port scanning Code Review with summary

 Port Scanning: Port scanning is a method used for discovering open ports and services available on a networked system. A port is like a door on a computer through which data can pass. Each service or application running on a system typically listens on specific ports. By scanning ports, one can identify which services are running and potentially vulnerable to exploitation.

Query Code: This indicates the code or script that performs the port scanning. It could be written in various programming languages such as Python, Java, or C.

Now, let's delve deeper into the meaning of the components of a typical port scanning query code:

Target Host/Address: The script needs to know the target IP address or hostname to scan. This is the system or network that you want to scan for open ports.

Port Range: The script usually specifies a range of ports to scan. For example, it might scan ports 1 through 1024 (known as well-known ports) or a larger range depending on the scope of the scan.

Scanning Logic: This part of the code is responsible for iterating through the specified port range and attempting to establish connections with each port on the target system. Depending on the type of port scan (TCP, UDP, SYN, etc.), the logic might differ slightly.

Handling Responses: The code needs to handle the responses received from the target system for each port scanned. Depending on whether a connection was successfully established or not, the script may classify the port as open, closed, filtered, or some other state.

Output: Finally, the script usually produces some form of output to display the results of the port scan. This could be simple text output indicating which ports are open, closed, etc., or it could be more sophisticated, such as generating a report or logging the results to a file.

 

 

 import socket
import argparse

def scan_ports(target_host, start_port, end_port):
    try:
        # Resolve target host to IP address
        target_ip = socket.gethostbyname(target_host)

        # Scan ports
        for port in range(start_port, end_port + 1):
            # Create socket object
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            socket.setdefaulttimeout(1)

            # Attempt to connect to the port
            result = s.connect_ex((target_ip, port))
            if result == 0:
                print(f"Port {port} is open")
            s.close()

    except KeyboardInterrupt:
        print("\nExiting...")
        exit()

    except socket.gaierror:
        print("Hostname could not be resolved. Exiting...")
        exit()

    except socket.error:
        print("Couldn't connect to server. Exiting...")
        exit()

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description="TCP Port Scanner")
    parser.add_argument("host", help="Target host to scan")
    parser.add_argument("start_port", type=int, help="Start port")
    parser.add_argument("end_port", type=int, help="End port")
    args = parser.parse_args()

    scan_ports(args.host, args.start_port, args.end_port)

 

 

Comments

Post a Comment

Popular posts from this blog

Google Hacking Queries

Image
Google Hacking Queries easiest way to filter any specified path in google Filetype can be search any file types according passwords  videos and many more things you can search please when you searching type the word like this filetype:stephanhawking or type with " " qutations like these filetype:"StephanHawking" Index: index meaning unprotected  types ex: Filetype:password Then displaying these kind of page filetype : filetype:bak createobject sa filetype:bak inurl:"htaccess|passwd|shadow|htusers" filetype:cfg mrtg "target filetype:cfm "cfapplication name" password filetype:conf oekakibbs filetype:conf slapd.conf filetype:config config intext:appSettings "User ID" filetype:dat "password.dat" filetype:dat inurl:Sites.dat filetype:dat wand.dat filetype:inc dbconn filetype:inc intext:mysql_connect filetype:inc mysql_connect OR mysql_pconnect filetype:inf sysprep filetype:ini inurl:...
Read more

Sanitizing application text fields

Image
  Sanitizing application text fields to prevent SQL injections and vulnerabilities involves several best practices.   Use Parameterized Queries or Prepared Statements: Instead of directly concatenating user input into SQL queries, use parameterized queries or prepared statements provided by your programming language's database API. These methods separate the SQL query logic from the user input, making it impossible for an attacker to inject malicious SQL code. Input Validation: Validate all user input to ensure it adheres to expected formats and ranges. Reject input that contains unexpected characters or patterns that could be indicative of SQL injection attempts. Use Whitelisting: Instead of blacklisting specific characters or patterns, consider whitelisting allowed characters and formats for input fields. This approach is generally safer as it explicitly defines what is acceptable rather than attempting to identify and filter out malicious input. Escape Special Charac...
Read more