mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-22 02:43:02 +00:00
Create scapscan.py
This commit is contained in:
parent
370f6cf496
commit
4e8069450a
1 changed files with 255 additions and 0 deletions
255
python_ruby_and_bash/scapscan.py
Normal file
255
python_ruby_and_bash/scapscan.py
Normal file
|
@ -0,0 +1,255 @@
|
|||
#! /usr/bin/python
|
||||
"""
|
||||
Author: Omar Santos @santosomar
|
||||
version 1.0
|
||||
This is a quick demonstration on how to use the scapy as a scanner
|
||||
* Pre-requisite: scapy, prettytable, argparse
|
||||
"""
|
||||
|
||||
import sys
|
||||
import prettytable
|
||||
import argparse
|
||||
import logging
|
||||
logging.getLogger("scapy.runtime").setLevel(logging.ERROR) #This is supress scapy warnings
|
||||
|
||||
from scapy.all import *
|
||||
|
||||
#conf.iface='eth0' # network interface to use
|
||||
conf.verb=0 # enable verbose mode - Is this actually working?
|
||||
conf.nofilter=1
|
||||
|
||||
def tcp_connect_scan(dst_ip,dst_port,dst_timeout):
|
||||
src_port = RandShort()
|
||||
tcp_connect_scan_resp = sr1(IP(dst=dst_ip)/TCP(sport=src_port,dport=dst_port,flags="S"),timeout=dst_timeout)
|
||||
if(str(type(tcp_connect_scan_resp))=="<type 'NoneType'>"):
|
||||
return "Closed"
|
||||
elif(tcp_connect_scan_resp.haslayer(TCP)):
|
||||
if(tcp_connect_scan_resp.getlayer(TCP).flags == 0x12):
|
||||
send_rst = sr(IP(dst=dst_ip)/TCP(sport=src_port,dport=dst_port,flags="AR"),timeout=dst_timeout)
|
||||
return "Open"
|
||||
elif (tcp_connect_scan_resp.getlayer(TCP).flags == 0x14):
|
||||
return "Closed"
|
||||
else:
|
||||
return "CHECK"
|
||||
|
||||
|
||||
def stealth_scan(dst_ip,dst_port,dst_timeout):
|
||||
src_port = RandShort()
|
||||
stealth_scan_resp = sr1(IP(dst=dst_ip)/TCP(sport=src_port,dport=dst_port,flags="S"),timeout=dst_timeout)
|
||||
if(str(type(stealth_scan_resp))=="<type 'NoneType'>"):
|
||||
return "Filtered"
|
||||
elif(stealth_scan_resp.haslayer(TCP)):
|
||||
if(stealth_scan_resp.getlayer(TCP).flags == 0x12):
|
||||
send_rst = sr(IP(dst=dst_ip)/TCP(sport=src_port,dport=dst_port,flags="R"),timeout=dst_timeout)
|
||||
return "Open"
|
||||
elif (stealth_scan_resp.getlayer(TCP).flags == 0x14):
|
||||
return "Closed"
|
||||
elif(stealth_scan_resp.haslayer(ICMP)):
|
||||
if(int(stealth_scan_resp.getlayer(ICMP).type)==3 and int(stealth_scan_resp.getlayer(ICMP).code) in [1,2,3,9,10,13]):
|
||||
return "Filtered"
|
||||
else:
|
||||
return "CHECK"
|
||||
|
||||
|
||||
def xmas_scan(dst_ip,dst_port,dst_timeout):
|
||||
xmas_scan_resp = sr1(IP(dst=dst_ip)/TCP(dport=dst_port,flags="FPU"),timeout=dst_timeout)
|
||||
if (str(type(xmas_scan_resp))=="<type 'NoneType'>"):
|
||||
return "Open|Filtered"
|
||||
elif(xmas_scan_resp.haslayer(TCP)):
|
||||
if(xmas_scan_resp.getlayer(TCP).flags == 0x14):
|
||||
return "Closed"
|
||||
elif(xmas_scan_resp.haslayer(ICMP)):
|
||||
if(int(xmas_scan_resp.getlayer(ICMP).type)==3 and int(xmas_scan_resp.getlayer(ICMP).code) in [1,2,3,9,10,13]):
|
||||
return "Filtered"
|
||||
else:
|
||||
return "CHECK"
|
||||
|
||||
|
||||
def fin_scan(dst_ip,dst_port,dst_timeout):
|
||||
fin_scan_resp = sr1(IP(dst=dst_ip)/TCP(dport=dst_port,flags="F"),timeout=dst_timeout)
|
||||
if (str(type(fin_scan_resp))=="<type 'NoneType'>"):
|
||||
return "Open|Filtered"
|
||||
elif(fin_scan_resp.haslayer(TCP)):
|
||||
if(fin_scan_resp.getlayer(TCP).flags == 0x14):
|
||||
return "Closed"
|
||||
elif(fin_scan_resp.haslayer(ICMP)):
|
||||
if(int(fin_scan_resp.getlayer(ICMP).type)==3 and int(fin_scan_resp.getlayer(ICMP).code) in [1,2,3,9,10,13]):
|
||||
return "Filtered"
|
||||
else:
|
||||
return "CHECK"
|
||||
|
||||
|
||||
def null_scan(dst_ip,dst_port,dst_timeout):
|
||||
null_scan_resp = sr1(IP(dst=dst_ip)/TCP(dport=dst_port,flags=""),timeout=dst_timeout)
|
||||
if (str(type(null_scan_resp))=="<type 'NoneType'>"):
|
||||
return "Open|Filtered"
|
||||
elif(null_scan_resp.haslayer(TCP)):
|
||||
if(null_scan_resp.getlayer(TCP).flags == 0x14):
|
||||
return "Closed"
|
||||
elif(null_scan_resp.haslayer(ICMP)):
|
||||
if(int(null_scan_resp.getlayer(ICMP).type)==3 and int(null_scan_resp.getlayer(ICMP).code) in [1,2,3,9,10,13]):
|
||||
return "Filtered"
|
||||
else:
|
||||
return "CHECK"
|
||||
|
||||
|
||||
def ack_flag_scan(dst_ip,dst_port,dst_timeout):
|
||||
ack_flag_scan_resp = sr1(IP(dst=dst_ip)/TCP(dport=dst_port,flags="A"),timeout=dst_timeout)
|
||||
if (str(type(ack_flag_scan_resp))=="<type 'NoneType'>"):
|
||||
return "Stateful firewall present\n(Filtered)"
|
||||
elif(ack_flag_scan_resp.haslayer(TCP)):
|
||||
if(ack_flag_scan_resp.getlayer(TCP).flags == 0x4):
|
||||
return "No firewall\n(Unfiltered)"
|
||||
elif(ack_flag_scan_resp.haslayer(ICMP)):
|
||||
if(int(ack_flag_scan_resp.getlayer(ICMP).type)==3 and int(ack_flag_scan_resp.getlayer(ICMP).code) in [1,2,3,9,10,13]):
|
||||
return "Stateful firewall present\n(Filtered)"
|
||||
else:
|
||||
return "CHECK"
|
||||
|
||||
|
||||
def window_scan(dst_ip,dst_port,dst_timeout):
|
||||
window_scan_resp = sr1(IP(dst=dst_ip)/TCP(dport=dst_port,flags="A"),timeout=dst_timeout)
|
||||
if (str(type(window_scan_resp))=="<type 'NoneType'>"):
|
||||
return "No response"
|
||||
elif(window_scan_resp.haslayer(TCP)):
|
||||
if(window_scan_resp.getlayer(TCP).window == 0):
|
||||
return "Closed"
|
||||
elif(window_scan_resp.getlayer(TCP).window > 0):
|
||||
return "Open"
|
||||
else:
|
||||
return "CHECK"
|
||||
|
||||
|
||||
def udp_scan(dst_ip,dst_port,dst_timeout):
|
||||
udp_scan_resp = sr1(IP(dst=dst_ip)/UDP(dport=dst_port),timeout=dst_timeout)
|
||||
if (str(type(udp_scan_resp))=="<type 'NoneType'>"):
|
||||
retrans = []
|
||||
for count in range(0,3):
|
||||
retrans.append(sr1(IP(dst=dst_ip)/UDP(dport=dst_port),timeout=dst_timeout))
|
||||
for item in retrans:
|
||||
if (str(type(item))!="<type 'NoneType'>"):
|
||||
udp_scan(dst_ip,dst_port,dst_timeout)
|
||||
return "Open|Filtered"
|
||||
elif (udp_scan_resp.haslayer(UDP)):
|
||||
return "Open"
|
||||
elif(udp_scan_resp.haslayer(ICMP)):
|
||||
if(int(udp_scan_resp.getlayer(ICMP).type)==3 and int(udp_scan_resp.getlayer(ICMP).code)==3):
|
||||
return "Closed"
|
||||
elif(int(udp_scan_resp.getlayer(ICMP).type)==3 and int(udp_scan_resp.getlayer(ICMP).code) in [1,2,9,10,13]):
|
||||
return "Filtered"
|
||||
else:
|
||||
return "CHECK"
|
||||
|
||||
def start(your_target,your_ports,your_timeout):
|
||||
x = prettytable.PrettyTable(["Port No.","TCP Connect Scan","Stealth Scan","XMAS Scan","FIN Scan","NULL Scan", "ACK Flag Scan", "Window Scan", "UDP Scan"])
|
||||
x.align["Port No."] = "l"
|
||||
|
||||
user_dst_ip = your_target
|
||||
port_list = your_ports
|
||||
user_dst_timeout = your_timeout
|
||||
|
||||
print "[+] Target : %s\n" % user_dst_ip
|
||||
print "[*] Scan started\n"
|
||||
|
||||
for i in port_list:
|
||||
tcp_connect_scan_res = tcp_connect_scan(user_dst_ip,int(i),int(user_dst_timeout))
|
||||
stealth_scan_res = stealth_scan(user_dst_ip,int(i),int(user_dst_timeout))
|
||||
xmas_scan_res = xmas_scan(user_dst_ip,int(i),int(user_dst_timeout))
|
||||
fin_scan_res = fin_scan(user_dst_ip,int(i),int(user_dst_timeout))
|
||||
null_scan_res = null_scan(user_dst_ip,int(i),int(user_dst_timeout))
|
||||
ack_flag_scan_res = ack_flag_scan(user_dst_ip,int(i),int(user_dst_timeout))
|
||||
window_scan_res = window_scan(user_dst_ip,int(i),int(user_dst_timeout))
|
||||
udp_scan_res = udp_scan(user_dst_ip,int(i),int(user_dst_timeout))
|
||||
x.add_row([i,tcp_connect_scan_res,stealth_scan_res,xmas_scan_res,fin_scan_res,null_scan_res,ack_flag_scan_res,window_scan_res,udp_scan_res])
|
||||
print x
|
||||
|
||||
print "\n[*] Scan completed\n"
|
||||
|
||||
|
||||
def banner():
|
||||
bannerTxt = """
|
||||
************************************************************
|
||||
|
||||
#### #### ## ##### #### #### ## # #
|
||||
# # # # # # # # # # # # ## #
|
||||
#### # # # # # #### # # # # # #
|
||||
# # ###### ##### # # ###### # # #
|
||||
# # # # # # # # # # # # # # ##
|
||||
#### #### # # # #### #### # # # #
|
||||
|
||||
|
||||
SCAPY SCANNER
|
||||
|
||||
A demonstration by Omar Santos on how to use scapy
|
||||
for scanning purposes. Part of the Cybersecurity classes at:
|
||||
https://h4cker.org
|
||||
|
||||
The following scan types are processed:
|
||||
- TCP Connect Scan
|
||||
- Stealth Scan
|
||||
- XMAS Scan
|
||||
- FIN Scan
|
||||
- NULL Scan
|
||||
- ACK Flag Scan
|
||||
- Window Scan
|
||||
- UDP Scan
|
||||
|
||||
usage: scapy_stealth_scan.py [-h] [-p] [-pl] [-pr] [-t] target
|
||||
|
||||
positional arguments:
|
||||
target Target address
|
||||
|
||||
optional arguments:
|
||||
-h, --help show this help message and exit
|
||||
-p Single port e.g. 80
|
||||
-pl Port list e.g. 21,22,80
|
||||
-pr Port range e.g. 20-30
|
||||
-t Timeout value (default 2)
|
||||
|
||||
************************************************************
|
||||
"""
|
||||
print bannerTxt
|
||||
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description=banner())
|
||||
parser.add_argument("target", help="Target address")
|
||||
parser.add_argument("-p", metavar="", help="Single port e.g. 80")
|
||||
parser.add_argument("-pl", metavar="", help="Port list e.g. 21,22,80")
|
||||
parser.add_argument("-pr", metavar="", help="Port range e.g. 20-30")
|
||||
parser.add_argument("-t", metavar="", type=int, default=2, help="Timeout value (default 2)")
|
||||
args = parser.parse_args()
|
||||
target = args.target
|
||||
|
||||
ports = []
|
||||
if args.p:
|
||||
p = args.p
|
||||
ports.append(p)
|
||||
if args.pl:
|
||||
pl = (args.pl).split(",")
|
||||
ports += pl
|
||||
if args.pr:
|
||||
pr = (args.pr).split("-")
|
||||
pr.sort()
|
||||
pr_item1 = int(pr[0])
|
||||
pr_item2 = int(pr[1])+1
|
||||
new_pr = range(pr_item1,pr_item2,1)
|
||||
ports += new_pr
|
||||
|
||||
timeout = int( args.t)
|
||||
|
||||
if(not len(ports)>0):
|
||||
print "No ports specified.\nUse -h or --help to see the help menu"
|
||||
exit(0)
|
||||
|
||||
ports = list(set(ports))
|
||||
new_ports=[]
|
||||
for item in ports:
|
||||
new_ports.append(int(item))
|
||||
ports = new_ports
|
||||
ports.sort()
|
||||
|
||||
start(target,ports,timeout)
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
Loading…
Reference in a new issue