RDP Testing Script
by Boat - Tuesday January 7, 2025 at 03:00 PM
#1
A very basic Python-based tool designed for testing of RDP (Remote Desktop Protocol) servers. This can ofcourse be enhanced with features you want. 

---------------------------------------------------------------------------------------
If you like it, please don't forget to contribute to my reputation XD

Port Scanning:

Scans a range of ports (user-defined) to identify open and closed ports on the target machine.

RDP Handshake Simulation:
Attempts a simulated handshake to verify the target's responsiveness and validate the RDP service.

Banner Grabbing:
Captures banners or service information from open ports to identify running services and software versions.

Authentication Testing:
Simulates login attempts using pre-defined credentials to test defenses against brute force attacks without actually brute-forcing.

Custom Port Range Scanning:
Allows users to specify custom port ranges for scanning to ensure flexibility in target testing.

Rate-Limiting Detection:
Monitors server responses to identify rate-limiting mechanisms or account lockout policies.

SSL/TLS Protocol Detection:
Checks whether the RDP server supports SSL/TLS and identifies the protocol version for encryption validation.

Service Fingerprinting:
Uses collected banners and metadata to identify the operating system and RDP software version.

Firewall and IDS/IPS Testing:
Simulates connection attempts to check for blocking, logging, or intrusion detection/prevention systems.

Advanced Reporting:
Generates a detailed JSON and/or CSV report summarizing all findings, including timestamps, scanned ports, service fingerprints, and detected vulnerabilities.

Logging and Session History:
Maintains a detailed log of all activities and results for audit purposes.

Multi-Threaded Execution:
Executes port scans, banner grabbing, and other tests concurrently to improve efficiency.

Geolocation Lookup:
Performs IP geolocation to identify the physical location of the target server.

Reverse DNS Lookup:
Resolves the target IP to its hostname for additional context in the testing report.

Real-Time Alert System:
Sends real-time alerts to the console for critical findings, such as exposed RDP services or insecure configurations.
import socket import json import time import threading from ipaddress import ip_address import requests import dns.resolver def scan_ports(ip, ports):     """     Scan specified ports on the target IP to check their availability.     """     open_ports = []     for port in ports:         try:             with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:                 s.settimeout(2)                 result = s.connect_ex((ip, port))                 if result == 0:                     print(f"Port {port} is open.")                     open_ports.append(port)                 else:                     print(f"Port {port} is closed.")         except Exception as e:             print(f"Error scanning port {port}: {e}")     return open_ports def simulate_rdp_handshake(ip, port):     """     Simulate a connection to the RDP server and attempt a handshake.     """     try:         print(f"\nSimulating RDP handshake on {ip}:{port}")         with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:             s.settimeout(5)             s.connect((ip, port))                         # Simulate sending a handshake packet             handshake_packet = b'\x03\x00\x00\x13\x0e\xd0\x00\x00\x12\x34\x00\x02\x00\x2f\x00'             s.sendall(handshake_packet)                         # Read the response             response = s.recv(1024)             print("Received response:", response)             return response     except socket.timeout:         print("Connection timed out.")     except Exception as e:         print(f"Error during handshake: {e}")     return None def banner_grab(ip, port):     """     Attempt to retrieve a banner or service information.     """     try:         print(f"\nGrabbing banner on {ip}:{port}")         with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:             s.settimeout(5)             s.connect((ip, port))             s.send(b'GET / HTTP/1.1\r\nHost: {ip}\r\n\r\n')             banner = s.recv(1024)             print("Banner:", banner)             return banner     except Exception as e:         print(f"Error grabbing banner: {e}")     return None def test_authentication(ip, port, username, password):     """     Simulate authentication attempt to RDP.     """     print(f"\nSimulating authentication for {username}@{ip}:{port}")     # Note: Replace with actual RDP authentication logic if building a real-world simulation.     return f"Authentication attempt for {username} failed (simulated)." def ssl_tls_detection(ip, port):     """     Check for SSL/TLS support on the RDP server.     """     try:         with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:             s.connect((ip, port))             s.send(b'\x16\x03\x01')             response = s.recv(1024)             print(f"SSL/TLS detected on {ip}:{port}: {response[:15]}")             return True     except Exception as e:         print(f"SSL/TLS not supported on {ip}:{port}. Error: {e}")         return False def geolocation_lookup(ip):     """     Perform IP geolocation to identify the physical location of the server.     """     try:         response = requests.get(f'https://ipinfo.io/{ip}/json')         data = response.json()         location = data.get('loc', 'Unknown')         print(f"Geolocation for {ip}: {location}")         return location     except Exception as e:         print(f"Error in geolocation lookup for {ip}: {e}")         return None def reverse_dns_lookup(ip):     """     Perform a reverse DNS lookup on the target IP.     """     try:         result = dns.resolver.resolve(ip_address(ip).reverse_pointer, 'PTR')         print(f"Reverse DNS for {ip}: {result[0]}")         return result[0].to_text()     except Exception as e:         print(f"Reverse DNS lookup failed for {ip}: {e}")         return None def generate_report(ip, open_ports, banners, rdp_handshake_results, auth_tests, ssl_support, geolocation, reverse_dns):     """     Generate a JSON report with all scan results.     """     report = {         "target_ip": ip,         "timestamp": time.strftime("%Y-%m-%d %H:%M:%S"),         "open_ports": open_ports,         "banners": banners,         "rdp_handshake_results": rdp_handshake_results,         "authentication_tests": auth_tests,         "ssl_tls_support": ssl_support,         "geolocation": geolocation,         "reverse_dns": reverse_dns,     }     report_filename = f"rdp_security_report_{ip}.json"     with open(report_filename, 'w') as report_file:         json.dump(report, report_file, indent=4)     print(f"\nReport generated: {report_filename}") def main():     target_ip = input("Enter the target IP address: ")     target_ports = [3389, 22, 80, 443]  # Default ports for scanning     auth_tests = []     # Step 1: Scan for open ports     print("\nStarting port scan...")     open_ports = scan_ports(target_ip, target_ports)         # Step 2: Attempt RDP handshake     rdp_handshake_results = {}     for port in open_ports:         if port == 3389:  # RDP default port             rdp_handshake_results[port] = simulate_rdp_handshake(target_ip, port)         # Step 3: Grab banners     banners = {}     for port in open_ports:         banners[port] = banner_grab(target_ip, port)     # Step 4: Test authentication     for username in ["admin", "user", "test"]:         for password in ["password", "123456", "admin"]:             auth_tests.append(test_authentication(target_ip, 3389, username, password))         # Step 5: SSL/TLS Detection     ssl_support = ssl_tls_detection(target_ip, 3389)     # Step 6: Geolocation Lookup     geolocation = geolocation_lookup(target_ip)     # Step 7: Reverse DNS Lookup     reverse_dns = reverse_dns_lookup(target_ip)     # Step 8: Generate a report     generate_report(target_ip, open_ports, banners, rdp_handshake_results, auth_tests, ssl_support, geolocation, reverse_dns) if __name__ == "__main__":     main()
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Basic Python Script for logs segregation Boat 2 329 03-25-2025, 06:34 AM
Last Post: Alcxtraze
  Improve simple Batch Script darkhorse10123 0 219 01-18-2025, 04:30 AM
Last Post: darkhorse10123
  Python script to check for the existence of an email on Google platforms Loki 0 747 07-29-2024, 05:31 PM
Last Post: Loki
  Paperclip - Ultimate Data Breach Search Engine Script v1.4⚡ Klanze 1 4,358 11-12-2023, 12:12 AM
Last Post: Jetrom



 Users browsing this thread: