I'm following a Python tut on writing a port scanner, it runs, but it seemed to skip over a port that should theoretically be open. I'm running a web browser so port 80 should be up, but when I ran it against my network it just skipped over it. Also tried it against 443, but it's not showing any HTTPS ports either.
import sys #allows us to enter cmd line arguments & other things
import socket #Sockets and the socket API are used to send messages across a network. They provide a form of inter-process communication (IPC).
from datetime import datetime
#next we need to define our target
if len(sys.argv) == 2:
target = socket.gethostbyname(sys.argv[1]) #translate host name to IPV4
else:
print (“invald amt of arguments.”)
print (“syntax: python3 scanner.py <ip>”)
sys.exit()
#add a pretty banner
print (“-” * 50)
print (“scanning target” + target)
print(“Time started: “ +str(datetime.now()))
print (“-” * 50)
try:
for port in range (50,85):
s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
socket.setdefaulttimeout(1) #is a float
result = s.connect_ex((target,port)) #returns error indicator
print ((“checking port {}”).format(port)) #returns error indicator
if result ==0:
print (“port {} is open”.format(port))
s.close()
except KeyboardInterrupt:
(“\Exiting Program”)
sys.exit()
except socket.gaierror:
print (“host name could not be resolved”)
sys.exit()
except socket.error:
print (“could not connect to server”)
sys.exit()**
If You replace all smart quoutes with straight quoutes,
indent the TRUE-block of the if-statement inside the for-loop and
remove the escape character ("\") in the exception handler,
then Your code runs fine.
Related
I have a program that scans for open ports on remote host.
It will take long time to complete the scan.I want to make it work fast.
Here's my code:
Port Scan
import socket
import subprocess
host = input("Enter a remote host to scan: ")
hostIP = socket.gethostbyname(host)
print("Please wait, scanning remote host", hostIP)
try:
for port in range(1,1024):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
result = sock.connect_ex((hostIP, port))
if result == 0:
print("Port: \t Open".format(port))
sock.close()
Could one of you Python wizards help me with this.
Advance Thanks.
You can set a timeout on the socket so it wont spend to much time on a closed port. I would also use threads and allow the user to specify how many threads they want to run. here is a link to some code you could adapt to implement threading with the threading module Python Network Programming.
#!/usr/bin/env python
'''
A simple port scanner.
'''
import socket
def scan_host(host, **options):
'''
Scan a host for open ports.
'''
options.setdefault('timeout', 0.30)
options.setdefault('port_range', (1, 1024))
timeout = options.get('timeout')
port_range = options.get('port_range')
host_ip = socket.gethostbyname(host)
print("Please wait, scanning remote host {} : {}".format(host, host_ip))
for port in xrange(*port_range):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(timeout)
result = sock.connect_ex((host_ip, port))
if result == 0:
print "Port: {} Open".format(port)
sock.close()
if __name__ == '__main__':
scan_host('www.google.com', timeout=0.30, port_range=(1, 8000))
This program became too simple. It monitors only one port at once and it takes long time on one port to see if it is listening. So try reducing the time to listen, if it can't connect, deem it to be closed by setting a recursion limit for that number under the "expect:" in run().
As in like this,
try:
# connect to the given host:port
result = sock.connect_ex((hostIP, port))
if result == 0:
print "%s:%d Open" % (hostIP, port)
sock.close()
except: #pass
sock.recurse += 1
if sock.recurse < sock.limit:
sock.run()
else:
print "%s:%d Closed" % (hostIP, port)
There is other way to make it much more efficient by importing threading() module which can be used to keep an eye on a large number of sockets at once.
Here's the document on threading.
Refer this,
https://docs.python.org/2/library/threading.html#
Hope that helped you.
All the best.
i'm new to python programming and here is a fisrt code i've done
so,here is a port scanner i've done , it works fine on localhost ,
but when i try to scan a website , after waiting 10 minutes there is nothing
what is wrong with my code.
here is the code:
from socket import *
print "Simple port scanner"
print "-------------------"
print ""
adress = raw_input("Enter adress (or localhost): ")
ip = gethostbyname(adress)
print adress,"has the IP:",ip
alpha = int(raw_input("Port (min):"))
omega = int(raw_input("Port (max):"))
def scanner(ip,min_port, max_port):
count = 0
for ports in range(alpha, omega):
s = socket(AF_INET, SOCK_STREAM)
result = s.connect_ex((ip, ports))
if(result == 0) :
print 'Port %d: is OPEN' % (ports,)
count = count + 1
s.close()
print "Scanning finshed !"
print ""
print "Found",count,"open ports"
print ""
print "Beggin to scan..."
scanner(ip,alpha,omega)
Here is the output for localhost:
Simple port scanner
-------------------
Enter adress (or localhost): localhost
localhost has the IP: 127.0.0.1
Port (min):0
Port (max):100
Beggin to scan...
Port XX: is OPEN
Port XX: is OPEN
Scanning finshed !
Found 2 open ports
and the output for google (for example)
and there is the problem , there is NOTHING :(
Simple port scanner
-------------------
Enter adress (or localhost): google.com
google.com has the IP: 74.125.195.100
Port (min):24
Port (max):82
Beggin to scan...
Thank you for helping me .
thank you for your answer Lawrence Benson ,
i have try it with some othe IP's (no more google , but my website and friend website to stay legal) but same error , have you an idea to improve this script ?
If you change s.connect_ex() to s.connect(), an Execption will be raised if an error occurs. connect_ex returns a error value which needs to be interpreted. There are many errors, e.g. timeout or connection refused.
If I test it on my server, many ports are actively refused. So if I print
print "Port %d is closed" % ports
I can see that all ports are refused.
The best approach would be to go through the error messages you get with connect() and find out how to handle those, especially because you are new to python.
Additionally, you can set a timeout after which your socket gives up on trying to connect.
s.settimeout(3)
Thank you,
I have made some changes and now it works :) I have changed ".connect_ex" to ".connect", add try/except, and two settimeouts.
Here is the code again (modified):
from socket import *
print "Simple port scanner"
print "-------------------"
print ""
adress = raw_input("Enter adress (or localhost): ")
ip = gethostbyname(adress)
print adress,"has the IP:",ip
alpha = int(raw_input("Port (min):"))
omega = int(raw_input("Port (max):"))
def scanner(ip,alpha, omega):
count = 0
for ports in range(alpha, omega):
try:
print "Scanning port :%d" % (ports,)
s = socket(AF_INET, SOCK_STREAM)
s.settimeout(3)
s.connect((ip, ports))
s.settimeout(3)
print "Port %d: is OPEN" % (ports,)
count = count + 1
except:
print "Port %d is CLOSED" % (ports,)
s.close()
print "Scanning finshed !"
print ""
print "Found %d open ports" % (count)
print ""
print "Beggin to scan..."
scanner(ip,alpha,omega)
And the output:
Enter adress (or localhost): xxx.xxx.org
xxx.xxx.org has the IP: xx.xx.xx.xx
Port (min):440
Port (max):445
Beggin to scan...
Scanning port :440
Port 440 is CLOSED
Scanning port :441
Port 441 is CLOSED
Scanning port :442
Port 442 is CLOSED
Scanning port :443
Port 443: is OPEN
Scanning port :444
Port 444 is CLOSED
Scanning finshed !
Found 1 open ports
I would suggest having a function to check the state of a port.
#-*-coding:utf8;-*-
#qpy:3
#qpy:console
import socket
import os
# This is used to set a default timeout on socket
# objects.
DEFAULT_TIMEOUT = 0.5
# This is used for checking if a call to socket.connect_ex
# was successful.
SUCCESS = 0
def check_port(*host_port, timeout=DEFAULT_TIMEOUT):
''' Try to connect to a specified host on a specified port.
If the connection takes longer then the TIMEOUT we set we assume
the host is down. If the connection is a success we can safely assume
the host is up and listing on port x. If the connection fails for any
other reason we assume the host is down and the port is closed.'''
# Create and configure the socket.
sock = socket.socket()
sock.settimeout(timeout)
# the SO_REUSEADDR flag tells the kernel to reuse a local
# socket in TIME_WAIT state, without waiting for its natural
# timeout to expire.
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
# Like connect(address), but return an error indicator instead
# of raising an exception for errors returned by the C-level connect()
# call (other problems, such as “host not found,” can still raise exceptions).
# The error indicator is 0 if the operation succeeded, otherwise the value of
# the errnovariable. This is useful to support, for example, asynchronous connects.
connected = sock.connect_ex(host_port) is SUCCESS
# Mark the socket closed.
# The underlying system resource (e.g. a file descriptor)
# is also closed when all file objects from makefile() are closed.
# Once that happens, all future operations on the socket object will fail.
# The remote end will receive no more data (after queued data is flushed).
sock.close()
# return True if port is open or False if port is closed.
return connected
con = check_port('www.google.com', 83)
print(con)
I'm just learning python and I've got a noobquestion here. What I want to do is loop the given IP addresses (192.168.43.215 through .218) and run given commands. The first host works as it can connect, while the second (.216) cannot be connected to and then the script exits with a "socket.error: [Errno 111] Connection refused" error.
I don't want it to exit the script, but to keep running on the remaining hosts. So how do I handle this exception to keep the for loop running?
#!/usr/bin/python
import socket
import sys
usernames = ["root", "admin", "robot", "email"]
for host in range(215,218):
ipaddress = "192.168.43." + str(host)
print ipaddress
# Create a socket
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(10)
# Connect to the server
connect=s.connect((ipaddress,25))
# Receieve the banner
banner=s.recv(1024)
print banner
for x in usernames:
# Verify a user
s.send('VRFY ' + x + '\r\n')
result=s.recv(1024)
print result
# Close the socket
s.close()
print "All hosts completed."
Sounds like you just need some basic error handling with a try/except block:
try:
# run dangerous operation
except TheExceptionThatCouldBeTriggered:
print("An exception was triggered... continuing")
else:
# do other stuff if dangerous operation succeeded
In your case, you want to except socket.error
I'm totally confused as to why my script isn't working.
This script basically scans for servers with port 19 open (CHARGEN).
You enter a list of ips in the format:
1.1.1.1
2.2.2.2
3.3.3.3
4.4.4.4
5.5.5.5
and the script scans every ip in the list to check if port 19 is open, and if it is, it writes the ip to a file.
Here is my code:
#!/usr/bin/env python
#CHARGEN Scanner
#Written by Expedient
import sys
import Queue
import socket
import threading
queue = Queue.Queue()
def check_ip(host, output_file, timeout):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(timeout)
result = sock.connect_ex((host, 19))
if result == 0:
print "Found: %s" % host
file = open(output_file, "a")
file.write(host+"\n")
file.close()
except:
pass
def add_to_queue(queue, host, output_file, timeout):
queue.put(check_ip(host, output_file, timeout))
if len(sys.argv) < 4:
print "Usage: %s <ip list> <output file> <timeout>" % sys.argv[0]
sys.exit()
try:
open(sys.argv[1])
except:
print "Unable to open ip list."
sys.exit()
print "Starting Expedient's CHARGEN Scanner..."
with open(sys.argv[1]) as ip_list:
for ip in ip_list:
thread = threading.Thread(target=add_to_queue, args=(queue, ip, sys.argv[2], float(sys.argv[3])))
thread.start()
Whenever I run the script on a list of CHARGEN enabled servers that I got from an nmap scan
(I double checked, every server has port 19 open), the script does not write any of the ips
to the output file, which is should, because every ip in the list has port 19 open.
I honestly have no idea why this isn't working and it would be wonderful if someone could
help me out/tell me what I'm doing wrong. Thank you.
Your example as posted is catching all exceptions in your check_ip function without telling you (except: pass). You could have any number of issues causing exceptions to be raised in this function, and if an exception is raising in every call of the function then you will get no results from your script while also not getting any feedback to log/console on the nature of the failure.
For the purposes of debugging, you should modify your exception handling to explicitly handle any exceptions that you want to pass over, and allow other exceptions to raise unhandled so that you can determine what your error conditions are.
I keep getting this error
[Errno 10061] No connection could be made because the target machine actively refused it.
I'm running Windows 7 64 bit, no virus or protection software, and python is allowed through my firewall (I've also tried turning my firewall completely off but same result). When I run the server and use telnet it connects just fine. When I try to connect to the server with the client it fails. Any suggestions as to what I could try to fix this? If you need more information just ask and I'll provide.
Client Code
import socket
import sys
def main():
host = ""
port = 8934
message = "Hello World!"
host = raw_input("Enter IP: ")
#Create Socket
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except socket.error, msg:
print "Failed to create socket. Error code: %s Error Message: %s"%(str(msg[0]),msg[1])
sys.exit()
print "Socket created"
#Connec to Server
print host
print port
s.connect((host,port))
print "You are connected to %s with IP adress of %s"%(host,host)
#Send Data
try:
s.sendall(message)
except socket.error:
print "Failed to send."
#Receive Data
reply = s.recv(4096)
if __name__ == "__main__":
main()
Server Code
# !usr/bin/python
import socket
import sys
HOST = ""
PORT = 8934
def main():
#Setup socket
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except socket.error,msg:
print "Unable to create socket"
sys.exit()
print "Socket created."
#Bind to adress
try:
s.bind((HOST,PORT))
except socket.error,msg:
print "Bind failed. Closing..."
sys.exit()
print "Socket bound."
#Start listening
s.listen(10)
print "Socket Listening"
#Accept connection
conn, addr = s.accept()
print "Connected to %s:%s"%(addr[0],addr[1])
if __name__ == "__main__":
main()
Taking a guess at your indentation, and running your code… it works just fine.* (As long as I type in 127.0.0.1 when it asks me for the IP.)
Of course the second time I run the client (if I haven't restarted the server) I get a connection-refused error. But that's just because you've coded a server that immediately quits as soon as it gets the first connection. So the second time you run the client, there is no server, so the OS rejects the connection.
You can always run the server again, which lets you run the client one more time. (Except that the server may get a 10048 error when it tries to bind the socket, because the OS is keeping it around for the previous owner. If you see that, look at SO_REUSEADDR in the docs.)
* By "works just fine" I mean that it connects, and prints out the following before quitting:
Socket created
127.0.0.1
8934
You are connected to 127.0.0.1 with IP adress of 127.0.0.1
Obviously it never sends anything to the server or receives anything back, because the server has no send or recv calls, or anything else.