In [3]:
import socket 
import requests 
def get_domain_info(domain): 
    try: 
        # Get IP address (active but low-risk) 
        ip = socket.gethostbyname(domain) 
        print(f"IP Address: {ip}") 
        # Get public WHOIS-like info (passive, using a free API) 
        response = requests.get(f"https://ipapi.co/{ip}/json/") 
        if response.status_code == 200: 
            data = response.json() 
            print(f"Organization: {data.get('org', 'Unknown')}") 
            print(f"City: {data.get('city', 'Unknown')}") 
            print(f"Country: {data.get('country_name', 'Unknown')}") 
        else: 
            print("Could not fetch WHOIS data.") 
    except Exception as e: 
        print(f"Error: {e}") 
    # Example: Use a public domain (never use without permission!) 
get_domain_info("python.com")

IP Address: 185.158.133.1
Could not fetch WHOIS data.


performs a low-risk active reconnaissance step using socket.gethostbyname to resolve the domain name python.com into its IP address. It then performs a passive reconnaissance step using the requests library to query a public, third-party API (ipapi.co) for geographic and organizational information associated with that IP address, mimicking WHOIS data collection.

In [4]:
import requests 
def black_box_recon(url): 
    try: 
        response = requests.head(url) 
        print("Black Box Findings:") 
        print(f"Server: {response.headers.get('Server', 'Unknown')}") 
        print(f"Content-Type: {response.headers.get('Content-Type', 'Unknown')}") 
    except Exception as e: 
        print(f"Error: {e}") 
url = "http://python.com" 
known_info = {"server": "Apache 2.4", "vulns": "Check CVE-2021-1234"} 
black_box_recon(url) 

Black Box Findings:
Server: cloudflare
Content-Type: Unknown


performs reconnaissance by sending an efficient HTTP HEAD request to a target URL (http://python.com) to retrieve metadata without downloading the entire page content. The script extracts and prints specific information from the response headers, namely the Server type and Content-Type, which helps an attacker understand the underlying technology stack of the target.

In [5]:
import socket 
def scan_ports(host, ports): 
    open_ports = [] 
    for port in ports: 
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 
        sock.settimeout(1) 
        result = sock.connect_ex((host, port)) 
        if result == 0: 
            open_ports.append(port) 
            sock.close() 
    return open_ports 
host = "127.0.0.1" 
ports = [80, 443, 22, 8080] 
open_ports = scan_ports(host, ports) 
print(f"Open ports on {host}: {open_ports}") 

Open ports on 127.0.0.1: []


 script defines a function, scan_ports, which attempts to establish a TCP connection to a list of specified ports on a target host (127.0.0.1) using socket.connect_ex. It confirms which of the tested ports (80, 443, 22, 8080) are open by checking for a return code of 0, and then prints the list of services found running on those ports.

In [7]:
import nmap 
def nmap_scan(host, port_range='1-1024'): 
    nm = nmap.PortScanner() 
    try: 
        nm.scan(host, port_range, arguments='-sV')  
        for host in nm.all_hosts(): 
            print(f"Host: {host} ({nm[host].hostname()})") 
            print(f"State: {nm[host].state()}") 
            for proto in nm[host].all_protocols(): 
                print(f"Protocol: {proto}") 
                lport = nm[host][proto].keys() 
                for port in sorted(lport): 
                    service = nm[host][proto][port] 
                    print(f"Port: {port}\tState: {service['state']}\tService: {service.get('name', 'unknown')} {service.get('version', '')}") 
    except Exception as e: 
        print(f"Error: {e}") 
# Example: Scan localhost 
nmap_scan('127.0.0.1', '1-10')

PortScannerError: 'nmap program was not found in path. PATH is : c:\\Users\\blabb\\Portfolio\\.venv\\Scripts;C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\java8path;C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\System32\\OpenSSH\\;C:\\Program Files (x86)\\NVIDIA Corporation\\PhysX\\Common;C:\\Program Files\\NVIDIA Corporation\\NVIDIA app\\NvDLISR;C:\\Program Files\\Git\\cmd;C:\\Program Files\\nodejs\\;C:\\Program Files\\dotnet\\;C:\\Users\\blabb\\AppData\\Local\\Microsoft\\WindowsApps;C:\\Users\\blabb\\AppData\\Local\\Programs\\Microsoft VS Code\\bin;C:\\Users\\blabb\\AppData\\Roaming\\npm;C:\\Users\\blabb\\AppData\\Local\\Programs\\mongosh\\;C:\\Users\\blabb\\AppData\\Local\\Programs\\MiKTeX\\miktex\\bin\\x64\\;C:\\Users\\blabb\\AppData\\Local\\Python\\bin;C:\\Users\\blabb\\AppData\\Local\\Programs\\Ollama'

demonstrates using the python-nmap wrapper to execute an Nmap scan. it performs a service and version detection scan on the local machine (127.0.0.1) across ports 1 through 10, then prints detailed information about the state, service, and version of any discovered listening ports.