【亲测有效】超高速扫描ip端口,可控制进程数,线程数,异步io链接并发数,超时时间,扫描到的端口服务信息说明
import socket
import ipaddress
import multiprocessing
import threading
import asyncio
import concurrent.futures
#pip install netifaces==0.11.0
import netifaces
from multiprocessing import Pool, Manager
#4 linux: pip install uvloop
#import uvloop
# 使用 uvloop 作为默认的事件循环
#asyncio.set_event_loop_policy(uvloop.EventLoopPolicy())
# 获取当前的IP地址、子网掩码和网关
def get_network_info():
interfaces = netifaces.interfaces()
for interface in interfaces:
addresses = netifaces.ifaddresses(interface)
if netifaces.AF_INET in addresses:
ipv4_info = addresses[netifaces.AF_INET][0]
ip = ipv4_info.get('addr')
netmask = ipv4_info.get('netmask')
gateway = netifaces.gateways()['default'][netifaces.AF_INET][0]
return ip, netmask, gateway
return None, None, None
# 打印要扫描的IP范围和端口范围
def print_scan_info(start_ip, end_ip, port_range):
print(f"Scanning IP range: {start_ip} - {end_ip}")
print(f"Scanning port range: {port_range[0]} - {port_range[1]}")
# 尝试检测服务名称
def get_service_name(port, ip=''):
try:
service_name = socket.getservbyport(port)
except OSError:
service_name = 'Unknown Service'
return service_name
# 获取当前IP所在的局域网网段
def get_local_network():
hostname = socket.gethostname()
local_ip = socket.gethostbyname(hostname)
# 假设使用的是标准子网掩码 255.255.255.0 (CIDR: /24)
ip_network = ipaddress.ip_network(f'{local_ip}/24', strict=False)
return ip_network
# 服务识别
def identify_service(response):
# 识别 HTTP 服务
if 'HTTP' in response:
return 'HTTP Service'
# 识别 FTP 服务
if '220' in response:
if 'FTP' in response:
return 'FTP Service'
# 识别 SMTP 服务
if '220' in response:
if 'ESMTP' in response:
return 'SMTP Service'
# 识别 SSH 服务
if 'SSH' in response:
return 'SSH Service'
# 识别 Redis 服务
if 'Redis' in response:
return 'Redis Service'
# 识别 MySQL 服务
if 'MySQL' in response:
return 'MySQL Service'
# 识别 PostgreSQL 服务
if 'PostgreSQL' in response or 'postgres' in response:
return 'PostgreSQL Service'
# 识别 MongoDB 服务
if 'MongoDB' in response or 'mongo' in response:
return 'MongoDB Service'
# 识别 MS SQL 服务
if 'Microsoft SQL Server' in response or 'SQL Server' in response:
return 'MS SQL Service'
# 识别 Oracle DB 服务
if 'Oracle' in response:
return 'Oracle DB Service'
# 识别 RDP 服务
if 'RDP' in response or 'Remote Desktop' in response:
return 'RDP Service'
# 识别 LDAP 服务
if 'LDAP' in response or 'Directory Service' in response:
return 'LDAP Service'
# 识别 SNMP 服务
if 'SNMP' in response or 'Simple Network Management Protocol' in response:
return 'SNMP Service'
# 识别 SIP 服务
if 'SIP' in response or 'Session Initiation Protocol' in response:
return 'SIP Service'
# 识别 VNC 服务
if 'VNC' in response or 'Virtual Network Computing' in response:
return 'VNC Service'
# 识别 XMPP 服务
if 'XMPP' in response or 'Extensible Messaging and Presence Protocol' in response:
return 'XMPP Service'
# 识别 NTP 服务
if 'NTP' in response or 'Network Time Protocol' in response:
return 'NTP Service'
# 识别 DHCP 服务
if 'DHCP' in response or 'Dynamic Host Configuration Protocol' in response:
return 'DHCP Service'
# 识别 IMAP 服务
if 'IMAP' in response or 'Internet Message Access Protocol' in response:
return 'IMAP Service'
# 识别 POP3 服务
if 'POP3' in response or 'Post Office Protocol' in response:
return 'POP3 Service'
# 识别 Telnet 服务
if 'Telnet' in response:
return 'Telnet Service'
# 识别 HTTP Proxy 服务
if 'Proxy' in response or 'HTTP Proxy' in response:
return 'HTTP Proxy Service'
# 识别 Git 服务
if 'Git' in response:
return 'Git Service'
# 识别 Elasticsearch 服务
if 'Elasticsearch' in response:
return 'Elasticsearch Service'
# 识别 Solr 服务
if 'Solr' in response:
return 'Solr Service'
# 识别 Memcached 服务
if 'Memcached' in response:
return 'Memcached Service'
# 识别 RabbitMQ 服务
if 'RabbitMQ' in response:
return 'RabbitMQ Service'
# 识别 Couchbase 服务
if 'Couchbase' in response:
return 'Couchbase Service'
# 识别 CouchDB 服务
if 'CouchDB' in response:
return 'CouchDB Service'
# 识别 MariaDB 服务
if 'MariaDB' in response:
return 'MariaDB Service'
# 识别 Cassandra 服务
if 'Cassandra' in response:
return 'Cassandra Service'
# 识别 InfluxDB 服务
if 'InfluxDB' in response:
return 'InfluxDB Service'
# 识别 Zookeeper 服务
if 'Zookeeper' in response:
return 'Zookeeper Service'
# 识别 Redis Sentinel 服务
if 'Redis Sentinel' in response:
return 'Redis Sentinel Service'
# 识别 Memcached 服务
if 'Memcached' in response:
return 'Memcached Service'
# 识别 Prometheus 服务
if 'Prometheus' in response:
return 'Prometheus Service'
# 识别 Grafana 服务
if 'Grafana' in response:
return 'Grafana Service'
# 识别 Jenkins 服务
if 'Jenkins' in response:
return 'Jenkins Service'
# 识别 Docker 服务
if 'Docker' in response:
return 'Docker Service'
# 识别 Kubernetes 服务
if 'Kubernetes' in response:
return 'Kubernetes Service'
# 识别 Kubernetes Dashboard 服务
if 'Kubernetes Dashboard' in response:
return 'Kubernetes Dashboard Service'
# 识别 Vault 服务
if 'Vault' in response:
return 'Vault Service'
# 识别 Harbor 服务
if 'Harbor' in response:
return 'Harbor Service'
# 识别 Istio 服务
if 'Istio' in response:
return 'Istio Service'
# 识别 Nginx 服务
if 'Nginx' in response:
return 'Nginx Service'
# 识别 HAProxy 服务
if 'HAProxy' in response:
return 'HAProxy Service'
# 识别 OpenVPN 服务
if 'OpenVPN' in response:
return 'OpenVPN Service'
# 识别 WireGuard 服务
if 'WireGuard' in response:
return 'WireGuard Service'
# 识别 Squid Proxy 服务
if 'Squid' in response:
return 'Squid Proxy Service'
# 识别 Samba 服务
if 'Samba' in response:
return 'Samba Service'
# 识别 TeamSpeak 服务
if 'TeamSpeak' in response:
return 'TeamSpeak Service'
# 如果无法识别
return 'Unknown Service'
# 扫描一个端口是否开放
async def scan_port(ip, port, semaphore, timeout=3):
async with semaphore:
try:
reader, writer = await asyncio.wait_for(asyncio.open_connection(ip, port), timeout=timeout)
# async with lock:
service_name = get_service_name(port)
# 获取服务的banner信息
service_banner, service = await identify_service_from_banner(ip, port)
print(f"{ip}:{port} is open, 标准Service: {service_name} 网络服务标识返回:{service_banner} 服务含义:{service}")
writer.close()
await writer.wait_closed()
except:
pass
# 通用的TCP Banner Grabbing方法
async def identify_service_from_banner(ip, port):
try:
reader, writer = await asyncio.open_connection(ip, port)
writer.write(b"\r\n") # 发送一个空行以触发 Banner 返回
await writer.drain()
banner = await reader.read(4096)
writer.close()
await writer.wait_closed()
if banner:
service_name = identify_service(banner.decode('utf-8', errors='ignore'))
return banner.decode('utf-8', errors='ignore').strip(), service_name
else:
return "No banner received", "Unknown Service"
except (asyncio.TimeoutError, ConnectionRefusedError, OSError):
return "Unknown Service", "Unknown Service"
# 多线程扫描指定IP的所有端口
def scan_ip(ip, port_range, timeout=3):
# 限制同时进行的任务数量,避免资源占用过多
loop = asyncio.new_event_loop()
asyncio.set_event_loop(loop)
semaphore = asyncio.Semaphore(64) # 限制同时进行的任务数量
tasks = [loop.create_task(scan_port(ip, port, semaphore, timeout=timeout)) for port in range(port_range[0], port_range[1] + 1)]
loop.run_until_complete(asyncio.wait(tasks))
loop.close()
# 每个进程调用的扫描函数
def process_scan(start_ip, end_ip, port_range, timeout=3, max_threads=10):
start_int = int(ipaddress.ip_address(start_ip))
end_int = int(ipaddress.ip_address(end_ip))
with concurrent.futures.ThreadPoolExecutor(max_workers=max_threads) as executor: # 每个进程内的线程池大小
for ip_int in range(start_int, end_int + 1):
ip_address = str(ipaddress.ip_address(ip_int))
executor.submit(scan_ip, ip_address, port_range, timeout)
# 使用进程池扫描一个IP段的所有IP
def scan_network(start_ip, end_ip, max_processes=4, max_threads=4, timeout=3, port_range=(1, 65535)):
# 计算每个进程处理的IP段范围
start_int = int(ipaddress.ip_address(ip_list[0]))
end_int = int(ipaddress.ip_address(ip_list[-1]))
total_ips = end_int - start_int + 1
ips_per_process = total_ips // max_processes
with Pool(processes=max_processes) as pool:
for i in range(max_processes):
process_start_ip = str(ipaddress.ip_address(start_int + i * ips_per_process))
process_end_ip = str(
ipaddress.ip_address(start_int + (i + 1) * ips_per_process - 1)) if i < max_processes - 1 else str(
ipaddress.ip_address(end_int))
pool.apply_async(process_scan, (process_start_ip, process_end_ip, port_range, timeout, max_threads))
pool.close()
pool.join()
if __name__ == "__main__":
# Windows 系统中显式设置 `multiprocessing` 的启动方式为 "spawn"
multiprocessing.set_start_method("spawn")
# 获取并打印网络信息
current_ip, netmask, gateway = get_network_info()
print(f"Current IP: {current_ip}")
print(f"Netmask: {netmask}")
print(f"Gateway: {gateway}")
port_range = (1, 65535)
max_processes = 2
# ip_range_per_process = 32 # 每个进程处理的IP数量
# 设置线程数量
max_threads = 4
# 设置端口扫描超时时间(秒)
timeout = 1
# 获取当前局域网网段
local_network = get_local_network()
print(f"Scanning network: {local_network}")
# 使用多进程扫描整个网段
# processes = []
ip_list = list(local_network.hosts()) # 获取所有主机IP
# 扫描IP段
scan_network(ipaddress.ip_address(ip_list[0]), ipaddress.ip_address(ip_list[-1]), max_processes, max_threads, timeout, port_range)【亲测有效】超高速扫描ip端口,可控制进程数,线程数,异步io链接并发数,超时时间,扫描到的端口服务信息说明
代码学习,前言技术分享,深度分析编程技术,普及科普编程技术,天天都要敲代码
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 分享4款.NET开源、免费、实用的商城系统
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· 上周热点回顾(2.24-3.2)