Comment here anything unrelated to the current issues but related to the port scanner

Parent issue

Port scanner for the project .

Please comment in all the resources you find related to the port scanner and further discussions shall continue in here related to the port scanner

[Updated]

To do :

• Scan ports on local system
• Get the hostname ( to be displayed in the GUI )
• Check the ports against a blacklist which is to be continuously maintained.
  I think there are also blacklists for domain names maintained by most of the antivirus companies and even google has that

The output from the backend should be like this and the frontend would receive it likewise and do further processing as needed.

{
    "port": < port_number_here > ,
    "type_of_port": "TCP/UDP",
    "type": "malicious/good/grey ( choose from the three keys and based on that highlight the column displaying it in the GUI , grey is when it can also be used by legitimate services)",
    "current_process": < pid_here > ,
    "filepath": < filepath > ,
    "remarks": "<here data if available in blacklisted.json>"
}

e.g. {
    "port": 4950,
    "type_of_port": "TCP",
    "current_process": 2187,
    "filepath": "C:\\User\\HP-PC\\Downloads\\asghdt.exe",
    "type": "malicious",
    "remarks": "ICQ Trojan"
}

Parent issue#1

We need a catchy logo and name for the port scanner.

ToDo

• Logo for the port scanner
• Name for the port scanner

I would suggest we name it something​like iiitacysec-port-scanner ,something that includes iiita as well as cybersecurity wing too.

A blacklist of ports

Since whitelist may block some legitimate ports so, it would be preferred if we keep a whitelist.
And this needs to be continuously maintained.

Add notifications for any unwanted / suspicious ports opening

As you can see the notifications of facebook / slack etc on your desktop , likewise it should be implemented.
I haven't researched it further.
Please do it and add it in the comments here.

Parent issue#1

GUI for the port scanner

The GUI should be as descriptive but at the same time clutter free and elegant as possible.
Please comment in any further resources you find for the GUI here.

Suggested library

• PyQT , PyQT tutorial

The output from the backend would be like this and the frontend would receive it likewise and do further processing as needed.

{
    "port": < port_number_here > ,
    "type_of_port": "TCP/UDP",
    "type": "malicious/good/grey ( choose from the three keys and based on that highlight the column displaying it in the GUI , grey is when it can also be used by legitimate services)",
    "current_process": < pid_here > ,
    "filepath": < filepath > ,
    "remarks": "<here data if available in blacklisted.json>"
}

e.g. {
    "port": 4950,
    "type_of_port": "TCP",
    "current_process": 2187,
    "filepath": "C:\\User\\HP-PC\\Downloads\\asghdt.exe",
    "type": "malicious",
    "remarks": "ICQ Trojan"
}

For malicious ports you can mark the whole row as red , where you're displaying it.

Parent issue#1

Not your usual port scanner.

Instead of scanning port on other computers it scans ports on the host itself to check for any malware using pre-defined open port list , which is constantly being updated.

Things to do

• Create a port scanner script, daemonize the script to run it in background
• Make GUI for the same , to show the results
• Add notifications for any unwanted / suspicious ports opening
• Need to add further issues.

This is a parent issue. Please open issues based on the above points and solve those accordingly.

Also when sending a PR , mention the reference of this issue.