Building a port scanner

Now that we know the basics of socket programming, let's build a port scanner.

Ports are to computers what entrances are to houses. A computer has 65,535 ports through which it can communicate with the outside world. Most of the ports are closed by default. However, typically computers need to keep certain ports open for other computers on the network to connect and communicate. 

A port scanner then is software that scans all the ports of a computer to find out which ports of the computer are open and listening for incoming communications. Port scanning is used by network administrators to strengthen their security regimes, but it is also used by hackers to look for entry points to break into a computer.

Before you get into scanning random website servers with this tool, it is important to know that port scanning without proper authorization is illegal in a few jurisdictions. Many ISPs ban port scanning. Furthermore, many websites have explicit policies banning any attempts at port scanning.  There have been cases of convictions for unauthorized scans.
You may even want to consult a lawyer if you are scanning third-party websites with this tool. Even if a website is silent about port scanning, it's always better to get authorization from a website before you scan its ports. Repeated scan
attempts on a single target may also cause your IP address to be blocked by the administrators.
We recommend that you use this tool to analyze security vulnerabilities only on computers that you are authorized to scan, or on websites that have a liberal policy allowing for limited and non-disruptive scans.

With that disclaimer out of the way, let's get into building the port scanner. On completion, our port scanner will look as follows:

We do not discuss the code that creates the preceding GUI, as this should be easy for you. See 9.08_port_scanner.py for the complete code. We instead discuss the code related to port scanning.

There are several techniques used for port scanning. TCP SYN scanning is the most commonly used technique. It exploits the three-way handshake protocol employed by TCP, which involves sending and receiving SYN, SYN-ACK, and ACK messages. Here, SYN stands for synchronize and ACK stands for acknowledge. Visit https://en.wikipedia.org/wiki/Transmission_Control_Protocol for more details on this three-way handshake protocol.

A TCP SYN scan involves sending a SYN packet as if you will make a real connection and then waiting for the response. A SYN/ACK response from the target means that the port is open. A RST (reset) response suggests that the port is closed. If no response is received, the port is considered to be filtered.

Another common technique, and the one we will use for port scanning, is called the TCP connect scanner. This involves requesting a connection to the target operating system using the connect system call. This is exactly how web browsers and other high-level clients make a connection.

The connect command establishes an actual connection to the target, as opposed to the half-open scan that TCP SYN scan does. Since a complete connection is established, a connect scan is slower and requires more transmission than an SYN scan to find out whether a port is open. Furthermore, the target machine is more likely to log the connection and it is therefore not as stealthy as an SYN scan.

Accordingly, the code that checks whether a port is open is defined as follows (see 9.08_port_scanner.py):

def is_port_open(self,url, port):
 try:
   s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
   s.settimeout(1)
   s.connect((socket.gethostbyname(url), port))
   s.close()
   return True
 except:
   return False

Note that the preceding code simply uses socket.connect to make a connection to probe the port

We call the preceding method from another method, start_scan, which simply loops over each of the ports in the range provided by the user:

def start_scan(self, url, start_port, end_port):
 for port in range (start_port, end_port+1):
   if not self.stop:
     self.output_to_console("Scanning port{}".format(port))
     if self.is_port_open(url, port):
       self.output_to_console(" -- Port {} open 
".format(port))
     else:
       self.output_to_console("-- Port {} closed 
".format(port))

Finally, we do not want a call to this method to block our Tkinter main loop. Therefore, we call the preceding method in a new thread as follows:

def scan_in_a_new_thread(self):
  url = self.host_entry.get()
  start_port = int(self.start_port_entry.get())
  end_port = int(self.end_port_entry.get())
  thread = Thread(target=self.start_scan, args=(url, start_port, 
    end_port ))
  thread.start()

The preceding method gets the values entered by the user and passes them as arguments to the start_scan method in a new thread.

The rest of the code simply creates and updates the GUI with the result and should be self-explanatory. This concludes the port scanner project.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.225.57.164