Hacking With python: Information Gathering 1

In hacking with python series, this is the first script for information gathering. A Simple python script which actively scans a port to check if it is open and Grab the service running on that port.

About the script:

Socket library in python is used to make connection [ TCP or UDP ].

Function proghelp is used to show the usage if there is some error while running the program.

sys.argv is used for taking command line argument from the console. It takes 2 arguments with the name of the program i.e. The IP address and the port to scan.

Function Scan() is taking two parameters, the ip address and the port number. socket.gethostbyname(ip) is converting the domain name into the ip address (Since machines works with digits). 

port1=int(port) is converting the port number to integer, Because we took the value for port from command line and anything we enter into command line in python is consider as string. So, we need to convert it to int to make that work.

Now, next step is try block. While using socket programming in python, there are certain exceptions that could generate which can be because of unresolved hostname, connection error etc. So, It is a good scripting habit to put certain code in try and except block.

s=socket.socket(socket.AF_INET,socket.SOCK_STREAM) will create an object “s” which is a socket object. Why we need to create it? We cannot directly use socket, there must be an object defined to handle the connection for the socket. It will make a TCP connection with target ip.

r= s.connect_ex((ip1,port1)), This code will actually make the connection to the ipaddress with the respective port. Variable r will keep the numeric code which tells if the connection is made or not.

if r == 0, r =0 means the connection has been established and the port is open.

bann= s.recv(1024)  This line of code tells to grab the banner that is reflected while making the connection. s is the object of the socket and recv(1024) will be used to take the output given by the target port. The maximum length is 1024. bann will store the banner output.

return bann.decode(‘utf-8’).strip(), Now one of the important line is this, that will return the data to you. bann.decode(‘utf-8’) is used to convert the data in bytes to string. This way we can easily apply come formatting standard and can make the output easy to read. The .strip() function will strips the lines and carriage returns from the output, making it more readable.

Calling scan function at the end of the code: print(scan(sys.argv[1],sys.argv[2]))

Code:
import socket
import sys
import string
def proghelp():
	'''***Printing Help
		A Simple socket script that is used to test if the port is open and grab its banner
		Usage: prog.py ipaddress port
	'''
if len(sys.argv) < 3:
	print("Not Enough Arguments.")
	print(proghelp.__doc__)
	print("Program Exiting...")
	exit()

ip=sys.argv[1]
port=sys.argv[2]

def scan(ip, port):
	ip1 = socket.gethostbyname(ip);
	port1=int(port)
	print("Scanning IP address: "+ip +" : "+ip1+":"+port)
	try:
                s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
		r= s.connect_ex((ip1,port1))
		if r == 0:
			print("IP Address: "+ip)
			print("Port "+ port+" is open.")
			bann= s.recv(1024)
			return bann.decode('utf-8').strip()			
		else:
			print("Port is Closed...")
			exit()
	except socket.error as err:
		return
	except socket.gaierror:
		return


print(scan(sys.argv[1],sys.argv[2]))
	

OUTPUT:

Improvement:

I made this script to scan single port only.

You can create a loop and scan through more ports.

Take a range of ports from the users for scanning.

Can calculate the estimated time took by the program to run.

For more read: http://www.anonhack.in/2018/05/hacking-with-pythonthe-head-start-part-1/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.