Capstone/pScan.py at main · JackCWatson/Capstone · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#Jack Watson
from scapy.all import *

userList = []
pTest = []

targetIpRange = str(sys.argv[1])
port_range = [21, 22, 23, 25, 53, 80, 135, 443, 1433, 3389]


arpPacket = ARP(pdst=targetIpRange)
etherPacket = Ether(dst="ff:ff:ff:ff:ff:ff")
totalPacket = etherPacket/arpPacket

result = srp(totalPacket, timeout=3, verbose=0)[0]


for sent, received in result:
    userList.append({'ip': received.psrc, 'mac': received.hwsrc})

# print userList
print("IP" + " "*16+"Port" + " "*7 + "Status")
for client in userList:
    host = client['ip']
    # Send Sync packet to every port in the range
    for dst_port in port_range:
        resp = sr1(
            IP(dst=host)/TCP(sport=8080,dport=dst_port),timeout=1,
            verbose=0,
        )

        if resp is None:
            pass

        elif(resp.haslayer(TCP)):
            if(resp.getlayer(TCP).flags == 0x12): #x12 -> port is open (Sync flag)
                # Close connection (Not neccessary but polite)
                send_rst = sr(
                    IP(dst=host)/TCP(sport=8080,dport=dst_port),
                    timeout=1,
                    verbose=0,
                )
                pTest.append({'host' : host, 'port' : dst_port, 'status' : "open"}) #Adds to new printing list
            elif (resp.getlayer(TCP).flags == 0x14): #x14 -> port closed (Reset flag)
                pass


    #Print the List
for chost in pTest:
    print('{:<14}    {:<5}      {:<4}'.format(chost['host'], chost['port'], chost['status']))


print("Done")