Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers by TJ O'Connor Read Free Book Online
Authors: TJ O'Connor
API provides us with some functions that will be useful in implementing our TCP port scanner. Let’s examine a couple before proceeding. For a deeper understanding, view the Python Standard Library Documentation at: http://docs.Python.org/library/socket.html .
socket.gethostbyname(hostname) – This function takes a hostname such as www.syngress.com and returns an IPv4 address format such as 69.163.177.2.
socket.gethostbyaddr(ip address) – This function takes an IPv4 address and returns a triple containing the hostname, alternative list of host names, and a list of IPv4/v6 addresses for the same interface on the host.
socket.socket([family[, type[, proto]]]) – This function creates an instance of a new socket given the family. Options for the socket family are AF_INET, AF_INET6, or AF_UNIX. Additionally, the socket can be specified as SOCK_STREAM for a TCP socket or SOCK_DGRAM for a UDP socket. Finally, the protocol number is usually zero and is omitted in most cases.
socket.create_connection(address[, timeout[, source_address]]) – This function takes a 2-tuple (host, port) and returns an instance of a network socket. Additionally, it has the option of taking a timeout and source address.
In order to better understand how our TCP Port Scanner works, we will break our script into five unique steps and write Python code for each of them. First, we will input a hostname and a comma separated list of ports to scan. Next, we will translate the hostname into an IPv4 Internet address. For each port in the list, we will also connect to the target address and specific port. Finally, to determine the specific service running on the port, we will send garbage data and read the banner results sent back by the specific application.
In our first step, we accept the hostname and port from the user. For this, our program utilizes the optparse library for parsing command-line options. The call to optparse. OptionPaser([usage message]) creates an instance of an option parser. Next, parser.add_option specifies the individual command line optionsfor our script. The following example shows a quick method for parsing the target hostname and port to scan.
import optparse
parser = optparse.OptionParser(‘usage %prog –H’+\
‘ -p ’)
)
parser.add_option(‘-H’, dest=‘tgtHost’, type=‘string’, \
help=‘specify target host’)
parser.add_option(‘-p’, dest=‘tgtPort’, type=‘int’, \
help=‘specify target port’)
(options, args) = parser.parse_args()
tgtHost = options.tgtHost
tgtPort = options.tgtPort
if (tgtHost == None) | (tgtPort == None):
print parser.usage
exit(0)
Next, we will build two functions connScan and portScan. The portScan function takes the hostname and target ports as arguments. It will first attempt to resolve an IP address to a friendly hostname using the gethostbyname() function. Next, it will print the hostname (or IP address) and enumerate through each individual port attempting to connect using the connScan function. The connScan function will take two arguments: tgtHost and tgtPort and attempt to create a connection to the target host and port. If it is successful, connScan will print an open port message. If unsuccessful, it will print the closed port message.
import optparse
from socket import ∗
def connScan(tgtHost, tgtPort):
try:
connSkt = socket(AF_INET, SOCK_STREAM)
connSkt.connect((tgtHost, tgtPort))
print ‘[+]%d/tcp open’% tgtPort
connSkt.close()
except:
print ‘[-]%d/tcp closed’% tgtPort
def portScan(tgtHost, tgtPorts):
try:
tgtIP = gethostbyname(tgtHost)
except:
print “[-] Cannot resolve ‘%s’: Unknown host”%tgtHost
return
try:
tgtName = gethostbyaddr(tgtIP)
print ‘\n[+] Scan Results for: ’ + tgtName[0]
except:
print ‘\n[+] Scan Results for: ’ +
socket.gethostbyname(hostname) – This function takes a hostname such as www.syngress.com and returns an IPv4 address format such as 69.163.177.2.
socket.gethostbyaddr(ip address) – This function takes an IPv4 address and returns a triple containing the hostname, alternative list of host names, and a list of IPv4/v6 addresses for the same interface on the host.
socket.socket([family[, type[, proto]]]) – This function creates an instance of a new socket given the family. Options for the socket family are AF_INET, AF_INET6, or AF_UNIX. Additionally, the socket can be specified as SOCK_STREAM for a TCP socket or SOCK_DGRAM for a UDP socket. Finally, the protocol number is usually zero and is omitted in most cases.
socket.create_connection(address[, timeout[, source_address]]) – This function takes a 2-tuple (host, port) and returns an instance of a network socket. Additionally, it has the option of taking a timeout and source address.
In order to better understand how our TCP Port Scanner works, we will break our script into five unique steps and write Python code for each of them. First, we will input a hostname and a comma separated list of ports to scan. Next, we will translate the hostname into an IPv4 Internet address. For each port in the list, we will also connect to the target address and specific port. Finally, to determine the specific service running on the port, we will send garbage data and read the banner results sent back by the specific application.
In our first step, we accept the hostname and port from the user. For this, our program utilizes the optparse library for parsing command-line options. The call to optparse. OptionPaser([usage message]) creates an instance of an option parser. Next, parser.add_option specifies the individual command line optionsfor our script. The following example shows a quick method for parsing the target hostname and port to scan.
import optparse
parser = optparse.OptionParser(‘usage %prog –H’+\
‘
)
parser.add_option(‘-H’, dest=‘tgtHost’, type=‘string’, \
help=‘specify target host’)
parser.add_option(‘-p’, dest=‘tgtPort’, type=‘int’, \
help=‘specify target port’)
(options, args) = parser.parse_args()
tgtHost = options.tgtHost
tgtPort = options.tgtPort
if (tgtHost == None) | (tgtPort == None):
print parser.usage
exit(0)
Next, we will build two functions connScan and portScan. The portScan function takes the hostname and target ports as arguments. It will first attempt to resolve an IP address to a friendly hostname using the gethostbyname() function. Next, it will print the hostname (or IP address) and enumerate through each individual port attempting to connect using the connScan function. The connScan function will take two arguments: tgtHost and tgtPort and attempt to create a connection to the target host and port. If it is successful, connScan will print an open port message. If unsuccessful, it will print the closed port message.
import optparse
from socket import ∗
def connScan(tgtHost, tgtPort):
try:
connSkt = socket(AF_INET, SOCK_STREAM)
connSkt.connect((tgtHost, tgtPort))
print ‘[+]%d/tcp open’% tgtPort
connSkt.close()
except:
print ‘[-]%d/tcp closed’% tgtPort
def portScan(tgtHost, tgtPorts):
try:
tgtIP = gethostbyname(tgtHost)
except:
print “[-] Cannot resolve ‘%s’: Unknown host”%tgtHost
return
try:
tgtName = gethostbyaddr(tgtIP)
print ‘\n[+] Scan Results for: ’ + tgtName[0]
except:
print ‘\n[+] Scan Results for: ’ +
Similar Books
Dark Solace
Tara Fox Hall
A Cup of Murder
Cam Larson
Smart Girl
Rachel Hollis
Some Rain Must Fall
Michel Faber
Trouble In Bloom
Heather Webber
The Versace League
Shan
Pandora Gets Angry
Carolyn Hennesy
Vs Reality
Blake Northcott
Hogs #4:Snake Eaters
Jim DeFelice
More Than You Can Say
Paul Torday