Subprocess module
The standard subprocess module allows you to invoke processes from Python and communicate with them, send data to the input (stdin), and receive the output information (stdout). Using this module is the recommended way to execute operating system commands or launch programs (instead of the traditional os.system ()) and optionally interact with them.
Running a child process with your subprocess is simple. Here, the Popen constructor starts the process. You can also pipe data from your Python program into a subprocess and retrieve its output. With the help(subprocess) command, we can see that information:
The simplest way to execute a command or invoke a process is via the call() function (from Python 2.4 to 3.4) or run() (for Python 3.5+). For example, the following code executes a command that list files in the current path.
You can find this code in the SystemCalls.py file in subprocess subfolder:
import os
import subprocess
# using system
os.system("ls -la")
# using subprocess
subprocess.call(["ls", "-la"])
To be able to use the terminal commands (such as clear or cls to clean the console, cd to move in the directory tree, and so on), it is necessary to indicate shell = True parameter:
>> subprocess.call("cls", shell=True)
In this example, it asks the user to write their name and then print a greeting on the screen. Via a subprocess we can invoke it with Popen method, enter a name programmatically, and get the greeting as a Python string.
The Popen () instances incorporate the terminate () and kill () methods to terminate or kill a process, respectively. Distributions of Linux distinguish between the SIGTERM and SIGKILL signals:
>>> p = subprocess.Popen(["python", "--version"])
>>> p.terminate()
The Popen function it gives more flexibilty if we compare with the call function since it executes the command as a child program in a new process. For example, on Unix systems, the class uses os.execvp(). and on Windows, it uses the Windows CreateProcess() function.
You can get more information about the Popen constructor and methods that provide Popen class in the official documentation: https://docs.python.org/2/library/subprocess.html#popen-constructor.
In this example, we are using the subprocess module to call the ping command and obtain the output of this command to evaluate whether a specific IP address responds with ECHO_REPLY. Also, we use the sys module to check the operating system where we are executing the script.
You can find the following code in the PingScanNetWork.py file in subprocess subfolder:
#!/usr/bin/env python
from subprocess import Popen, PIPE
import sys
import argparse
parser = argparse.ArgumentParser(description='Ping Scan Network')
# Main arguments
parser.add_argument("-network", dest="network", help="NetWork segment[For example 192.168.56]", required=True)
parser.add_argument("-machines", dest="machines", help="Machines number",type=int, required=True)
parsed_args = parser.parse_args()
for ip in range(1,parsed_args.machines+1):
ipAddress = parsed_args.network +'.' + str(ip)
print "Scanning %s " %(ipAddress)
if sys.platform.startswith('linux'):
# Linux
subprocess = Popen(['/bin/ping', '-c 1 ', ipAddress], stdin=PIPE, stdout=PIPE, stderr=PIPE)
elif sys.platform.startswith('win'):
# Windows
subprocess = Popen(['ping', ipAddress], stdin=PIPE, stdout=PIPE, stderr=PIPE)
stdout, stderr= subprocess.communicate(input=None)
print stdout
if "Lost = 0" in stdout or "bytes from " in stdout:
print "The Ip Address %s has responded with a ECHO_REPLY!" %(stdout.split()[1])
To execute this script, we need to pass the network we are analyzing and the machine number we want to check as parameters:
python PingScanNetWork.py -network 192.168.56 -machines 1
The following is the result of scanning the 129.168.56 network and one machine: