When it comes to conducting security assessments and network reconnaissance, identifying open ports on target systems and retrieving banner information from those ports is crucial. In this article, we will explore how to perform port scanning and banner retrieval using the Python programming language with the Scapy and Socket libraries.
Importing the Necessary Libraries
First and foremost, let’s import the Scapy and Socket libraries into our project.
from scapy.all import *
import socketScapy is used for crafting and manipulating network packets, while Socket will be used to establish TCP connections and retrieve banner information.
Banner Retrieval Function
Let’s start by defining a function called get_banner that will retrieve banner information for a given IP address and port number.
def get_banner(ip, port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip, port))
s.send(b'GET / HTTP/1.1\r\nHost: ' + ip.encode("utf-8") + b'\r\n\r\n')
return s.recv(1024)
except:
return NoneThis function establishes a TCP connection to the specified IP address and port number, sends an HTTP GET request, and receives the server’s response. If no response is received or a connection cannot be established, it returns None.
Port Scanning Function
Now, let’s define a function called scan_port that will perform port scanning for a given IP address and port number
def scan_port(ip, port):
ip_pkt = IP(dst=ip)
tcp_pkt = TCP(dport=port, flags="S")
pkt = ip_pkt / tcp_pkt
resp = sr1(pkt, timeout=1, verbose=0)
if resp is not None:
if resp.haslayer(TCP):
if resp.getlayer(TCP).flags == 0x12: # SYN-ACK check
return True # Port is open
elif resp.getlayer(TCP).flags == 0x14: # RST-ACK check
return False # Port is closed
return False # If no response, consider the port closedThis function sends a SYN packet to the specified IP address and port number and determines whether the port is open or closed based on the response.
Example Usage
Now that we have these two functions in place, let’s use them to perform port scanning and banner retrieval on a specific IP address. Here’s an example usage:
target_ip = "10.0.2.12" # Target IP address
print(f"""=======================
The target: {target_ip}
Port Range: 20-65500
=======================""")
for port in range(20, 65500):
status = scan_port(target_ip, port)
if status:
banner = get_banner(target_ip, port)
if banner:
print(f"Port {port}: Open - Banner: {banner}")
else:
#print(f"Port {port}: Open - No Banner Retrieved")
continue
else:
continueIn this example, you can use the code to scan ports ranging from 20 to 65500 on a specified IP address. As open ports are discovered, banner information is retrieved and displayed on the screen.
In conclusion, this article has demonstrated how to perform port scanning and banner retrieval using the Python programming language with the Scapy and Socket libraries. These techniques can be highly valuable for conducting network security assessments and reconnaissance tasks.
