2.1連接埠掃描器,
內容:連接埠掃描器—指令碼調用參數、多線程掃描、使用Nmap連接埠掃描碼
環境:python+kali,靶機:win2003
分成五步編寫
###############1、指令碼調用的參數
import optparseparser = optparse.OptionParser('usage %prog -H <target host> -p <target port>')parser.add_option('-H', dest='tgtHost', type='string', help='specify target host')parser.add_option('-p', dest='tgtPort', type='int', help='specify target port')(options, args) = parser.parse_args()tgtHost = options.tgtHosttgtPort = options.tgtPortif tgtHost == None | tgtPort == None: print(parser.usage) exit(0)View Code
################2、產生connScan和portScan函數
from socket import *def connScan(tgtHost, tgtPort): try: connSkt = socket(AF_INET, SOCK_STREAM) connSkt.connect((tgtHost, tgtPort)) print('[+] %d/tcp open' % tgtPort) connSkt.close() except: print('[-] %d/tcp close' % tgtPort)def portScan(tgtHost, tgtPorts): try: tgtIP = gethostbyname(tgtHost) except: print('[-] Cannot resolve %s:Unknown host' % tgtHost) return try: tgtName = gethostbyaddr(tgtIP) print('[+] Scan Results for: ' + tgtName) except: print('[+] Scan Results for: ' + tgtIP) setdefaulttimeout(1) for tgtPort in tgtPorts: print('Scanning port:' + tgtPort) connScan(tgtHost, int(tgtPort))View Code
#################3、抓取應用的Banner
在connScan函數裡面添加新增代碼,找到開放的連接埠後,發送一個字串等待響應
1 import optparse 2 from socket import * 3 4 def connScan(tgtHost, tgtPort): 5 try: 6 connSkt = socket(AF_INET, SOCK_STREAM) 7 connSkt.connect((tgtHost, tgtPort)) 8 connSkt.send('ViolentPython\r\n') 9 results = connSkt.recv(100)10 print('[+] %d/tcp open' % tgtPort)11 #print('[+] retult' , str(results))12 connSkt.close()13 except:14 print('[-] %d/tcp close' % tgtPort)15 16 def portScan(tgtHost, tgtPorts):17 try:18 tgtIP = gethostbyname(tgtHost)19 except:20 print('[-] Cannot resolve %s:Unknown host' % tgtHost)21 return22 try:23 tgtName = gethostbyaddr(tgtIP)24 print('[+] Scan Results for: ' + tgtName)25 except:26 print('[+] Scan Results for: ' + tgtIP)27 setdefaulttimeout(1)28 for tgtPort in tgtPorts:29 print('Scanning port:' + tgtPort)30 connScan(tgtHost, int(tgtPort))31 32 def main():33 parser = optparse.OptionParser('usage %prog -H <target host> -p <target port>')34 parser.add_option('-H', dest='tgtHost', type='string', help='specify target host')35 parser.add_option('-p', dest='tgtPort', type='string', help='specify target port')36 (options, args) = parser.parse_args()37 tgtHost = options.tgtHost38 tgtPort = options.tgtPort39 tgtPorts = str(tgtPort).split(',')40 if tgtHost == None or tgtPort== None:41 print(parser.usage)42 print('[-] you must specify a target host and port[s]')43 exit(0)44 portScan(tgtHost,tgtPorts) 45 46 if __name__ == '__main__':47 main()View Code
在這裡已經可以通過呼叫指令碼的形式執行
在終端執行的命令:root@HuaHong:~/python_hacker/chap2/連接埠掃描器# python port_scanner.py -H 192.168.10.142 -p 80,21
要注意的就是逗號不要是中文,很多人會注意,當然也有人沒有注意
或者在python代碼裡面和這裡保持一致,我覺得用英文的逗號就行了。
####################4、線程掃描
1 import optparse 2 3 from socket import * 4 from threading import Thread,Semaphore 5 6 screenLock = Semaphore(1) 7 def connScan(tgtHost, tgtPort): 8 try: 9 connSkt = socket(AF_INET, SOCK_STREAM)10 connSkt.connect((tgtHost, tgtPort))11 connSkt.send('ViolentPython\r\n')12 results = connSkt.recv(100)13 screenLock.acquire()14 print('[+] %d/tcp open' % tgtPort)15 print('[+] retult' , str(results))16 connSkt.close()17 except:18 screenLock.acquire()19 print('[-] %d/tcp close' % tgtPort)20 finally:21 screenLock.release()22 connSkt.close()23 24 def portScan(tgtHost, tgtPorts):25 try:26 tgtIP = gethostbyname(tgtHost)27 except:28 print('[-] Cannot resolve %s:Unknown host' % tgtHost)29 return30 try:31 tgtName = gethostbyaddr(tgtIP)32 print('[+] Scan Results for: ' + tgtName)33 except:34 print('[+] Scan Results for: ' + tgtIP)35 setdefaulttimeout(1)36 for tgtPort in tgtPorts:37 # print('Scanning port:' + tgtPort)38 # connScan(tgtHost, int(tgtPort))39 t = Thread(target=connScan, args=(tgtHost,int(tgtPort)))40 t.start()41 42 def main():43 parser = optparse.OptionParser('usage %prog -H <target host> -p <target port>')44 parser.add_option('-H', dest='tgtHost', type='string', help='specify target host')45 parser.add_option('-p', dest='tgtPort', type='string', help='specify target port')46 (options, args) = parser.parse_args()47 tgtHost = options.tgtHost48 tgtPort = options.tgtPort49 tgtPorts = str(tgtPort).split(',')50 if tgtHost == None or tgtPorts[0] == None:51 print(parser.usage)52 print('[-] you must specify a target host and port[s]')53 exit(0)54 portScan(tgtHost,tgtPorts) 55 56 if __name__ == '__main__':57 main()View Code
這裡使用多線程掃描提高了速率,並且加入了訊號量。
在使用訊號量前要匯入
測試結果
########################5使用Nmap連接埠掃描碼
在使用Nmap之前要安裝python-nmap
我電腦kali預設就有
1 # __author: _nbloser 2 # date: 18-3-16 3 4 import nmap 5 import optparse 6 7 8 def nmapScan(tgtHost, tgtPort): 9 nmScan = nmap.PortScanner()10 nmScan.scan(tgtHost, tgtPort)11 state = nmScan[tgtHost]['tcp'][int(tgtPort)]['state']12 print("[*]" + tgtHost + " tcp/" + tgtPort + ' ' + state)13 14 def main():15 parser = optparse.OptionParser('usage %prog -H <target host> -p <target port>')16 parser.add_option('-H', dest='tgtHost', type='string', help='specify target host')17 parser.add_option('-p', dest='tgtPort', type='string', help='specify target port')18 (options, args) = parser.parse_args()19 tgtHost = options.tgtHost20 tgtPort = options.tgtPort21 tgtPorts = str(tgtPort).split(',')22 if tgtHost == None or tgtPorts[0] == None:23 print(parser.usage)24 print('[-] you must specify a target host and port[s]')25 exit(0)26 for tgtPort in tgtPorts:27 nmapScan(tgtHost, tgtPort)28 29 30 if __name__ == '__main__':31 main()View Code
執行結果,執行會比較慢點
nmap調用核心代碼:
def nmapScan(tgtHost, tgtPort): nmScan = nmap.PortScanner() nmScan.scan(tgtHost, tgtPort) state = nmScan[tgtHost]['tcp'][int(tgtPort)]['state'] print("[*]" + tgtHost + " tcp/" + tgtPort + ' ' + state)
步驟:1)擷取相應掃描對象
2)掃描
3)擷取結果
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
