2.1端口扫描器
内容:端口扫描器—脚本调用参数、多线程扫描、使用Nmap端口扫描代码
环境:python+kali,靶机:win2003
分成五步编写
###############1、脚本调用的参数
import optparse parser = optparse.OptionParser('usage %prog -H <target host> -p <target port>') parser.add_option('-H', dest='tgtHost', type='string', help='specify target host') parser.add_option('-p', dest='tgtPort', type='int', help='specify target port') (options, args) = parser.parse_args() tgtHost = options.tgtHost tgtPort = options.tgtPort if tgtHost == None | tgtPort == None: print(parser.usage) exit(0)
################2、生成connScan和portScan函数
from socket import * def connScan(tgtHost, tgtPort): try: connSkt = socket(AF_INET, SOCK_STREAM) connSkt.connect((tgtHost, tgtPort)) print('[+] %d/tcp open' % tgtPort) connSkt.close() except: print('[-] %d/tcp close' % tgtPort) def portScan(tgtHost, tgtPorts): try: tgtIP = gethostbyname(tgtHost) except: print('[-] Cannot resolve %s:Unknown host' % tgtHost) return try: tgtName = gethostbyaddr(tgtIP) print('[+] Scan Results for: ' + tgtName) except: print('[+] Scan Results for: ' + tgtIP) setdefaulttimeout(1) for tgtPort in tgtPorts: print('Scanning port:' + tgtPort) connScan(tgtHost, int(tgtPort))
#################3、抓取应用的Banner
在connScan函数里面添加新增代码,找到开放的端口后,发送一个字符串等待响应
1 import optparse 2 from socket import * 3 4 def connScan(tgtHost, tgtPort): 5 try: 6 connSkt = socket(AF_INET, SOCK_STREAM) 7 connSkt.connect((tgtHost, tgtPort)) 8 connSkt.send('ViolentPython\r\n') 9 results = connSkt.recv(100) 10 print('[+] %d/tcp open' % tgtPort) 11 #print('[+] retult' , str(results)) 12 connSkt.close() 13 except: 14 print('[-] %d/tcp close' % tgtPort) 15 16 def portScan(tgtHost, tgtPorts): 17 try: 18 tgtIP = gethostbyname(tgtHost) 19 except: 20 print('[-] Cannot resolve %s:Unknown host' % tgtHost) 21 return 22 try: 23 tgtName = gethostbyaddr(tgtIP) 24 print('[+] Scan Results for: ' + tgtName) 25 except: 26 print('[+] Scan Results for: ' + tgtIP) 27 setdefaulttimeout(1) 28 for tgtPort in tgtPorts: 29 print('Scanning port:' + tgtPort) 30 connScan(tgtHost, int(tgtPort)) 31 32 def main(): 33 parser = optparse.OptionParser('usage %prog -H <target host> -p <target port>') 34 parser.add_option('-H', dest='tgtHost', type='string', help='specify target host') 35 parser.add_option('-p', dest='tgtPort', type='string', help='specify target port') 36 (options, args) = parser.parse_args() 37 tgtHost = options.tgtHost 38 tgtPort = options.tgtPort 39 tgtPorts = str(tgtPort).split(',') 40 if tgtHost == None or tgtPort== None: 41 print(parser.usage) 42 print('[-] you must specify a target host and port[s]') 43 exit(0) 44 portScan(tgtHost,tgtPorts) 45 46 if __name__ == '__main__': 47 main()
在这里已经可以通过调用脚本的形式执行
在终端执行的命令:root@HuaHong:~/python_hacker/chap2/端口扫描器# python port_scanner.py -H 192.168.10.142 -p 80,21
要注意的就是逗号不要是中文,很多人会注意,当然也有人没有注意
或者在python代码里面和这里保持一致,我觉得用英文的逗号就行了。
####################4、线程扫描
1 import optparse 2 3 from socket import * 4 from threading import Thread,Semaphore 5 6 screenLock = Semaphore(1) 7 def connScan(tgtHost, tgtPort): 8 try: 9 connSkt = socket(AF_INET, SOCK_STREAM) 10 connSkt.connect((tgtHost, tgtPort)) 11 connSkt.send('ViolentPython\r\n') 12 results = connSkt.recv(100) 13 screenLock.acquire() 14 print('[+] %d/tcp open' % tgtPort) 15 print('[+] retult' , str(results)) 16 connSkt.close() 17 except: 18 screenLock.acquire() 19 print('[-] %d/tcp close' % tgtPort) 20 finally: 21 screenLock.release() 22 connSkt.close() 23 24 def portScan(tgtHost, tgtPorts): 25 try: 26 tgtIP = gethostbyname(tgtHost) 27 except: 28 print('[-] Cannot resolve %s:Unknown host' % tgtHost) 29 return 30 try: 31 tgtName = gethostbyaddr(tgtIP) 32 print('[+] Scan Results for: ' + tgtName) 33 except: 34 print('[+] Scan Results for: ' + tgtIP) 35 setdefaulttimeout(1) 36 for tgtPort in tgtPorts: 37 # print('Scanning port:' + tgtPort) 38 # connScan(tgtHost, int(tgtPort)) 39 t = Thread(target=connScan, args=(tgtHost,int(tgtPort))) 40 t.start() 41 42 def main(): 43 parser = optparse.OptionParser('usage %prog -H <target host> -p <target port>') 44 parser.add_option('-H', dest='tgtHost', type='string', help='specify target host') 45 parser.add_option('-p', dest='tgtPort', type='string', help='specify target port') 46 (options, args) = parser.parse_args() 47 tgtHost = options.tgtHost 48 tgtPort = options.tgtPort 49 tgtPorts = str(tgtPort).split(',') 50 if tgtHost == None or tgtPorts[0] == None: 51 print(parser.usage) 52 print('[-] you must specify a target host and port[s]') 53 exit(0) 54 portScan(tgtHost,tgtPorts) 55 56 if __name__ == '__main__': 57 main()
这里使用多线程扫描提高了速率,并且加入了信号量。
在使用信号量前要导入
测试结果
########################5使用Nmap端口扫描代码
在使用Nmap之前要安装python-nmap
我电脑kali默认就有
1 # __author: _nbloser 2 # date: 18-3-16 3 4 import nmap 5 import optparse 6 7 8 def nmapScan(tgtHost, tgtPort): 9 nmScan = nmap.PortScanner() 10 nmScan.scan(tgtHost, tgtPort) 11 state = nmScan[tgtHost]['tcp'][int(tgtPort)]['state'] 12 print("[*]" + tgtHost + " tcp/" + tgtPort + ' ' + state) 13 14 def main(): 15 parser = optparse.OptionParser('usage %prog -H <target host> -p <target port>') 16 parser.add_option('-H', dest='tgtHost', type='string', help='specify target host') 17 parser.add_option('-p', dest='tgtPort', type='string', help='specify target port') 18 (options, args) = parser.parse_args() 19 tgtHost = options.tgtHost 20 tgtPort = options.tgtPort 21 tgtPorts = str(tgtPort).split(',') 22 if tgtHost == None or tgtPorts[0] == None: 23 print(parser.usage) 24 print('[-] you must specify a target host and port[s]') 25 exit(0) 26 for tgtPort in tgtPorts: 27 nmapScan(tgtHost, tgtPort) 28 29 30 if __name__ == '__main__': 31 main()
执行结果,执行会比较慢点
nmap调用核心代码:
def nmapScan(tgtHost, tgtPort): nmScan = nmap.PortScanner() nmScan.scan(tgtHost, tgtPort) state = nmScan[tgtHost]['tcp'][int(tgtPort)]['state'] print("[*]" + tgtHost + " tcp/" + tgtPort + ' ' + state)
步骤:1)获取相应扫描对象
2)扫描
3)获取结果