search

LuD1161 / CyberSecurity-IIITA

A Repo to keep the CyberSecurity-IIITA projects
11 stars 6 forks source link

Port Scanner #2

Open LuD1161 opened 7 years ago

LuD1161 commented 7 years ago

Port scanner for the project .

Please comment in all the resources you find related to the port scanner and further discussions shall continue in here related to the port scanner

[Updated]

To do :

The output from the backend should be like this and the frontend would receive it likewise and do further processing as needed.

{
    "port": < port_number_here > ,
    "type_of_port": "TCP/UDP",
    "type": "malicious/good/grey ( choose from the three keys and based on that highlight the column displaying it in the GUI , grey is when it can also be used by legitimate services)",
    "current_process": < pid_here > ,
    "filepath": < filepath > ,
    "remarks": "<here data if available in blacklisted.json>"
}

e.g. {
    "port": 4950,
    "type_of_port": "TCP",
    "current_process": 2187,
    "filepath": "C:\\User\\HP-PC\\Downloads\\asghdt.exe",
    "type": "malicious",
    "remarks": "ICQ Trojan"
}

Parent issue#1

cromagnonninja commented 7 years ago

So, to get the gist: the port scanner scans in some interval of time for open ports - and then, analyses the data going to see if it's malicious or not? Or is it just that it scans to see if there are any ports which aren't in use generally which are open now - to intimate the user that some malicious activity might be occurring on their system?

LuD1161 commented 7 years ago

No , we won't be analyzing data , cause most of the time it may be encrypted and we can't have a blacklist for data.

However your suggestion looks good :smile: , we can add a host feature in the GUI based on the data returned by the script.

I have updated the issue please check. @bhanu1911 @AshrithReddyT @Jayanth-N @GYeyosi @midoriyaizuku Add in your suggestions.

GYeyosi commented 7 years ago

Port scanners can be used for examining for any malicious services running on a host. the link below provides the list of some default bad ports. http://www.garykessler.net/library/bad_ports.html

LuD1161 commented 7 years ago

@GYeyosi good find, still we would need more than just that and that too keep it updated.

@AshrithReddyT @Jayanth-N @midoriyaizuku please add your opinions and suggestions. Also to other issues.

Jayanth-N commented 7 years ago

http://www.pythonforbeginners.com/code-snippets-source-code/port-scanner-in-python

LuD1161 commented 7 years ago

@Jayanth-N Just posting a link doesn't itself say anything , please try to elaborate what you found there . The link should only be for reference and not a comment in itself.

LuD1161 commented 7 years ago

@Jayanth-N @GYeyosi @midoriyaizuku Any progress into this ? Also check the issue , I have updated the json format to be used.