|
| 1 | +#!/usr/bin/python |
| 2 | +# -*- coding: utf-8 -*- |
| 3 | +import socket |
| 4 | +import optparse |
| 5 | + |
| 6 | + |
| 7 | +def get_banner(ip, port, timeout): |
| 8 | + """ |
| 9 | + Open socket connection to given ip:port and |
| 10 | + read first 1024 bytes from open socket connection |
| 11 | + """ |
| 12 | + socket.setdefaulttimeout(timeout) |
| 13 | + s = socket.socket() |
| 14 | + try: |
| 15 | + s.connect((ip, port)) |
| 16 | + ans = s.recv(1024) |
| 17 | + return ans |
| 18 | + except Exception, e: |
| 19 | + print("[-] Error {}:{} = {}".format(ip, port, e)) |
| 20 | + return None |
| 21 | + |
| 22 | +def check_vulnerabilities(banner, filename): |
| 23 | + """ |
| 24 | + From given banner, check if from "filename" theres is any match |
| 25 | + """ |
| 26 | + with open(filename, 'r') as f: |
| 27 | + for line in f.readlines(): |
| 28 | + if line.strip('\n') in banner: |
| 29 | + print "[+] Server is vulnerable: {}".format(banner.strip('\n')) |
| 30 | + |
| 31 | + |
| 32 | +if __name__ == '__main__': |
| 33 | + parser = optparse.OptionParser('usage %prog -n <network> -t <type of probe>') |
| 34 | + parser.add_option('-n', dest='network', type='string', default="192.168.1.X", help='specify network to search on (default: "192.168.0.X"') |
| 35 | + parser.add_option('--start_subnet', dest='start_subnet', type='int', default=1, help='specify which subnet should the scan start (default: "1"') |
| 36 | + parser.add_option('--end_subnet', dest='end_subnet', type='int', default=254, help='specify which subnet should the scan stop (default: "254"') |
| 37 | + # test telnet, ssh, smtp, http, imap and https ports |
| 38 | + parser.add_option('-p', dest='ports', type='string', default="21, 22, 25, 80, 110, 443", help='specify list of ports, separed by comma (default: "21, 22, 25, 80, 110, 443"') |
| 39 | + parser.add_option('--vul_filename', dest='vulnerabilities_filename', type='string', default="banners.txt", help='default file with list of vulnerabilities to compare (default: "banners.txt"') |
| 40 | + parser.add_option('--socket_timeout', dest='socket_timeout', type='int', default=2, help='default socket connection timeout (default: "2" seconds') |
| 41 | + (options, args) = parser.parse_args() |
| 42 | + |
| 43 | + # generate list of all possible ip's on subnet 192.168.1.0/24 |
| 44 | + subnet = options.network.lower() |
| 45 | + subnet_string = subnet.replace("x", "{}") |
| 46 | + ip_list = map(lambda ip: subnet_string.format(ip), range(options.start_subnet, options.end_subnet)) |
| 47 | + # test ports telnet, ssh, smtp, http, imap and https |
| 48 | + port_list = map(int, filter(None, map(lambda p: p.strip(), options.ports.split(",")))) |
| 49 | + |
| 50 | + print("[*] Testing subnet of {} for {} ports: {}".format(subnet_string, len(port_list), options.ports)) |
| 51 | + for ip in ip_list: |
| 52 | + for port in port_list: |
| 53 | + banner = get_banner(ip, port, timeout=options.socket_timeout) |
| 54 | + if banner: |
| 55 | + print("[+] Checking {}:{}".format(ip, port)) |
| 56 | + check_vulnerabilities(banner, filename=options.vul_filename) |
| 57 | + |
0 commit comments