From Fundamentals to Advanced Applications with Detailed Instructions
A fundamental tool for network reconnaissance. This project teaches socket programming and handling user input.
Instruction: Use Python's built-in socket library. Write a script to create a socket object and attempt a connection to a specific port on a target IP. Handle both successful and failed connections to determine if the port is open or closed.
Instruction: Make your tool interactive. Use the input() function to prompt the user for an IP address to scan. You can also prompt for the port numbers later.
Instruction: Instead of one port, scan a series of common ports. Use a for loop to iterate through a range of numbers (e.g., 1 to 1024) and place your connection logic inside this loop.
Instruction: Speed up your scanner significantly. Use the threading module to create a worker function that attempts the connection. Start a new thread for each port so many connections can be attempted simultaneously.
Instruction: Make the results clean. Instead of printing a message for every closed port, store the open ports in a list. After the scan is complete, print a summary of only the open ports found.
A cornerstone of host-based security. Creates a "fingerprint" of files and checks for modifications.
Instruction: Use the hashlib library. Write a function that takes a file path, reads the file's content in binary mode ('rb'), and returns its SHA-256 hash as a hex digest.
Instruction: Use os.walk to recursively list all files in a directory. For each file, generate its hash and store the results (filepath: hash) in a dictionary. Save this dictionary to a file using the json library.
Instruction: Load the baseline JSON file. Rescan the directory and for each file, compare its current hash to the baseline hash. Report on `MODIFIED` (hash mismatch), `NEW` (not in baseline), and `DELETED` (in baseline but not on disk) files.
Instruction: Use the argparse module to create a professional command-line interface. It should accept arguments to specify the mode (`--generate` or `--check`) and the target directory.
Define a family of algorithms (protocol parsers), encapsulate each one, and make them interchangeable. This lets you switch between parsing TCP, UDP, or ICMP without changing the main sniffer logic.
Instruction: Install the scapy library (`pip install scapy`). Experiment with its `sniff()` function to capture a few packets and print their summary to see live traffic.
Instruction: Define the code structure. Create an abstract base class `ParserStrategy` with an abstract `parse` method. Then, create a `PacketParser` context class that will hold and use a strategy object.
This step is about code structure and will not have a direct visual output.
Instruction: Create classes like EthernetParser, IpParser, and TcpParser that inherit from `ParserStrategy`. In each class, implement the `parse` method to unpack the specific protocol header from the raw packet bytes and extract its fields.
Instruction: Create a raw socket to capture packets. In a loop, receive data and orchestrate the parsing. Start with the `EthernetParser`, then based on its result, switch the strategy in your `PacketParser` context to the correct L3 parser (e.g., `IpParser`), and so on for L4.
This project is for educational purposes only. Unauthorized monitoring is illegal and unethical. Only run on systems you own and have permission to test.
Ensures that only one instance of your keylogger class can ever exist. This is crucial to prevent multiple instances from conflicting or consuming unnecessary resources.
Instruction: Use the pynput library. Create a keyboard `Listener` and define a callback function (`on_press`) that gets executed every time a key is pressed. For now, just print the key to the console.
Instruction: In your `on_press` function, instead of printing, append the keystroke data to a string or list. Write a separate method to save this log buffer to a file (e.g., in a temporary or hidden directory).
Instruction: Use Python's built-in smtplib and email modules. Write a function to log into an email account (use a dedicated app password, not your main password) and send the contents of the log file to a recipient email address.
Instruction: Use threading.Timer to call your email reporting function at regular intervals (e.g., every hour). Instantiate your `Keylogger` (using the Singleton pattern) and start the listener. The script should now run as a cohesive, automated agent.
Only run this scanner against web applications you own or have explicit, written permission to test. Unauthorized vulnerability scanning is illegal.
Provides an interface for creating "scanner" objects but lets subclasses (your main engine) decide which class to instantiate. This makes it easy to add new vulnerability modules (XSS, SQLi, LFI) later.
Instruction: Use the requests library to fetch a page's HTML and BeautifulSoup to parse it. Write a crawler that takes a starting URL, extracts all `<a>` and `<form>` tags, and adds them to a queue of targets to scan.
Instruction: Implement the logic for specific vulnerability checks. Create an `XssScanner` class that injects XSS payloads into inputs and checks the response. Create an `SqlInjectionScanner` that injects SQL payloads and checks for database errors or changes in response.
Instruction: Create a `ScannerFactory` class that can create scanner objects based on user input (e.g., "xss"). The main script will take a target URL, use the factory to create the desired scanners, and run them against the list of crawled targets.
This is a logic and structure step; the final report is the key output.
Instruction: Create a reporting module. When a scanner finds a potential vulnerability, it should log the details (URL, parameter, payload). At the end of the run, print a clean, well-formatted summary of all findings.
Port 80 is open
or "Port 443 is closed"
Enter the IP address to scan:
Scanning 127.0.0.1... Port 21 is closed Port 22 is open Port 23 is closed ... Port 80 is open
The key output is speed. The program will print results much faster and potentially out of order as threads complete. The final refined output in the next step is the true goal.
Scanning 192.168.1.1... Scan complete. Open ports found: - 22 (ssh) - 80 (http) - 443 (https)
The SHA-256 hash of 'my_document.txt' is: a8c7da41d3a6c2c6e3d2b8e3f0f7a9c5a3e2d1b0c4b3f2a1d0e9c8b7a6f5d4e3
The program should create a file (e.g., baseline.json) with content like this:
{
"C:\\Users\\Admin\\report.docx": "e3b0...",
"C:\\Users\\Admin\\config.ini": "a1b2...",
"C:\\Users\\Admin\\vacation.jpg": "f0e9..."
}
Starting integrity check... [MODIFIED] C:\\Users\\Admin\\report.docx [NEW] C:\\Users\\Admin\\temp.log [DELETED] C:\\Users\\Admin\\vacation.jpg Check complete.
Running your script with a --help flag should produce a help menu:
usage: integrity_checker.py [-h] {generate,check} directory
A tool to monitor file integrity.
positional arguments:
{generate,check} 'generate' to create a new baseline,
'check' to verify against one.
directory The directory to scan.
optional arguments:
-h, --help show this help message and exit
Ether / IP / TCP 192.168.1.10:54321 > 172.217.16.14:https S Ether / IP / TCP 172.217.16.14:https > 192.168.1.10:54321 SA Ether / IP / UDP 192.168.1.10:60123 > 8.8.8.8:domain
--- Packet Captured ---
[+] Ethernet Frame:
- Dest: 00:1A:2B:3C:4D:5E, Source: FF:EE:DD:CC:BB:AA
[+] IP Packet:
- Source: 192.168.1.10, Dest: 8.8.8.8
[+] TCP Segment:
- Source Port: 54321, Dest Port: 443 (https)
-----------------------
--- Packet Captured ---
[+] Ethernet Frame:
- Dest: 00:1A:2B:3C:4D:5E, Source: FF:EE:DD:CC:BB:AA
[+] IP Packet:
- Source: 192.168.1.10, Dest: 8.8.8.8, Proto: 17
[+] UDP Segment:
- Source Port: 60123, Dest Port: 53 (DNS)
-----------------------
'H' pressed 'e' pressed 'l' pressed 'l' pressed 'o' pressed Key.space pressed 'w' pressed
The program runs silently. Afterwards, a file (log.txt) should contain:
Hello[KEY_SPACE]WOrld[KEY_ENTER]This is a test.
An email should arrive in your inbox with these details:
To: your-email@example.com From: keylogger-bot@example.com Subject: Keylogger Report [Date Time] Body: Hello[KEY_SPACE]WOrld...
The only output is an email arriving in your inbox every hour containing the latest captured keystrokes. The program itself should produce no console output.
Crawling http://testsite.local... [+] Link discovered: /about.html [+] Link discovered: /contact.php [+] Link discovered: /products.php?id=1 [+] Form discovered on /contact.php Found 3 links and 1 form to test.
Testing for XSS... - Testing http://testsite.local/contact.php in 'name'... VULNERABLE! - Testing http://testsite.local/products.php in 'id'... Not vulnerable.
--- Web Vulnerability Scan Report ---
Target: http://testsite.local
Scans performed: xss, sql
[+] Cross-Site Scripting (XSS) Found!
- URL: http://testsite.local/contact.php
- Parameter: name
- Payload: <script>alert(1)</script>
[+] SQL Injection (SQLi) Found!
- URL: http://testsite.local/products.php
- Parameter: id
- Payload: ' OR 1=1 --
Scan complete. Found 2 potential vulnerabilities.