-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathscantOS.py
134 lines (120 loc) · 4.46 KB
/
scantOS.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
import os
import socket
import sys
import time
import random
import urllib.request
import scapy.layers.inet
from scapy.layers.inet import TCP, ICMP
from scapy.layers.l2 import arping
from IPy import IP
from colorama import Fore
from scapy.all import load_module
from scapy.config import conf
from scapy.modules.nmap import nmap_fp
from scapy.sendrecv import sr1, sr
def reverseName(ip):
if ip[0] == "w":
ip = socket.gethostbyname(ip)
t = IP(ip)
print(Fore.BLUE + "reverse:\n" + t.reverseName())
print(Fore.BLUE + "ip_type:\n" + t.iptype())
else:
t = IP(ip)
print(Fore.BLUE + "reverse:\n" + t.reverseName())
print(Fore.BLUE + "ip_type:\n" + t.iptype())
def host_fingerprint(t, p):
path = os.getcwd()
scan = os.scandir(path)
print(Fore.GREEN + "Scanning current dir files for nmap-os-fingerprints[file] | path:: %s" % path)
for files in scan:
if files.name.startswith("nmap-os-fingerprints"):
print(Fore.GREEN + "nmap-os-fingerprints file have")
break
else:
open('nmap-os-fingerprints', 'wb').write(
urllib.request.urlopen(
'https://raw.githubusercontent.com/nmap/nmap/9efe1892/nmap-os-fingerprints').read())
load_module("nmap")
conf.nmap_base = "nmap-os-fingerprints"
fpr = nmap_fp(t, oport=port, cport=1)
print(fpr)
def host_discovery(range):
gw = conf.route.route("0.0.0.0")[2]
print(Fore.GREEN + "Gateway :: ", gw)
gw = gw + range
send_arp = arping(gw, timeout=4, verbose=True)
def portscan():
t = str(input("Target host to scan:"))
start = int(input("Start-port {range}>>"))
end = int(input("End-port {range}>>"))
opens = []
filters = []
for p in range(start, end + 1):
src_p = random.randint(1025, 65534)
packet = sr1(scapy.layers.inet.IP(dst=t) / TCP(sport=src_p, dport=p, flags="S"), timeout=1, verbose=0)
if packet is None:
print(f"{t}:{p} is filtered")
filters.append(p)
elif packet.haslayer(TCP):
if packet.getlayer(TCP).flags == 0x12:
sr(scapy.layers.inet.IP(dst=t) / TCP(sport=src_p, dport=p, flags='R'), timeout=1, verbose=0)
print(f"{t}:{p} is open")
opens.append(p)
elif packet.getlayer(TCP).flags == 0x14:
pass
elif packet.haslayer(TCP):
if int(packet.getlayer(ICMP).type) == 3 and int(packet.getlayer(ICMP).code) in [1, 2, 3, 9, 10, 13]:
print(f"{t}:{p} is filtered")
print("Open Ports >>", opens)
print("Filtered Ports >>", filters)
os.system("clear")
print("Network tools")
while True:
try:
print(Fore.CYAN + "\nReverse DNS Lookup:(1)")
print(Fore.CYAN + "Host Fingerprint Guess(2)")
print(Fore.CYAN + "Host discovery On Local Network(3)")
print(Fore.CYAN + "Port Scan [TCP-STEALTH](4)")
choose = int(input(Fore.RED + "\nChoose the Tool :: "))
if choose > 4 or choose < 1:
print("Input is not valid number!!!")
pass
elif choose == 1:
ip = input(Fore.RED + "IP addr to reverse dns look-up => ")
reverseName(ip)
elif choose == 2:
t = input(Fore.RED + "Target addr to scan fingerprint => ")
if t[1] == "w":
t = socket.gethostbyname(t)
print(Fore.BLUE + t)
else:
print(Fore.GREEN + t)
port = int(input(Fore.RED + "Target scan port => "))
port = str(port)
print(Fore.GREEN + port)
port = int(port)
host_fingerprint(t, port)
elif choose == 3:
rge = str(input("range; example: /16 - /24 => "))
try:
if rge[0] != "/":
print(Fore.RED + "missing {/}")
elif int(rge[1:3]) > 32:
print("cant more than (32)")
else:
host_discovery(rge)
except KeyboardInterrupt:
print(Fore.RED + "Quit")
sys.exit()
elif choose == 4:
print(Fore.GREEN + "#############\nTCP-STEALTH SCAN\n#############\nClosed Ports Wont Show Up\n")
portscan()
print("Scan is done")
except ValueError:
print("Empty input entered")
except KeyboardInterrupt:
print(Fore.RED + "\nQuit")
time.sleep(2)
os.system("clear")
sys.exit()