Today I am having a quick play with the socket library in Python, and using it on my Rasperry Pi as a port scanner to check for vulnerabilities on devices connected to my home network. Yes, I know there are other tools available (such as nmap) that can do this but I wanted to see socket in action.
Before proceeding I need to make this very clear:
DO NOT USE THE BELOW INFORMATION TO ATTACK, MONITOR OR BREAK INTO ANY COMPUTER / NETWORK / DEVICE THAT DOES NOT BELONG TO YOU. I TAKE NO RESPONSIBILITY FOR YOUR ACTIONS.
Devices generally use TCP or UDP when talking to other devices over a network and when using TCP or UDP they have predefined ports for certain regular tasks, and custom ports for non-regular (or custom tasks).
For the port_test function I am going to scan for the following ports:
20 – FTP
21 – FTP Control
22 – SSH / SFTP / SCP
23 – Telnet
25 – SMTP
53 – DNS
79 – Finger
88 – Kerberos
389 – LDAP
515 – Print sharing
I don’t expect my Macbook to be advertising / publicising the majority of the above.
s = socket.socket()
ip_address = IP_USER_INPUT
for PORT in ports:
print(“Testing IP: “,ip_address, PORT)
response = s.recv(1024)
print(“Info for port “,PORT)
print(“error connecting to port “, PORT)
Running the port_test function against my MacBook (currently on local address 192.168.0.11) with SSH enabled gives the following result:
So with the SSH enabled the port_scan function connects and gets a response, and (as expected) the other ports fail to connect.
For more information of ports and what services generally run on them: