tmap


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

#!/usr/bin/python
from socket import *
import socks
import argparse

## This function tries to open a connection on a specific port
def connScan(host, port, wait, notor):
	## If notor is set to True, it doesn't use the socks proxy
	if notor:
		sckt = socket(AF_INET, SOCK_STREAM)
	else:
		sckt = socks.socksocket()
		sckt.settimeout(wait)
	## Try to connect, print to stdout on success
	try:
		sckt.connect((host, port))
		print("[+] port {} on {} is open".format(port, host))
		sckt.close()
	except:
		pass


## This function goes throgh all ports and calls connScan for each one
def portScan(host, ports, wait, notor):
	for p in ports:
		connScan(host, p, wait, notor)

def main():
	## Define and parse the arguments
	parser = argparse.ArgumentParser(description="Simple port scanner that works over Tor")
	parser.add_argument("-H", "--hosts", metavar="HOSTS", dest="tgtHost", help="IP or domain to scan", required=True)
	parser.add_argument("-p", "--ports", metavar="PORTS", dest="tgtPort", help="ports to scan", default="80")
	parser.add_argument("-t", "--timeout", metavar="TIMEOUT", dest="sockTimeout", type=int, help="seconds to wait before connection timeout for each port", default=3)
	parser.add_argument("--clearnet", dest="clearnet", help="don't use Tor for scanning", action="store_true")
	parser.add_argument("--torport", metavar="TORPORT", dest="torPort", type=int, help="port for Tor proxy", default="9050")

	args = parser.parse_args()

	## Set Tor as default Tor proxy for the scanner
	socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, "127.0.0.1", args.torPort)

	## Load specified ports into PORTS list
	if "-" not in args.tgtPort:
		PORTS = map(int, args.tgtPort.split(","))
	else:
		PORTS = map(int, args.tgtPort.split("-"))
		if len(PORTS) != 2:
			parser.print_help()
			exit()
		PORTS = range(PORTS[0],PORTS[1])

	## Load other variables
	HOSTS = args.tgtHost.split(",")
	WAIT_TIME = args.sockTimeout
	CLEARNET = False

	if args.clearnet:
		CLEARNET=True

	## Scan each host in HOSTS list
	for h in HOSTS:
		portScan(h, PORTS, WAIT_TIME, CLEARNET)

if __name__ == "__main__":
	 main()