From 3c81da2bd2c3ccc2146e4672689734e693dc246e Mon Sep 17 00:00:00 2001 From: Aleksej Jocic Date: Sat, 5 Jan 2019 05:13:29 +0100 Subject: add more threads --- tmap | 42 +++++++++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 13 deletions(-) (limited to 'tmap') diff --git a/tmap b/tmap index 0158992..108c5af 100755 --- a/tmap +++ b/tmap @@ -4,9 +4,10 @@ import socks import argparse import time from ipaddress import * +import threading ## This function tries to open a connection on a specific port, returns True if successful -def connScan(host, port, wait, notor): +def connScan(host, port, wait, notor, openports): ## If notor is set to True, it doesn't use the socks proxy if notor: sckt = socket(AF_INET, SOCK_STREAM) @@ -18,6 +19,7 @@ def connScan(host, port, wait, notor): try: sckt.connect((host, port)) sckt.close() + openports.append(port) return True except KeyboardInterrupt: exit() @@ -26,17 +28,28 @@ def connScan(host, port, wait, notor): ## This function goes throgh all ports and calls connScan for each one, returns list of open ports -def portScan(host, ports, wait, notor): +def portScan(host, ports, wait, notor, jobs): openports = list() + threads = list() + for p in ports: if p > 65535: return openports - elif connScan(host, p, wait, notor): - openports.append(p) + + while threading.activeCount() >= jobs + 1: + pass + + thread=threading.Thread(target=connScan,args=(host, p, wait, notor, openports)) + threads.append(thread) + thread.start() + + for thread in threads: + thread.join() + return openports ## This function goes throgh all hosts and calls portScan for each one, returns dictionary of hosts with open ports -def hostScan(host, ports, wait, notor): +def hostScan(host, ports, wait, notor, jobs): ret = dict() ## Check if python version 3 try: @@ -50,20 +63,20 @@ def hostScan(host, ports, wait, notor): if ips.num_addresses > 1: for ip in ips.hosts(): if ip.is_private: - ret[str(ip)] = portScan(str(ip), ports, wait, True) + ret[str(ip)] = portScan(str(ip), ports, wait, True. jobs) else: - ret[str(ip)] = portScan(str(ip), ports, wait, notor) + ret[str(ip)] = portScan(str(ip), ports, wait, notor, jobs) else: if ips.is_private: - ret[str(host)] = portScan(str(host), ports, wait, True) + ret[str(host)] = portScan(str(host), ports, wait, True, jobs) else: - ret[str(host)] = portScan(str(host), ports, wait, notor) + ret[str(host)] = portScan(str(host), ports, wait, notor, jobs) ## Otherwise scan host as usual except: if host == 'localhost': - ret[str(host)] = portScan(str(host), ports, wait, True) + ret[str(host)] = portScan(str(host), ports, wait, True, jobs) else: - ret[str(host)] = portScan(str(host), ports, wait, notor) + ret[str(host)] = portScan(str(host), ports, wait, notor, jobs) return ret @@ -80,6 +93,7 @@ def main(): parser.add_argument("-t", "--timeout", metavar="TIMEOUT", dest="sockTimeout", type=int, help="seconds to wait before connection timeout for each port", default=3) parser.add_argument("--clearnet", dest="clearnet", help="don't use Tor for scanning, connect directly instead", action="store_true") parser.add_argument("--torport", metavar="TORPORT", dest="torPort", type=int, help="port on which Tor is listening on", default="9050") + parser.add_argument("-j", "--jobs", metavar="JOBS", dest="jobs", type=int, help="maximum number of open connections at the same time", default="8") parser.add_argument("--output", metavar="OUTFILE", dest="outFile", help="write scan results to output file", default="empty_outfile") args = parser.parse_args() @@ -141,13 +155,15 @@ def main(): WAIT_TIME = args.sockTimeout CLEARNET = False OUTFILE = args.outFile + JOBS = args.jobs if args.clearnet: CLEARNET=True ## Check if Tor is running if CLEARNET is False + emptylist=list() if CLEARNET == False: - if connScan("127.0.0.1", args.torPort, 3, True): + if connScan("127.0.0.1", args.torPort, 3, True, emptylist): pass else: print("Tor is not running on port {}.".format(args.torPort)) @@ -163,7 +179,7 @@ def main(): ## Scan each host in HOSTS list r = dict() for h in HOSTS: - r = hostScan(h, PORTS, WAIT_TIME, CLEARNET) + r = hostScan(h, PORTS, WAIT_TIME, CLEARNET, JOBS) if OUTFILE == "empty_outfile": print("Results for: {}".format(h)) else: -- cgit v1.2.3 From c0b98a525d882a3168ee78295a9b4f3c97e426d1 Mon Sep 17 00:00:00 2001 From: Aleksej Jocic Date: Sat, 5 Jan 2019 05:21:52 +0100 Subject: shorter comments --- tmap | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'tmap') diff --git a/tmap b/tmap index 108c5af..4eef8db 100755 --- a/tmap +++ b/tmap @@ -6,7 +6,7 @@ import time from ipaddress import * import threading -## This function tries to open a connection on a specific port, returns True if successful +## Open connection on specific port, return True if successful def connScan(host, port, wait, notor, openports): ## If notor is set to True, it doesn't use the socks proxy if notor: @@ -15,7 +15,7 @@ def connScan(host, port, wait, notor, openports): sckt = socks.socksocket() sckt.settimeout(wait) - ## Try to connect, return True on success and False on failure + ## Try to connect, return True on success and add to openports, return False on failure try: sckt.connect((host, port)) sckt.close() @@ -27,7 +27,8 @@ def connScan(host, port, wait, notor, openports): return False -## This function goes throgh all ports and calls connScan for each one, returns list of open ports +## Go through all ports and call connScan for each, return list of open ports +## If more threads than JOBS, wait until they finish def portScan(host, ports, wait, notor, jobs): openports = list() threads = list() @@ -43,12 +44,13 @@ def portScan(host, ports, wait, notor, jobs): threads.append(thread) thread.start() + ## Wait until all threads are done for thread in threads: thread.join() return openports -## This function goes throgh all hosts and calls portScan for each one, returns dictionary of hosts with open ports +## Go through all hosts and call portScan for each one, return dictionary of hosts with their open ports def hostScan(host, ports, wait, notor, jobs): ret = dict() ## Check if python version 3 @@ -160,7 +162,7 @@ def main(): if args.clearnet: CLEARNET=True - ## Check if Tor is running if CLEARNET is False + ## Check if Tor is running emptylist=list() if CLEARNET == False: if connScan("127.0.0.1", args.torPort, 3, True, emptylist): -- cgit v1.2.3 From 3110eb91b370dcf8ffc8d8b1321b4bd6680a906b Mon Sep 17 00:00:00 2001 From: Aleksej Jocic Date: Fri, 11 Jan 2019 20:49:55 +0100 Subject: add banner option --- tmap | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) (limited to 'tmap') diff --git a/tmap b/tmap index 4eef8db..409eeb3 100755 --- a/tmap +++ b/tmap @@ -6,6 +6,26 @@ import time from ipaddress import * import threading +## Receive first 80 bytes from port, return string of received data +def getBanner(host, port, wait, notor): + ## If notor is set to True, it doesn't use the socks proxy + if notor: + sckt = socket(AF_INET, SOCK_STREAM) + else: + sckt = socks.socksocket() + + sckt.settimeout(wait) + ## connect and return banner + try: + sckt.connect((host, port)) + banner = sckt.recv(80) + sckt.close() + return banner.decode().replace('\n','') + except KeyboardInterrupt: + exit() + except: + return "banner_error" + ## Open connection on specific port, return True if successful def connScan(host, port, wait, notor, openports): ## If notor is set to True, it doesn't use the socks proxy @@ -94,6 +114,7 @@ def main(): parser.add_argument("-p", "--ports", metavar="PORTS", dest="tgtPort", help="ports to scan, seperated by a comma", default="20-25,53,80-85,443-445,8080,8333,9050,9150") parser.add_argument("-t", "--timeout", metavar="TIMEOUT", dest="sockTimeout", type=int, help="seconds to wait before connection timeout for each port", default=3) parser.add_argument("--clearnet", dest="clearnet", help="don't use Tor for scanning, connect directly instead", action="store_true") + parser.add_argument("--banner", dest="banner", help="print data received from open ports", action="store_true") parser.add_argument("--torport", metavar="TORPORT", dest="torPort", type=int, help="port on which Tor is listening on", default="9050") parser.add_argument("-j", "--jobs", metavar="JOBS", dest="jobs", type=int, help="maximum number of open connections at the same time", default="8") parser.add_argument("--output", metavar="OUTFILE", dest="outFile", help="write scan results to output file", default="empty_outfile") @@ -156,12 +177,16 @@ def main(): HOSTS = args.HOSTS.split(",") WAIT_TIME = args.sockTimeout CLEARNET = False + BANNER = False OUTFILE = args.outFile JOBS = args.jobs if args.clearnet: CLEARNET=True + if args.banner: + BANNER=True + ## Check if Tor is running emptylist=list() if CLEARNET == False: @@ -185,13 +210,26 @@ def main(): if OUTFILE == "empty_outfile": print("Results for: {}".format(h)) else: - f.write("Results for: {}".format(h)) + f.write("Results for: {}\n".format(h)) for i in r.keys(): if len(r[i]) != 0: if OUTFILE == "empty_outfile": print('{} open ports: {}'.format(i, str(r[i]))) + if BANNER: + print('PORT\tBANNER') else: f.write('{} open ports: {}\n'.format(i, str(r[i]))) + if BANNER: + f.write('PORT\tBANNER\n') + if BANNER: + for j in r[i]: + banner = getBanner(i,j,WAIT_TIME, CLEARNET) + if banner == "banner_error" or banner == '': + continue + if OUTFILE == "empty_outfile": + print('{}\t{}'.format(j,banner)) + else: + f.write('{}\t{}\n'.format(j,banner)) ## Record time of program stopping and display the time running to the user endTime = time.time() -- cgit v1.2.3 From 02f3e6b78931edb5dda92d4827ab5df9e27249ee Mon Sep 17 00:00:00 2001 From: Aleksej Jocic Date: Fri, 11 Jan 2019 23:00:58 +0100 Subject: merge outputs for file and stdout --- tmap | 36 +++++++++++++----------------------- 1 file changed, 13 insertions(+), 23 deletions(-) (limited to 'tmap') diff --git a/tmap b/tmap index 409eeb3..05b84dc 100755 --- a/tmap +++ b/tmap @@ -1,4 +1,5 @@ #!/usr/bin/python3 +import sys from socket import * import socks import argparse @@ -199,49 +200,38 @@ def main(): ## Checking for file output if OUTFILE != "empty_outfile": f = open(OUTFILE, "w") + else: + f = sys.stdout ## Display message that scan is starting - print("Starting a scan...") + f.write("Starting a scan...\n") ## Scan each host in HOSTS list r = dict() for h in HOSTS: r = hostScan(h, PORTS, WAIT_TIME, CLEARNET, JOBS) - if OUTFILE == "empty_outfile": - print("Results for: {}".format(h)) - else: - f.write("Results for: {}\n".format(h)) + f.write("Results for: {}\n".format(h)) for i in r.keys(): if len(r[i]) != 0: - if OUTFILE == "empty_outfile": - print('{} open ports: {}'.format(i, str(r[i]))) - if BANNER: - print('PORT\tBANNER') - else: - f.write('{} open ports: {}\n'.format(i, str(r[i]))) - if BANNER: - f.write('PORT\tBANNER\n') + f.write('{} open ports: {}\n'.format(i, str(r[i]))) + if BANNER: + f.write('PORT\tBANNER\n') if BANNER: for j in r[i]: banner = getBanner(i,j,WAIT_TIME, CLEARNET) if banner == "banner_error" or banner == '': continue - if OUTFILE == "empty_outfile": - print('{}\t{}'.format(j,banner)) - else: - f.write('{}\t{}\n'.format(j,banner)) + f.write('{}\t{}\n'.format(j,banner)) ## Record time of program stopping and display the time running to the user endTime = time.time() totalTime = round(endTime - startTime, 2) - if OUTFILE == "empty_outfile": - print("Scan done in {} seconds".format(totalTime)) - else: - f.write("Scan done in {} seconds\n".format(totalTime)) - f.close() - print("Results written to {}".format(OUTFILE)) + f.write("Scan done in {} seconds\n".format(totalTime)) + f.close() + if OUTFILE != "empty_outfile": + print("Results written to {}".format(OUTFILE)) ## We are done here exit() -- cgit v1.2.3 From 086b7547949315ad8f36a12df4fd8fac54c14b1e Mon Sep 17 00:00:00 2001 From: Aleksej Jocic Date: Sat, 12 Jan 2019 00:22:40 +0100 Subject: small fixes Signed-off-by: Aleksej Jocic --- tmap | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'tmap') diff --git a/tmap b/tmap index 05b84dc..5a3562f 100755 --- a/tmap +++ b/tmap @@ -86,7 +86,7 @@ def hostScan(host, ports, wait, notor, jobs): if ips.num_addresses > 1: for ip in ips.hosts(): if ip.is_private: - ret[str(ip)] = portScan(str(ip), ports, wait, True. jobs) + ret[str(ip)] = portScan(str(ip), ports, wait, True, jobs) else: ret[str(ip)] = portScan(str(ip), ports, wait, notor, jobs) else: @@ -228,10 +228,10 @@ def main(): totalTime = round(endTime - startTime, 2) f.write("Scan done in {} seconds\n".format(totalTime)) - f.close() if OUTFILE != "empty_outfile": print("Results written to {}".format(OUTFILE)) + f.close() ## We are done here exit() -- cgit v1.2.3 From e9420b23c4a7820f93b8118c61685ac1ff6bac4c Mon Sep 17 00:00:00 2001 From: Aleksej Jocic Date: Sat, 12 Jan 2019 00:39:36 +0100 Subject: making tmap output more nmapish --- tmap | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'tmap') diff --git a/tmap b/tmap index 5a3562f..e5476ee 100755 --- a/tmap +++ b/tmap @@ -210,18 +210,21 @@ def main(): r = dict() for h in HOSTS: r = hostScan(h, PORTS, WAIT_TIME, CLEARNET, JOBS) - f.write("Results for: {}\n".format(h)) for i in r.keys(): if len(r[i]) != 0: - f.write('{} open ports: {}\n'.format(i, str(r[i]))) - if BANNER: - f.write('PORT\tBANNER\n') + f.write('Tmap scan report for {}\n'.format(i)) + if BANNER == False: + f.write('PORT\tSTATE\n') + for j in r[i]: + f.write('{}\topen\n'.format(j)) if BANNER: + f.write('PORT\tSTATE\tBANNER\n') for j in r[i]: banner = getBanner(i,j,WAIT_TIME, CLEARNET) - if banner == "banner_error" or banner == '': - continue - f.write('{}\t{}\n'.format(j,banner)) + if banner == "banner_error": + f.write('{}\topen\n'.format(j)) + else: + f.write('{}\topen\t{}\n'.format(j,banner)) ## Record time of program stopping and display the time running to the user endTime = time.time() -- cgit v1.2.3