- #'69': 'TFTP',
- '80': 'HTTP',
- #'109': 'POP2',
- '110': 'POP3',
- #'123': 'NTP',
- #'137': 'NETBIOS-NS', #'138': 'NETBIOS-DGM',
- '139': 'NETBIOS-SSN',
- '143': 'IMAP',
- #'156': 'SQL-SERVER',
- #'389': 'LDAP',
- '443': 'HTTPS',
- '445': 'NETBIOS-SMB',
- #'546': 'DHCP-CLIENT',
- #'547': 'DHCP-SERVER',
- '587': 'STMP SSL',
- '995': 'POP3-SSL',
- '993': 'IMAP-SSL',
- '1701': 'L2TP',
- #'2086': 'WHM/CPANEL', '2087': 'WHM/CPANEL', '2082': 'CPANEL', '2083': 'CPANEL',
- '3306': 'MYSQL',
- '3389': 'RDP',
- #'4899': 'Radmin',
- '5800': 'VNC-5800',
- '5900': 'VNC-5900',
- '6969': 'Torrent',
- '8080': 'HTTP Proxy',
- '8443': 'PLESK',
- '10000': 'VIRTUALMIN/WEBMIN'
- }
- # This is the function that will connect to a port and will check
- # if it is open or closed
- def check_port(host, port, result = 1):
- # The function takes 3 arguments
- # host : the IP to scan
- # port : the port number to connect
- try:
- # Creating a socket object named 'sock'
- sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- # Setting socket timeout so that the socket does not wait forever to complete a connection
- sock.settimeout(0.5)
- # Connect to the socket
- # if the connection was successful, that means the port
- # is open, and the output 'r' will be zero
- r = sock.connect_ex((host, port))
- if r == 0:
- result = r
- sock.close() # closing the socket
- except Exception, e:
- pass
- return result # returns the result of the scan.
- # This function reads the dictonary of ports and services and
- # Checks for the service name corresponding to a port.
- def get_service(port):
- port = str(port) # converts the int to string
- if port in common_ports: # check if the port is available in the common ports dictionary
- return common_ports[port] # returns the service name if available
- else:
- return 0 # return 0 if no service is identified
- flag = 0 # we're gonna use this flag later. Just keep it in mind
- os.system('clear') # Clear the console window
- line = "+" * 80 # Just a fancy line consisting '+'
- desc = line+'''\nA Simple port scanner that works!! (c) digitz.org
- Example usage: python port_scanner.py example.com 1 1000
- The above example will scan the host \'example.com\' from port 1 to 1000
- To scan most common ports, use: python port_scanner.py example.com\n'''+line+"\n"
- # Just a description about the script and how to use it
- # I would suggest you to read about "argparse", it comes in handy
- # when you want to parse arguments
- parser = argparse.ArgumentParser(description = desc, formatter_class=argparse.RawTextHelpFormatter)
- parser.add_argument('hosts', metavar='H', help='Host name you want to scan')
- parser.add_argument('startport', metavar='P1', nargs='?', help='Start scanning from this port')
- parser.add_argument('endport', metavar='P2', nargs='?',help='Scan until this port')
- args = parser.parse_args()
- # args.startpoint corresponds to the first port we will scan
- # args.endport corresponds to the last port.
- # Here, we're checking if both starting port and ending port is defined
- # If it is not defined, we will do a scan over most popular TCP ports.
- if (args.startport) and args.endport :
- # If this condition is true, the script will scan over this port range
- start_port = int(args.startport)
- end_port = int(args.endport)
- else:
- # In this case, the script will scan the most common ports.
- # that is, if you did not give any ports as argument.
- flag = 1
- starting_time = time.time() # Get the time at which the scan was started
- print "+" * 40
- print "\tSimple Port Scanner..!!!"
- print "+" * 40
- print "Scanning started at %s" %(time.strftime("%I:%M:%S %p"))
- args_hosts = args.hosts.decode('utf-8')
- hosts = []
- if args_hosts.find("/") > 0:
- hosts = list(ipaddress.ip_network(args_hosts).hosts()) # The host name to scan for open ports
- else:
- hosts.insert(0, ipaddress.ip_address(args_hosts))
- if (flag): # The flag is set, that means the user did not provide any ports as argument
- print "Scanning for most common ports on %s" % args_hosts
- else:
- # The user did specify a port range to scan
- print "Scanning %s from port %s - %s: " % (host, start_port, end_port)
- print ""
- for host in hosts:
- try:
- host = str(host)
- ip = str(socket.gethostbyname(host)) # Converts the host name into IP address
- ping_result = pyping.ping(ip)
- if ping_result.ret_code == 0:
- print "\r" + "=" * 40
- print "Scan host %s" %(host)
- print "Connecting to Port: ",
- open_ports = [] # This list is used to hold the open ports
- if flag: # The flag is set, means the user did not give any port range
- for p in sorted(common_ports): # So we will scan the common ports.
- sys.stdout.flush() # flush the stdout buffer.
- p = int(p)
- print p,
- response = check_port(host, p) # call the function to connect to the port
- if response == 0: # The port is open
- open_ports.append(p) # append it to the list of open ports
- #if not p == end_port:
- sys.stdout.write('\b' * len(str(p))) # This is just used to clear the port number displayed. This is not important at all
- else:
- # The user did provide a port range, now we have to scan through that range
- for p in range(start_port, end_port+1):
- sys.stdout.flush()
- print p,
- response = check_port(host, p) # Call the function to connect to the port
- if response == 0: # Port is open
- open_ports.append(p) # Append to the list of open ports
- if not p == end_port:
- sys.stdout.write('\b' * len(str(p)))
- print ""
- if open_ports: # There are open ports available
- print "Open Ports: "
- for i in sorted(open_ports):
- service = get_service(i)
- if not service: # The service is not in the disctionary
- service = "Unknown service"
- print "\t%s %s: Open" % (i, service)
- else:
- # No open ports were found
- print "Sorry, No open ports found.!!"
- #else:
- # print "."
- # end of if pyping.ping(ip)
- except KeyboardInterrupt: # This is used in case the user press "Ctrl+C", it will show the following error instead of a python's scary error
- print "You pressed Ctrl+C. Exiting "
- sys.exit(1)
- print "\nScanning completed at %s" %(time.strftime("%I:%M:%S %p"))
- ending_time = time.time()
- total_time = round(ending_time - starting_time, 1) # Calculating the total time used to scan
- if total_time <= 60.0:
- print "Scan Took %s seconds" %(total_time)
- else:
- total_time = round(total_time / 60, 1)
- print "Scan Took %s Minutes" %(total_time)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement