PortScanner
Introduction
Network scanning is the process of scanning a network to determine if a host address is alive on the network. The simplest method of doing this is attempting to open a socket for each address in a range. First step of any situation is defining the problem as best we can.
Problem
We need to determine what the hosts alive on a network are. To do this we have to figure out a couple of different aspects:
- What are the possible hosts on the network?
- This can be answered by determining the network subnet. Assuming you are already connected to a network this should be fairly straight-forward, but it would be best to ask the user what the target network and subnet would be.
- Which hosts on the network are alive?
- The simplest method of accomplishing this is simply trying to open a socket at any given port on each possible target iteratively. Ideally, we would be able to probe specific ports to determine if a port is open.
- Which ports are open on live hosts?
- We addressed this a bit on the last question. What we need to accomplish for identifying specific ports is to open a socket against a specific port. In order to determine if specific ports are open we have to test them iteratively on each possible target.
PseudoCode Solution
At this point we have got enough data to start putting together a solution. We will write this out with some PseudoCode.
The thing that we need to do the most based on our problem above is opening a socket against a specific port on a specific target. To accomplish that we will define a function that allows us to make such an attempt. The function will return a true or false based on whether or not the port is open.
Function bool OpenSocket(target, port):
connection = socket.connect(target, port)
if (connection is success):
return True
else:
return False
That function will serve the core functionality of our program. In truth, if we wanted to at this point we could run our program by re-coding the function for each target and port manually, and noting the data by hand. That would be rather cumbersome, however, so we will expand on this by getting some data from us that the application can use to automate that process.
Function void GetInformation():
print "What network would you like to scan?"
print "Please put it in the form of 192.168.1.0/24"
network = User_Input
subnet = network value after "/"
network = network value before "/"
print "What Ports would you like to scan? (Comma Separated)"
Ports = User_Input split on "comma" in list
This function will get the address space of our target network, separate that into network address and subnet, and it will create a list of ports that we can run against each host.
Now we need to turn that data into useful information and start the scanning process.
Function Scan():
network_octets = list of the octets in the network address
subnet_range = 2^(32-subnet)
Octet_ranges = a list of tuples of the lower and upper bounds of each octet.
for range in reversed(Octet_ranges):
if (subnet_range-256 > 0):
range[0] = 0
range[1] = 255
subnet_range = subnet_range-256
else if (subnet_range-256 < 0 and subnet_range > 0):
range[0] = 256-subnet_range
range[1] = 255
else:
range[0] = range[1] = Octet_ranges[current value]
for octet1 in range(Octet_ranges[0][0], Octet_ranges[0][1]):
for octet2 in range(Octet_ranges[1][0], Octet_ranges[1][1]):
for octet3 in range(Octet_ranges[2][0], Octet_ranges[2][1]):
for octet4 in range(Octet_ranges[3][0], Octet_ranges[3][1]):
ip = join(octet1, octet2, octet3, octet4) with a "." between them
for port in Ports:
if (OpenSocket(ip, port) returns true):
print "Port # is open on <ip address>"
else:
Continue
At this point the scanner will be able to accomplish all of the things we need to accomplish. This final function will generate the IP addresses and check sockets against each one. This is a very simple solution, it is not efficient. It will, however, give us the basics we need to understand how port-scanners we will use work (Programs like masscan and nmap work largely the same way, just with much more efficiency and data processing).
Python Solution
Now, we will write the program in Python. This is not the most efficient language for this, but it is a common one that lends itself well to a lot of different situations.
The Python solution can be found at my [PortScanner] repo on Gitlab.
