Network Scanner

Simple python script which uses pcap, arp-scan, and avahi to:

1. Find hosts that are on the LAN passively
2. Uses an arp-ping to actively identify hosts
3. Scan each host to determine open ports and services
4. Store record of hosts in JSON file, html webpage, or prints to screen

Note: Since IP addresses change, the hosts are fingerprinted via their MAC address.

Install

sudo apt-get install libpcap-dev arp-scan
git clone https://github.com/AllGloryToTheHypnotoad/netscan2.git
cd netscan2
python setup.py install
pip install -e .

Run

To run:

python ascan.py -h
usage: A simple active network recon program. It conducts an arp
ping to get MAC addresses and IPv4 addresses. Avahi or dig are used to get host
names. It also scans for open ports on each host. The information is printed to the
screen, saved to a json file, or sent to another computer

examples:

sudo netscan -i en1 -s network.json -r 5000
sudo netscan -j http://localhost:9000/json

[-h] [-i INTERFACE] [-s SAVE] [-r RANGE]

optional arguments:
-h, –help show this help message and exit
-i INTERFACE, –interface INTERFACE
network interface to use
-s SAVE, –save SAVE save output to a file
-r RANGE, –range RANGE
range of active port scan: 1..n

python capture.py -h
usage:
Grabs packets from an interface (default: en1) and writes them to a file
(default: network.pcap).
example:

capture -s filename -i iface -f ‘tcp’

[-h] [-i INTERFACE] [-f FILTER] [-s SAVE]

optional arguments:
-h, –help show this help message and exit
-i INTERFACE, –interface INTERFACE
network interface to use
-f FILTER, –filter FILTER
filters to pass to libpcap
-s SAVE, –save SAVE save output to a file

python gethostname.py -h
usage: Find the hostname of a computer given its ip address. This
only works on linux and OSX.

example:

gethostname 123.1.1.123

[-h] ip

positional arguments:
ip ip address to get hostname for

optional arguments:
-h, –help show this help message and exit

python getvendor.py -h
usage: Determines host vendor given the MAC address.
example:
getvendor 11:22:33:44:55:66 –full
getvendor 11:22:33:44:55:66

[-h] [-f] mac

positional arguments:
mac mac address of host

optional arguments:
-h, –help show this help message and exit
-f, –full return full json output for vendor

python ipwhois.py -h
usage: Returns the record (dictionary) for an IP address
ipwhois 184.84.180.122
{
u’CIDR’: u’184.84.0.0/14′,
u’NetHandle’: u’NET-184-84-0-0-1′,
u’NetName’: u’AKAMAI’,
u’NetRange’: u’184.84.0.0 – 184.87.255.255′,
u’NetType’: u’Direct Allocation’,
u’Organization’: u’Akamai Technologies, Inc. (AKAMAI)’,
u’OriginAS’: u”,
u’Parent’: u’NET184 (NET-184-0-0-0-0)’,
u’Ref’: u’http’,
u’RegDate’: u’2010-03-03′,
u’Updated’: u’2012-03-02′
}

[-h] host

positional arguments:
host ip address or name

optional arguments:
-h, –help show this help message and exit

Copyright (c) 2015 Kevin J. Walchko

Source: https://github.com/AllGloryToTheHypnotoad/