portScanner.py

#!/usr/bin/python
# Benjamin Day

import socket
import re
import os
from datetime import datetime
import subprocess
from threading import Lock
import concurrent.futures


def checkport(target, port):
    # Create socket
    p = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    # Try to connect, proceed to send banner request if connection established
    try:
        p.connect((target, port))
    except Exception:
        return False
    else:
        # Send head command to connected port to get banner if needed
        p.send(b"HEAD / HTTP/1.1\r\n") 
        banner = p.recv(3000).decode()

        # Mutex lock to prevent threads from printing at the same time. Only one thread will print at a time.
        with lock:
            # Confirm that banner messages were sent
            if "Server:" in banner:
                # Regex the name of the service from the banner 
                service = re.search('Welcome to the lab\nServer: (.*)\nDate:', banner).group(1)
                if service != None:
                    
                    # Print ports that were found in bold
                    print(f"\033[1m{target} - {port} - {service}\033[0m")

                    # Run os.system for searchsploit to print to terminal (color enabled)
                    exploits = os.system(f'searchsploit {service}')
                    print(f'{exploits}\n\n')

                    f.write(f"*** {target} - {port} - {service} ***\n")
                    # Command to be passed to the subrocess to use searchsploit
                    cmd = ["searchsploit", service, "--disable-colour"]
                    # Use subprocess to get non-colored output for file
                    out = subprocess.run(cmd, stdout=subprocess.PIPE, text=True) 
                    # Write results to file
                    f.write(f'{out.stdout}\n\n\n')
                    return

    
# Open file to write to
currenttime = datetime.now()
filename = currenttime.strftime("bannergrab_%m%d%Y_%H%M.txt")
hosts = ["10.0.2.15", "10.0.3.15"]

# Initialize mutex lock for threading
lock = Lock()

with open(filename, 'a') as f:
    for host in hosts:
        # Create a thread of three pools to scan the ports
        with concurrent.futures.ThreadPoolExecutor(max_workers=3) as executor:
            # Threads will run the checkport function with the given inputs and up to the given range.
            threads = futures = [executor.submit(checkport, host, port) for port in range(65535)]