Introduction
In cybersecurity and networking, you donโt always need a high-end desktop setup to practice your skills. Sometimes, the best lab is the one right in your pocket.
In this post, I will share how I successfully wrote and executed a network port and DNS scanner using Python and Scapy, running entirely inside Termux on an unrooted Android device. If you've ever wanted to turn your phone into a portable network analysis tool, here is how you can do it.
Why Termux and Scapy?
Termux brings a powerful Linux environment to Android without requiring root access. By pairing it with Scapyโa powerful Python-based interactive packet manipulation programโwe can craft custom packets to scan systems for open ports (SYN scans) and active DNS services.
Note: Because Scapy handles raw packet generation, running network scans on an unrooted phone can sometimes face socket restrictions. However, utilizing standard TCP/UDP scripting within Termux provides an incredible, lightweight learning lab.
The Code
Here is the Python script I used. It takes a target IP address, validates it using Python's native ipaddress module, and then performs a stealthy SYN scan alongside a DNS service check.
Python
from scapy.all import *
import ipaddress
Common ports to target
ports = [25, 80, 53, 443, 445, 8080, 8443]
def SynScan(host):
print(f"\nScanning for open ports at {host}...")
ans, unans = sr(
IP(dst=host)/
TCP(sport=33333, dport=ports, flags="S"),
timeout=2, verbose=0
)
for (s, r) in ans:
# Check if the replying packet has the SYN-ACK (SA) flags
if s[TCP].dport == r[TCP].sport and r[TCP].flags == "SA":
print(f"[+] Port {s[TCP].dport} is OPEN")
def DNSScan(host):
ans, unans = sr(
IP(dst=host)/
UDP(dport=53)/
DNS(rd=1, qd=DNSQR(qname="google.com")),
timeout=2, verbose=0
)
if ans:
print(f"[+] DNS Server active at {host}")
Main execution
host = input("Enter Target IP Address: ")
try:
ipaddress.ip_address(host)
except ValueError:
print("[-] Invalid IP Address format.")
exit(-1)
SynScan(host)
DNSScan(host)
Breaking Down How It Works
IP Validation: The ipaddress library ensures the script doesn't crash or send malformed data if the user inputs an invalid string.
The SYN Scan (SynScan): We craft a custom TCP packet with the flags="S" (SYN) flag. If the target port is open, it replies with a SYN-ACK (SA) flag, which our script catches and prints.
The DNS Probe (DNSScan): It crafts a UDP packet bound for port 53 containing a standard DNS query for google.com. If a response comes back, we know a DNS server is up and listening.
Conclusion & Next Steps
Building tools like this on mobile proves that you don't need expensive infrastructure to learn networking fundamentals. Moving forward, I plan on adding multi-threading to speed up the scanning process and expanding the port list.
Have you ever used Termux for network testing? Letโs talk about your favorite mobile setups in the comments below!
Top comments (0)