1 00:00:00,480 --> 00:00:05,440 In this video you're going to learn how to code a port scanner with animate in python. 2 00:00:05,440 --> 00:00:11,610 Now if you didn't know and met this probably the most popular network scanner however and map does much 3 00:00:11,610 --> 00:00:14,310 more than basic and advanced for scanning. 4 00:00:14,310 --> 00:00:21,630 For one it has the very powerful and map scripting engine or NFC which allows you to automatically use 5 00:00:21,630 --> 00:00:28,460 and map scripts to run different vulnerability assessments and I might get into just that in an advance 6 00:00:28,470 --> 00:00:34,320 penetration testing with Python course or of course you can explore the topic yourself. 7 00:00:34,320 --> 00:00:40,350 My point here is to open your mind the possibilities enabled by combining your python skills with and 8 00:00:40,350 --> 00:00:42,520 maps capabilities. 9 00:00:42,780 --> 00:00:43,100 All right. 10 00:00:43,110 --> 00:00:49,350 So first if you don't have the internet library installed you should open up a command prompt or terminal 11 00:00:49,980 --> 00:00:54,590 and do a bit or bit three install. 12 00:00:54,660 --> 00:00:58,110 So there are big three depending on how you actually use bip 13 00:01:00,990 --> 00:01:05,190 python and map. 14 00:01:05,760 --> 00:01:11,010 I need to tell you that there are many Python libraries for an map so please make sure to install this 15 00:01:11,070 --> 00:01:12,230 exact one. 16 00:01:12,330 --> 00:01:18,000 Now to make sure it's been installed correctly so I'm not going to run this command because I already 17 00:01:18,000 --> 00:01:19,780 have Python installed in my system. 18 00:01:20,460 --> 00:01:29,970 So to make sure it is installed correctly let's open up python shell so python and then type import 19 00:01:31,370 --> 00:01:31,980 and map 20 00:01:34,740 --> 00:01:36,650 we've got no errors so we're good to go. 21 00:01:36,780 --> 00:01:39,490 So let's exit this. 22 00:01:39,950 --> 00:01:45,570 All right let's go back to the code Ed before we go into coding. 23 00:01:45,570 --> 00:01:50,910 I need to tell you that to be able to use the python library and add a map you need to have an map installed 24 00:01:50,910 --> 00:01:53,030 of course on your system. 25 00:01:53,040 --> 00:01:57,390 I already have an map installed on my system on my window assistance here. 26 00:01:57,390 --> 00:02:02,790 But if you don't have an map installed just go through and map dot org and download the version suitable 27 00:02:02,790 --> 00:02:05,120 for your operating system. 28 00:02:05,130 --> 00:02:11,430 So once again two things you need the end map scanner installed on your system and the element by phone 29 00:02:11,430 --> 00:02:12,480 library. 30 00:02:12,510 --> 00:02:14,040 Now I assume you have both. 31 00:02:14,490 --> 00:02:14,940 OK. 32 00:02:14,970 --> 00:02:21,390 Now in this video what we will do is to code a scanner that will take an IP address and scan for ports 33 00:02:21,450 --> 00:02:30,450 21 so 21 22 80 1 3 9 4 4 3 88. 34 00:02:31,890 --> 00:02:32,240 OK. 35 00:02:32,250 --> 00:02:37,010 Which usually represent a few popular services. 36 00:02:37,020 --> 00:02:42,060 Now in my visual studio based security we're going to start by importing and map. 37 00:02:42,520 --> 00:02:49,500 OK we'll also need this service module for command line arguments that will be we'll actually be providing 38 00:02:49,500 --> 00:02:58,410 the target as a command line arguments or he'll say import says all right now we'll start by creating 39 00:02:58,410 --> 00:03:03,630 a very local Target which is going to be taken from the first command line arguments always a target 40 00:03:03,810 --> 00:03:05,580 equals strength. 41 00:03:07,160 --> 00:03:12,340 Of CIS are you one all right. 42 00:03:12,590 --> 00:03:15,770 And then we're gonna create a list for the port numbers we want to scan. 43 00:03:16,280 --> 00:03:18,590 So let's save port sequels. 44 00:03:18,740 --> 00:03:26,460 I've said 21 22 80 1 3 9 4 4 3 88. 45 00:03:28,880 --> 00:03:37,300 Then we need to instantiate a scanner variable and map so scan let's say scan underscore V equals and 46 00:03:37,310 --> 00:03:43,390 map port scanner and that's it. 47 00:03:43,810 --> 00:03:45,570 No arguments. 48 00:03:45,570 --> 00:03:50,590 And then we simply scan all the ports we provided in the fourth list and for that we're going to use 49 00:03:50,590 --> 00:03:51,400 a for loop. 50 00:03:52,000 --> 00:04:01,150 But first let's actually display a nice output to the user so let's say print on a new line 51 00:04:03,670 --> 00:04:04,450 scanning 52 00:04:08,630 --> 00:04:12,860 target for ports 53 00:04:15,670 --> 00:04:23,960 21 22 18 1 3 9 4 4 3. 54 00:04:24,150 --> 00:04:28,090 And let's say also 88. 55 00:04:28,420 --> 00:04:31,240 Dot dot dot. 56 00:04:31,240 --> 00:04:33,490 New Line. 57 00:04:33,490 --> 00:04:44,550 And then we actually do our for loop so we'll say for port and ports let's say port scan is scan underscore 58 00:04:44,550 --> 00:04:44,980 V. 59 00:04:45,000 --> 00:04:51,570 So our scanners scan our scanner that we've instantiated scan target. 60 00:04:52,560 --> 00:04:54,790 So we scan the target that we've provided. 61 00:04:54,810 --> 00:04:58,620 And we also need to string define the port number. 62 00:04:58,830 --> 00:04:59,810 OK. 63 00:04:59,880 --> 00:05:00,960 And that's it. 64 00:05:01,140 --> 00:05:05,380 What comes out of this loop is a dictionary with a lot of stuff in it. 65 00:05:05,400 --> 00:05:10,350 And this is actually where the beauty of Python coding kicks in now from the dictionary. 66 00:05:10,350 --> 00:05:16,260 We only want to state the port and to understand everything better let me show you the entire process 67 00:05:16,320 --> 00:05:18,060 in a python shell. 68 00:05:18,060 --> 00:05:29,550 So we're gonna open Python so we're gonna actually try to replicate these in a python shell to actually 69 00:05:29,550 --> 00:05:31,560 better understand how an map works. 70 00:05:31,590 --> 00:05:37,540 So we're gonna import and map and then we'll instantiate a scanner. 71 00:05:37,620 --> 00:05:51,120 So let's a scanner equals and map port scan port scanner like that and then we're gonna provide a target. 72 00:05:51,150 --> 00:06:00,000 So in this case we'll just simply provided over here so scanners that scan let's say Yahoo or yahoo 73 00:06:00,000 --> 00:06:06,960 dot com and also the port we want to scan which is also provided as a string. 74 00:06:07,020 --> 00:06:14,160 So I'm going to hit enter to actually run this and the response is gonna be dictionary or the result. 75 00:06:14,160 --> 00:06:19,980 The result of this is actually gonna be a dictionary and it might take a few moments to actually complete 76 00:06:20,190 --> 00:06:21,320 the entire scan. 77 00:06:21,630 --> 00:06:21,860 Okay. 78 00:06:21,870 --> 00:06:26,190 So like I said this is gonna be the result is gonna be in the form of a dictionary. 79 00:06:26,190 --> 00:06:27,890 So how do I know that. 80 00:06:27,960 --> 00:06:35,850 So by simply actually doing type scanner dot IP and we can see. 81 00:06:35,850 --> 00:06:38,010 Class dictionary. 82 00:06:38,010 --> 00:06:38,270 All right. 83 00:06:38,300 --> 00:06:39,990 So let's look into this dictionary. 84 00:06:39,990 --> 00:06:47,880 So if I do scan around the score IP and hit enter we can see the entire dictionary here. 85 00:06:47,910 --> 00:06:52,410 So since this is a port scanner we only want to know the state of the port. 86 00:06:52,410 --> 00:06:58,020 So in this case we're looking for port 80 and the state is open. 87 00:06:58,050 --> 00:07:05,010 So what we actually need is to navigate this dictionary and only get this state open from here. 88 00:07:05,010 --> 00:07:10,410 And for that in Python we'll actually going to use a tab autocomplete for easiness of purpose. 89 00:07:10,410 --> 00:07:18,930 Now if you don't have autocomplete in Python or in the python shell try doing a bit install fiery line. 90 00:07:20,550 --> 00:07:21,030 OK. 91 00:07:21,030 --> 00:07:24,930 And that's actually going to enable your python autocomplete. 92 00:07:24,920 --> 00:07:25,320 All right. 93 00:07:25,350 --> 00:07:31,860 So we need the state of the port like I said so for that we're going to go scanner on their score IP 94 00:07:32,070 --> 00:07:35,350 and then we'll look in to the scan. 95 00:07:35,520 --> 00:07:36,360 All right. 96 00:07:36,360 --> 00:07:41,910 And then the IP we have to specify the IP which in this case is 98 1 3 7. 97 00:07:41,940 --> 00:07:45,040 So we go into the scan and then scan IP. 98 00:07:45,120 --> 00:07:50,460 So ninety eight point one three seven two four six point eight. 99 00:07:50,460 --> 00:08:02,490 And then we have to specify the DCP and then 80 but not as a string but as an integer and this state. 100 00:08:02,640 --> 00:08:06,270 So we want to look at the state of this port. 101 00:08:06,270 --> 00:08:06,720 OK. 102 00:08:06,720 --> 00:08:09,920 And the result that comes out of this is open. 103 00:08:10,050 --> 00:08:16,960 So let's just copy this and go back to our code and end the for loop. 104 00:08:17,040 --> 00:08:21,360 Actually Gonna save print port 105 00:08:24,030 --> 00:08:24,600 Port 106 00:08:27,770 --> 00:08:30,050 is an hour variable. 107 00:08:31,040 --> 00:08:36,350 So this is going to tell us if the port is open and closed filtered et cetera. 108 00:08:36,400 --> 00:08:42,820 All right then we get out of the loop and the further expand the capabilities of our code a little bit 109 00:08:42,860 --> 00:08:45,560 let's also print of the host is up or not. 110 00:08:45,560 --> 00:09:00,410 So let's say print let's actually do it a line will also print on a new line say host and then target 111 00:09:02,800 --> 00:09:08,720 and then another string and then paste. 112 00:09:08,920 --> 00:09:11,430 But in this case we don't need. 113 00:09:11,430 --> 00:09:13,370 So we go into the scanner. 114 00:09:13,540 --> 00:09:19,510 We go into the scan and then we go into the target here. 115 00:09:19,540 --> 00:09:25,300 So scan target and then we look into this status. 116 00:09:25,600 --> 00:09:31,630 So we want to see the if our host is up or down and then we don't see the port. 117 00:09:31,630 --> 00:09:35,060 Of course status. 118 00:09:35,220 --> 00:09:39,020 What do we need this state for minor corrections here. 119 00:09:39,040 --> 00:09:44,170 We do not need to hard code this IP because this is going to be taken from the target. 120 00:09:44,650 --> 00:09:53,870 So the target which is the command line argument and then we also need the port here the port number 121 00:09:53,870 --> 00:09:54,990 and not 80. 122 00:09:55,660 --> 00:09:56,170 OK. 123 00:09:56,170 --> 00:09:59,880 And then this is not scan V but this is the port scan. 124 00:10:00,310 --> 00:10:10,170 So the dictionary is the port scan and we save this and then we open up a command prompt and navigate 125 00:10:10,170 --> 00:10:13,770 to the location and run with Python and map. 126 00:10:13,770 --> 00:10:16,700 And then let's specify Let's scan the local host. 127 00:10:16,710 --> 00:10:27,400 So in all nobody's gonna be offended by scanning myself we should see the output coming quickly. 128 00:10:27,640 --> 00:10:31,780 And there you have it the magic of combining python and penetration testing. 129 00:10:31,780 --> 00:10:34,810 And like I said there is much more to it than what I've shown here. 130 00:10:34,810 --> 00:10:41,500 You can greatly expand the capabilities of this script by using and maps as scripting engine and also 131 00:10:41,500 --> 00:10:48,040 implement other tactics that will help facilitate your penetration testing bug bounty hunting and other 132 00:10:48,040 --> 00:10:50,650 types of cybersecurity assessments.