Mass port 80 check

0

so this is what I need to do. I need a way to check if port 80 is open (if the host is running a web server on port 80) on lots of IPs at a time, very fast, and then only save the ips that have port 80 open. What would be the best way to do this the fastest? Thanks.

user1307079

Posted 2013-07-11T19:02:06.267

Reputation: 13

Answers

2

This would be really simple with Python, at least to verify that the port is open. You could then verify that there is a web-server running there if you make a request and verify the header (200 OK I think).

Anyway, to do this in Python install nmap to your system and then the python nmap bindings.

#!/usr/bin/env python

import nmap, threading, urllib2, socket

baseip = "108.170.28.{}"

def NmapPortScan( targethost, targetport = 80 ):
    print("Trying: " + str(targethost) )
    scanner = nmap.PortScanner()
    result = scanner.scan( str(targethost), str(targetport) )

    if ( int(result['nmap']['scanstats']['uphosts']) == 1):
        try:
            state = result[str(targethost)]['tcp'][int(targetport)]['state']
            print "State: {} : {}".format(str(targethost), str(state))
            return state
        except:
            print "State: {} : {}".format( str(targethost), "error")
            return "error"
    else:
        print "{}: Not up".format( str(targethost) )
        return "notup"

def CheckHttpStatus( targethost ):
    req = urllib2.urlopen( targethost )
    if( "Content-Type: text/html" in req.info().headers[3] ):
        return True
    else:
        return False

def LogIp( ipaddr ):
    with open("openips.txt", "a") as fi:
        fi.write( ipaddr + '\n' )
        fi.close()

def CheckIps( ip ):
    if ( NmapPortScan( ip ) == "open" ) and ( CheckHttpStatus( "http://" + socket.gethostbyaddr( ip )[0] ) ):
        #if ( CheckHttpStatus( "http://" + socket.gethostbyaddr( ip )[0] ) ):
        LogIp( ip )
        print( "Open Port 80 on: " + str(ip) )

def main():
    for i in range(153, 201):
    #for i in range(153, 154):
        ip = baseip.format(str(i))
        #CheckIps( ip )
        th = threading.Thread(target=CheckIps, args=(ip,))
        th.start()

if __name__ == "__main__":
    main()

This will both:

  1. Print a message to the console: Open Port 80 on: xxx.xxx.xxx.xxx

  2. Log to a file the IP: openips.txt saved to wherever you ran the script from.

nerdwaller

Posted 2013-07-11T19:02:06.267

Reputation: 13 366

Hmm... could you make this work for scanning big IP ranges? I do not know python... – user1307079 – 2013-07-11T20:11:52.127

@user1307079 - I'll update in a minute when I can do it and test. – nerdwaller – 2013-07-11T20:17:22.673

@user1307079 - Done. Should work for your IP range, but it looks like few are "up" and a bunch are giving errors. If you plugin google's IP 74.125.225.167 - instead of the range, you'll see it be happy. – nerdwaller – 2013-07-11T20:57:52.980

Thanks, it works :). How would I configure it to scan an even larger range of IP's though? Like all the way up to 1.x.x.x. And do you think that the python Nmap module will be faster than a regular nmap scan? – user1307079 – 2013-07-11T22:03:31.927

@user1307079 - That'll take a bit more work, but you can. Easiest answer is if you want to do all ip's from 1.0.0.0 to 1.255.255.255 is do: baseip = "1.{0}.{0}.{0}" and then change my loop to be for i in range(0, 256): (note: 256 because it is [start-end)). Yes, this is likely faster because you are threading out all the nmap work. But I am not super familiar with how nmap fully works outside of limited use cases I have used it for. – nerdwaller – 2013-07-11T23:45:32.663

neat script brother nerdwaller. However for open IPs I only see error and the state only displays IP. I haven't used nmap before in python so wonder what is missing. Any clues before read the whole doc? thanks – Abhishek Dujari – 2014-02-18T11:02:04.990

@Vangel - At the time it worked for anything I had tried, and the bindings haven't changed so nothing should have changed AFAIK. What do you mean by "open IPs"? – nerdwaller – 2014-02-18T13:35:51.017

I scanned a block that included a known webserver on one IP. All IPs that did have a working web server still reported the "error" printout instead of "open" as its supposed to be in your code. – Abhishek Dujari – 2014-02-21T14:04:13.527

Try running it from an interactive console to see if you can get more helpful error text. The only time I see an "error" is when I use the domain name rather than an IP (easily resolved by using socket to resolve the IP). If that fails, open a new question relating to the topic (maybe link back to this answer for reference). – nerdwaller – 2014-02-21T14:17:06.083

thanks nerdwaller. I will try that. btw not using hostname – Abhishek Dujari – 2014-02-21T16:31:53.813

3

Fastest way:

~ # nmap 192.168.1.0/24 -p 80

just change 192.168.1.0/24 to your subnet/mask

september

Posted 2013-07-11T19:02:06.267

Reputation: 529

2

Check out nmap.org for information on the nmap command-line tool, which may already be installed on your system. It's for exactly this purpose. Remember, do no evil!

MattDMo

Posted 2013-07-11T19:02:06.267

Reputation: 4 968

I have tried this: nmap 108.170.28.153-200 -p 80 | grep -Em 1 "\|[0-9\.]+\|" | sed -r "s/^.*\|([0-9\.]+)\|.*$/\1/g" >>file.txt, but I get this error: Failed to find device eth0 which was referenced in /proc/net/route... – user1307079 – 2013-07-11T20:00:06.270

1that's an entirely separate issue... – MattDMo – 2013-07-11T20:02:16.737

1Did you try google-ing the error message? – Janos Pasztor – 2013-07-11T20:02:29.237

Yes, I could not get anything helpful, I am using eth1 for my main eth though... – user1307079 – 2013-07-11T20:04:40.893

yeah, I figured. Are you running the latest version of nmap? – MattDMo – 2013-07-11T20:06:46.880

I do not know, but I tried it on a different server, and it works there is no error, but nothing is outputted into file.txt... – user1307079 – 2013-07-11T20:08:36.030

well, I'd suggest some debugging, then. Since it's not very effective to do this in the comments to an unrelated question, you probably want to ask a new one. I suggest visiting Unix&Linux if you're having issues with linux command line tools.

– MattDMo – 2013-07-11T20:13:16.683

Well I got the error away, but the command just isnt outputting anything into the file. – user1307079 – 2013-07-11T20:14:54.187

and, if my answer helped solve your original question, please select the Accepted check-mark link next to it so others know it has been resolved. Thanks! – MattDMo – 2013-07-11T20:15:05.317

1

Write a script that uses nmap or netcat to query the IP addresses in question then parse the result.

ubiquibacon

Posted 2013-07-11T19:02:06.267

Reputation: 7 287

I have tried this: nmap 108.170.28.153-200 -p 80 | grep -Em 1 "\|[0-9\.]+\|" | sed -r "s/^.*\|([0-9\.]+)\|.*$/\1/g" >>file.txt, but I get this error: Failed to find device eth0 which was referenced in /proc/net/route... – user1307079 – 2013-07-11T19:59:21.810

0

Use Nmap and pipe the output through grep.

Scandalist

Posted 2013-07-11T19:02:06.267

Reputation: 2 767

I have tried this: nmap 108.170.28.153-200 -p 80 | grep -Em 1 "\|[0-9\.]+\|" | sed -r "s/^.*\|([0-9\.]+)\|.*$/\1/g" >>file.txt, but I get this error: Failed to find device eth0 which was referenced in /proc/net/route... – user1307079 – 2013-07-11T19:58:55.600

You need to grep for "Open" or something specific that nmap generates to tell you the scanned port is online. – Scandalist – 2013-07-11T20:02:08.357

How would I modify it so it works? Nothing is outputted. – user1307079 – 2013-07-11T20:10:32.493

Asked: 2013-07-11T19:02:06.267

Viewed: 602 times

Active: 2013-07-11T20:56:53.960