Black Hat Python - Network Scanner

Filed under python on November 27, 2019

Code is on my gihub

Another one where the script was more or less perfect as it was, minus the usual socket read/writes and print statements. One really odd thing is I guess there was a print error in the book.

The IP header structure was defined as

_fields_ = [
    ("ihl",  c_ubyte, 4),
    ("version",  c_ubyte, 4),
    ("tos",  c_ubyte),
    ("len",  c_ushort),
    ("id",  c_ushort),
    ("offset", c_ushort),
    ("ttl",  c_ubyte),
    ("protocol_num",  c_ubyte),
    ("sum",  c_ushort),
    ("src",  c_ulong),
    ("dst",  c_ulong)
]

Which I needed to change to

_fields_ = [
    ("ihl",     c_ubyte, 4),
    ("version", c_ubyte, 4),
    ("tos",     c_ubyte),
    ("len",     c_ushort),
    ("id",      c_ushort),
    ("offset",  c_ushort),
    ("ttl",     c_ubyte),
    ("protocol_num", c_ubyte),
    ("sum",     c_ushort),
    # Changed from c_ulong to c_uint
    ("src",     c_uint),
    ("dst",     c_uint)
]

Little strange, still trying to track down why that was, since sizeof returns the same in python 2 and 3. Thought maybe it’s a 32-bit/64-bit inconsistency, but again that doesn’t really make sense, since a 32 bit long is still going to be 8 bytes vs the int which will be 4. Will have to check into it to understand it, though I’m leaning toward it being a print error.

Enhancements

I’d like to modify this script to be a little bit smarter on when it’s time to terminate. Maybe just a timeout parameter or something to start with to kill off the thread listening on the socket. Just to tidy it up a bit more.

I’m also trying my best to keep to the quick and dirty mindset of the book, rather than going all out like in a couple of my previous posts. Feel as if I’ll procrastinate less and churn out these blogs more regularly and keep a schedule a little easier.