def get_host_fingerprint(self, host, only_one_port=False):
"""
Scans a target host to see if it's alive using the tcp_target_ports specified in the
configuration.
:param host: VictimHost structure
:param only_one_port: Currently unused.
:return: T/F if there is at least one open port.
In addition, the host object is updated to mark those services as alive.
"""
# maybe hide under really bad detection systems
target_ports = self._config.tcp_target_ports[:]
shuffle(target_ports)
ports, banners = check_tcp_ports(
host.ip_addr,
target_ports,
self._config.tcp_scan_timeout / 1000.0,
self._config.tcp_scan_get_banner,
)
for target_port, banner in zip_longest(ports, banners, fillvalue=None):
service = tcp_port_to_service(target_port)
self.init_service(host.services, service, target_port)
if banner:
host.services[service]["banner"] = banner
if only_one_port:
break
return len(ports) != 0
def get_open_service_ports(self, port_list, names):
"""
:param port_list: Potential ports to exploit. For example _config.HTTP_PORTS
:param names: [] of service names. Example: ["http"]
:return: Returns all open ports from port list that are of service names
"""
candidate_services = {}
candidate_services.update(
{
service: self.host.services[service]
for service in self.host.services
if (
self.host.services[service]
and "name" in self.host.services[service]
and self.host.services[service]["name"] in names
)
}
)
valid_ports = [
(port, candidate_services["tcp-" + str(port)]["data"][1])
for port in port_list
if tcp_port_to_service(port) in candidate_services
]
return valid_ports
def get_open_service_ports(victim_host: VictimHost,
port_list: List[Tuple[str, bool]],
names: List[str]): # noqa: F821
"""
:param victim_host: VictimHost object that exploiter is targeting
:param port_list: Potential ports to exploit. For example _config.HTTP_PORTS
:param names: [] of service names. Example: ["http"]
:return: Returns all open ports from port list that are of service names
"""
candidate_services = {}
candidate_services.update({
service: victim_host.services[service]
for service in victim_host.services
if (victim_host.services[service]
and "name" in victim_host.services[service]
and victim_host.services[service]["name"] in names)
})
valid_ports = [(port,
candidate_services["tcp-" + str(port)]["data"][1])
for port in port_list
if tcp_port_to_service(port) in candidate_services]
return valid_ports