Untitled

import argparse
from textwrap import dedent
import re
from collections import namedtuple
from urllib.request import urlopen

from scapy.all import *


class ScannerStatus(object):
    OPEN = "Open"
    CLOSED = "Closed"
    FILTERED = "Filtered"


class Scanner(object):
    def __init__(self, timeout):
        self.timeout = timeout

    def arp_ping(self, subnet):
        """ARP Pings entire subnet returns found in subnet."""
        conf.verb = 0
        answered, unanswered = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=subnet), timeout=self.timeout, verbose=False, inter=0.1)
        return [rcv.sprintf(r"%Ether.src% - %ARP.psrc%") for snd, rcv in answered]

    def _tcp_default(self, dst_ip, dst_port, src_port):
        """Default TCP Scan."""
        default_scan = sr1(IP(dst=dst_ip)/TCP(sport=src_port, dport=dst_port, flags="S"), timeout=self.timeout)
        if default_scan is not None:
            if default_scan.getlayer(TCP).flags == 0x12:
                send_rst = sr(IP(dst=dst_ip)/TCP(sport=src_port, dport=dst_port, flags="AR"), timeout=self.timeout)
                return ScannerStatus.OPEN
        return ScannerStatus.CLOSED

    def _tcp_stealth(self, dst_ip, dst_port, src_port):
        """Stealthy TCP Scan"""
        stealth_scan = sr1(IP(dst=dst_ip)/TCP(sport=src_port, dport=dst_port, flags="S"), timeout=self.timeout)
        if stealth_scan is not None:
            if stealth_scan.getlayer(TCP).flags == 0x12:
                send_rst = sr(IP(dst=dst_ip)/TCP(sport=src_port, dport=dst_port, flags="R"), timeout=self.timeout)
                return ScannerStatus.OPEN
            elif stealth_scan.getlayer(TCP).flags == 0x14:
                return ScannerStatus.CLOSED
        return ScannerStatus.FILTERED

    def tcp(self, dst_ip, dst_port, stealth=False):
        """Scan TCP port for availability"""
        src_port = RandShort()
        fn = self._tcp_stealth if stealth else self._tcp_default
        return fn(dst_ip, dst_port, src_port)

    def udp(self, dst_ip, dst_port):
        """Scan UDP port for availability"""
        udp_scan = sr1(IP(dst=dst_ip)/UDP(dport=dst_port), timeout=self.timeout)
        if udp_scan is not None:
            if udp_scan.haslayer(UDP):
                return 'Open'
            elif int(udp_scan.getlayer(ICMP).type) == 3 and int(udp_scan.getlayer(ICMP).code) == 3:
                return 'Closed'
        return 'Filtered'


def get_ports():
    """Get ports from etc/services/
    yields a namedtuple(name, port, type)"""
    ports, Port = [], namedtuple('Port', ['name', 'port', 'type'])
    with open('/etc/services') as ports_file:
        lines = ports_file.readlines()
        for line in lines:
            if not line.startswith('#') and line.rstrip():
                _name, _port, _type = re.split('[s/]+', line.split('#', 1)[0])[:3]
                yield Port(_name, _port, _type)


def parse_arguments():
    """Arguments parser."""
    parser = argparse.ArgumentParser(usage='%(prog)s [options] <subnet>',
                                     description='port scanning tool @Ludisposed',
                                     formatter_class=argparse.RawDescriptionHelpFormatter,
                                     epilog=dedent('''
                                        Examples:
                                        python port_scan.py "192.168.1.0/24" -s
                                        python port_scan.py "192.168.1.0/24" --timeout 10
                                        python port_scan.py "192.168.1.0/24 -l -s"'''))
    parser.add_argument('-s', '--stealth', default=False, action="store_true", help='Stealthy TCP scan')
    parser.add_argument('--timeout', type=int, default=2, help='Timeout parameter of scans')
    parser.add_argument('-l', '--log', type=str, default='', help="Log the data to a file")
    parser.add_argument('subnet', type=str, help='subnet in from of [ip]/[bitmask]')
    parser.add_argument('-O', '--os', default=False, action="store_true", help="Make fingerprint and try scan OS")
    return parser.parse_args()


def main():
    def save_log(data):
        if args.log:
            with open(log, 'a+') as f:
                f.write(data + 'n')

    args = parse_arguments()
    scanner = Scanner(args.timeout)
    scan_type = 'stealth' if args.stealth else 'default'

    # Os - detection setup
    load_module("nmap")
    if not os.path.isfile('nmap-os-fingerprints'):
        open('nmap-os-fingerprints', 'wb').write(urlopen('https://raw.githubusercontent.com/nmap/nmap/9efe1892/nmap-os-fingerprints').read())
    conf.nmap_base = 'nmap-os-fingerprints'

    network = scanner.arp_ping(args.ip_range)
    for connection in network:
        mac, ip = connection.split(' - ')
        print('n[!] Trying port scan of current connection with mac={} and ip={}n'.format(mac, ip))

        for port in get_ports():
            data = ''

            if port.type == 'tcp':
                status = scanner.tcp(ip, int(port.port), args.stealth)
                if status == 'Open':
                    data = '[*] TCP {} scan: dest_ip={} port={}, service={}, status={}'.format(scan_type, ip, port.port, port.name, status)
            if port.type == 'udp':
                status = scanner.udp(ip, int(port.port))
                if status == 'Open':
                    data = '[*] UDP scan: dest_ip={} port={}, service{}, status={}'.format(ip, port.port, port.name, status)

            if data:
                save_log(data)
                print(data)

        if args.os:
            data = re.findall(r"['(.*)']", nmap_fp(target))[0]
            if data:
                save_log("nOS detected: {}".format(data))
                print("nOS detected: {}".format(data))

if __name__ == '__main__':
    main()