How to Get Open Port Banner in Python?

By | September 25, 2021

If you do not know how to check the open and close port of a target in Python then please check out this tutorial first. In this tutorial, we will move a bit further and learn how to grab the open port banner and retrieve the information about the services that are running on those open ports.

The Python libraries we will be using in this tutorial are the Python standard libraries socket and threading.

Using the socket module we will try to scan the open port and grab the service banner, which is using the by open port.

With the threading module we will try to run multiple threads in our Python program so the port scanning could be performed faster.

Both of these modules socket and threading comes pre-installed with Python so we do not need to install them using the pip install command.

Vamware

For this tutorial, I will be scanning my local IP address, if you want to scan a specific domain you first need to grab its IP address. To know how to get the IP address of a website in Python click here.

How to get open port banner in Python?

Now we will start with importing the socket and threading module.

Vamware
import socket 

import threading

Now let’s define a Python function port_scanner(port) that will scan the specific port and print the open port number and its banner (if have any)

def port_scanner(port):
    try:
        my_ip_address = socket.gethostbyname(socket.gethostname())  #get my ip address

       
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 
        s.settimeout(0.5)
    
        #connect to the ip address port number
        s.connect((my_ip_address, port))
        try:
            service = s.recv(1024).decode()
            print(f"Port {port} is open[+] using service {service}")
        except:
            print(f"Port {port} is open [+]")
    except:
        pass

The gethostbyname(socket.gethostname()) function will return my local IP address.

socket.socket(socket.AF_INET, socket.SOCK_STREAM) function will initialize the socket Object s. The AF_INET parameter represents the IP4 address family, and SOCK_STREAM represent the TCP connection.
settimeout(0.5) function will set a 0.5 seconds timeout. And it specifies that the connection should be made within 0.5 seconds else it would be an unsuccessful connection and throw an error.
connect((my_ip_address, port)) function will try to connect to the specified IP address port number.
s.recv(1024) function will return the received data (if any) in bytes object.
The decode() function will decode the recv() byte object into a readable string.
If the recv() function does not return anything it will throw an error that will be handled by the internal except statement. In that case, we will only print the open port number, not the service.
Now let’s call the scanner_port() function using threading and scan the first 5000 ports, and check if any of the ports show its service banner.
for port in range(1,5000):
    thread = threading.Thread(target=port_scanner, args=[port])
    thread.start()
Now put all the code together and execute

Python code to find Open Port banners

import socket 
import threading

def port_scanner(port):
    try:
        my_ip_address = socket.gethostbyname(socket.gethostname())   #get user IP address

        #initialize socket 
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        #set a connection timeout
        s.settimeout(0.5)

        #connect to the IP address port number
        s.connect((my_ip_address, port))
        try:
            service = s.recv(1024).decode()  #get the open port banner(if any)
            print(f"Port {port} is open[+] using service {service}")
        except:
            print(f"Port {port} is open [+]")
    except:
        pass


for port in range(1,5000):
    thread = threading.Thread(target=port_scanner, args=[port])
    thread.start()

Output

Port 21 is open[+] using service 220-FileZilla Server version 0.9.41 beta

Port 80 is open [+]
Port 135 is open [+]
Port 139 is open [+]
Port 445 is open [+]
Port 443 is open [+]
Port 3306 is open [+]

As you can see that only Port number 21 which is a TCP UP port is showing its banner service and the rest of the open ports do not have any banner associated with them.

Conclusion

Let’s sum up the above Python tutorial, In this tutorial, you learned how to get the open ports banner in Python using the socket and threading modules. Although we only use threading to pace up the execution speed of the program by running multiple threads concurrently, and most of the tutorial is about socket. The only thing we require to get the open port service banner is the socket recv() method. You can also check the open ports banner name of a website by specific the website IP address.

People are also reading: 

Leave a Reply

Your email address will not be published.