1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
#!/usr/bin/python
from socket import *
import socks
import argparse
import time
from ipaddress import *
## This function tries to open a connection on a specific port
def connScan(host, port, wait, notor):
## If notor is set to True, it doesn't use the socks proxy
if notor:
sckt = socket(AF_INET, SOCK_STREAM)
else:
sckt = socks.socksocket()
sckt.settimeout(wait)
## Try to connect, return True on success
try:
sckt.connect((host, port))
sckt.close()
return True
except KeyboardInterrupt:
exit()
except:
pass
## This function goes throgh all ports and calls connScan for each one
def portScan(host, ports, wait, notor):
openPorts = 0
for p in ports:
if connScan(host, p, wait, notor):
openPorts += 1
print("[+] port {} on {} is open".format(p, host))
print("{} open ports on {} .".format(openPorts, host))
def main():
startTime = time.time()
## Define and parse the arguments
parser = argparse.ArgumentParser(description="Simple port scanner that works over Tor")
parser.add_argument("--version", dest="version", help="print version info and exit", action="store_true")
parser.add_argument("HOSTS", help="IP or domain to scan", default="empty_host", nargs="?")
parser.add_argument("-H", "--hosts", metavar="HOSTS", dest="tgtHost", help="IP or domain to scan", default="empty_host_option")
parser.add_argument("-p", "--ports", metavar="PORTS", dest="tgtPort", help="ports to scan", default="21,22,23,25,53,80,443,8080,8333,9050,9150")
parser.add_argument("-t", "--timeout", metavar="TIMEOUT", dest="sockTimeout", type=int, help="seconds to wait before connection timeout for each port", default=2)
parser.add_argument("--clearnet", dest="clearnet", help="don't use Tor for scanning", action="store_true")
parser.add_argument("--torport", metavar="TORPORT", dest="torPort", type=int, help="port for Tor proxy", default="9050")
args = parser.parse_args()
## Version argument
if args.version:
print("Tmap 1.0.0")
print("License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>")
print("This is free software: you are free to change and redistribute it.")
print("There is NO WARRANTY, to the extent permitted by law.")
exit()
## Combine HOST and --hosts values
if args.HOSTS == "empty_host":
if args.tgtHost == "empty_host_option":
parser.print_help()
print ("Host must be specified")
exit()
else:
args.HOSTS = args.tgtHost
else:
if args.tgtHost != "empty_host_option":
args.HOSTS = args.HOSTS + "," + args.tgtHost
## Set Tor as default Tor proxy for the scanner
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, "127.0.0.1", args.torPort)
## Load specified ports into PORTS list
if "-" not in args.tgtPort:
try:
PORTS = list(map(int, args.tgtPort.split(",")))
except:
parser.print_help()
exit()
else:
PORTS = list(map(int, args.tgtPort.split("-")))
if len(PORTS) != 2 or PORTS[0]>PORTS[1]:
parser.print_help()
exit()
else:
PORTS = range(PORTS[0],PORTS[1]+1)
## Load other variables
HOSTS = args.HOSTS.split(",")
WAIT_TIME = args.sockTimeout
CLEARNET = False
if args.clearnet:
CLEARNET=True
if CLEARNET == False:
if connScan("127.0.0.1", args.torPort, 3, True):
pass
else:
print("Tor is not running on port {}.".format(args.torPort))
exit()
## Scan each host in HOSTS list
for h in HOSTS:
if len(h.split("/")) == 2:
ips = IPv4Network(unicode(h))
for i in ips.hosts():
portScan(str(i), PORTS, WAIT_TIME, CLEARNET)
else:
portScan(h, PORTS, WAIT_TIME, CLEARNET)
endTime = time.time()
totalTime = endTime - startTime
print("Scan done in {} seconds".format(round(totalTime, 2)))
if __name__ == "__main__":
main()
|
