Python 3 Asynchronous TCP/IP Connect Port Scanner
A simple pure-Python TCP Connect port scanner. This application leverages the use of Python's Standard Library asyncio framework to execute a number of TCP connections to an arbitrary number ports on target IP addresses, taking a maximum time equal to the connection timeout setting (defaults to 10 seconds) to return all results.
This application maintains no dependencies on third-party modules and can be run by any Python v3.7+ interpreter.
Installation
GNU / Linux
Simply clone this repository with git clone and execute the async_tcp_scan.py file as described in the following Usage section.
user@host:~/DIR$ git clone https://github.com/EONRaider/Simple-Async-Port-Scanner.git
Usage
usage: async_tcp_scan.py [-h] -p PORTS [--open] ADDRESSES
Simple asynchronous TCP Connect port scanner
positional arguments:
ADDRESSES A comma-separated sequence of IP addresses and/or domain names to scan, e.g., '45.33.32.156,65.61.137.117,testphp.vulnweb.com'.
optional arguments:
-h, --help show this help message and exit
-p PORTS, --ports PORTS
A comma-separated sequence of port numbers and/or port ranges to scan on each target specified, e.g., '20-25,53,80,443'.
--open Only show open ports in the scan results.
Usage examples:
1. python3 async_tcp_scan.py google.com -p 80,443
2. python3 async_tcp_scan.py 45.33.32.156,demo.testfire.net,18.192.172.30 -p 20-25,53,80,111,135,139,443,3306,5900
Application Performance
Due to the nature of Python's asyncio framework results such as the ones shown below are possible: the first 1000 TCP/IP ports of scanme.nmap.org are scanned in 1.68 seconds:
eonraider@havoc:~$ python3 async_tcp_scan.py scanme.nmap.org -p 1-1000 --open
Starting Async Port Scanner at Sat Jan 30 13:41:25 2021
Scan report for scanme.nmap.org
[>] Results for scanme.nmap.org:
PORT STATE SERVICE REASON
22 open ssh SYN/ACK
80 open http SYN/ACK
Async TCP Connect scan of 1000 ports for scanme.nmap.org completed in 1.68 seconds
ADVISORY: For the sake of simplicity this application does not implement a maximum number of workers responsible for making each connection, instead spawning a new worker for every target socket (i.e. combination of target address and TCP port) until the process is complete. What this means in practice is that performing a scan of a significant number of ports on a single host will consequently trigger a great number of requests being sent almost simultaneously, potentially causing an involuntary situation analogous to that of a SYN-flood Denial-of-Service attack on hosts not able to handle the sudden spike in the number of requests they have to handle. For this particular reason, and in addition to the Legal Disclaimer section below, all users are advised by the developers to use caution when scanning live hosts.
Running the Application
| --- | --- |
| Objective | Scan ports on a series of domains and IP addresses |
| Execution | python3 async_tcp_scan.py 45.33.32.156,demo.testfire.net -p 20-25,53,80,111 |
| Outcome | Refer to sample output below |
-
Sample output:
eonraider@havoc:~$ python3 async_tcp_scan.py 45.33.32.156,demo.testfire.net -p 20-25,53,80,111
Starting Async Port Scanner at Sat Jan 30 13:39:20 2021
Scan report for 45.33.32.156 | demo.testfire.net[>] Results for 45.33.32.156:
PORT STATE SERVICE REASON
20 closed ftp-data No response
21 closed ftp No response
22 open ssh SYN/ACK
23 closed telnet No response
24 closed unknown No response
25 closed smtp No response
53 closed domain No response
80 open http SYN/ACK
111 closed sunrpc No response[>] Results for demo.testfire.net:
PORT STATE SERVICE REASON
20 closed ftp-data No response
21 closed ftp No response
22 closed ssh No response
23 closed telnet No response
24 closed unknown No response
25 closed smtp No response
53 closed domain No response
80 open http SYN/ACK
111 closed sunrpc No responseAsync TCP Connect scan of 18 ports for 45.33.32.156 | demo.testfire.net completed in 3.01 seconds
Legal Disclaimer
The use of code contained in this repository, either in part or in its totality, for engaging targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws.
Developers assume no liability and are not responsible for misuses or damages caused by any code contained in this repository in any event that, accidentally or otherwise, it comes to be utilized by a threat agent or unauthorized entity as a means to compromise the security, privacy, confidentiality, integrity, and/or availability of systems and their associated resources by leveraging the exploitation of known or unknown vulnerabilities present in said systems, including, but not limited to, the implementation of security controls, human- or electronically-enabled.
The use of this code is only endorsed by the developers in those circumstances directly related to educational environments or authorized penetration testing engagements whose declared purpose is that of finding and mitigating vulnerabilities in systems, limiting their exposure to compromises and exploits employed by malicious agents as defined in their respective threat models.
