'''OWASP PHP Portscanner Project'''

From OWASP
Revision as of 08:54, 11 September 2013 by Bhavesh Naik (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

OWASP PHP PortScanner Project

PHP Sockets Fundamentals

Sockets

Sockets are just an abstraction of a low-level feature of the operating system. It is a software endpoint that establishes a bi-directional communication between the server and client program with a specific port on a machine where it runs so many client programs anywhere in the network with the socket associated with the same port. Network communication using sockets is similar to performing file I/O (a socket handle is treated like a file handle).

Creating sockets in PHP:

resource socket_create ( int $domain , int $type , int $protocol )

Refer to Creating sockets[1] for a detailed description on creating a socket string.

Initiate a connection on a socket:

bool socket_connect ( resource $socket , string $address [, int $port = 0 ] )

Refer to Initiating sockets[2] for detailed description on initializing a socket connection.

Close a socket:

void socket_close ( resource $socket )

Refer to Closing sockets[3] for detailed description on closing socket connections. Why close a connection? Well, because to create every new socket connection to a client we need to disconnect or close the previous session.

Why sockets?

Since, sockets are used for communication over network and has the ability to connect to the IP address and the specific port, we will use this feature to our advantage in creating a port scanner. Something like connecting a IP along with the port number and testing if the script was able to establish a connection with the target IP and target port, thereby allowing us to find open ports on the target host machine.

The script is limited to TCP socket connections and IP v4 addresses.

Note: Here index.html is the file for taking user input and port.php is the server-side PHP script for processing results.

index.html

               <html>
                    <head>
                        <title>PORT SCANNER</title>
                        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
                    </head>
                    <body>
                    <h1>Port Scanner</h1>
                        <div>
                            <center style="{background:grey;
                                    font-size:20px;
                                    box-shadow:10px 10px 5px #888888;
                                    border:8px solid #ffcc00;
                                    padding:8px 5px;
                                    border-style:inset;
                                    }">
                              <form name="form1" method="post" action="port.php">
                                  ENTER TARGET IP:
                                  <input type="text" name="ip" style="{
                                         background:BLACK;
                                         color:white;
                                         font-size:20px;
                                         box-shadow:10px 10px 5px #888888;
                                         border:8px solid #ffcc00;
                                         padding:8px 5px;
                                         border-style:inset;
                                         }">
                                  <br>
                                  <br>
                                                   
                                  FROM:
                                  <input type="text" name="from" style="{
                                         background:BLACK;
                                         color:white;
                                         font-size:20px;
                                         box-shadow:10px 10px 5px #888888;
                                         border:8px solid #ffcc00;
                                         padding:8px 5px;
                                         border-style:inset;
                                         }">
                                  <br>
                                  <br>
                                      
                                  ENDING PORT:
                                  <input type="text" name="to" style="
                                         background:BLACK;
                                         color:white;
                                         font-size:20px;
                                         box-shadow:10px 10px 5px #888888;
                                         border:8px solid #ffcc00;
                                         padding:8px 5px;
                                         border-style:inset;
                                         }">
                                  <br>
                                  <br>
                                  <input type="submit" value="Scan" style="{
                                         background:#ADFF2F;
                                         box-shadow:10px 10px 5px #888888;
                                         border:8px solid #ffcc00;
                                         padding:8px 5px;
                                         border-style:outset;
                                         font-weight:bold;
                                         }">
                        </div>
                    </body>
                </html>


port.php

          <!DOCTYPE html>
                <html>
                    <head>
                        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
                        <style>
                            #field
                            {
                             margin:10px 250px;
                             box-shadow:10px 10px 5px #888888;
                             opacity:0.9;
                             position:absolute;
                             background:#FFFFCC;
                             border:8px solid #ffcc00;
                             padding:8px 5px;
                             border-radius:10px 10 10 10px;
                             border-style:outset;
                            }
                        </style>
 
        <title>Port Scan Completed..</title>
                    </head>
                    <body>
                        <center>
                        <h1>SCAN RESULT....</h1>
                        <br>
                        <br>
                        <br>
                        <input type="button" value="Go_back" onclick="history.go(-1)">
                        <fieldset id="field">
                            <legend style="color:red;">
                                <b> Port Scan Details : </b>
                            </legend>
                        <?php
                        // Main Script begins here
                        error_reporting(~E_ALL);
 
        //ip port range and ip
                        $host=$_POST['ip'];
                        $from = $_POST['from']; //48 connections supported for now, change php.ini default_socket_timeout for more
                        $to = $_POST['to'];
                        //validation
                        if (empty($_POST["ip"]) || empty($_POST['from']) || empty($_POST['to']))
                        {
                         echo"<b> Incomplete data, Go back! </b>";
                        }
                        elseif (!(filter_var($host, FILTER_VALIDATE_IP,FILTER_FLAG_IPV4)))
                        {
                          echo "<b>This IP address is not valid ! </b>";
                        }
                        elseif (!(is_numeric($from)) || !(is_numeric($to)))
                        {
                            echo "<b>Entered data is not a Port numeber</b>";
                        }
                        elseif ($from > $to || $from==$to)
                        {
                            echo "<b>Please enter lower value in the <i>FROM</i> field !</b>";
                        }
                        else
                        {
                            echo "<br><b><u>Scanned IP/Host : $host </u><br><u><i>List of Open Ports:</i></u></b><br>";
 
            //Creating Socket
                            $socket = socket_create(AF_INET , SOCK_STREAM , SOL_TCP);
                            for($port = $from; $port <= $to ; $port++)
                            {
                                //connect to the host and port
                                $connection = socket_connect($socket , $host ,  $port);
                                if($connection)
                                {
                                    //display port open warning on connect
                                    echo "port $port Open (Warning !) <img src='warning.png' height=30px width=30px alt='open port'> ".'<br>';
                                    //close the socket connection
                                    socket_close($socket);
                                    //Create a new since earlier socket was closed , we need to close and recreate only when a connection is made
                                    //otherwise we can use the same socket
                                    $socket = socket_create(AF_INET , SOCK_STREAM , SOL_TCP);
                                }
                                else
                                {
                                }
                            }
                        }
 
        ?>
                            </fieldset>
                        </center>
 
                     </body>
                </html>

Manual:

  • For users who are accessing it over the network , they can type the IP of the server into their browser URL.

For example, http://192.168.2.1/index.html.

You’ll see the output shown below.

Index.jpg

  • Enter the IP address and the port range and click Scan

See the output below.

Port.jpg