As part of the SPSE python course I was tasked with creating a port scanner with Scapy.
The script was to take user input on a range of ports, and split them up into a range of 10 equal parts, so 1-100 would be 1-10, 11-20 etc etc (its not directly even but you get the point.
Each of the equal parts would be placed into its own thread. So a port scanner seemed easy until adding the logic just mentioned. As I state in every post I am a noob at coding so I was already dropping my jaw at the task ahead.
Scapy
The plan was to learn Scapy and how to actually scan a port. Where else would you start right? I could have started with seperating the port range, but at the time that seemed much harder.
The Scapy website can be found here
"Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more." This was the description of what Scapy can do... So reading that I was like oh dear, I am already in over my head and its the 2nd exercise other than the python syntax module.... ARRGH
But remember many a time of being frustrated I calmed my breathing, settled my heart rate and pushed through. How hard can it be if I go slowly right? Right....
Sifting through the documentation was not too bad, I learn so much about what Scapy can do (it is HEAPS), but was trying to find out about how to send packets. Whoa.. Whoa, back.. I had to learn how to 'install' it first. I couldn't play with it until it was installed. Thankfully it was pretty easy. Once I had the VM's working properly.
NB: Make a post about how the VM's play naughty games on the work laptop. Like they crash all the TIME..
I found how the syntax for a SYN scan. Yay! I had installed Scapy, read through the documentation and was finally able to see the program coming together (even if only in my mind). So with that I could see that the port would be placed i dport=.
So for a range of ports I would have to create a list and place it into that syntax, so I started with dport=port.
To not jump in to deep, I started off with asking for user input for 1 port. Thinking please let this work, then I can slowly work out how to add multiple ports to that syntax.
Thankfully it worked.
For some reason the code is staying in text, not being highlighted in python syntax. Sorry for that!
As you can see its a bit of code.
Multiple threading
My first thoughts were let us try to get 2 threads working. Then I can try more. But after having changed it into a for loop there was no need to have multiple threads written manually. The number of threads that would be created was determined by the number of times it looped through creating the code. This was a bit of a logic shift but worked well.
The plan for manually writing the threads first up was to make sure I had my logic down and could create more than one thread correctly, i.e the syntax was correct and it would actually work!
To thread or Threading
So like, in the video we were told to create threads using thread. This is apparently an older way to create multiple threads. There is a new way called Threading, notice the difference? Neither did I. But it works!
It is also much easier. from Threading import thread. Totally different to the original... Anyhow I struggled using thread (the old way) until I did some research and found out about Threading (new way). It is much more humand readable, such as target= and args. Much easier to understand.
So if you are looking at multi threading, use THREADING not just thread.
Extra on the code
Some simple things had to be checked. Such as creating a range 1-100 would be 1-99 in python, so I had to +1 on user input for the end range of ports.
Placing Start and Stop for each loop allows the user to understand the results from each packet received. I am yet to make it easier to understand, as I do not fully understand the Scapy output, I may one day. But as this was completed for the exercise and will not be used to much (yet to see) I doubt I will improve it much more. It satisfies the exercise and that makes me very happy!
The output frome the code is as follows:
Asking for port range
Scapy Processing
Some output from the SYN scan:
NB: There was an update suggested by a friend to the part of slicing the list up. Which I will implement but haven't yet.
Hope you guys like???
Cheers
Haydn.,
No comments:
Post a Comment