diff options
Diffstat (limited to 'scan')
| -rw-r--r-- | scan/dns_zone_xfer.py | 30 | ||||
| -rw-r--r-- | scan/nmapscanner.py | 34 | ||||
| -rw-r--r-- | scan/scan.py | 25 |
3 files changed, 89 insertions, 0 deletions
diff --git a/scan/dns_zone_xfer.py b/scan/dns_zone_xfer.py new file mode 100644 index 0000000..9459cc2 --- /dev/null +++ b/scan/dns_zone_xfer.py @@ -0,0 +1,30 @@ +#!/bin/python3 +import dns.resolver +import dns.zone + +def dns_zone_xfer(address): + ns_answer = dns.resolver.resolve(address, 'NS') + for server in ns_answer: + print("[*] Found NS: {}".format(server)) + ip_answer = dns.resolver.resolve(server.target, 'A') + for ip in ip_answer: + print("[*] IP for {} is {}".format(server, ip)) + try: + zone = dns.zone.from_xfr(dns.query.xfr(str(ip), address)) + hosts = zone.nodes.keys() # a node is a set of rdatasets + for host in hosts: + print(zone[host].to_text(host)) # convert a node to text format + except dns.xfr.TransferError: + print("[*] NS {} refused zone transfer !".format(server)) + continue + except dns.exception.FormError: + print("No answer or RRset for {}".format(address)) + continue + +#dns_zone_xfer('megacorpone.com') +if __name__ == "__main__": + import sys + try: + dns_zone_xfer(sys.argv[1]) + except IndexError: + print(f"{sys.argv[0]} demande un nom de domaine en argument") diff --git a/scan/nmapscanner.py b/scan/nmapscanner.py new file mode 100644 index 0000000..5cd0659 --- /dev/null +++ b/scan/nmapscanner.py @@ -0,0 +1,34 @@ +import sys +import nmap + +def nmscan(hosts,ports,arguments='-sV'): + nm = nmap.PortScanner() + nm.scan(hosts,ports,arguments) + + + for host in nm.all_hosts(): + print('----------------------------------------------------') + print('Host : %s (%s)' % (host, nm[host].hostname())) + print('State : %s' % nm[host].state()) + for proto in nm[host].all_protocols(): + print('----------') + print('Protocol : %s' % proto) + + lport = nm[host][proto].keys() + #lport.sort() + for port in lport: + print("Port : {}\tState : {}\tService : {} ({} - {})".format(port, nm[host][proto][port]['state'], nm[host][proto][port]['name'], nm[host][proto][port]['product'], nm[host][proto][port]['version'])) + +# nmscan("xlinfo.fr","22-443") +# nmscan("xlinfo.fr","53","-sU -sV") en sudo... +# nmscan("192.168.2.0/24","22") + +if __name__ == "__main__" : + try: + if len(sys.argv) > 3: + nmscan(sys.argv[1],sys.argv[2],sys.argv[3]) + else: + nmscan(sys.argv[1],sys.argv[2]) + except: + print(f"{sys.argv[0]} demande un ou plusieurs hôtes, une liste de ports, et des arguments optionnels") + diff --git a/scan/scan.py b/scan/scan.py new file mode 100644 index 0000000..38150b2 --- /dev/null +++ b/scan/scan.py @@ -0,0 +1,25 @@ +import sys +import socket + +def scan(host,*ports): + for port in ports: + s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.settimeout(2) # Set a 2-second timeout + addr_server=(host,int(port)) + tentative=s.connect_ex(addr_server) #connect_ex renvoie 0 en cas de succès... + if tentative==0: + print(f"Le port {port} ouvert") + try: + print(s.recv(1024).decode().strip()) + except TimeoutError: + pass + else: + print(f"Le port {port} fermé") + s.close() + +if __name__ == "__main__" : + try: + scan(sys.argv[1],*sys.argv[2:]) + except: + print(f"{sys.argv[0]} demande un hôte et une liste de ports en arguments") + |