[Python] Python and security-② Port scanning tool made with Python

Introduction

Last time ([Python] Python and Security-② Port Scanning Tool Made with Python), I examined the outline and features of Python. This time, let's make a simple port scanning tool using Python. In addition, by using the tool, it is possible to check and respond to services that are operating carelessly.

** Because it is an act of collecting information, "Banner Grabbing", it is a crime to carry out to an unauthorized subject. Please note that we are not responsible for any problems with this article. ** **

What is Port Scan?

Port scanning is to search for and identify ports that are open to the target server or network device. By checking the open port, it is possible to check the service running from the target, and for an attacker, port scanning can be said to be a preparation for an attack.

** The types of Port Scan are as follows **

Features by type of Port Scan

UDP Port Scan In the case of UDP Scan, the port is scanned using the UDP protocol. If the port is open, there is no response from the target, but if it is closed, there is an ICMP message (Destination Unreachable, Port Unreachable) response. However, UDP Scan is not reliable because packets are likely to be lost from routers and firewalls.

image.png

TCP Connect Scan(TCP Open Scan) A scan that uses the connect () function to connect the target with a 3-way-Handshaking and check for open ports. It's reliable and you can scan without root and privileges, but the scan is slow and logs. image.png

TCP Half-Open Scan(SYN Stealth Scan) Unlike TCP Connect Scan, Half-Open Scan, also known as SYN scan, does not form a complete session with 3 Way-Handshaking and uses only SYN packets to check the port. No logs are left, but root privileges are required for implementation. image.png

** Why do you need root privileges? ** Since the control bit of the TCP protocol header needs to be set, SYN scanning can only be performed with root privileges. ** Why is there no log? ** When a SYN / ACK response is received from the target, the packet set to RST is sent as the response instead of ACK. Since the packet is RST, the communication is forcibly terminated and the communication setting is not completed (connecting the session), so there is a high possibility that no log will be left in the system.

FIN/NULL/Xmas Scan The three scans include TCP FIN Scan, which sets Flag to FIN, and Xmas Scan, which sets nothing, NULL Scan, FIN, PSH, and HUG at the same time. Since each communication is not normal, no log is left, the target can be used only in UNIX / Linux environment, and the result of Open / Filter / error is unknown. FIN Scan image.png NULL Scan image.png Xmas Scan image.png

Let's make a Scanning tool in Python using the socket module

After importing the socket module, use the connect () function, specify the IP and Port number, and then perform TCP communication. Data can be sent and received using the send () and recv () functions.

port_scanning.py


import socket
s = socket.socket()
s.connect(('IP address',port number))
s.close()

"Result" port_scanning.py


#If the port is open
>> 
#If the port is not open
Traceback (most recent call last):
  File "C:/~", line 3, in <module>
    s.connect(('127.0.0.1', 23))
ConnectionRefusedError: [WinError 10061]The connection could not be made because it was rejected by the target computer.

To resolve the error, use the "try" and "except" statements in a simple way to distinguish between success and failure.

port_scanning.py


import socket
try:
s = socket.socket()
s.connect(('IP address',port number))
    print('success')
    s.close()
except:
    print('fail')

"Result" port_scanning.py


#If the port is open
>> success
#If the port is not open
>> fail

Create to automatically check the port number within the range using the roop statement.

port_scanning.py


import socket
for port in range(1,101):
    try:
        s = socket.socket()
        s.connect(('IP address', port))
        print('Open port:%d' % port)
        s.close()
        
    except: pass

"Result" port_scanning.py


>>Open port:22
>>Open port:80

Checking ports 1 to 100 can be time consuming, so let's use Python's list data type to scan only the ports that are primarily used.

** Frequently used ports ** 20, 21(FTP) / 22(SSH) / 23(Telnet) / 25(SMTP) / 53(DNS) / 80(HTTP) / 110(POP3) / 123(NTP) / 443(HTTPS) / 1433(MSSQL) / 3306(MYSQL) / 1521(ORACLE) / 8080(ORACLE, TOMCAT) / 3389(RDP)

port_scanning.py


import socket
ports = [20, 21, 22, 23, 25, 53, 80, 110, 123, 443, 1433, 3306, 1521, 8080, 3389]
for port in ports:
    try:
        s = socket.socket()
        s.connect(('IP address', port))
        print('Open port:%d' % port)
        s.close()
        
    except: pass

"Result" port_scanning.py


>>Open port:80
>>Open port:443
>>Open port:3306
>>Open port:8080

Let's use the input () function to enter the host address and create code to perform port scanning.

port_scanning.py


import socket
ports = [20, 21, 22, 23, 25, 53, 80, 110, 123, 443, 1433, 3306, 1521, 8080, 3389]
host = input('IP address:')
for port in ports:
    try:
        s = socket.socket()
        s.connect((host, port))
        print('Open port:%d' % port)
        s.close()
        
    except: pass

"Result" port_scanning.py


>>IP address: 127.0.0.1
>>Open port:80
>>Open port:443
>>Open port:3306
>>Open port:8080

Summary

This time I tried to make a simple port scanning tool using Python's sokect library, but various modifications are necessary to use it practically. However, since the principle of port scanning and the basic port scanning tool can be created with Python, the person in charge and the administrator hope to refer to this post and help build a more secure network environment.

Article summary

February 14, 2020-: sunny: [Python] Python and Security-① What is Python

Recommended Posts

[Python] Python and security-② Port scanning tool made with Python
GUI image cropping tool made with Python + Tkinter
Port scan with python
Dynamic HTML pages made with AWS Lambda and Python
I made a LINE BOT with Python and Heroku
Programming with Python and Tkinter
Encryption and decryption with Python
Python and hardware-Using RS232C with Python-
I made blackjack with python!
[Python] Python and security-① What is Python?
python with pyenv and venv
I made blackjack with Python.
Othello made with python (GUI-like)
I made wordcloud with Python.
Works with Python and R
Create youtube ad auto skip tool with python and OCR
[I made it with Python] XML data batch output tool
Communicate with FX-5204PS with Python and PyUSB
Shining life with Python and OpenCV
Robot running with Arduino and python
Install Python 2.7.9 and Python 3.4.x with pip.
SNS Python basics made with Flask
Neural network with OpenCV 3 and Python 3
AM modulation and demodulation with python
[Python] font family and font with matplotlib
Scraping with Node, Ruby and Python
Scraping with Python, Selenium and Chromedriver
Scraping with Python and Beautiful Soup
Numer0n with items made in Python
I made a fortune with Python.
JSON encoding and decoding with python
Hadoop introduction and MapReduce with Python
[GUI with Python] PyQt5-Drag and drop-
Othello game development made with Python
Reading and writing NetCDF with Python
I played with PyQt5 and Python3
Reading and writing CSV with Python
Multiple integrals with Python and Sympy
Coexistence of Python2 and 3 with CircleCI (1.0)
Easy modeling with Blender and Python
I made a daemon with Python
Sugoroku game and addition game with python
FM modulation and demodulation with Python
I made a simple circuit with Python (AND, OR, NOR, etc.)
How to make a surveillance camera (Security Camera) with Opencv and Python
I made a Nyanko tweet form with Python, Flask and Heroku
FX automatic trading system made with python and genetic algorithm Part 1
Communicate between Elixir and Python with gRPC
Calculate and display standard weight with python
Monitor Mojo outages with Python and Skype
FM modulation and demodulation with Python Part 3
[Automation] Manipulate mouse and keyboard with Python
I made a tool to automatically browse multiple sites with Selenium (Python)
Simple Slack API client made with Python
HTTP split download guy made with Python
Passwordless authentication with RDS and IAM (Python)
Python installation and package management with pip
I made a character counter with Python
Using Python and MeCab with Azure Databricks
Check and receive Serial port in Python (Port check)
POST variously with Python and receive with Flask