import socket
from IPy import IP
#multiple targets
targets = input('Enter target/s use comma to split target: ') #type in ip address
#use nslookup to find ip address of website and use www. nslookup (www.gb.facebook.com/)
def scan(target):
converted_ip = check_ip(target)
print('\n' + 'Scanning Targer' + ' ' +str(target) )
for port in range(75,81):
scan_port(converted_ip, port)
def check_ip(ip):
try:
IP(ip) #converts to ip address
return ip
except ValueError:
return socket.gethostbyname(ip) #converts website name to ip address
def get_banner(s):
return s.recv(2048)
def scan_port(ip_address, port):
try:
sock = socket.socket()
sock.settimeout(10)#this is how long to look for the port however the accuracy of the port will be low
sock.connect((ip_address,port)) #connect to ip address
try:
banner = get_banner(sock)
print('port'+ str(port) +'is open and banner is open' + str(banner.decode().strip('\n')))
except:
print('port'+ str(port) +'is open')
except:
pass
#converted_ip = check_ip(ip_address)
if ',' in targets:
for ip_add in targets.spilt(','): #words spilt with comma
scan(ip_add.strip(' ')) #removes empty spaces
else:
scan(targets)
I tried to banner grab a website and I got this error:
Enter target/s use comma to split target: testphp.vulweb.com
Scanning Targer testphp.vulweb.com
port80is open and banner is openHTTP/1.0 408 Request Time-out
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<html><body><h1>408 Request Time-out</h1>
Your browser didn't send a complete request in time.
</body></html>
I tried in increasing the sock.settimeout() to increase the time taken to find the 'banner' but this came up and when i reduced the time taken to find the 'banner' it didn't find it at all, any tips are appreciated
Look at the error it return: Your browser didn't send a complete request in time.
Try to complete you HTTP request, like so:
def get_banner(s, target):
# target is dns host name, ie "testphp.vulweb.com"
headers = \
"GET / HTTP/1.1\r\n" \
f"Host: {target}\r\n" \
"User-Agent: python-custom-script/2.22.0\r\n" \
"Accept-Encoding: gzip, deflate\r\nAccept: */*\r\n" \
"Connection: keep-alive\r\n\r\n"
print("\n\n" + headers)
s.send(headers.encode()) # send request
resp = s.recv(2048) # receive response
return resp
ā make notice you have to pass target as Host header
the output would be:
Scanning Targer testphp.vulweb.com, ip: 70.32.1.32, port: 80
GET / HTTP/1.1
Host: testphp.vulweb.com
User-Agent: python-custom-script/2.22.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
port 80 is open and banner is openHTTP/1.1 302 Found
Date: Sun, 25 Oct 2020 22:06:45 GMT
Server: Apache/2.4.25 (Debian)
Set-Cookie: __tad=1603663605.4398154; expires=Wed, 23-Oct-2030 22:06:45 GMT; Max-Age=315360000
Location: http://ww1.testphp.vulweb.com/?sub1=20201026-0906-4558-946c-192d28ec2089
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
make notice it return 302 (redirect) status code, so probably (depends on your goals) you would need to follow url at Location response header