Merge pull request #11 from atarantini/feature-port-#6

Feature custom port support
atarantini · Sep 29, 2015 · 8a12fdb · 8a12fdb
2 parents 703d213 + 2596d5d
commit 8a12fdb
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 24 deletions.
diff --git a/README.rst b/README.rst
@@ -13,6 +13,7 @@ powerfull target selection and `Paramiko`_ to test credentials.
     :depth: 2
     :backlinks: none
 
+
 Usage
 -----
 
@@ -27,7 +28,7 @@ Scan your own machine:
     2015-06-08 21:17:03,892 - sshdefaultscan - DEBUG - 127.0.0.1 Seems to have SSH open
     2015-06-08 21:17:06,001 - sshdefaultscan - INFO - 127.0.0.1 Logged in with root:root in 2.11s
 
-You local network, with ``--fast`` to improve speed:
+Your local network, with ``--fast`` to improve speed:
 
 .. code-block:: bash
 
@@ -68,25 +69,39 @@ All the stuff:
 
 .. code-block:: bash
 
-    sshdefaultscan.py [-h] [-u USERNAME] [-p PASSWORD] hosts
+    usage: sshdefaultscan.py [-h] [--username USERNAME] [--password PASSWORD]
+                             [--port PORT] [--fast] [--batch]
+                             [--batch-template BATCH_TEMPLATE]
+                             hosts
+
+    Scan networks for SSH servers with default username and password.
 
     positional arguments:
       hosts                 An IP address for a hostname or network, ex:
                             192.168.1.1 for single host or 192.168.1.1-254 for
-                            network
+                            network.
 
     optional arguments:
-      -h, --help            Show this help message and exit
-      -u USERNAME, --username USERNAME
-                            Set username, default is "root"
-      -p PASSWORD, --password PASSWORD
-                            Set password, default is "root"
-      --fast                Change timeout settings for the scanner in order to scan faster (T5)
-      --batch               Output only hosts, handy to use with unix pipes.
+      -h, --help            show this help message and exit
+
+      --username USERNAME   Set username, default is "root".
+
+      --password PASSWORD   Set password, default is "root".
+
+      --port PORT           Set port, default is 22.
+
+      --fast                Change timeout settings for the scanner in order to
+                            scan faster (T5).
+
+      --batch               Batch mode will only output hosts, handy to use with
+                            unix pipes.
+
       --batch-template BATCH_TEMPLATE
-                            Change batch mode output template, default is "{host}". Available
-                            context variables: host, username, password. Ex: "{username}@{host}"
-                            will return "root@192.168.0.1" as output when running in batch mode.
+                            Change batch mode output template, default is
+                            "{host}". Available context variables: host, username,
+                            password. Ex: "{username}@{host}" will return
+                            "root@192.168.0.1" as output when running in batch
+                            mode.
 
 
 Install
@@ -206,6 +221,10 @@ don't do anything harmful :)
 Changelog
 ---------
 
+``0.3.0`` - 2015-09-17
+    * Added ``--port`` parameter to set custom SSH port.
+    * Handle socket error when making SSH connection.
+
 ``0.2.1`` - 2015-07-03
     * Batch mode custom output with ``--batch-template``.
     * Improved scan speed (in both normal and ``--fast``) by disabling reverse DNS resolution.

diff --git a/sshdefaultscan.py b/sshdefaultscan.py
@@ -6,6 +6,7 @@
 """
 import argparse
 import logging
+import socket
 from time import time
 
 import nmap
@@ -16,7 +17,7 @@
 BATCH_TEMPLATE_DEFAULT = '{host}'
 
 
-def out(hostname, username, password, template='{host}'):
+def out(hostname, username, password, port, template='{host}'):
     """
     Return a string to be used as output when "--batch" mode is enabled
 
@@ -32,7 +33,8 @@ def out(hostname, username, password, template='{host}'):
     return template.format(
         host=hostname,
         username=username,
-        password=password
+        password=password,
+        port=port
     )
 
 #
@@ -46,8 +48,9 @@ def out(hostname, username, password, template='{host}'):
     # Parse command line arguments
     parser = argparse.ArgumentParser(description='Scan networks for SSH servers with default username and password.')
     parser.add_argument('hosts', help='An IP address for a hostname or network, ex: 192.168.1.1 for single host or 192.168.1.1-254 for network.')
-    parser.add_argument('-u', '--username', help='Set username, default is "root".', default=SSH_DEFAULT_USERNAME)
-    parser.add_argument('-p', '--password', help='Set password, default is "root".', default=SSH_DEFAULT_PASSWORD)
+    parser.add_argument('--username', help='Set username, default is "root".', default=SSH_DEFAULT_USERNAME)
+    parser.add_argument('--password', help='Set password, default is "root".', default=SSH_DEFAULT_PASSWORD)
+    parser.add_argument('--port', help='Set port, default is 22.', default='22')
     parser.add_argument('--fast', help='Change timeout settings for the scanner in order to scan faster (T5).', default=False, action='store_true')
     parser.add_argument('--batch', help='Batch mode will only output hosts, handy to use with unix pipes.', default=False, action='store_true')
     parser.add_argument('--batch-template', help='Change batch mode output template, default is "{host}". Available context variables: host, username, password. Ex: "{username}@{host}" will return "root@192.168.0.1" as output when running in batch mode.', default=BATCH_TEMPLATE_DEFAULT)
@@ -83,7 +86,7 @@ def out(hostname, username, password, template='{host}'):
     if args.fast:
         nmap_arguments.append('-T5')
     nm = nmap.PortScanner()
-    scan = nm.scan(args.hosts, '22', arguments=' '.join(nmap_arguments))
+    scan = nm.scan(args.hosts, args.port, arguments=' '.join(nmap_arguments))
     stats = scan.get('nmap').get('scanstats')
     logger.debug(
         '{up} hosts up, {total} total in {elapsed_time}s'.format(
@@ -93,12 +96,12 @@ def out(hostname, username, password, template='{host}'):
         )
     )
     for host, data in list(scan.get('scan').items()):
-        if data.get('tcp') and data.get('tcp').get(22).get('state') == 'open':
+        if data.get('tcp') and data.get('tcp').get(int(args.port)).get('state') == 'open':
             hosts.append(host)
             logger.debug('{host} Seems to have SSH open'.format(host=host))
 
     if not hosts:
-        logger.debug('No hosts found with port 22 open.')
+        logger.debug('No hosts found with port {port} open.'.format(port=args.port))
         exit()
 
     ###########################################################################
@@ -113,11 +116,12 @@ def out(hostname, username, password, template='{host}'):
             ssh.connect(
                 host,
                 username=args.username,
-                password=args.password
+                password=args.password,
+                port=int(args.port)
             )
 
             if args.batch:
-                print(out(host, args.username, args.password, template=args.batch_template))
+                print(out(host, args.username, args.password, args.port, template=args.batch_template))
 
             logger.info('{host} Logged in with {username}:{password} in {elapsed_time}s'.format(
                 host=host,
@@ -127,10 +131,11 @@ def out(hostname, username, password, template='{host}'):
             ))
         except (
             paramiko.ssh_exception.AuthenticationException,
-            paramiko.ssh_exception.SSHException
+            paramiko.ssh_exception.SSHException,
+            socket.error
         ) as e:
             logger.debug('{host} {exception} ({elapsed_time}s)'.format(
                 host=host,
                 exception=e,
                 elapsed_time=round(time() - start_time, 2)
-            ))
+            ))