python3

Create a Simple Port Scanner on Kali Linux

Posted by Kulani Mahadewa on March 16, 2021

Posted in: Ethical Hacking. Tagged: Kali, port, port scanner, python, python3, scanner, simple. Leave a comment

Hi 🙂 This is about a simple port scanner which searches for the open ports for a given IP address. It uses python socket module. Script uses python version 3.

import socket 
import sys

start_port = 1
end_port = 65535

try:
    for port in range(start_port, end_port):
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        socket.setdefaulttimeout(1)
        host =  socket.gethostbyname(sys.argv[1])# take IP of host as input
        result = s.connect_ex(host, port)
        if result == 0:
            print("port {} is open".format(port))
        s.close()
except Exception as ex:
    ################### check exception details ######################
    template = "An exception of type {0} occurred. Arguments:\n{1!r}"
    message = template.format(type(ex).__name__, ex.args)
    print (message)
    print('exception caught')
    sys.exit()

How to run this script:

$ python scanner.py <host IP>

Cheers !

Hi, In this post I’m giving a detailed guide to use mitmproxy on kali Linux to capture the traffic. The mitmproxy tool provides many attacker capabilities in traffic analysis such as intercept, modify, replay, save, etc. You can check here for more details. I wanted to use this tool to capture traffic on the same machine (The tool is by default designed to use as a man-in-the-middle attacker to monitor the traffic of a victim device) to analyze the web protocols. On my windows machine I used Fiddler to capture and analyze traffic. However, it was not enough support for Linux machines, if required to do further processing. Hence, I decided to use mitmproxy on Linux.

Note: In order to use mitmproxy to monitor traffic in the same machine we need to consider two users; one user as to provide the proxy; the other user as the victim. So following are the steps to set up your environment on a kali Linux machine. Although kali Linux comes with mitmproxy as pre-installed, I removed the existing version and installed the latest mitmproxy version 5.0.1. The newest version claims to be 4X faster.

Step 0: Remove previously installed mitmproxy

You may have to install the existing old version of mitmproxy if you are using kali Linux

sudo apt-get remove --auto-remove mitmproxy

Step 1: Create a new account for the proxy.

Use the following commands to create a new user. This user will be used as the attacker.

useradd -m mitmproxyuser// it creates a new direcotry 
 passwd mitmproxyuser //provide a password 
usermod -a -G sudo mitmproxyuser //add the user to sudo user list

Step 2: Download the mitmproxy version 5.0.1

Visit https://mitmproxy.org/ and download the v5.0 binary of mitmproxy.
Extract the downloaded .gz file. It contains following executables:
- mitmproxy
- mitmdump
- mitmweb

Step 3: Install the mitmproxy as the newly created user

Change the directory to the directory with the extracted content of mitmproxy

Use the following command to install the mitmproxy.

Note: I’m using pip3 to install the mitmproxy, the pip gave errors for me.

sudo -u mitmproxyuser bash -c 'cd ~ && pip3 install --user mitmproxy'

If the command was successful, the following hidden files will be generated

0installmitmproxyasdiffuser(1) genfiles

Step 3: Update IP forwarding settings and add rules to the iptables.

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -w net.ipv4.conf.all.send_redirects=0

iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 443 -j REDIRECT --to-port 8080
ip6tables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 80 -j REDIRECT --to-port 8080
ip6tables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitmproxyuser --dport 443 -j REDIRECT --to-port 8080

Note*: Once the iptables are updated you will not be able to browse the internet unless the mitmproxy is started

Step 4: Start the mitmproxy as the user mitmproxyuser

sudo -u mitmproxyuser bash -c '$HOME/.local/bin/mitmproxy --mode transparent --showhost --set block_global=false'

00runmitmproxy Note*: Now, when you visit a web site on Firefox browser, it will still say that the certificate is not trusted.

01waring

Step 5: Install the mitmproxy certificates on Firefox browser

Once the mitmproxy is started …

Open the browser and visit http://mitm.it/

02installcert

02details

Click on ‘other’ for Linux. It will download the certificate and prompt for acceptance. You can view the certificate and accept it.

02trustcert

02certdetails(2)

Step 5: Capture traffic on mitmproxy

Finally, after installing the CA certificate, you can use the mitmproxy to analyze your traffic as follows.

03successmitmproxy

Click on an item to view the details.

03details

Cheers ! 🙂

Hi, Here is a brief guide to setup PyCharm to send its traffic generated by requests through Fiddler.

Usage: If you get errors while implementing an extracted protocol from a Fiddler traces, you can forward the traffic to Fiddler, so that you can check the captured traces against the traffic generated from PyCharm to debug your code. For example, you can solve issues when receiving Code 422 in response.

Running PyCharm Traffic through Fiddler

First, you need to update proxy settings at PyCharm with Fiddler proxy details. This will ask to install Fiddler generated certificates at PyCharm. However, this step only allows PyCharm to direct it’s traffic to Fiddler, but your python code fails since this setting does not apply to urllib3 used by requests. Hence, we have to bypass certificate verification in the code.

Step 1: Add Fiddler Generated Certificates to PyCharm

At PyCharm IDE Goto -> File -> Settings ->Appearance & Behaviour -> System Settings -> HTTP Proxy -> Provide Fiddler proxy settings as follows (Host: 127.0.0.1, Port: 8888)

update proxy settings

Restart PyCharm -> It will prompt to Accept the Fiddler generated certificates for JetBrains.

Screenshot 2020-04-06 19.32.00

You can check the saved certificates at File -> Settings ->Tools-> Server Certificates

Step2: Update Python Code

In the python code, I’m using requests package to send HTTPS requests. Update the request with an additional argument as verify=False. Otherwise, it will throw an verification failed exception (ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:646))

import requests

initResponse = requests.get(initURL, params=initParams, headers=headerInit,verify=False)

Now, it will only give a warning (InsecureRequestWarning: Unverified HTTPS request is being made to host ‘127.0.0.1’. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning,) and pass the code. Assuming you are aware of the security of the URL you are visiting, this can help you forward PyCharm traffic through Fiddler without much hassle.

Cheers ! 🙂