Back to Digital Diary
REPORT | SECURITY Jan 26, 2026

Pentest-Toolbox: Custom Network Port Scanner

#CyberSecurity #Python #NetworkSecurity #SocketProgramming #Pentesting #PortScanning #Infosec

The Vision: Deep Dive into Socket Programming

Understanding how a system responds to connection attempts is the foundation of network auditing. I developed this **Pentest-Toolbox** to demonstrate low-level socket communication using the TCP Three-Way Handshake mechanism. It’s designed to be a lightweight, zero-dependency alternative for rapid internal reconnaissance.

The Scanning Pipeline

The tool processes the target network range through a refined execution flow:

  • **Target Validation**: Sanitizing user input to ensure a valid IP or hostname is provided before initializing the scanner.
  • **Socket Orchestration**: Creating `AF_INET` (IPv4) and `SOCK_STREAM` (TCP) objects for each connection attempt.
  • **Handshake Analysis**: Utilizing `connect_ex` to identify open ports where a return value of $0$ confirms a successful connection.
  • **Performance Metrics**: Tracking the total scan duration using the `datetime` library to measure network latency and tool efficiency.

Mistakes & Roadblocks (The Hard Way)

Developing a raw socket tool required overcoming standard networking bottlenecks and UX challenges.

The Frozen Terminal: Initially, the scanner was too slow because it waited for the default OS timeout on every closed port.
The Fix: Optimized the tool by setting `s.settimeout(0.01)`, balancing speed with detection accuracy for local networks.
The Scroll of Doom: Printing a new line for every scanned port (1-1000) cluttered the terminal and hid findings.
The Fix: Implemented a dynamic counter using `sys.stdout.write` with the `\r` (carriage return) character to update progress on a single line.
The Unclean Exit: Force-quitting the tool (Ctrl+C) resulted in messy traceback errors and unclosed sockets.
The Fix: Wrapped the entire loop in a `try-except` block for `KeyboardInterrupt`, ensuring a graceful termination message.

Key Takeaways

  • **TCP Handshake Logic**: Deepened my understanding of how TCP flags and connection states work at the application layer.
  • **User-Centric CLI**: Learned that visual branding (ASCII banners) and dynamic feedback are essential for professional tools.
  • **Exception Resilience**: Managing `socket.gaierror` and `socket.error` is critical for handling real-world network instabilities.

The Final Result

A portable, high-speed Python port scanner that identifies vulnerabilities in under a minute, providing clear visual feedback and precise duration metrics for security auditors.