Asena

Asena is the Female wolf that guides the Oğuz Kağan in Turkish Mythology. The Reason for the Asena analogy comes from the ability to guide packages on the network. Written with Asena scapy module , to run you need to download scapy module.

INSTALLATION

Let's install scapy developer first :

• cd /tmp/

• git clone https://github.com/secdev/scapy.git

• cd scapy

• python setup.py install

• git clone https://github.com/mustgundogdu/ASENA.git

FEATURES

ACTIVE MACHINE DETECTION ON NETWORK

As everybody knows basic process logic in initial phase created arp packages on determined subnet than makes broadcasting. And after determines responding device.

This process scapy code part is as following:

1. This part is performs described above situtaion and created arp packages assignment to 'frame' variable.

2. Has been made broadcasting determined target subnet with using srp function.

TCP CONNECT SCAN

In this scan a connection to the target system is established. Than this connection detect port status on target system with received flag values.Asena tool make with your entry specific tcp port number or some default tcp port numbers for this scan.For example displays like following screenshouts.

Some of the port statues structure and descriptions are as follows.

OPEN PORT

Created tcp SYN package in initial phase. Than next this package was sent and received SYN+ACK flags response.After that created ACK package and this package was sent .

As a result of this If received RST package means port is open.This process scapy code part is as following.

1. Created Tcp Syn package in this section and added required parameters . Next this package sent on target system and received response assignment to ‘Tcp_packet’ variable.

2. If received syn and ack packages on the target system, this part will work.(Note:0x12 hex value is equal to Syn+Ack)

3. Created ack package in this section and this package was sent on target system. Than received response assignment to ‘ack_packet’ variable.

4. Finally the response tcp flags checked . If this flag is 0x4(rst) detected mean port is open.

CLOSE PORT

Created Tcp Syn package in initial phase and was sent . As result of this if received Ack+Rst packages port is close. This process scapy code part is as following.

1. Created Tcp Syn package in this section and added required parameters. Next this package sent on target system and received response assignment ‘Tcp_packet’ variable.

2. If received Ack and Rst packages on target system, this part will work and detected port is close. (Note: 0x14 hex value is equal to Ack+Rst)

FILTERED PORT

Created Tcp Syn package in initial phase .Than next this package was sent and received Syn+Ack packages response.After that created Ack package and this package was sent.As a result if none response detected port is filtered.This process scapy code part is as following.

1. Created Tcp Syn package in this section and added required parameters . Next this package sent on target system and received response assignment to ‘Tcp_packet’ variable.

2. If received syn and ack packages on the target system, this part will work.(Note:0x12 hex value is equal to Syn+Ack)

3. Created ack package in this section and this package was sent on target system. Than received response assignment to ‘ack_packet’ variable.

4. Finally the response tcp flags checked . If this none response detected mean port is filtered.

XMAS SCAN

In this tcp scan send Fin,Psh and Urg flags target system and tried to be detected port status.Other İmportant situtaion of the this scan will not work against system running Microsoft Windows, Cisco, BSDI, HP/UX,MVS and IRIX.They will all respond RST packets, even from open ports. That’s why this process tried based on linux system.

For example displays like following screenshots.

Some of the port statuses structure and descriptions are as follows.

OPEN PORT

Created Tcp package containing Psh,Fin,Urg flags In initial phase. Than next this package was sent and as a result if none response detected port open or filtered.This process scapy code part is as following.

1. Created Tcp package containing Psh,Fin,Urg flags and required added parameters.Than this package sent on target system and received response assignment to ‘Tcp_xmas_packet’ variable.

2. Received response checked in this part and if none response means port open or filtered.

CLOSE PORT

Created Tcp package containing Psh,Fin,Urg flags In initial phase. Than next this package was sent and as a result if received Rst+Ack flags means port closed.This process scapy code part is as following.

1. Created Tcp package containing Psh,Fin,Urg flags and required added parameters.Than this package sent on target system and received response assignment to ‘Tcp_xmas_packet’ variable.

2. If received Ack and Rst packages on target system, this part will work and detected port is close. (Note: 0x14 hex value is equal to Ack+Rst)

FILTERED PORT

Created Tcp package containing Psh,Fin,Urg flags In initial phase. Then next this package was sent and response return is some icmp message types As is result means port is filtered. This icmp message types shown below.

• Type 1 ==> Unassigned

• Type 2 ==> Unassigned

• Type 3 ==> Destination Unreachable

• Type 9 ==> Router Advertisement

• Type 10 ==> Router Selection

• Type 13 ==> Timestamp

This process scapy code part as is following.

1. If response is use Icmp protocol, this part will work.

2. In this part checked icmp message types and if response contain this message types means port is filtered.

NULL SCAN

In this tcp scan send Null flag target system and tried to be detected port status.Again will not work against system running Microsoft Windows, Cisco, BSDI, HP/UX,MVS and IRIX. They will all respond RST packets, even from open ports.

For example displays like following screenshots.

Some of the port statuses structure and descriptions are as follows.

OPEN PORT

Created tcp null package in initial phase. Than next this package was sent and as a result if not reponse means port is open.This process scapy code part is as following.

1. Created tcp null package and required added parameters . Than this package sent on target system and received response assignment to ‘Tcp_null_packet’ variable.

2. Received response checked in this part and if none response means port open or filtered.

CLOSE PORT

Created tcp null package in initial phase. Than next this package was sent and as a result if received Rst flag means port is close. This process scapy code part is as following.

1. Created tcp null package and required added parameters . Than this package sent on target system and received response assignment to ‘Tcp_null_packet’ variable.

2. In this part checked Rst flag and if this flag received means port is closed.

FILTERED PORT

Created Tcp Null package In initial phase. Then next this package was sent and response return is some icmp message types As is result means port is filtered.This icmp message types shown below.

• Type 1 ==> Unassigned

• Type 2 ==> Unassigned

• Type 3 ==> Destination Unreachable

• Type 9 ==> Router Advertisement

• Type 10 ==> Router Selection

• Type 13 ==> Timestamp

This process scapy code part is as following.

1. If response is use Icmp protocol, this part will work.

2. In this part checked icmp message types and if response contain this message types means port is filtered.

FIN SCAN

In this tcp scan send Fin flag target system and tried to be detected port status.Other İmportant situtaion of the this scan will not work against system running Microsoft Windows, Cisco, BSDI, HP/UX,MVS and IRIX. They will all respond RST packets, even from open ports. That’s why this process tried based on linux system.

OPEN PORT

Created tcp Fin package in initial phase. Than next this package was sent and as a result if not reponse means port is open or filtered.This process scapy code part is as following.

1. Created tcp Fin package and required added parameters . Than this package sent on target system and received response assignment to ‘Tcp_fin_packet’ variable.

2. Received response checked in this part and if none response means port open or filtered.

CLOSE PORT

Created tcp Fin package in initial phase. Than next this package was sent and as a result if received Rst flag means port is close. This process scapy code part is as following.

1. Created tcp Fin package and required added parameters . Than this package sent on target system and received response assignment to ‘Tcp_fin_packet’ variable.

2. In this part checked Rst flag and if this flag received means port is closed.

FILTERED PORT

Created Tcp Fin package In initial phase. Then next this package was sent and response return is some icmp message types As is result means port is filtered.This icmp message types shown below.

• Type 1 ==> Unassigned

• Type 2 ==> Unassigned

• Type 3 ==> Destination Unreachable

• Type 9 ==> Router Advertisement

• Type 10 ==> Router Selection

• Type 13 ==> Timestamp

This process scapy code part is as following.

1. If response is use Icmp protocol, this part will work.

2. In this part checked icmp message types and if response contain this message types means port is filtered.

ACK SCAN

The use of this tcp scan is for filtered or non-filtered ports on the target system.In tcp ack scans could be result all port or specially scanned port is filtered.This situation actually caused by firewall so port even not used the result may be filtered.

For example displays like following screen shouts when we scan a filtered port or some default tcp ports from firewall.

FILTERED PORT

Asena used with tcp ack scan way for to perform operation and the working logic is as follows.

Created Tcp ack package in initial phase. Than next this package was sent and not response. As a result of this process detected filtered port on target server.This process scapy code part is as following.

1. Created Tcp Ack package in this section and added required parameters. Next this package sent on target system and received response assignment to ‘ack_packet’ variable.

2. The data type assigned value has been checked and if data type is None(Not response) reflected port is filtered.

OR

Again , in the first step, Created tcp ack package .Then next this package was sent and response return is some icmp message types. This icmp message types shown below.

• Type 1 ==> Unassigned

• Type 2 ==> Unassigned

• Type 3 ==> Destination Unreachable

• Type 9 ==> Router Advertisement

• Type 10 ==> Router Selection

• Type 13 ==> Timestamp

In response stated icmp message types could be reply to the tcp ack package sent. In this case detected port is filtered by firewall.This process scapy code part is as following.

UNFILTERED PORT

Created tcp Ack package in initial phase. Than next this package was sent and as a result if received Rst flag means port is unfiltered. This process scapy code part is as following.

1. Created Tcp Ack package in this section and added required parameters. Next this package sent on target system and received response assignment to ‘ack_packet’ variable.

2. If response is use Tcp protocol, this part will work.

3. In this part checked Rst flag and if this flag received means port is unfiltered.

OTHER BASIC PORT SCANNER FEATURES

ALL TCP PORTS SCANNER OPTION

This option Perform scanning of 65535 tcp ports on target system. When doing this created is basic tcp socket and added required parameters.This process may take several while.

SPECIFIC PORT SCANNER

This option scan specific tcp port number on target system.When doing this created is basic tcp socket and added required parameters.

SPECIFIC PORT SUBNET SCANNER

This option scan specific tcp port number on target system.In this way is taken result faster.

DEFAULT PORTS SCAN

BETWEEN PORT SCAN

# Author: Mustafa Gündoğdu - b3kc4t