1
00:00:00,510 --> 00:00:01,680
Welcome back everybody.

2
00:00:01,800 --> 00:00:04,600
And let us finally finish our port scanner.

3
00:00:04,890 --> 00:00:10,220
As I mentioned in the previous video we are only left to do one small thing before our ports canneries

4
00:00:10,260 --> 00:00:12,250
complete and ready to use.

5
00:00:12,360 --> 00:00:18,450
And that is to perform the banner grabbing on the open ports to discover which services and which softwares

6
00:00:18,510 --> 00:00:24,570
are running on those open ports which can give us even more detail and information that we can use in

7
00:00:24,570 --> 00:00:25,970
our future attack.

8
00:00:25,970 --> 00:00:26,300
OK.

9
00:00:26,790 --> 00:00:33,810
So what we need to do is let's first of all think how we can actually grab the banner from an open port.

10
00:00:33,990 --> 00:00:36,690
Well logically we need to connect to that port.

11
00:00:36,690 --> 00:00:43,140
We need to try to receive something from that open port and then read that information that we received

12
00:00:43,200 --> 00:00:44,650
from that port.

13
00:00:44,730 --> 00:00:46,780
So we already performed half of that job.

14
00:00:46,950 --> 00:00:49,550
We connect to that port right here at this line.

15
00:00:50,430 --> 00:00:56,640
So all we're left to do after it is check whether that port retrieves some information or sent some

16
00:00:56,640 --> 00:00:58,130
information back to us.

17
00:00:58,170 --> 00:00:59,380
Once we connect.

18
00:00:59,400 --> 00:00:59,810
OK.

19
00:00:59,940 --> 00:01:01,490
So how can we do that.

20
00:01:01,500 --> 00:01:06,690
Well right after the Connect function we can try to retrieve the information.

21
00:01:07,090 --> 00:01:11,970
We're going to use a specific function to do that and we will store the results of that function inside

22
00:01:11,970 --> 00:01:14,610
of a variable which we will name banner.

23
00:01:14,790 --> 00:01:22,350
So banner will be equal to the function which will be called Get banner and that function will take

24
00:01:22,350 --> 00:01:25,870
as a parameter the socket object.

25
00:01:25,870 --> 00:01:31,620
So we are pasting our socket object inside of this function so we can use it inside of it and then we

26
00:01:31,620 --> 00:01:36,780
will retrieve the actual banner if we manage to get it to the banner variable.

27
00:01:36,780 --> 00:01:37,330
All right.

28
00:01:37,380 --> 00:01:39,850
So let's first of all call that function.

29
00:01:39,900 --> 00:01:46,080
We can do it right here between this can port and check I.P. function and we will call it as we already

30
00:01:46,080 --> 00:01:53,010
said get banner dysfunctional take the socket object as a parameter which we already pasted inside of

31
00:01:53,010 --> 00:02:00,360
our scan port function and all we need to return from this is we need to return the socket object and

32
00:02:00,360 --> 00:02:06,900
then dot receive which is the function that receives the data from this open port.

33
00:02:07,050 --> 00:02:11,940
We can also specify inside of the brackets which amount of bytes we want to receive.

34
00:02:11,940 --> 00:02:18,270
And usually this number is specify as thousand and twenty four bytes as we don't really need more in

35
00:02:18,270 --> 00:02:20,240
order to get and print the banner.

36
00:02:20,640 --> 00:02:20,930
OK.

37
00:02:21,000 --> 00:02:25,110
So this is the entire function the entire get banner function.

38
00:02:25,110 --> 00:02:29,670
Now we need to perform some modifications right here inside of our program.

39
00:02:29,670 --> 00:02:38,260
So we have the function right here and we try right here to store the banner inside of this variable.

40
00:02:38,270 --> 00:02:38,690
OK.

41
00:02:39,800 --> 00:02:48,230
Now if we do manage to store it we're going to print port and then the string of the port is open but

42
00:02:48,230 --> 00:02:48,980
let's change it up.

43
00:02:48,980 --> 00:02:50,510
So it looks a little bit better.

44
00:02:50,510 --> 00:02:57,180
So we're going to delete all of this and print the exact same thing just with the banner attached.

45
00:02:57,230 --> 00:02:59,160
So we're going to print something like this.

46
00:02:59,210 --> 00:03:07,070
Let's add the plus sign which means that the port is open so open port and then space will add to the

47
00:03:07,070 --> 00:03:10,960
string of the port number that we're scanning.

48
00:03:11,130 --> 00:03:18,860
So plus the string of port and then the next thing we want to do is plus and we want to add the vendor.

49
00:03:18,860 --> 00:03:29,030
Let's separate it with two dots and then add or conquered the string from the banner to our open port

50
00:03:29,060 --> 00:03:29,500
number.

51
00:03:29,870 --> 00:03:37,430
So we are going to leave it like this let me just see another thing that we need to add is another accept

52
00:03:37,430 --> 00:03:38,600
statement right here.

53
00:03:38,600 --> 00:03:45,320
So except in case we cannot get the banner we're only going to print open port and we are not going

54
00:03:45,320 --> 00:03:48,620
to print any type of banner as we didn't really manage to retrieve it.

55
00:03:48,620 --> 00:03:49,700
So open port

56
00:03:52,610 --> 00:03:57,710
plus the string of port and that is all we need to do right here.

57
00:03:57,860 --> 00:04:00,070
Now let's see whether this will work.

58
00:04:01,490 --> 00:04:10,070
If we open the terminal right here in large letters so we can see everything and navigate to patron

59
00:04:10,130 --> 00:04:18,170
projects and then port scanner then we try to run the port scanner and specify the same two websites

60
00:04:18,320 --> 00:04:23,110
as in the previous video so test BHP dot one web dot com.

61
00:04:23,660 --> 00:04:25,910
Let's first of all try with this one.

62
00:04:26,180 --> 00:04:32,360
It will scan the target and we can see right here we do manage to retrieve some of the banners from

63
00:04:32,480 --> 00:04:36,120
two different open ports securities.

64
00:04:36,140 --> 00:04:41,660
We got the banner for the open port 21 and now we know the diversion of the software running on the

65
00:04:41,660 --> 00:04:48,420
open port 21 which is the FTB port is pro-life DPD one point three point three e server.

66
00:04:48,650 --> 00:04:53,630
And what we can do with this information we can simply just copy paste pasted inside of a google and

67
00:04:53,630 --> 00:04:59,150
see whether there is any type of exploit for a specific version of the FTB server.

68
00:04:59,150 --> 00:05:03,800
We could also perform the same thing for the SSA sage which is on Port 22.

69
00:05:03,800 --> 00:05:10,130
We see that the version is a stage to point fund open as a sage five point three p 1 Debian Ubuntu.

70
00:05:10,310 --> 00:05:16,820
Then we can copy this and try to find it on Google for some and try to find some vulnerabilities for

71
00:05:16,820 --> 00:05:18,350
this version of Google.

72
00:05:18,350 --> 00:05:22,940
Simple as that but let's make our actual output a little bit prettier.

73
00:05:22,940 --> 00:05:27,500
We don't really want it to print this B and then the apostrophe.

74
00:05:27,500 --> 00:05:33,290
And we also don't want it to print this slash R or the back to the SHA backslash end which seem to just

75
00:05:33,290 --> 00:05:34,820
stand for the annual line character.

76
00:05:35,270 --> 00:05:35,650
OK.

77
00:05:35,990 --> 00:05:38,310
So let's see how we can get rid of that.

78
00:05:38,390 --> 00:05:43,850
Well in the part where we are printing the banner if we take a look at the our output we can see that

79
00:05:43,850 --> 00:05:47,630
the banner output starts with B and then apostrophe.

80
00:05:47,630 --> 00:05:55,550
That is because we haven't really decoded our banner once it actually receives the message or receives

81
00:05:55,550 --> 00:06:01,550
this thousand twenty four bytes those thousand twenty four bytes will be encoded by default in order

82
00:06:01,550 --> 00:06:04,100
for us to remove that B and the apostrophe.

83
00:06:04,100 --> 00:06:11,480
We can simply just type banner dot decode which is a function which will remove that and we also want

84
00:06:11,480 --> 00:06:14,260
to strip the new line character so how we can do that.

85
00:06:14,290 --> 00:06:23,800
Well we can add another function to this banner which is dot strip and right here we can specify backslash

86
00:06:23,890 --> 00:06:28,070
and for example let's see whether this worked.

87
00:06:28,300 --> 00:06:39,480
If I go right here and type the same Web site test BHP adopt one web dot com.

88
00:06:39,970 --> 00:06:40,770
Here it is.

89
00:06:40,780 --> 00:06:42,450
Now we got the preview output.

90
00:06:42,460 --> 00:06:50,290
If you compare this one with this one you will notice we no longer get this b apostrophe and this backslash

91
00:06:50,350 --> 00:06:52,440
R and backslash end.

92
00:06:53,100 --> 00:06:53,680
All right.

93
00:06:53,680 --> 00:06:55,880
So great our ports can it works.

94
00:06:56,020 --> 00:07:01,330
Let's also tested to see whether it works on multiple targets sorted through the screen.

95
00:07:01,570 --> 00:07:08,490
Run my port scanner specify for example three targets which one of them will be this one which we used

96
00:07:08,610 --> 00:07:11,130
in the first lectures of our port scanner.

97
00:07:11,340 --> 00:07:20,160
Then we can use the IP address on my router and then we can use the same test BHP that one web dot com

98
00:07:22,440 --> 00:07:24,690
it will go and scan one by one.

99
00:07:24,690 --> 00:07:28,140
First of all it will start with this IP address right here.

100
00:07:28,230 --> 00:07:31,250
If it manages to find open ports it will print them out.

101
00:07:31,350 --> 00:07:35,030
If it also manages to grab the banner it will also print that out.

102
00:07:35,100 --> 00:07:38,480
It also prints the banner out as well next to the open port.

103
00:07:38,640 --> 00:07:44,600
Then it will proceed to the next two targets and perform the exact same task on both of them.

104
00:07:44,610 --> 00:07:50,100
Now you might notice that some targets will go slower in scanning and some targets will go faster.

105
00:07:50,100 --> 00:07:52,070
And that is pretty much normal.

106
00:07:52,080 --> 00:07:57,600
Keep in mind that this part right here which is the socket that set time out is crucial in order to

107
00:07:57,600 --> 00:08:00,340
get more or less accurate scan.

108
00:08:01,080 --> 00:08:06,450
If we simply just remove this line then some actual targets might be scanning for hours depending on

109
00:08:06,450 --> 00:08:12,210
the distance and the open ports that they have and also the services that they are running sometimes

110
00:08:12,300 --> 00:08:15,210
might take longer to connect to those ports and so on and so on.

111
00:08:15,600 --> 00:08:20,400
Therefore it is always good to set the time out so you don't have to wait an hour day for your scan

112
00:08:20,400 --> 00:08:26,990
to finish but by lowering this time out you will also lose the accuracy of your scan.

113
00:08:27,010 --> 00:08:32,320
For example let's say we have a port that takes one second to connect to and you said the time out zero

114
00:08:32,320 --> 00:08:33,520
point five seconds.

115
00:08:33,970 --> 00:08:39,370
Well then after zero point five seconds it will determine that this port is closed even though it is

116
00:08:39,370 --> 00:08:39,690
not.

117
00:08:39,700 --> 00:08:41,670
It just takes longer to connect it.

118
00:08:42,010 --> 00:08:47,110
Therefore you will lose the accuracy and you will not know that that port is open.

119
00:08:47,110 --> 00:08:52,420
So this part right here which is a time out is completely up to you you can change it to whichever time

120
00:08:52,420 --> 00:08:53,560
you want.

121
00:08:53,590 --> 00:08:58,890
Let's go back to our scan and we can see all three scans have finished on the first target.

122
00:08:58,900 --> 00:09:00,640
We only found one open port.

123
00:09:00,640 --> 00:09:04,420
We didn't manage to retrieve any band for it on my router.

124
00:09:04,420 --> 00:09:10,690
We found four open ports and port 22 sent the panel back to us and now we know which version of software

125
00:09:10,690 --> 00:09:11,440
it is running.

126
00:09:12,280 --> 00:09:17,700
And the target number three we already scanned and we got the exact same result.

127
00:09:17,710 --> 00:09:18,030
OK.

128
00:09:18,070 --> 00:09:20,290
So our ports Canada is complete.

129
00:09:20,560 --> 00:09:26,560
It can scan multiple targets it retrieves the banners and now we are ready to use it for our penetration

130
00:09:26,560 --> 00:09:27,140
testing.

131
00:09:27,480 --> 00:09:27,840
OK.

132
00:09:28,180 --> 00:09:33,400
So in the next video we're going to go really fast over this code so we can explain it once again for

133
00:09:33,400 --> 00:09:38,140
those of you that have some inconvenience or if there is something that you do not understand will simply

134
00:09:38,140 --> 00:09:44,290
just go fast through that code and then we are going to see how we can also import our port scanner

135
00:09:44,530 --> 00:09:47,500
into another python program if we want to.

136
00:09:48,010 --> 00:09:52,050
After that video we're going to proceed to our next project.

137
00:09:52,150 --> 00:09:52,390
OK.

138
00:09:52,390 --> 00:09:55,990
So thank you for watching this video and I will see you in the next one by.