Scan.py

# Research:
# https://stackoverflow.com/questions/26480854/3-way-handshake-in-scapy
# https://wiki.python.org/moin/TcpCommunication
# https://null-byte.wonderhowto.com/how-to/build-stealth-port-scanner-with-scapy-and-python-0164779/
# https://www.hackingarticles.in/nmap-scans-using-hex-value-flags/
# https://www.keycdn.com/support/tcp-flags
# https://stackoverflow.com/questions/6512280/accept-a-range-of-numbers-in-the-form-of-0-5-using-pythons-argparse
# https://stackoverflow.com/questions/48397589/splitting-a-string-with-a-range-in-python

import sys
from scapy.layers.inet import *
from scapy.sendrecv import send
import argparse
from datetime import datetime


def splitArg(string):  # function for parsing range input
    try:
        split = string.rsplit('-')
        if len(split) == 1:
            argRange = range(int(split[0]))
        elif len(split) == 2:
            argRange = range(int(split[0]), int(split[1]) + 1)
        else:
            raise

        return argRange
    except Exception:
        print("Please input single numbers like 22 or range like 1-100.")
        exit()


# arguments
parser = argparse.ArgumentParser(description="Send a three-way TCP handshake.")
parser.add_argument(
    "host",
    nargs="?",
    help="Target host ip address."
)
parser.add_argument(
    "-p",
    "--portrange",
    type=splitArg,
    default=80,
    help="Port range of host you want to scan. Input single numbers like 22 or range like 1-100."
)

arguments = parser.parse_args()

# TCP flags
# Not all are used yet but maybe i'll make it automated in the future.
NULL = 0x00
FIN = 0x01
SYN = 0x02
RST = 0x04
PSH = 0x08
ACK = 0x10
SYNACK = 0x12
RSTACK = 0x14
URG = 0x20
ECE = 0x40
CWR = 0x80
NS = 0x100

# print help when no arguments are given.
if len(sys.argv) <= 1:
    parser.print_help()
    sys.exit()

# start timer.
startClock = datetime.now()


def stealthScan(port):
    sourcePort = 80  # source port is static 80. This may create problems on different systems.
    host = arguments.host
    hostPort = int(port)
    conf.verb = 0  # Scapy verbosity level [1-3]

    SYNACK_packet = sr1(IP(dst=host) / TCP(sport=sourcePort, dport=hostPort, flags="S"))  # Send SYN packet and recieve SYN, ACK
    packetFlag = SYNACK_packet.getlayer(TCP).flags # get flag from server response.

    RST_packet = IP(dst=host) / TCP(sport=sourcePort, dport=hostPort, flags="R")  # create RST packet
    send(RST_packet)  # send RST packet

    return packetFlag


for port in arguments.portrange:

    packetFlag = stealthScan(port)

    if packetFlag == SYNACK:
        print("Port {} is open".format(port))  # this prints when a open port is scanned.

print("Time elapsed {}".format(datetime.now() - startClock))