GeekTechStuff

Today I am having a quick play with the socket library in Python, and using it on my Rasperry Pi as a port scanner to check for vulnerabilities on devices connected to my home network. Yes, I know there are other tools available (such as nmap) that can do this but I wanted to see socket in action.

Before proceeding I need to make this very clear:

DO NOT USE THE BELOW INFORMATION TO ATTACK, MONITOR OR BREAK INTO ANY COMPUTER / NETWORK / DEVICE THAT DOES NOT BELONG TO YOU. I TAKE NO RESPONSIBILITY FOR YOUR ACTIONS.

Devices generally use TCP or UDP when talking to other devices over a network and when using TCP or UDP they have predefined ports for certain regular tasks, and custom ports for non-regular (or custom tasks).

For the port_test function I am going to scan for the following ports:

20 – FTP

21 – FTP Control

22 – SSH / SFTP / SCP

23 – Telnet

25 – SMTP

53 – DNS

79 – Finger

88 – Kerberos

389 – LDAP

515 – Print sharing

I don’t expect my Macbook to be advertising / publicising the majority of the above.

import socket

def port_test(IP_USER_INPUT):
    s = socket.socket()
    ip_address = IP_USER_INPUT
    ports =[20,21,22,23,25,53,79,88,389,515]
    for PORT in ports:
        print(“Testing IP: “,ip_address, PORT)
        try:
            s.connect((ip_address,PORT))
            response = s.recv(1024)
            print(“”)
            print(“Info for port “,PORT)
            print(response)
            print(“”)
            s.close
        except:
            print(“error connecting to port “, PORT)

port_test(“IP_ADDRESS“)

Running the port_test function against my MacBook (currently on local address 192.168.0.11) with SSH enabled gives the following result:

So with the SSH enabled the port_scan function connects and gets a response, and (as expected) the other ports fail to connect.

For more information of ports and what services generally run on them:

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

https://support.apple.com/en-gb/HT202944