PORT SCANNER
INTRODUCTION
Port Scanners are essentially used for Penetration Testing and Information Gathering. Basically, we are searching for open ports in a host network for two reasons. To guarantee our servers are guarded or to exploit another Host. A casually opened port simply means defenceless and comes with a lack of security.
Consequently, it is prudent to scan the ports of your own network to locate likely security gaps that can be available. In order to achieve this, we can use a familiar and licensed open-source software like Nmap. In this tutorial, however, we will write our code in Python for a port scanner. We prefer Python as the programming language because it is easy, modern and potent.
Before we begin, It’s advisable that you are aware that port scanning someone else’s network without their approval/license is a crime. Scanning your own network or one that you are permitted to is permissible. Alternatively, you can use scanme.nmap.org to experiment around. I do not take any accountability for the exploitation of the information.
Basic Functionality
Let us first survey the primary functionality of a port scanner. A port scanner strives to connect to an IP-Address on a specific port. Customarily, when we surf the web, connections are made to servers via port 80 (HTTP) or port 443 (HTTPS). There are also a lot of other significant ports like 25 (SMTP), 21 (FTP), 22 (SSH) and many more. There are more than 130,000 ports of which 1,023 are regulated and 48,128 reserved. So, when we create a port scanner, we better make it useful and focus on the essential ports.
Now, let’s first look at the most comfortable way of scanning ports with Python.
def portscan(port):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((target, port))
return True
except:
return False
Inside this example, we build a standard socket that tries to connect to a target on a specific port. If it succeeds, we return True. If there is an objection, we return False. Then we print the result for the corresponding port.
for port in range(1, 1024):
result = portscan(port)
if(result):
print(“Port {} is open!”.format(port))
else:
print(“Port {} is closed!”.format(port))
The above code is a full port scanner already. But there is a little predicament with it. When it is run, you will observe that it is notably slow, because it scans one port one after the other. The solution for this or averting this slowness is with Multithreading. So, let us dive into the code.
Developing The Ports
Firstly, we will be required to introduce some libraries:
from queue import Queue
import socket
import threading
- The socket will be used for our connection trials to the host at a specific port.
- Threading will empower us to run various scanning functions concurrently.
- A queue is a data structure that will aid us to manage the access of various threads on a single resource, which in our case will be the port numbers. Since our threads run concurrently and scan the ports, we use queues to ensure that every port is scanned once.
Then, we will also establish 3 global variables that we will apply throughout the various functions:
target = “127.0.0.1”
queue = Queue()
open_ports = []
- Target is clearly the IP-Address or domain of the host we are striving to scan.
- The queue is now empty and will later be supplied with the ports we want to scan.
- For the last, we have an empty list, which will store the available/open port numbers at the end.
We start by executing the portscan function, which we have previously discussed.
def portscan(port):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((target, port))
return True
except:
return False
def get_ports(mode):
if mode == 1:
for port in range(1, 1024):
queue.put(port)
elif mode == 2:
for port in range(1, 49152):
queue.put(port)
elif mode == 3:
ports = [20, 21, 22, 23, 25, 53, 80, 110, 443]
for port in ports:
queue.put(port)
elif mode == 4:
ports = input(“Enter your ports (seperate by blank):”)
ports = ports.split()
ports = list(map(int, ports))
for port in ports:
queue.put(port)
In this function, we have outlined four possible modes. The first mode scans the 1023 regulated ports. While the second mode, we add the 48,128 reserved ports. By applying the third mode, we focus on some of the essential ports only. And finally, the fourth mode provides us with the opportunity to choose our ports manually. After that, we combine all our ports to the queue.
Notice that when we access the ports in mode four, we are dividing our input into a list of strings. Therefore, we want to map the typecasting function of the integer data type to every element of the list to apply it.
CONCLUSION
Port scanner is basically used to scan for open ports, either for protecting your own network or to exploit other hosts which is a crime if you do it without permission.
So i hope this post has been insightful…
Thanks