DiabloHorn

1. #!/usr/bin/env python
2.  
3. #author: DiabloHorn http://diablohorn.wordpress.com
4. #source ports borrowed from: http://nmap.org/book/man-bypass-firewalls-ids.html
5. #destination ports, just the ones I find interesting
6. #nice scapy reference material:
7. #   - http://www.secdev.org/projects/scapy/doc/usage.html
8. #   - http://www.secdev.org/conf/scapy_pacsec05.pdf
9. #   - https://cs.uwindsor.ca/~rfortier/CRIPT/uploads/slides/Python_Scapy.pdf
10.  
11.  
12. import sys
13. from scapy import *
14. #uncomment the line below and comment he one above if the script errors out
15. #from scapy.all import *
16.  
17. def txthelp():
18.     print
19.     print "Source Port Scanner"
20.     print "DiabloHorn - http://diablohorn.wordpress.com"
21.     print "Scans some hardcoded ports, from different sourceports"
22.     print "Usage: " + sys.argv[0] + " target"
23.     print "ATTENTION: Changing the amount of ports might hog a lot of memory and make it die"
24.     print
25.    
26. def flags2human(flagbits):
27.     flags = {0:"FIN",1:"SYN",2:"RST",3:"PUSH",4:"ACK",5:"URG",6:"ECN-Echo",7:"CWR"}
28.     output = []
29.  
30.     for x in range(0,8):
31.         if (flagbits >> x) & 1:
32.             output.append(flags[x])  
33.  
34.     return str(output)
35.    
36. if __name__ == "__main__":
37.     if len(sys.argv) <= 1:
38.         txthelp()
39.         sys.exit(1)
40.        
41.     ip = IP(dst=sys.argv[1])
42.     resultscan = []
43.    
44.     tcp = TCP(dport=[21,22,23,80,443,3389,5900,8080,8443],sport=[20,53,67,88],flags="S")
45.     ans,unans = sr(ip/tcp,timeout=2)
46.     for sent,rcvd in ans:
47.         if rcvd.haslayer(TCP):
48.             co = "%d,%d,%d,%s" % (rcvd.dport, sent.dport, rcvd.getlayer(TCP).flags, flags2human(rcvd.getlayer(TCP).flags))
49.             resultscan.append(co)
50.     print "srcport, dstport, flags, humanflags"
51.     for x in resultscan:
52.         print x
53.  
54.