-
-
Save Manouchehri/67b53ecdc767919dddf3ec4ea8098b20 to your computer and use it in GitHub Desktop.
#!/usr/bin/env python2 | |
# -*- coding: utf-8 -*- | |
# Author: David Manouchehri <[email protected]> | |
# This script will always echo back data on the UDP port of your choice. | |
# Useful if you want nmap to report a UDP port as "open" instead of "open|filtered" on a standard scan. | |
# Works with both Python 2 & 3. | |
import socket | |
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) | |
server_address = '0.0.0.0' | |
server_port = 31337 | |
server = (server_address, server_port) | |
sock.bind(server) | |
print("Listening on " + server_address + ":" + str(server_port)) | |
while True: | |
payload, client_address = sock.recvfrom(1) | |
print("Echoing data back to " + str(client_address)) | |
sent = sock.sendto(payload, client_address) | |
@andria-dev The issue with using sock.recvfrom(1024)
, is that if you send <1024 bytes of data, you won't get a reply.
@Manouchehri that doesn't seem to be the case. According to the documentation, which you can see with help(socket.socket.recv)
in the Python interpreter, it is stated that the first argument is the buffersize
and calling the recv
method will "receive up to buffersize
bytes from the socket." This would mean that, even if a Python socket only received 1 byte in a UDP packet whilte it was receiving data, it would return that 1 byte. I believe the point of the buffersize
is to avoid receiving more data than the program can handle (a potential buffer overflow).
I just tested it and it works fine with any size of message. If you change the buffersize
to 1024
and then run this client program, you'll see it print out Test passed
.
#!/usr/bin/env python3
import socket
client_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
server_address = '0.0.0.0'
server_port = 31337
client_socket.connect((server_address, server_port))
message = 'Hello World'
client_socket.send(message.encode())
response = client_socket.recv(1024).decode()
print("Test passed" if message == response else "Test failed")
It looks like this one already runs in Python 3 just fine. Also, I'm not sure if
sock.recvfrom(1)
was intentional but nmap can't detect it as an echo server so if you do service detection, it sits there for quite some time guessing incorrectly. Usingsock.recvfrom(1024)
letsnmap
quickly detect that it is an echo server.