Awesome-Mirrors/cyber-security-resources
1
0
Fork 0
mirror of https://github.com/The-Art-of-Hacking/h4cker.git synced 2024-07-18 17:12:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
ec01a76fc8
cyber-security-resources/programming_and_scripting_for_cybersecurity/recon_scripts/scanning/scapy_basic_scanner.md
Omar Santos 01e5ab0945
Create scapy_basic_scanner.md
2023-06-30 14:58:12 -04:00

2.5 KiB
Raw Blame History

Using Scapy to Scan a System

The following is an example of a Python script that uses Scapy to perform a basic TCP port scan:

from scapy.all import *
import sys

def tcp_port_scan(target, ports):
    for port in ports:
        tcp_packet = IP(dst=target) / TCP(dport=port, flags="S")
        response = sr1(tcp_packet, timeout=2, verbose=0)

        if response is not None and response[TCP].flags == 18:
            print(f"Port {port} is open on {target}")
        else:
            print(f"Port {port} is closed on {target}")

if __name__ == "__main__":
    target = sys.argv[1]
    ports = range(1, 1024)

    tcp_port_scan(target, ports)

Here's how to use the script:

  1. Save the script in a file named port_scan.py.
  2. Run the script by using the following command in the terminal:
python port_scan.py <target_ip>

Remember to replace <target_ip> with the IP address of the target machine.

Detailed Explanation

  • The script begins by importing necessary modules:

    • from scapy.all import * imports all necessary components from the Scapy library, a powerful interactive packet manipulation tool.
    • import sys imports the system-specific parameters and functions module.

  • The tcp_port_scan(target, ports) function is defined to perform the TCP port scan:

    • For each port in the provided ports, it creates a TCP packet with the S (SYN) flag set using IP(dst=target) / TCP(dport=port, flags="S").
    • The script then sends the packet to the target machine using the sr1() function, which sends the packet and returns the first response received.
    • If a response is received (response is not None) and the TCP flags of the response are equal to 18 (response[TCP].flags == 18), the script prints that the port is open. TCP flag 18 represents SYN/ACK packet which is usually the response to our SYN packet when a port is open. If there is no response or the response is not SYN/ACK, the script prints that the port is closed.

  • In the __main__ part of the script:

    • target is set to the first argument given in the command line (sys.argv[1]), which is the IP address of the target machine.
    • ports is set to the range of 1-1023, which are the well-known port numbers.
    • The tcp_port_scan() function is then called with the target and ports as parameters.

This is a simple script and does not handle many edge cases. In a real-world situation, additional code would be required to handle potential exceptions, timeouts, and other situations.