initial concept of the script
This commit is contained in:
@@ -0,0 +1,87 @@
|
||||
"""
|
||||
Random port generator that skips common / less‑secure ports.
|
||||
"""
|
||||
|
||||
import random
|
||||
import socket
|
||||
|
||||
# ------------------------------------------------------------
|
||||
# 1. Build a set of excluded ports
|
||||
# ------------------------------------------------------------
|
||||
|
||||
EXCLUDED_PORTS = {
|
||||
# 0–1023 (well‑known)
|
||||
*range(0, 1024),
|
||||
|
||||
# Common web / admin
|
||||
80, 443, 8080, 8000, 5000, 5001,
|
||||
|
||||
# Common database / cache
|
||||
3306, 5432, 6379, 27017, 11211, 11212,
|
||||
|
||||
# Common mail / DNS / SNMP
|
||||
25, 110, 143, 53, 162, 389, 636, 995, 993,
|
||||
|
||||
# Remote‑shell & file transfer
|
||||
22, 23, 21, 3389, 5900, 5901, 5902,
|
||||
|
||||
# SMB / NetBIOS
|
||||
139, 445,
|
||||
|
||||
# Dynamic “ephemeral” ports that are often abused
|
||||
*range(49152, 49163), # 49152‑49162
|
||||
5000, 5001, 5002, 5003, 5004, 5005,
|
||||
6000, 6001, 6002, 6003,
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------
|
||||
# 2. Helper to check whether a port is free on the local machine
|
||||
# ------------------------------------------------------------
|
||||
def is_port_in_use(port: int, host: str = "0.0.0.0") -> bool:
|
||||
"""Return True if any socket is listening on `port`."""
|
||||
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
|
||||
s.settimeout(0.1)
|
||||
try:
|
||||
s.bind((host, port))
|
||||
return False
|
||||
except (OSError, socket.error):
|
||||
return True
|
||||
|
||||
# ------------------------------------------------------------
|
||||
# 3. Random‑port generator
|
||||
# ------------------------------------------------------------
|
||||
def random_secure_port(
|
||||
*,
|
||||
min_port: int = 1024,
|
||||
max_port: int = 65535,
|
||||
max_tries: int = 1000,
|
||||
check_in_use: bool = True,
|
||||
) -> int:
|
||||
"""
|
||||
Return a random port number that is:
|
||||
* >= min_port and <= max_port
|
||||
* not in EXCLUDED_PORTS
|
||||
* optionally not currently in use (if check_in_use=True)
|
||||
|
||||
Raises RuntimeError if it cannot find a suitable port after `max_tries`.
|
||||
"""
|
||||
rng = random.SystemRandom() # cryptographically stronger RNG
|
||||
|
||||
for _ in range(max_tries):
|
||||
candidate = rng.randint(min_port, max_port)
|
||||
if candidate in EXCLUDED_PORTS:
|
||||
continue
|
||||
if check_in_use and is_port_in_use(candidate):
|
||||
continue
|
||||
return candidate
|
||||
|
||||
raise RuntimeError(
|
||||
f"Could not find an unused port after {max_tries} attempts."
|
||||
)
|
||||
|
||||
# ------------------------------------------------------------
|
||||
# 4. Example usage
|
||||
# ------------------------------------------------------------
|
||||
if __name__ == "__main__":
|
||||
port = random_secure_port()
|
||||
print(f"Generated secure random port: {port}")
|
||||
Reference in New Issue
Block a user