Vulnerability scanning is a crucial aspect of maintaining the security of computer systems and networks. It is the process of identifying and analyzing the security weaknesses and vulnerabilities present in a network or computer system. The goal is to identify potential attack vectors and prioritize remediation efforts to prevent security breaches. Vulnerability scanners use various techniques, such as port scanning and vulnerability checks, to identify potential vulnerabilities. By performing regular vulnerability scans, organizations can reduce the risk of security breaches and protect sensitive information. Vulnerability scanning is just one aspect of a comprehensive security strategy, but it is an important step in protecting against cyber threats.
What is a Vulnerability Scanning ?
Vulnerability scanning is a process of identifying and assessing potential security weaknesses in a computer system, network, or web application. This is typically done through automated tools that scan for known vulnerabilities, missing patches, and other security issues, and provide a report with recommendations for remediation. The goal of vulnerability scanning is to detect security risks before they can be exploited by attackers.
A vulnerability scanner works by analyzing a target system, network, or web application to identify potential security weaknesses and vulnerabilities. The process usually involves the following steps:
- Discovery: The scanner identifies all assets within the target environment and creates an inventory of the systems, network devices, and applications that need to be scanned.
- Scanning: The scanner then runs tests against these assets to identify known vulnerabilities, missing patches, misconfigurations, and other security issues. This can be done using a database of known vulnerabilities and exploits, signature-based detection, or other techniques.
- Analysis: The results of the scans are analyzed to determine the severity of the vulnerabilities and the potential impact on the target environment. The scanner also provides recommendations for remediation, including steps to reduce risk and improve security.
- Reporting: The results of the scans are presented in a report, which provides a detailed overview of the vulnerabilities found, their severity, and the recommended remediation steps.
Vulnerability scanners are useful for organizations looking to proactively identify and address security risks, and for individuals looking to improve their overall security posture. However, it’s important to keep in mind that no scanner is 100% effective, and manual testing and verification may still be required to identify all potential vulnerabilities.
Discover: How to Make Ransomware with Python
Let’s Start
Converting port scanner into a class
Here is a port scanner class as depicted below. what we just did is defining the class name “class portscan()” at the first, also we defined two lists “banners” and “open_ports” that we will use to store the discovered open ports and banners. Then we defined the “init()” function that a reserved function in python with two parameters or attributes “target” and “port_num”. This function initializes the attributes of the obiects that will be created of this class. The “self” represents the instance or the object of the class. We use “self” keyword to access the attributes and methods of the class in python. After that, we modified the scan() function by placing the converted_ip variable into scan_port() function instead of scan() function and removing the print statement as we do not need it anymore. Also, we removed the get_banner() function and replaced it by defining a banner variable at the scan_port() function.
import socket
from IPy import IP
class portscan():
banners = []
open_ports = []
def __init__(self, target, port_num):
self.target = target
self.port_num = port_num
def scan(self):
for port in range(1, self.port_num):
self.scan_port(port)
def check_ip(self):
try:
IP(self.target)
return(self.target)
except ValueError:
return socket.gethostbyname(self.target)
def scan_port(self, port):
try:
converted_ip = self.check_ip()
sock = socket.socket()
sock.settimeout(0.5)
sock.connect((converted_ip, port))
self.open_ports.append(port)
try:
banner = sock.recv(1024).decode().strip('\n').strip('\r')
self.banners.append(banner)
except:
self.banners.append(' ')
sock.close()
except:
pass
Writing the vulnerability scanner script
Step 1: Importing port scanner class
We import the port scanner class that contains all the required libraries, variables, and functions.
# Python code snippet
import portscanner
Step 2: Asking user for input
We ask a user to enter the target_ip, port_number, and vul_file that contain the common vulnerabilities list.
# Python code snippet
targets_ip = input('[+] * Enter Target To Scan For Vulnerable Open Ports: ')
port_number = int(input('[+] * Enter Amount Of Ports You Want To Scan (500 - First 500 Ports): '))
vul_file = input('[+] * Enter Path To The File With Vulnerable Softwares: ')
print('\n')
Step 3: Discovering the vulnerable ports
At the first, we define a port scanner object “target” and pass the two parameters that the user specified them “targets_ip” and “port_number” to initialize them at the port scanner constructor “init()”. Then we call the scan() function that calls all the other functions of the port scanner class on our defined object “target”. After that, we open the “vul_file” with a read option ‘r’. Also we create the count variable to keep track of the banners with the corresponding open ports and increase it after each new banner selected. Then we implement a nested for loop to iterate over the banners list and compare each banner with each line of the vul_file. If the banner is existed in the vul_file, then we have found a vulnerable service and print it with the corresponded port. We use “file.seek(0)” to set the pointer at the first line of the vul_file at each time we select a new banner.
#Python code snippet
target = portscanner.portscan(targets_ip, port_number)
target.scan()
with open(vul_file,'r') as file:
count = 0
for banner in target.banners:
file.seek(0)
for line in file.readlines():
if line.strip() in banner:
print('[!!] VULNERABLE BANNER: "' + banner + '" ON PORT: ' + str(target.open_ports[count]))
count += 1
The complete vulnerability scanner script
Here is a final vulnerability scanner script as depicted below.
import portscanner
targets_ip = input('[+] * Enter Target To Scan For Vulnerable Open Ports: ')
port_number = int(input('[+] * Enter Amount Of Ports You Want To Scan (500 - First 500 Ports): '))
vul_file = input('[+] * Enter Path To The File With Vulnerable Softwares: ')
print('\n')
target = portscanner.portscan(targets_ip, port_number)
target.scan()
with open(vul_file,'r') as file:
count = 0
for banner in target.banners:
file.seek(0)
for line in file.readlines():
if line.strip() in banner:
print('[!!] VULNERABLE BANNER: "' + banner + '" ON PORT: ' + str(target.open_ports[count]))
count += 1
Script output
We test our script in the virualbox environment that consisted of two virtual machines (Kali Linux and Metasploitable). We run the script in the kali linux machine to scan our target which is the metasploitable machine. And here is our script results.
As depicted in the image above, we successfully discovered two vulnerable services are running over the metasploitable machine.
Note: Keep the vulnerability scanner script, port scanner class, and the vulnerable banners text file in the same directory/folder.
Discover: How to Create Malware in Python Practically
FAQ
- What is vulnerability scanning?
Vulnerability scanning is the process of identifying and analyzing the security weaknesses and vulnerabilities in a network or computer system. The goal is to identify potential attack vectors and prioritize remediation efforts.
- What does a vulnerability scanner do?
A vulnerability scanner automates the process of identifying vulnerabilities in a network or computer system. It uses various techniques, such as port scanning and vulnerability checks, to identify potential security weaknesses.
- Why is vulnerability scanning important?
Vulnerability scanning is important because it helps organizations understand the potential risks to their systems and data. By identifying and addressing vulnerabilities, organizations can reduce the risk of security breaches and protect sensitive information.
- What are the types of vulnerability scanning?
There are two main types of vulnerability scanning: network-based and host-based. Network-based scans are performed from a remote location and examine network configurations and vulnerabilities, while host-based scans examine the vulnerabilities of individual systems.
- What are the benefits of vulnerability scanning?
The benefits of vulnerability scanning include: improved security posture, early identification of security weaknesses, reduction in the risk of security breaches, and improved compliance with security standards.
- How does a vulnerability scanner work?
A vulnerability scanner works by using various techniques, such as port scanning and vulnerability checks, to identify potential security weaknesses in a network or computer system. The scanner typically begins by creating a map of the target environment and then performs various tests to identify vulnerabilities. The results of the scan are then analyzed and used to prioritize remediation efforts.
- What are some common vulnerabilities that a vulnerability scanner can identify?
Some common vulnerabilities that a vulnerability scanner can identify include: unpatched software, weak passwords, open ports, and outdated operating systems. The specific vulnerabilities that a scanner can identify will depend on the capabilities of the scanner and the configuration of the target environment.
Discover:Create SQL Injection Payloads
Conclusion
In conclusion, vulnerability scanning is an important aspect of maintaining the security of computer systems and networks. It helps organizations identify potential security weaknesses and prioritize remediation efforts. Vulnerability scanners can use various techniques, such as port scanning and vulnerability checks, to identify potential vulnerabilities. By performing regular vulnerability scans and addressing identified vulnerabilities, organizations can reduce the risk of security breaches and protect sensitive information. However, it’s important to note that vulnerability scanning is just one aspect of a comprehensive security strategy, and organizations should also implement additional measures, such as access controls, network segmentation, and incident response planning, to further protect their systems and data.