items in the list contain all the following command line arguments. Thus, if we are only passing one additional argument, sys.argv should contain two items.
import sys
if len(sys.argv)==2:
filename = sys.argv[1]
print “[+] Reading Vulnerabilities From: “+filename
Running our code snippet, we see that the code successfully parses the command line argument and prints it to the screen. Take the time to examine the entire sys module for the wealth of capabilities it provides to the programmer.
programmer$ python vuln-scanner.py vuln-banners.txt
[+] Reading Vulnerabilities From: vuln-banners.txt
OS Module
The built-in OS module provides a wealth of OS routines for Mac, NT, or Posix operating systems. This module allows the program to independently interact with the OS environment, file-system, user database, and permissions. Consider, for example, the last section, where the user passed the name of a text file as a command line argument. It might prove valuable to check to see if that file exists and the current user has read permissions to that file. If either condition fails, it would be useful to display an appropriate error message to the user.
import sys
import os
if len(sys.argv) == 2:
filename = sys.argv[1]
if not os.path.isfile(filename):
print ‘[-] ‘ + filename + ‘ does not exist.’
exit(0)
if not os.access(filename, os.R_OK):
print ‘[-] ‘ + filename + ‘ access denied.’
exit(0)
print ‘[+] Reading Vulnerabilities From: ‘ + filename
To verify our code, we initially try to read a file that does not exist, which causes our script to print an error. Next, we create the specific filename andsuccessfully read it. Finally, we restrict permission and see that our script correctly prints the access-denied message.
programmer$ python test.py vuln-banners.txt
[-] vuln-banners.txt does not exist.
programmer$ touch vuln-banners.txt
programmer$ python test.py vuln-banners.txt
[+] Reading Vulnerabilities From: vuln-banners.txt
programmer$ chmod 000 vuln-banners.txt
programmer$ python test.py vuln-banners.txt
[-] vuln-banners.txt access denied.
We can now reassemble all the various pieces and parts of our Python vulnerability-scanning script. Do not worry if it appears pseudo-complete, lacking the ability to use threads of execution or better command line option parsing. We will continue to build upon this script in the following chapter.
Import socket
import os
import sys
def retBanner(ip, port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip, port))
banner = s.recv(1024)
return banner
except:
return
def checkVulns(banner, filename):
f = open(filename, ‘r’)
for line in f.readlines():
if line.strip(‘\n’) in banner:
print ‘[+] Server is vulnerable: ‘ +\
banner.strip(‘\n’)
def main():
if len(sys.argv) == 2:
filename = sys.argv[1]
if not os.path.isfile(filename):
print ‘[-] ‘ + filename +\
‘ does not exist.’
exit(0)
if not os.access(filename, os.R_OK):
print ‘[-] ‘ + filename +\
‘ access denied.’
exit(0)
else:
print ‘[-] Usage: ‘ + str(sys.argv[0]) +\
‘ ’
exit(0)
portList = [21,22,25,80,110,443]
for x in range(147, 150):
ip = ‘192.168.95.’ + str(x)
for port in portList:
banner = retBanner(ip, port)
if banner:
print ‘[+] ‘ + ip + ‘: ‘ + banner
checkVulns(banner, filename)
if __name__ == ‘__main__’:
main()
Your First Python Programs
With an understanding how to build Python scripts, let us begin writing our first two programs. As we move forward, we will describe a few anecdotal stories that emphasize the need for our scripts.
Setting