-
Notifications
You must be signed in to change notification settings - Fork 1
/
subdisc.py
184 lines (150 loc) · 4.37 KB
/
subdisc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
#!/usr/bin/python3
# https://github.com/n0nexist/SubnetDiscovery
import os
import sys
import socket
import threading
import time
import re
def restartProgram():
""" restarts itself """
os.execl(sys.executable, sys.executable, *sys.argv)
try:
from scapy.all import ARP, Ether, srp, conf
except ImportError:
print("\033[31mInstalling scapy...")
os.popen("pip3 install scapy").read()
restartProgram()
try:
import ipaddress
except ImportError:
print("\033[31mInstalling ipaddress...")
os.popen("pip3 install ipaddress").read()
restartProgram()
try:
import manuf
except ImportError:
print("\033[31mInstalling manuf...")
os.popen("pip3 install manuf").read()
restartProgram()
print("""\033[35m
_ _ _
___ _ _| |_ _| |_|___ ___
|_ -| | | . | . | |_ -| _|
|___|___|___|___|_|___|___|
\033[36m·\033[35m subnet discovery tool
\033[36m·\033[35m github.com/n0nexist
""")
parser = manuf.MacParser()
waiting_hosts = []
port_service_list = [
(20, "FTP Data"),
(21, "FTP Control"),
(22, "SSH"),
(23, "Telnet"),
(25, "SMTP"),
(53, "DNS"),
(80, "HTTP"),
(110, "POP3"),
(143, "IMAP"),
(443, "HTTPS"),
(465, "SMTPS"),
(587, "SMTP (Submission)"),
(993, "IMAPS"),
(995, "POP3S"),
(3306, "MySQL"),
(5432, "PostgreSQL"),
(8080, "HTTP Proxy"),
(5555, "ADB"),
(8008, "ChromeCast")
]
try:
if sys.argv[1]:
print(f"""
SubnetDiscovery 1.1 by n0nexist.github.io
usage: {sys.argv[0]} (without arguments)
""")
exit(-1)
except Exception:
pass
def getSubnet():
""" returns the current subnet """
subnets = os.popen("ip addr").read().split("inet ")
for x in range(len(subnets)):
if x>0:
y = subnets[x].split(" ")[0]
print(f"\033[0;36m{x}\033[0m) \033[4;32m{y}\033[0m")
return subnets[int(input("\n\033[36msubnet: "))].split(" ")[0]
def macAddrInfo(mac_address):
""" gets info from a mac address """
global parser
try:
return parser.get_manuf(mac_address)
except Exception as e:
return f"Error: {str(e)}"
def appendToFile(stri):
""" appends a string to the subdisc.txt file """
try:
f = open("subdisc.txt","a")
f.write(stri)
f.close()
except Exception as e:
print(f"\033[31m{e}")
def check_port(host, port, result):
""" checks wether a port is open on a remote host """
s = socket.socket()
s.settimeout(2)
if s.connect_ex((host, port)) == 0:
try:
service = "\033[4;37m"+[service for p, service in port_service_list if p == port][0]
except:
service = f"\033[2;31m<unknown>"
result.append(f"\033[1;34m{port}\033[30m - {service}\033[0m")
s.close()
def getPorts(host):
""" function to check common ports on a host """
open_ports = []
threads = []
for port in range(1,1024):
thread = threading.Thread(target=check_port, args=(host, port, open_ports))
threads.append(thread)
thread.start()
for thread in threads:
thread.join()
return open_ports
def remove_ansi_escape(text):
""" removes ansi escape codes from a string """
ansi_escape = re.compile(r'\033\[[0-9;]*m')
return ansi_escape.sub('', text)
def processHost(sent,received):
""" prints information about an host """
ip = received.psrc
mac = received.hwsrc
try:
hostname = socket.gethostbyaddr(ip)[0]
except:
hostname = "unknown hostname"
infoString = f"\033[36m{ip}\033[0m <> \033[1;35m{hostname}\033[0m <> \033[91m{mac}\033[3;37m ({macAddrInfo(mac)})\033[0m"
result = getPorts(ip)
for port_info in result:
infoString += f"\n{port_info}"
infoString += "\n"
purgedString = remove_ansi_escape(infoString)
print(infoString)
appendToFile(purgedString+"\n")
def discover():
""" discovers other hosts in the subnet """
subnet = getSubnet()
destination = "ff:ff:ff:ff:ff:ff"
arp = ARP(pdst=subnet)
ether = Ether(dst=destination)
packet = ether/arp
print(f"\033[1;91mSending arp packets to \033[0;36m{subnet}\033[0m ->\033[1;37m {destination}\033[0m...")
result = srp(packet, timeout=3, verbose=1)[0]
for sent, received in result:
threading.Thread(target=processHost,args=(sent,received,)).start()
try:
discover()
except Exception as e:
print(f"\033[31m{e}")
exit(-1)