mirror of
https://github.com/The-Art-of-Hacking/h4cker.git
synced 2024-12-21 05:34:39 -05:00
Merge pull request #123 from The-Art-of-Hacking/santosomar-patch-3
Create scapy_basic_scanner.md
This commit is contained in:
commit
1f41686552
@ -0,0 +1,51 @@
|
|||||||
|
# Using Scapy to Scan a System
|
||||||
|
|
||||||
|
The following is an example of a Python script that uses Scapy to perform a basic TCP port scan:
|
||||||
|
|
||||||
|
```python
|
||||||
|
from scapy.all import *
|
||||||
|
import sys
|
||||||
|
|
||||||
|
def tcp_port_scan(target, ports):
|
||||||
|
for port in ports:
|
||||||
|
tcp_packet = IP(dst=target) / TCP(dport=port, flags="S")
|
||||||
|
response = sr1(tcp_packet, timeout=2, verbose=0)
|
||||||
|
|
||||||
|
if response is not None and response[TCP].flags == 18:
|
||||||
|
print(f"Port {port} is open on {target}")
|
||||||
|
else:
|
||||||
|
print(f"Port {port} is closed on {target}")
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
target = sys.argv[1]
|
||||||
|
ports = range(1, 1024)
|
||||||
|
|
||||||
|
tcp_port_scan(target, ports)
|
||||||
|
```
|
||||||
|
|
||||||
|
Here's how to use the script:
|
||||||
|
1. Save the script in a file named `port_scan.py`.
|
||||||
|
2. Run the script by using the following command in the terminal:
|
||||||
|
|
||||||
|
```
|
||||||
|
python port_scan.py <target_ip>
|
||||||
|
```
|
||||||
|
Remember to replace `<target_ip>` with the IP address of the target machine.
|
||||||
|
|
||||||
|
## Detailed Explanation
|
||||||
|
|
||||||
|
- The script begins by importing necessary modules:
|
||||||
|
- `from scapy.all import *` imports all necessary components from the Scapy library, a powerful interactive packet manipulation tool.
|
||||||
|
- `import sys` imports the system-specific parameters and functions module.
|
||||||
|
|
||||||
|
- The `tcp_port_scan(target, ports)` function is defined to perform the TCP port scan:
|
||||||
|
- For each port in the provided ports, it creates a TCP packet with the `S` (SYN) flag set using `IP(dst=target) / TCP(dport=port, flags="S")`.
|
||||||
|
- The script then sends the packet to the target machine using the `sr1()` function, which sends the packet and returns the first response received.
|
||||||
|
- If a response is received (`response is not None`) and the TCP flags of the response are equal to 18 (`response[TCP].flags == 18`), the script prints that the port is open. TCP flag 18 represents `SYN/ACK` packet which is usually the response to our SYN packet when a port is open. If there is no response or the response is not `SYN/ACK`, the script prints that the port is closed.
|
||||||
|
|
||||||
|
- In the `__main__` part of the script:
|
||||||
|
- `target` is set to the first argument given in the command line (`sys.argv[1]`), which is the IP address of the target machine.
|
||||||
|
- `ports` is set to the range of 1-1023, which are the well-known port numbers.
|
||||||
|
- The `tcp_port_scan()` function is then called with the `target` and `ports` as parameters.
|
||||||
|
|
||||||
|
This is a simple script and does not handle many edge cases. In a real-world situation, additional code would be required to handle potential exceptions, timeouts, and other situations.
|
Loading…
Reference in New Issue
Block a user