This week I will share a basic Python port scanner, so that I can at least have it in my toolbox/build on it later.
Using the socket library in Python, it is fairly easy to whip up a simple port scanner, as you can see below.
import socket hosts = ["192.168.1.1", "192.168.2.1", "192.168.2.2", "192.168.2.10"] ports = [22, 23, 80, 443, 445, 3389] for host in hosts: for port in ports: try: print "[+] Connecting to " + host + ":" + str(port) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(5) result = s.connect_ex((host, port)) if result == 0: print " [*] Port " + str(port) + " open!" s.close() except: pass
As this is a short enough script, I'll go over it piece by piece so that hopefully everyone will understand what it does.
This bit of the script just imports the socket library, which allows the rest of the code to actually make the connections.
hosts = ["192.168.1.1", "192.168.2.1", "192.168.2.2", "192.168.2.10"] ports = [22, 23, 80, 443, 445, 3389]
These two lines setup the lists for the hosts we will scan, as well as the ports that we will check for each host. If we wanted to scan more ports or hosts, then we could add those values to these lists (or create them via a range).
for host in hosts: for port in ports: try:
The first two lines of this section set up our loops. The application will first perform the scan on each host in the list one by one. For each host, the application will loop through the port list, before continuing on to the next host. The third line just sets up our code for exception handling, for when we run into any errors with our socket connections.
print "[+] Connecting to " + host + ":" + str(port) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(5)
Up next we display what host and port we are attempting to connect to. After that, we set up our actual socket that we will use to make the connections. AF_INET refers to the Address Family, which just means addresses from the internet (IP addresses). SOCK_STREAM is used to create a TCP connection to the host:port in question (as opposed to a datagram/UDP connection). Additionally, once we create this socket, we can set the timeout (5 seconds in this example) to speed up the scanning a bit.
result = s.connect_ex((host, port)) if result == 0: print " [*] Port " + str(port) + " open!" s.close()
With our newly created socket, we then call connect_ex() to connect to our previously specified host and port. The script then attempts to connect to the host, and returns a numeric value as the response. If the result from the connection was a 0 value, then it means the connection was successful, and the script prints out that the port is open. Any other value indicates an error of some sort (generally the port being closed), and could be handled on a case by case basis. Once we have our result, we can close the socket. This prevents any connection issues or socket reuse errors in future connections.
The last two lines are to catch any exceptions from our initial "try" before we started making socket connections. That said, if any exceptions actually occur, then the application ignores them and execution continues. This is far from best practice (exceptions should at the very least be output in general), but is fine for this simple script. Some of the next steps for this program would be to handle specific exceptions properly and provide the user with more information though.
And, once this is all completed and executed, we get our output!
The code and updates can be found in my GitHub repository.