1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
#!/usr/bin/python
from socket import *
import socks
import argparse
import time
from ipaddress import *
## This function tries to open a connection on a specific port
def connScan(host, port, wait, notor):
## If notor is set to True, it doesn't use the socks proxy
if notor:
sckt = socket(AF_INET, SOCK_STREAM)
else:
sckt = socks.socksocket()
sckt.settimeout(wait)
## Try to connect, return True on success
try:
sckt.connect((host, port))
sckt.close()
return True
except KeyboardInterrupt:
exit()
except:
pass
## This function goes throgh all ports and calls connScan for each one
def portScan(host, ports, wait, notor):
openPorts = 0
for p in ports:
if connScan(host, p, wait, notor):
openPorts += 1
print("[+] port {} on {} is open".format(p, host))
print("{} open ports on {} .".format(openPorts, host))
def main():
startTime = time.time()
## Define and parse the arguments
parser = argparse.ArgumentParser(description="Simple port scanner that works over Tor")
parser.add_argument("--version", dest="version", help="print version info and exit", action="store_true")
parser.add_argument("HOSTS", help="IP or domain to scan", default="empty_host", nargs="?")
parser.add_argument("-H", "--hosts", metavar="HOSTS", dest="tgtHost", help="IP or domain to scan", default="empty_host_option")
parser.add_argument("-p", "--ports", metavar="PORTS", dest="tgtPort", help="ports to scan", default="20-25,53,80-85,443-445,8080,8333,9050,9150")
parser.add_argument("-t", "--timeout", metavar="TIMEOUT", dest="sockTimeout", type=int, help="seconds to wait before connection timeout for each port", default=2)
parser.add_argument("--clearnet", dest="clearnet", help="don't use Tor for scanning", action="store_true")
parser.add_argument("--torport", metavar="TORPORT", dest="torPort", type=int, help="port for Tor proxy", default="9050")
args = parser.parse_args()
## Version argument
if args.version:
print("Tmap 1.0.0")
print("License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>")
print("This is free software: you are free to change and redistribute it.")
print("There is NO WARRANTY, to the extent permitted by law.")
exit()
## Combine HOST and --hosts values
if args.HOSTS == "empty_host":
if args.tgtHost == "empty_host_option":
parser.print_help()
print ("Host must be specified")
exit()
else:
args.HOSTS = args.tgtHost
else:
if args.tgtHost != "empty_host_option":
args.HOSTS = args.HOSTS + "," + args.tgtHost
## Set Tor as default Tor proxy for the scanner
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, "127.0.0.1", args.torPort)
## Load specified ports into PORTS list
PORTS = list()
for p in args.tgtPort.split(","):
if "-" not in p:
try:
p = int(p)
PORTS.append(p)
except:
parser.print_help()
exit()
else:
try:
p = list(map(int, p.split("-")))
except:
parser.print_help()
exit()
if len(p) != 2 or p[0]>p[1]:
parser.print_help()
exit()
else:
p = list(range(p[0],p[1]+1))
PORTS += p
## Load other variables
HOSTS = args.HOSTS.split(",")
WAIT_TIME = args.sockTimeout
CLEARNET = False
if args.clearnet:
CLEARNET=True
if CLEARNET == False:
if connScan("127.0.0.1", args.torPort, 3, True):
pass
else:
print("Tor is not running on port {}.".format(args.torPort))
exit()
## Scan each host in HOSTS list
for h in HOSTS:
if len(h.split("/")) == 2:
try:
ips = IPv4Network(unicode(h))
for i in ips.hosts():
portScan(str(i), PORTS, WAIT_TIME, CLEARNET)
except:
parser.print_help()
exit()
elif len(h.split("/")) < 2:
portScan(h, PORTS, WAIT_TIME, CLEARNET)
else:
parser.print_help()
exit()
endTime = time.time()
totalTime = endTime - startTime
print("Scan done in {} seconds".format(round(totalTime, 2)))
if __name__ == "__main__":
main()
|
