def scan(self): try: for interface, network in config.interfaces_networks.items(): if not network.is_private(): self.logger.info( "Skipping arp ping scan on network {0:s} because it's a public network".format(str(network))) continue self.logger.info("Executing arp ping scan on network {0:s}...".format(str(network))) discovered_hosts = set() ans, unans = arping(str(network), iface=interface, timeout=1, verbose=False) for s, r in ans.res: node = NetworkNode() node.ip = IPAddress(r[ARP].psrc) node.mac = EUI(r[Ether].src) node.host = resolve_ip(r[ARP].psrc) discovered_hosts.add(node) self.scan_results[network] = discovered_hosts except socket.error as e: if e.errno == socket.errno.EPERM: # Operation not permitted self.logger.error("%s. Did you run as root?", e.strerror) else: raise self.logger.info("Arp ping scan done. Found %d unique hosts.", self.number_of_hosts_found)
def _port_ping(self, hosts: Queue, interface: str, results: set): self.logger.debug("{}: Starting TCP SYN ping thread.".format(threading.current_thread().name)) while True: ip = hosts.get() # type: IPAddress ip_str = str(ip) # Send SYN with random Src Port for each Dst port for dstPort in self.portstoscan: srcPort = random.randint(1025, 65534) resp = sr1(IP(dst=ip_str) / TCP(sport=srcPort, dport=dstPort, flags=ScapyTCPFlag.SYN), timeout=1, verbose=False, iface=interface) if resp and resp.haslayer(TCP): if resp[TCP].flags == (TCPFlag.SYN | TCPFlag.ACK) or resp[TCP].flags == (TCPFlag.RST | TCPFlag.ACK): # Send Reset packet (RST) send(IP(dst=ip_str) / TCP(sport=srcPort, dport=dstPort, flags=ScapyTCPFlag.RST), iface=interface, verbose=False) # We know the port is closed or opened (we got a response), so we deduce that the host exists node = NetworkNode() node.ip = ip node.mac = EUI(resp.src) node.host = resolve_ip(resp[IP].src) results.add(node) self.logger.debug( "Found a live host by pinging port {port_nbr}: {live_host}.".format(port_nbr=dstPort, live_host=str(node))) # We don't need to test the other ports. We know the host exists. break hosts.task_done()
def _ping(self, hosts: Queue, interface: str, results: set): self.logger.debug("{}: Starting ICMP ping thread.".format(threading.current_thread().name)) while True: ip = hosts.get() # type: IPAddress ip_str = str(ip) res = sr1(IP(dst=ip_str) / ICMP(), iface=interface, timeout=0.1, verbose=False) if res: node = NetworkNode() node.ip = ip node.mac = EUI(res.src) node.host = resolve_ip(res[IP].src) results.add(node) hosts.task_done()