StackZero
  • Homepage
  • Cryptography and Privacy
  • Ethical Hacking
  • Reverse Engineering
  • Contacts
  • About Me
No Result
View All Result
StackZero
No Result
View All Result

How to create network scanner tool in a few lines of code!

November 5, 2021
in Ethical Hacking
0 0
How to create network scanner tool in a few lines of code!
0
SHARES
411
VIEWS
Share on FacebookShare on Twitter

If you want to know how to create a network scanner tool in python in a few lines, without effort, you are in the right place:

We are going to build a tool for network analysis, in particular for host and service scanning.
This a very important phase of reconnaissance, and as usual, we will not use any external tool.
The whole procedure in our case requires a machine with Linux Mint installed but works well in other OS with small changes.
The final result of the project will therefore be a command-line tool to which we will pass in input an IP in the case of port scanning or a range in the case of host scanning.
In order to solve the problem we will use different approaches:
During the first part, i.e. the host scanning the Python library of reference will be Scapy, for the service scanning instead we will use directly a TCP socket.

Table of Contents

Toggle
  • Preparation
  • Python host scanner method in a few lines
  • Switch to the Python port scanner method
  • The main method, parsing options
  • Put all together
  • Further readings

Preparation

Before starting the code session we need to verify if we have all that we need.

If we do not have scapy installed, we type in the terminal:

pip install scapy

After this brief introduction, let’s get straight down to writing the code and see the imports:

from scapy.all import *
from optparse import OptionParser
from socket import *

Python host scanner method in a few lines

As far as host scanning is concerned, we define a method in which we will use an ARP packet sent in broadcasting (ARP is the protocol devised for IP-MAC ADDRESS mapping).
The method may be a little imprecise, but it is the fastest and is enough for our scope, a possible extension is the introduction of other scanning modes.
But let’s see the code before commenting on it:

def get_hosts(dst):
    
    ans,unans=srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=options.dst),timeout=2)
        
    alive = [(a.answer[Ether].src, a.answer[ARP].psrc ) for a in ans]
        
    return alive

Scapy allows us to construct an ARP packet to which we pass the broadcasting address as the destination address, to which we ask for the MAC address of the IP passed as a parameter.
The SRP (send receive packet) method returns a tuple containing respectively the requests that have not received an answer and those that have.
The next step is to create an “alive” list containing tuples with MAC and IP addresses.
To obtain these values simply iterate over the “ans” list containing the answered calls and
read the values this way (a.answer[Ether].src, a.answer[ARP].psrc ) where “a” is the element in the list.

Switch to the Python port scanner method

After seeing how host scanning works with Scapy, let’s see how we can do service scanning with a TCP socket:

def scan_port(dst, port):
    sock = socket(AF_INET, SOCK_STREAM)
    setdefaulttimeout(2)
    if sock.connect_ex((dst, port)) == 0:
        
        return True
    return False

In the code, we create a TCP socket called “sock”. AF_INET and SOCK_STREAM are the constants to pass to the constructor to create a TCP socket.
Then we set a timer that indicates the timeout in seconds.
And the final step is to attempt a connection with the ip and port passed as parameters.
If the connection is successful the final result is 0 and so we return True, and False otherwise.

The main method, parsing options

The building of our network scanner tool in python is complete, anyway, we need another step.

Finally, let’s look at the main, where we’ll take the input arguments to decide which method to call and then pass the correct values to it.

if __name__ == "__main__":
    parser = OptionParser()

    parser.add_option("-d", '--dst', action="store", dest="dst", help="The host/host-range to scan")
    parser.add_option("-p", '--port', action="store_true", dest="port", help="Indicates the wish to scan the ports of the selected host")
    options, args = parser.parse_args()
    if not options.port:
        alive = get_hosts(options.dst)
        print("="*45) 
        
        for c, (a, i) in zip(range(1, len(alive)+1),alive):
            print(f"[{c}] MAC: {a}\tIP: {i}")
    
    else:
        for p in range(1024):
            scan_result = scan_port(options.dst, p)
            if scan_result:
                print(f"[+] Port {p} is open")

The input values are taken from the optparse library and stored in an object called “options”.
If we don’t input the argument “-p” the script will call the “get_hosts” method and display the results on screen,
otherwise it will call the scan_port method for all standard ports from 0 to 1023, showing the ports that are open.

Put all together

Now let’s see the complete code:

from scapy.all import *
from optparse import OptionParser
from socket import *

def get_hosts(dst):
    
    ans,unans=srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=options.dst),timeout=2)
        
    alive = [(a.answer[Ether].src, a.answer[ARP].psrc ) for a in ans]
        
    return alive

def scan_port(dst, port):
    sock = socket(AF_INET, SOCK_STREAM)
    setdefaulttimeout(2)
    if sock.connect_ex((dst, port)) == 0:
        
        return True
    return False
    


if __name__ == "__main__":
    parser = OptionParser()

    parser.add_option("-d", '--dst', action="store", dest="dst", help="The host/host-range to scan")
    parser.add_option("-p", '--port', action="store_true", dest="port", help="Indicates the wish to scan the ports of the selected host")
    options, args = parser.parse_args()
    if not options.port:
        alive = get_hosts(options.dst)
        print("="*45) 
        
        for c, (a, i) in zip(range(1, len(alive)+1),alive):
            print(f"[{c}] MAC: {a}\tIP: {i}")
    
    else:
        for p in range(1024):
            scan_result = scan_port(options.dst, p)
            if scan_result:
                print(f"[+] Port {p} is open")

And now some examples of use, remembering that it must be launched with root permissions:

In the case of a local network with network address 192.168.1.0 and netmask 255.255.255.0

if we want to display the active hosts we will call the script with:

sudo python3 scanner.py --dst 192.168.1.0/24

If, on the other hand, after the first scan we have identified our target in a host (for example, 192.168.1.106) we will run the script as follows:

sudo python3 scanner.py --dst 192.168.1.106 -p

And more in general:

# Host scanner
sudo python3 scanner.py --dst <IP_RANGE>

# Port scanner
sudo python3 scanner.py --dst <TARGET_IP> -p

Further readings

Now we have seen how to create our network scanner tool and you can keep learning.

if you found this interesting you can take a look at those articles:

  • How to easily change your Windows Mac Address in Python
  • Domain scanner made easy – with Python!
How to embed shellcode payload into an executable
Trending
How to embed shellcode payload into an executable

Tags: arphosthost scannernetwork scannernetwork-securityportport scannerpython
Previous Post

How to code shellcode runner for your malware analysis

Next Post

Subdomain scanner made easy – with Python!

Next Post
Subdomain scanner made easy – with Python!

Subdomain scanner made easy – with Python!

You might also like

Cryptographic functions

Cryptographic Hash Functions in Python: Secure Your Data Easily

November 3, 2024
Malware Obfuscation Techniques: All That You Need To Know

Malware Obfuscation Techniques: All That You Need To Know

March 25, 2024
How To Do Process Enumeration: An Alternative Way

How To Do Process Enumeration: An Alternative Way

March 4, 2024
How To Do DLL Injection: An In-Depth Cybersecurity Example

How To Do DLL Injection: An In-Depth Cybersecurity Example

February 8, 2024
Process Injection By Example: The Complete Guide

Process Injection By Example: The Complete Guide

January 24, 2024
How To Build Your Own: Python String Analysis for Malware Insights

How To Build Your Own: Python String Analysis for Malware Insights

November 10, 2023

StackZero

StackZero is a specialized technical blog dedicated to the realm of cybersecurity. It primarily provides insightful articles and comprehensive tutorials designed to educate readers on developing security tools. The blog encompasses a broad spectrum of subjects, starting from the foundational principles of cryptography and extending to more sophisticated areas such as exploitation and reverse engineering. This makes StackZero an invaluable resource for both beginners and professionals in the field of cybersecurity.
The blog covers a wide range of topics, from the basics of cryptography to the more advanced topics of exploitation and reverse engineering.

Tags

application security blind sqli blind sql injection bruteforce c cesar cipher command injection cryptography ctf cybersecurity debugging dom-based xss dvwa ethical-hacking ethical hacking exploitation file inclusion gdb hacking injection javascript malware malware analysis malware evasion network-security pentesting lab picoctf pico ctf python reflected xss reverse engineering sql sqli sql injection static analysis stored xss substitution substitution cipher vulnerable application web application security web exploitation web security windows windows api xss
  • About Me
  • Contacts
  • HomePage
  • Opt-out preferences
  • Privacy Policy
  • Terms and Conditions

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
No Result
View All Result
  • Homepage
  • Cryptography and Privacy
  • Ethical Hacking
  • Reverse Engineering
  • Contacts
  • About Me