Once I have identified endpoints within our network, the next step is to perform a port scan. What exactly is a port scan, or more specifically a TCP/IP port scan? Computers that support communication protocols utilize ports in order to make connections to other parties. In order to support different conversations with multiple parties, ports are used to distinguish various communications. For example, web servers can use the Hypertext Transfer Protocol (HTTP) to provide access to a web page which utilizes TCP port number 80 by default. The Simple Mail Transfer Protocol or SMTP uses port 25 to send or transmit mail messages. For each unique IP address, a protocol port number is identified by a 16-bit number, commonly known as the port number 0-65,535. The combination of a port number and IP address provides a complete address for communication. The parties that are communicating will each have an IP address and port number. Depending on the direction of the communication both a source and destination address (IP address and port combination) are required. Show Examples of registered portsA short example of registered ports that you may be familiar with are in Table 8.3 (Note that this is just a sample of the list.) Table 8.3. Examples of Registered Ports
To develop the simplest Port Scanner in Python, I need to know just a few things: (1)What IP address to target? (2)What port range should I scan? (3)Whether I should display all the results or should I only display the ports that were found to be open. In other words ports that I could successfully connect to. Figure 8.9 depicts the GUI for our simple Port Scanner. The GUI allows the user to specify the IP address to scan along with the port range. The GUI also includes a checkbox that allows the user to specify whether all the results or only the successful results are displayed. Figure 8.9. Port Scanner GUI. I have provided detailed documentation in line with the program so you can walk through the program reading the comments for clarity. Figure 8.10 depicts the launch of the startup Port Scanner GUI. As you can see in Figure 8.10, I launched the program from the command line with administrative privilege. This is necessary as administrator privilege is required to perform the port scan network operations. Figure 8.10. Port Scanner program launch. Before diving into the code take a look at the overall layout of the program. I recommend that you start by examining the “Setup the Application Windows” section a couple pages down in the code. Then, I would move back to the beginning of the code and examine the portScan event handler starting with “def portScan(event)”: As you can see most of the work is related to setting up the GUI application and setting up the list of host ports to scan. Once that is done, the code that actually scans each port and checks the result is only a few lines as shown here. # open a socket reqSocket = socket(AF_INET, SOCK_STREAM) # Try Connecting to the specified IP, Port response = reqSocket.connect_ex((baseIP, port)) # # Python Port Scanner # import wxversion wxversion.select("2.8") import wx # Import the GUI module wx import sys # Import the standard library module sys import ping # Import the ICMP Ping Module from socket import * # Import the standard library module socket from time import gmtime, strftime # import time functions # # Event Handler for the portScan Button Press # def portScan(event): # First, I need to check that the starting port is <= ending port value if portEnd.GetValue() < portStart.GetValue(): # This is an improper setting # Notify the user and return dlg = wx.MessageDialog(mainWin,"Invalid Host Port Selection", "Confirm", wx.OK | wx.ICON_EXCLAMATION) result = dlg.ShowModal() dlg.Destroy() return # Update the Status Bar mainWin.StatusBar.SetStatusText('Executing Port Scan .... Please Wait') # Record the Start Time utcStart = gmtime() utc = strftime("%a, %d %b %Y %X + 0000", utcStart) results.AppendText("\n\nPort Scan Started: "+ utc + "\n\n") # Build the base IP Address String # Extract data from the ip Range and host name user selections # Build a Python List of IP Addresses to Sweep baseIP = str(ipaRange.GetValue())+ '.'+str(ipbRange.GetValue())+ '.'+str(ipcRange.GetValue())+ '.'+str(ipdRange.GetValue()) # For the IP Addresses Specified, Scan the Ports Specified for port in range(portStart.GetValue(), portEnd.GetValue()+1): try: # Report the IP Address to the Window Status Bar mainWin.StatusBar.SetStatusText('Scanning: '+ baseIP+' Port: '+str(port)) # open a socket reqSocket = socket(AF_INET, SOCK_STREAM) # Try Connecting to the specified IP, Port response = reqSocket.connect_ex((baseIP, port)) # if we receive a proper response from the port # then display the results received if(response == 0) : # Display the ipAddress and Port results.AppendText(baseIP+'\t'+str(port)+'\t') results.AppendText('Open') results.AppendText("\n") else: # if the result failed, only display the result # when the user has selected the "Display All" check box if displayAll.GetValue() == True: results.AppendText(baseIP+'\t'+str(port)+'\t') results.AppendText('Closed') results.AppendText("\n") # Close the socket reqSocket.close() except socket.error, e: # for socket Errors Report the offending IP results.AppendText(baseIP+'\t'+str(port)+'\t') results.AppendText('Failed: ') results.AppendText(e.message) results.AppendText("\n") # Record and display the ending time of the sweep utcEnd = gmtime() utc = strftime("%a, %d %b %Y %X + 0000", utcEnd) results.AppendText("\nPort Scan Ended: "+ utc + "\n\n)" # Clear the Status Bar mainWin.StatusBar.SetStatusText('') # End Scan Event Handler ========================== # # Program Exit Event Handler # def programExit(event): sys.exit() # End Program Exit Event Handler ================= # # Setup the Application Windows ================== # app = wx.App() # define window mainWin = wx.Frame(None, title="Simple Port Scanner", size =(1200,600)) #define the action panel panelAction = wx.Panel(mainWin) #define action buttons # I'm creating two buttons, one for Scan and one for Exit # Notice that each button contains the name of the function that will # handle the button press event. Port Scan and ProgramExit respectively displayAll = wx.CheckBox(panelAction, -1, 'Display All', (10, 10)) displayAll.SetValue(True) scanButton = wx.Button(panelAction, label='Scan') scanButton.Bind(wx.EVT_BUTTON, portScan) exitButton = wx.Button(panelAction, label='Exit') exitButton.Bind(wx.EVT_BUTTON, programExit) # define a Text Area where I can display results results = wx.TextCtrl(panelAction, style = wx.TE_MULTILINE | wx.HSCROLL) # Base Network for Class C IP Addresses has 3 components # For class C addresses, the first 3 octets define the network i.e 127.0.0 # the last 8 bits define the host i.e. 0-255 # Thus I setup 3 spin controls one for each of the 4 network octets # I also, set the default value to 127.0.0.0 for convenience ipaRange = wx.SpinCtrl(panelAction, -1, '') ipaRange.SetRange(0, 255) ipaRange.SetValue(127) ipbRange = wx.SpinCtrl(panelAction, -1, '') ipbRange.SetRange(0, 255) ipbRange.SetValue(0) ipcRange = wx.SpinCtrl(panelAction, -1, '') ipcRange.SetRange(0, 255) ipcRange.SetValue(0) ipdRange = wx.SpinCtrl(panelAction, -1, '') ipdRange.SetRange(0, 255) ipdRange.SetValue(1) # Add a label for clarity ipLabel = wx.StaticText(panelAction, label="IP Address: ") # Next, I want to provide the user with the ability to set the port range # they wish to scan. Maximum is 20 - 1025 portStart = wx.SpinCtrl(panelAction, -1, '') portStart.SetRange(1, 1025) portStart.SetValue(1) portEnd = wx.SpinCtrl(panelAction, -1, '') portEnd.SetRange(1, 1025) portEnd.SetValue(5) PortStartLabel = wx.StaticText(panelAction, label="Port Start: ") PortEndLabel = wx.StaticText(panelAction, label="Port End: ") # Now I create BoxSizer to automatically align the different components neatly # First, I create a horizontal Box # I'm adding the buttons, ip Range and Host Spin Controls actionBox = wx.BoxSizer() actionBox.Add(displayAll, proportion=0, flag=wx.LEFT|wx.CENTER, border=5) actionBox.Add(scanButton, proportion=0, flag=wx.LEFT, border=5) actionBox.Add(exitButton, proportion=0, flag=wx.LEFT, border=5) actionBox.Add(ipLabel, proportion=0, flag=wx.LEFT|wx.CENTER, border=5) actionBox.Add(ipaRange, proportion=0, flag=wx.LEFT, border=5) actionBox.Add(ipbRange, proportion=0, flag=wx.LEFT, border=5) actionBox.Add(ipcRange, proportion=0, flag=wx.LEFT, border=5) actionBox.Add(ipdRange, proportion=0, flag=wx.LEFT, border=5) actionBox.Add(PortStartLabel, proportion=0, flag=wx.LEFT|wx.CENTER, border=5) actionBox.Add(portStart, proportion=0, flag=wx.LEFT, border=5) actionBox.Add(PortEndLabel, proportion=0, flag=wx.LEFT|wx.CENTER, border=5) actionBox.Add(portEnd, proportion=0, flag=wx.LEFT, border=5) # Next I create a Vertical Box that I place the Horizontal Box components # inside along with the results text area vertBox = wx.BoxSizer(wx.VERTICAL) vertBox.Add(actionBox, proportion=0, flag=wx.EXPAND | wx.ALL, border = 5) vertBox.Add(results, proportion=1, flag=wx.EXPAND | wx.LEFT | wx.BOTTOM | wx.RIGHT, border=5) # I'm adding a menu and status bar to the main window mainWin.CreateStatusBar() # Finally, I use the SetSizer function to automatically size the windows # based on the definitions above panelAction.SetSizer(vertBox) # Display the main window mainWin.Show() # Enter the Applications Main Loop # Awaiting User Actions app.MainLoop Now that you have reviewed the code, Figures 8.11 and 8.12 depict program execution. The only difference between the two figures is the setting of the Display All checkbox. Figure 8.11. Port Scanner execution with Display All selected. Figure 8.12. Port Scanner execution with Display NOT selected. What is the most used tool for port scanning?Nmap stands for "Network Mapper", it is the most popular network discovery and port scanner in the history. It's a free and open source application used by system administrators, devops and network engineers for security auditing on local and remote networks.
What is the name of the most common tool for finding open ports on a target?Nmap (short for Network Mapper) is one of the most popular free open-source port scanning tools available. It offers many different port scanning techniques including TCP half-open scans.
Which tools can scan for open network ports?NMap is the acronym for Network Mapper. It is one of the top tools for port scanning and network discovery. This free and open-source tool is useful for system administrators, DevOps, and network engineers. The tool helps them in security auditing on local and remote networks.
What is open port scanning?A port scan is a common technique hackers use to discover open doors or weak points in a network. A port scan attack helps cyber criminals find open ports and figure out whether they are receiving or sending data. It can also reveal whether active security devices like firewalls are being used by an organization.
|