1
    #!/usr/bin/python
2
# -*- coding: utf-8 -*-
3
'Port Scanner (Build Your Own Botnet)'
4

5
# standard libarary
6
import os
7
import sys
8
import json
9
import socket
10
if sys.version_info[0] > 2:
11
    from queue import Queue
12
else:
13
    from Queue import Queue
14
import subprocess
15

16
# utilities
17
import util
18

19
# globals
20
packages = []
21
platforms = ['win32','linux2','darwin']
22
results = {}
23
threads = {}
24
targets = []
25
tasks = Queue()
26
usage = 'portscanner [target]'
27
desciription = """
28
Scan a target IP/subnet for open ports and grab any service banners
29
"""
30

31
ports = {
32
  "666": {
33
    "protocol": "doom", 
34
    "service": "#Doom Id Software"
35
  }, 
36
  "1512": {
37
    "protocol": "wins", 
38
    "service": "#Microsoft Windows Internet Name Service"
39
  }, 
40
  "137": {
41
    "protocol": "netbios-ns", 
42
    "service": "nbname #NETBIOS Name Service"
43
  }, 
44
  "135": {
45
    "protocol": "epmap", 
46
    "service": "loc-srv #DCE endpoint resolution"
47
  }, 
48
  "139": {
49
    "protocol": "netbios-ssn", 
50
    "service": "nbsession #NETBIOS Session Service"
51
  }, 
52
  "3389": {
53
    "protocol": "ms-wbt-server", 
54
    "service": "#MS WBT Server"
55
  }, 
56
  "2525": {
57
    "protocol": "ms-v-worlds", 
58
    "service": "#Microsoft V-Worlds"
59
  }, 
60
  "25": {
61
    "protocol": "smtp", 
62
    "service": "mail #Simple Mail Transfer Protocol"
63
  }, 
64
  "691": {
65
    "protocol": "msexch-routing", 
66
    "service": "#MS Exchange Routing"
67
  }, 
68
  "20": {
69
    "protocol": "ftp-data", 
70
    "service": "#FTP, data"
71
  }, 
72
  "21": {
73
    "protocol": "ftp", 
74
    "service": "#FTP. control"
75
  }, 
76
  "22": {
77
    "protocol": "ssh", 
78
    "service": "#SSH Remote Login Protocol"
79
  }, 
80
  "23": {
81
    "protocol": "telnet", 
82
    "service": ""
83
  }, 
84
  "2869": {
85
    "protocol": "icslap", 
86
    "service": ""
87
  }, 
88
  "3126": {
89
    "protocol": "ms-dotnetster", 
90
    "service": "#Microsoft .NET ster port"
91
  }, 
92
  "2383": {
93
    "protocol": "ms-olap4", 
94
    "service": "#Microsoft OLAP 4"
95
  }, 
96
  "1944": {
97
    "protocol": "close-combat", 
98
    "service": ""
99
  }, 
100
  "543": {
101
    "protocol": "klogin", 
102
    "service": "#Kerberos login"
103
  }, 
104
  "540": {
105
    "protocol": "uucp", 
106
    "service": "uucpd"
107
  }, 
108
  "546": {
109
    "protocol": "dhcpv6-client", 
110
    "service": "#DHCPv6 Client"
111
  }, 
112
  "547": {
113
    "protocol": "dhcpv6-server", 
114
    "service": "#DHCPv6 Server"
115
  }, 
116
  "544": {
117
    "protocol": "kshell", 
118
    "service": "krcmd #Kerberos remote shell"
119
  }, 
120
  "47624": {
121
    "protocol": "directplaysrvr", 
122
    "service": "#Direct Play Server"
123
  }, 
124
  "548": {
125
    "protocol": "afpovertcp", 
126
    "service": "#AFP over TCP"
127
  }, 
128
  "349": {
129
    "protocol": "mftp", 
130
    "service": ""
131
  }, 
132
  "995": {
133
    "protocol": "pop3s", 
134
    "service": "spop3 #pop3 protocol over TLS/SSL (was spop3)"
135
  }, 
136
  "994": {
137
    "protocol": "ircs", 
138
    "service": "#IRC protocol over TLS/SSL"
139
  }, 
140
  "2460": {
141
    "protocol": "ms-theater", 
142
    "service": ""
143
  }, 
144
  "990": {
145
    "protocol": "ftps", 
146
    "service": "#FTP control, over TLS/SSL"
147
  }, 
148
  "993": {
149
    "protocol": "imaps", 
150
    "service": "#IMAP4 protocol over TLS/SSL"
151
  }, 
152
  "992": {
153
    "protocol": "telnets", 
154
    "service": "#Telnet protocol over TLS/SSL"
155
  }, 
156
  "1155": {
157
    "protocol": "nfa", 
158
    "service": "#Network File Access"
159
  }, 
160
  "2704": {
161
    "protocol": "sms-remctrl", 
162
    "service": "#SMS REMCTRL"
163
  }, 
164
  "2701": {
165
    "protocol": "sms-rcinfo", 
166
    "service": "#SMS RCINFO"
167
  }, 
168
  "2703": {
169
    "protocol": "sms-chat", 
170
    "service": "#SMS CHAT"
171
  }, 
172
  "2702": {
173
    "protocol": "sms-xfer", 
174
    "service": "#SMS XFER"
175
  }, 
176
  "3132": {
177
    "protocol": "ms-rule-engine", 
178
    "service": "#Microsoft Business Rule Engine Update Service"
179
  }, 
180
  "5679": {
181
    "protocol": "dccm", 
182
    "service": "#Direct Cable Connect Manager"
183
  }, 
184
  "53": {
185
    "protocol": "domain", 
186
    "service": "#Domain Name Server"
187
  }, 
188
  "2394": {
189
    "protocol": "ms-olap2", 
190
    "service": "#Microsoft OLAP 2"
191
  }, 
192
  "532": {
193
    "protocol": "netnews", 
194
    "service": "readnews"
195
  }, 
196
  "531": {
197
    "protocol": "conference", 
198
    "service": "chat"
199
  }, 
200
  "530": {
201
    "protocol": "courier", 
202
    "service": "rpc"
203
  }, 
204
  "593": {
205
    "protocol": "http-rpc-epmap", 
206
    "service": "#HTTP RPC Ep Map"
207
  }, 
208
  "989": {
209
    "protocol": "ftps-data", 
210
    "service": "#FTP data, over TLS/SSL"
211
  }, 
212
  "3776": {
213
    "protocol": "dvcprov-port", 
214
    "service": "#Device Provisioning Port"
215
  }, 
216
  "194": {
217
    "protocol": "irc", 
218
    "service": "#Internet Relay Chat Protocol"
219
  }, 
220
  "88": {
221
    "protocol": "kerberos", 
222
    "service": "krb5 kerberos-sec #Kerberos"
223
  }, 
224
  "111": {
225
    "protocol": "sunrpc", 
226
    "service": "rpcbind portmap #SUN Remote Procedure Call"
227
  }, 
228
  "110": {
229
    "protocol": "pop3", 
230
    "service": "#Post Office Protocol - Version 3"
231
  }, 
232
  "113": {
233
    "protocol": "auth", 
234
    "service": "ident tap #Identification Protocol"
235
  }, 
236
  "80": {
237
    "protocol": "http", 
238
    "service": "www www-http #World Wide Web"
239
  }, 
240
  "81": {
241
    "protocol": "hosts2-ns", 
242
    "service": "#HOSTS2 Name Server"
243
  }, 
244
  "119": {
245
    "protocol": "nntp", 
246
    "service": "usenet #Network News Transfer Protocol"
247
  }, 
248
  "118": {
249
    "protocol": "sqlserv", 
250
    "service": "#SQL Services"
251
  }, 
252
  "522": {
253
    "protocol": "ulp", 
254
    "service": ""
255
  }, 
256
  "1711": {
257
    "protocol": "pptconference", 
258
    "service": ""
259
  }, 
260
  "3020": {
261
    "protocol": "cifs", 
262
    "service": ""
263
  }, 
264
  "1524": {
265
    "protocol": "ingreslock", 
266
    "service": "ingres"
267
  }, 
268
  "1270": {
269
    "protocol": "opsmgr", 
270
    "service": "#Microsoft Operations Manager"
271
  }, 
272
  "526": {
273
    "protocol": "tempo", 
274
    "service": "newdate"
275
  }, 
276
  "2382": {
277
    "protocol": "ms-olap3", 
278
    "service": "#Microsoft OLAP 3"
279
  }, 
280
  "520": {
281
    "protocol": "efs", 
282
    "service": "#Extended File Name Server"
283
  }, 
284
  "2177": {
285
    "protocol": "qwave", 
286
    "service": "#QWAVE"
287
  }, 
288
  "7": {
289
    "protocol": "echo", 
290
    "service": ""
291
  }, 
292
  "529": {
293
    "protocol": "irc-serv", 
294
    "service": ""
295
  }, 
296
  "2393": {
297
    "protocol": "ms-olap1", 
298
    "service": "#Microsoft OLAP 1"
299
  }, 
300
  "3847": {
301
    "protocol": "msfw-control", 
302
    "service": "#Microsoft Firewall Control"
303
  }, 
304
  "3587": {
305
    "protocol": "p2pgroup", 
306
    "service": "#Peer to Peer Grouping"
307
  }, 
308
  "443": {
309
    "protocol": "https", 
310
    "service": "MCom #HTTP over TLS/SSL"
311
  }, 
312
  "7680": {
313
    "protocol": "ms-do", 
314
    "service": "#Microsoft Delivery Optimization"
315
  }, 
316
  "445": {
317
    "protocol": "microsoft-ds", 
318
    "service": ""
319
  }, 
320
  "109": {
321
    "protocol": "pop2", 
322
    "service": "postoffice #Post Office Protocol - Version 2"
323
  }, 
324
  "102": {
325
    "protocol": "iso-tsap", 
326
    "service": "#ISO-TSAP Class 0"
327
  }, 
328
  "389": {
329
    "protocol": "ldap", 
330
    "service": "#Lightweight Directory Access Protocol"
331
  }, 
332
  "101": {
333
    "protocol": "hostname", 
334
    "service": "hostnames #NIC Host Name Server"
335
  }, 
336
  "4350": {
337
    "protocol": "net-device", 
338
    "service": "#Net Device"
339
  }, 
340
  "107": {
341
    "protocol": "rtelnet", 
342
    "service": "#Remote Telnet Service"
343
  }, 
344
  "1434": {
345
    "protocol": "ms-sql-m", 
346
    "service": "#Microsoft-SQL-Monitor"
347
  }, 
348
  "1433": {
349
    "protocol": "ms-sql-s", 
350
    "service": "#Microsoft-SQL-Server"
351
  }, 
352
  "37": {
353
    "protocol": "time", 
354
    "service": "timserver"
355
  }, 
356
  "1723": {
357
    "protocol": "pptp", 
358
    "service": "#Point-to-point tunnelling protocol"
359
  }, 
360
  "6073": {
361
    "protocol": "directplay8", 
362
    "service": "#DirectPlay8"
363
  }, 
364
  "513": {
365
    "protocol": "login", 
366
    "service": "#Remote Login"
367
  }, 
368
  "512": {
369
    "protocol": "exec", 
370
    "service": "#Remote Process Execution"
371
  }, 
372
  "515": {
373
    "protocol": "printer", 
374
    "service": "spooler"
375
  }, 
376
  "514": {
377
    "protocol": "cmd", 
378
    "service": "shell"
379
  }, 
380
  "3935": {
381
    "protocol": "sdp-portmapper", 
382
    "service": "#SDP Port Mapper Protocol"
383
  }, 
384
  "9535": {
385
    "protocol": "man", 
386
    "service": "#Remote Man Server"
387
  }, 
388
  "3269": {
389
    "protocol": "msft-gc-ssl", 
390
    "service": "#Microsoft Global Catalog with LDAP/SSL"
391
  }, 
392
  "179": {
393
    "protocol": "bgp", 
394
    "service": "#Border Gateway Protocol"
395
  }, 
396
  "3268": {
397
    "protocol": "msft-gc", 
398
    "service": "#Microsoft Global Catalog"
399
  }, 
400
  "1900": {
401
    "protocol": "ssdp", 
402
    "service": ""
403
  }, 
404
  "170": {
405
    "protocol": "print-srv", 
406
    "service": "#Network PostScript"
407
  }, 
408
  "554": {
409
    "protocol": "rtsp", 
410
    "service": "#Real Time Stream Control Protocol"
411
  }, 
412
  "2053": {
413
    "protocol": "knetd", 
414
    "service": "#Kerberos de-multiplexor"
415
  }, 
416
  "1731": {
417
    "protocol": "msiccp", 
418
    "service": ""
419
  }, 
420
  "158": {
421
    "protocol": "pcmail-srv", 
422
    "service": "#PCMail Server"
423
  }, 
424
  "507": {
425
    "protocol": "crs", 
426
    "service": "#Content Replication System"
427
  }, 
428
  "1034": {
429
    "protocol": "activesync", 
430
    "service": "#ActiveSync Notifications"
431
  }, 
432
  "568": {
433
    "protocol": "ms-shuttle", 
434
    "service": "#Microsoft shuttle"
435
  }, 
436
  "569": {
437
    "protocol": "ms-rome", 
438
    "service": "#Microsoft rome"
439
  }, 
440
  "636": {
441
    "protocol": "ldaps", 
442
    "service": "sldap #LDAP over TLS/SSL"
443
  }, 
444
  "464": {
445
    "protocol": "kpasswd", 
446
    "service": "# Kerberos (v5)"
447
  }, 
448
  "563": {
449
    "protocol": "nntps", 
450
    "service": "snntp #NNTP over TLS/SSL"
451
  }, 
452
  "565": {
453
    "protocol": "whoami", 
454
    "service": ""
455
  }, 
456
  "1863": {
457
    "protocol": "msnp", 
458
    "service": ""
459
  }, 
460
  "3074": {
461
    "protocol": "xbox", 
462
    "service": "#Microsoft Xbox game port"
463
  }, 
464
  "11": {
465
    "protocol": "systat", 
466
    "service": "users #Active users"
467
  }, 
468
  "13": {
469
    "protocol": "daytime", 
470
    "service": ""
471
  }, 
472
  "17": {
473
    "protocol": "qotd", 
474
    "service": "quote #Quote of the day"
475
  }, 
476
  "3882": {
477
    "protocol": "msdts1", 
478
    "service": "#DTS Service Port"
479
  }, 
480
  "19": {
481
    "protocol": "chargen", 
482
    "service": "ttytst source #Character generator"
483
  }, 
484
  "117": {
485
    "protocol": "uucp-path", 
486
    "service": ""
487
  }, 
488
  "1745": {
489
    "protocol": "remote-winsock", 
490
    "service": ""
491
  }, 
492
  "9753": {
493
    "protocol": "rasadv", 
494
    "service": ""
495
  }, 
496
  "2106": {
497
    "protocol": "mzap", 
498
    "service": "#Multicast-Scope Zone Announcement Protocol"
499
  }, 
500
  "1109": {
501
    "protocol": "kpop", 
502
    "service": "#Kerberos POP"
503
  }, 
504
  "150": {
505
    "protocol": "sql-net", 
506
    "service": ""
507
  }, 
508
  "156": {
509
    "protocol": "sqlsrv", 
510
    "service": ""
511
  }, 
512
  "749": {
513
    "protocol": "kerberos-adm", 
514
    "service": "#Kerberos administration"
515
  }, 
516
  "556": {
517
    "protocol": "remotefs", 
518
    "service": "rfs rfs_server"
519
  }, 
520
  "11320": {
521
    "protocol": "imip-channels", 
522
    "service": "#IMIP Channels Port"
523
  }, 
524
  "3535": {
525
    "protocol": "ms-la", 
526
    "service": "#Microsoft Class Server"
527
  }, 
528
  "5678": {
529
    "protocol": "rrac", 
530
    "service": "#Remote Replication Agent Connection"
531
  }, 
532
  "5357": {
533
    "protocol": "wsd", 
534
    "service": "#Web Services on devices"
535
  }, 
536
  "5355": {
537
    "protocol": "llmnr", 
538
    "service": "#LLMNR"
539
  }, 
540
  "3343": {
541
    "protocol": "ms-cluster-net", 
542
    "service": "#Microsoft Cluster Net"
543
  }, 
544
  "5720": {
545
    "protocol": "ms-licensing", 
546
    "service": "#Microsoft Licensing"
547
  }, 
548
  "42": {
549
    "protocol": "nameserver", 
550
    "service": "name #Host Name Server"
551
  }, 
552
  "43": {
553
    "protocol": "nicname", 
554
    "service": "whois"
555
  }, 
556
  "5358": {
557
    "protocol": "wsd", 
558
    "service": "#Web Services on devices"
559
  }, 
560
  "322": {
561
    "protocol": "rtsps", 
562
    "service": ""
563
  }, 
564
  "1110": {
565
    "protocol": "nfsd-status", 
566
    "service": "#Cluster status info"
567
  }, 
568
  "9": {
569
    "protocol": "discard", 
570
    "service": "sink null"
571
  }, 
572
  "1755": {
573
    "protocol": "ms-streaming", 
574
    "service": ""
575
  }, 
576
  "2504": {
577
    "protocol": "wlbs", 
578
    "service": "#Microsoft Windows Load Balancing Server"
579
  }, 
580
  "2725": {
581
    "protocol": "msolap-ptp2", 
582
    "service": "#MSOLAP PTP2"
583
  }, 
584
  "143": {
585
    "protocol": "imap", 
586
    "service": "imap4 #Internet Message Access Protocol"
587
  }, 
588
  "612": {
589
    "protocol": "hmmp-ind", 
590
    "service": "#HMMP Indication"
591
  }, 
592
  "613": {
593
    "protocol": "hmmp-op", 
594
    "service": "#HMMP Operation"
595
  }, 
596
  "4500": {
597
    "protocol": "ipsec-msft", 
598
    "service": "#Microsoft IPsec NAT-T"
599
  }, 
600
  "70": {
601
    "protocol": "gopher", 
602
    "service": ""
603
  }, 
604
  "3702": {
605
    "protocol": "ws-discovery", 
606
    "service": "#WS-Discovery"
607
  }, 
608
  "79": {
609
    "protocol": "finger", 
610
    "service": ""
611
  }, 
612
  "3544": {
613
    "protocol": "teredo", 
614
    "service": "#Teredo Port"
615
  }, 
616
  "3540": {
617
    "protocol": "pnrp-port", 
618
    "service": "#PNRP User Port"
619
  }, 
620
  "1801": {
621
    "protocol": "msmq", 
622
    "service": "#Microsoft Message Queue"
623
  }, 
624
  "2234": {
625
    "protocol": "directplay", 
626
    "service": "#DirectPlay"
627
  }, 
628
  "1607": {
629
    "protocol": "stt", 
630
    "service": ""
631
  }, 
632
  "1477": {
633
    "protocol": "ms-sna-server", 
634
    "service": ""
635
  }, 
636
  "1478": {
637
    "protocol": "ms-sna-base", 
638
    "service": ""
639
  }, 
640
  "800": {
641
    "protocol": "mdbs_daemon", 
642
    "service": ""
643
  },
644
  "3306": {
645
    "protocol": "mysql",
646
    "service": "#MySQL Database Server"
647
  }
648
}
649

650

651
def _ping(host):
652
    global results
653
    try:
654
        if host not in results:
655
            if subprocess.call("ping -{} 1 -W 90 {}".format('n' if os.name == 'nt' else 'c', host), 0, None, subprocess.PIPE, subprocess.PIPE, subprocess.PIPE, shell=True) == 0:
656
                results[host] = {}
657
                return True
658
            else:
659
                return False
660
        else:
661
            return True
662
    except Exception as e:
663
        util.log(str(e))
664
        return False
665

666

667
@util.threaded
668
def _threader():
669
    while True:
670
        global tasks
671
        try:
672
            method, task = tasks.get_nowait()
673
            if callable(method):
674
                _ = method(task)
675
            tasks.task_done()
676
        except:
677
            break
678

679

680
def _scan(target):
681
    global ports
682
    global results
683

684
    try:
685
        data = None
686
        host, port = target
687
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
688
        sock.settimeout(1.0)
689
        sock.connect((str(host), int(port)))
690

691
        try:
692
            data = sock.recv(1024)
693
        except (socket.error, socket.timeout):
694
            pass
695

696
        sock.close()
697

698
        if data:
699
            data = ''.join([i for i in data if i in ([chr(n) for n in range(32, 123)])])
700
            data = data.splitlines()[0] if '\n' in data else str(data if len(str(data)) <= 80 else data[:77] + '...')
701
            item = {str(port) : {'protocol': ports[str(port)]['protocol'], 'service': data, 'state': 'open'}}
702
        else:
703
            item = {str(port) : {'protocol': ports[str(port)]['protocol'], 'service': ports[str(port)]['service'], 'state': 'open'}}
704

705
        results.get(host).update(item)
706

707
    except (socket.error, socket.timeout):
708
        pass
709
    except Exception as e:
710
        util.log("{} error: {}".format(_scan.__name__, str(e)))
711

712

713
def run(target='192.168.1.1', ports=[21,22,23,25,80,110,111,135,139,443,445,554,993,995,1433,1434,3306,3389,8000,8008,8080,8888]):
714
    """
715
    Run a portscan against a target hostname/IP address
716

717
    `Optional`
718
    :param str target: Valid IPv4 address
719
    :param list ports: Port numbers to scan on target host
720
    :returns: Results in a nested dictionary object in JSON format
721

722
    Returns onlne targets & open ports as key-value pairs in dictionary (JSON) object
723

724
    """
725
    global tasks
726
    global threads
727
    global results
728
    if not util.ipv4(target):
729
        raise ValueError("target is not a valid IPv4 address")
730
    if _ping(target):
731
        for port in ports:
732
            tasks.put_nowait((_scan, (target, port)))
733
        for i in range(1, tasks.qsize()):
734
            threads['portscan-%d' % i] = _threader()
735
        for t in threads:
736
            threads[t].join()
737
        return json.dumps(results[target])
738
    else:
739
        return "Target offline"
740

741