Mostly all the open ports use a banner or service software on which they run. If you do not know how to get the port banner name in Python, click here to read that tutorial.
In this Python tutorial, we will write a Python script that checks if a Port banner is vulnerable or not. To achieve our goal, we will be using the brute force technique in which we will have a list of the vulnerable banners in a txt file, and we will compare our local host ports banner with them. Here are the steps we will follow to create a Port Vulnerability scanner in Python
- First, we will create a port scanner and save the port number and its banner in the lists.
-
Then using the
Python file handling
, we will check if any port banner present in our
vulnerable_banner.txtfile. - If yes, we will print that the port is vulnerable.
That's the basic outline of how we will write our Python script, but before diving into the code, let's discuss the libraries and dependencies we will be using to write our Python script.
Required libraries and dependencies
Python
socket
library
socket
is the defacto Python library for socket programming. It is a Python standard module, and in this tutorial, we will be using this module to scan ports and retrieve the open ports banner.
Python
IPy
Library
Python
IPy
is a lightweighted open-source third part library. As the Library name suggests, it is used to handle IPv4 and IPv6 addresses and networks in Python. And in this tutorial, we will be using this library to check if the user entered a valid IP address or domain name. Because in our program, we will be giving users to enter the target IP address or the domain name.
As
IPy
is a third-party package; we need to install it for our Python environment. Run the following pip install command on your terminal or command prompt to install IPy.
pip install IPy
Python
threading
module
Although multi-threading is not available in Python but using,
threading
we can simulate multiple threading in Python as concurrent execution of threads. Port scanning is a very slow process, so we will be using threading in our program to make the scanning faster.
Vulnerable banners text file
To check for the vulnerable ports, we will be using brute force, in which we will already have a txt file
(vulnerable_banners.txt)
that contains vulnerable banners. And we will read those vulnerable banners from the file and check our localhost or target IP address using those services or banners.
vulnerable_banners.txt
3Com 3CDaemon FTP Server Version 2.0
220-FileZilla Server version 0.9.41 beta
Ability Server 2.34
CCProxy Telnet Service Ready
ESMTP TABS Mail Server for Windows NT
FreeFloat Ftp Server (Version 1.00)
IMAP4rev1 MDaemon 9.6.4 ready
MailEnable Service, Version: 0-1.54
NetDecision-HTTP-Server 1.0
PSO Proxy 0.9
SAMBAR Sami FTP Server 2.0.2
Spipe 1.0
TelSrv 1.5
WDaemon 6.8.5
WinGate 6.1.1
Xitami
YahooPOPs! Simple Mail Transfer Service Ready
Here is the list of some of the vulnerable banners. You can copy and paste these banners into your local system as a text file.
I would recommend you save the vulnerable_banners.txt file in the same directory or folder where you are writing the Python script.
Now we are all set with the dependencies, it's time to open your best Python IDE or text editor and code along.
How to Build a Port Vulnerability Scanner in Python
We will begin our Python script by importing the required module.
import socket
from IPy import IP
import threading
Also, let's define two Python empty lists that will store the open port and its corresponding banner.
ports = [] #to store open port
banners =[] #to store open port banner
To keep our code module, let's define a function
port_scanner(target, port)
that will scan for the open port and store the open port number and its banner name in
ports
and
banners
lists.
def port_scanner(target,port):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(5)
try:
trarget_ip =IP(target) #check if target is an IP address
except:
target_ip = socket.gethostbyname(target) #check if the target is a domain name or locahost
s.connect((target_ip, port))
try:
#get banner name
banner_name = banner(s).decode()
ports.append(port)
#store banner_name in banners list
banners.append(banner_name.strip())
except:
pass
except:
pass
The outermost
try
statement block handles the exception for socket connection to the port. The
socket.socket(socket.AF_INET, socket.SOCK_STREAM)
function initializes the socket object
s
.
settimeout(5)
function will fail the connection if the socket cannot connect the port within 5 seconds.
Next, The inner
try
and
except
block check if the target is a valid IP address or not. The
IP()
function check if the value is a valid IP. The
socket.gethostname()
function returns the IP address of the target domain. The
connect((target_ip, port))
function will connect to the specified
target_ip
port
number.
Further, The
banner(s)
function will return the banner name of the connected socket.
decode()
function will decode the byte object to a string. The
ports.append(port)
and
banners.append(banner_name.strip())
statements will store the open ports and their banner name(if any) in the
ports
and
banners
list.
Now let's define a
banner()
function that will return the banner of the connected socket (if any).
#get the banner name
def banner(s):
return s.recv(1024)
The
recv(1024)
function will return the port banner name in 1024 bytes string. Now let's scan the first 5000 ports by calling the
port_scanner()
function with threading.
#scan for first 5051
for port in range(1,5051):
thread = threading.Thread(target =port_scanner, args=[target,port])
thread.start()
if you do not know how the threading module work in Python,
click here
to check our threading tutorial. Now let's read our
vulnerable_banners.txt
file and check if any open port has a vulnerable banner service.
with open("vulnerable_banners.txt", "r") as file:
data = file.read()
for i in range(len(banners)):
if banners[i] in data:
print(f"[!]Vulneribility found: {banners[i]} at port {ports[i]}")
Now Put all the code together and execute.
Python Program for Port scanner vulnerability
import socket
from IPy import IP
import threading
ports = [] #to store open port
banners =[] #to store open port banner
def port_scanner(target,port):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(5)
try:
trarget_ip =IP(target) #check if target is an IP address
except:
target_ip = socket.gethostbyname(target) #check if the target is a domain name or locahost
s.connect((target_ip, port))
try:
#get banner name
banner_name = banner(s).decode()
ports.append(port)
#store banner_name in banners list
banners.append(banner_name.strip())
except:
pass
except:
pass
#get the banner name
def banner(s):
return s.recv(1024)
target = input("Enter Target IP address, localhost or domain name eg www.eg.com: ")
#scan for first 5051
for port in range(1,5051):
thread = threading.Thread(target =port_scanner, args=[target,port])
thread.start()
with open("vulnarable_banners.txt", "r") as file:
data = file.read()
for i in range(len(banners)):
if banners[i] in data:
print(f"[!]Vulneribility found: {banners[i]} at port {ports[i]}")
Output
Enter Target IP address, localhost or domain name eg www.eg.com: localhost [!]Vulneribility found: 220-FileZilla Server version 0.9.41 beta at port 21
Here I have a check for the Port vulnerability of my local system; that's why I mentioned localhost as a target input IP. And you can see that I receive a vulnerability found message for my port 21. This is becaue my port 21 banner is present in the vulnerable_banners.txt file.
Conclusion
Now let's conclude the above tutorial. In this tutorial, you learned how to write a Python script to check the Port vulnerability. The above program is not efficient for all the port scanner vulnerability tests. The above program is based on brute force and is only able to show those vulnerable ports whose banners are already defined in the vulnerable_banners.txt file.
You can look out for more vulnerable port banners or services in google and add them to your text file for a better result.
People are also reading:
- Python Double and Single Underscore
- Detele Emails in Python
- Colored Python Output
- Python COPY File and Directory
- Detect Contours in Images in Python
- Python Check If File or Directory Exists
- Google Custom Search Engine API in Python
- Extract all Stored Chrome Passwords in Python
- Python Numpy Array Tutorial
- Gmail API in Python
Leave a Comment on this Post