Reputation: 605
How to Create a port scanner TCP SYN using the method (TCP SYN )?
#####################################
# Portscan TCP #
# #
#####################################
# -*- coding: utf-8 -*-
#!/usr/bin/python3
import socket
ip = input("Digite o IP ou endereco: ")
ports = []
count = 0
while count < 10:
ports.append(int(input("Digite a porta: ")))
count += 1
for port in ports:
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.settimeout(0.05)
code = client.connect_ex((ip, port)) #conecta e traz a msg de erro
#Like connect(address), but return an error indicator instead of raising an exception for errors
if code == 0: #0 = Success
print (str(port) + " -> Porta aberta")
else:
print (str(port) + " -> Porta fechada")
print ("Scan Finalizado")
The python script above is a TCP Scanning. How can I change it into a TCP SYN scanning ? How to Create a port scanner TCP SYN using the method (TCP SYN ) ?
Upvotes: 0
Views: 11499
Answers (2)
Reputation: 11553
As @Upsampled mentioned, you might use raw sockets (https://en.wikipedia.org/) as you only need a subset of TCP protocol (send SYN and recieve RST-ACK or SYN-ACK ).
As coding something like http://www.binarytides.com/raw-socket-programming-in-python-linux/ could be a good excersice, I would also suggest to consider https://github.com/secdev/scapy
Scapy is a powerful Python-based interactive packet manipulation program and library.
Here's the code sample that already implements a simple port scanner http://pastebin.com/YCR3vp9B and a detailed article on what it does: http://null-byte.wonderhowto.com/how-to/build-stealth-port-scanner-with-scapy-and-python-0164779/
The code is a little bit ugly but it works — I've checked it from my local Ubuntu PC against my VPS. Here's the most important code snippet (slightly adjusted to conform to PEP8):
# Generate Port Number
srcport = RandShort()
# Send SYNC and receive RST-ACK or SYN-ACK
SYNACKpkt = sr1(IP(dst=target) /
TCP(sport=srcport, dport=port, flags="S"))
# Extract flags of received packet
pktflags = SYNACKpkt.getlayer(TCP).flags
if pktflags == SYNACK:
# port is open
pass
else:
# port is not open
# ...
pass
Upvotes: 8
Reputation: 3714
First, you will have to generate your own SYN packets using RAW sockets. You can find an example here
Second, you will need to listen for SYN-ACKs from the scanned host in order to determine which ports actually try to start the TCP Handshake (SYN,SYN-ACK,ACK). You should be able to detect and parse the TCP header from the applications that respond. From that header you can determine the origin port and thus figure out a listening application was there.
Also if you implement this, you also basically made a SYN DDOS utility because you will be creating a ton of half-opened tcp connections.
Upvotes: 5
Related Questions
- Python Port Scanner
- Port Scanner python script
- Port scanner in python3
- Port scanner in python is not working properly
- i am trying to develop a port scanner in python but my code is not giving any open port give me some suggestions about that?
- How can I get my port scanner to work
- Python TCP port scanner
- TCP Network - Manually program SYN, SYN ACK, ACK?
- Using nmap library in Python program
- TCP port scanner written in Python using Scapy yields no response