端口扫描-socket模块

本机地址:192.168.142.131

方法1:

root@kali:~/code/chap4/4.2.4# python3 scaner-port.py -i 192.168.142.1 -p 1-100
[80] OPEN

scaner-port.py

 1 #!/usr/bin/python3
 2 # -*- coding:utf-8 -*-
 3 
 4 import sys
 5 import socket
 6 import optparse
 7 import threading
 8 import queue
 9 
10 
11 # 端口扫描类,继承threading.Thread
12 class PortScaner(threading.Thread):
13     # 需要传入 端口队列 目标IP 探测超时时间
14     def __init__(self, portqueue, ip, timeout=3):
15         threading.Thread.__init__(self)
16         self._portqueue = portqueue
17         self._ip = ip
18         self._timeout = timeout
19 
20     def run(self):
21         while True:
22             # 判断端口队列是否为空
23             if self._portqueue.empty():
24                 # 端口队列为空说明已经扫描完毕,跳出循环
25                 break
26             # 从端口队列中取出端口,超时时间为1s
27             port = self._portqueue.get(timeout=0.5)
28             try:
29                 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
30                 s.settimeout(self._timeout)
31                 result_code = s.connect_ex((self._ip, port))
32                 # sys.stdout.write("[%d]Scan\n" % port)
33                 # 若端口开放则会返回0
34                 if result_code == 0:
35                     sys.stdout.write("[%d] OPEN\n" % port)
36             except Exception as e:
37                 print(e)
38             finally:
39                 s.close()
40 
41 def StartScan(targetip, port, threadNum):
42     # 端口列表
43     portList = []
44     portNumb = port
45     # 判断是单个端口还是端口范围
46     if '-' in port:
47         for i in range(int(port.split('-')[0]), int(port.split('-')[1])+1):
48             portList.append(i)
49     else:
50         portList.append(int(port))
51     # 目标IP地址
52     ip = targetip
53     # 线程列表
54     threads = []
55     # 线程数量
56     threadNumber = threadNum
57     # 端口队列
58     portQueue = queue.Queue()
59     # 生成端口,加入到端口队列
60     for port in portList:
61         portQueue.put(port)
62     for t in range(threadNumber):
63         threads.append(PortScaner(portQueue, ip, timeout=3))
64     # 启动线程
65     for thread in threads:
66         thread.start()
67     # 阻塞线程
68     for thread in threads:
69         thread.join()
70 
71 
72 if __name__ == '__main__':
73     parser = optparse.OptionParser('Example: python %prog -i 127.0.0.1 -p 80 \n      python %prog -i 127.0.0.1 -p 1-100\n')
74     # 目标IP参数-i
75     parser.add_option('-i', '--ip', dest='targetIP',default='127.0.0.1', type='string',help='target IP')
76     # 添加端口参数-p
77     parser.add_option('-p', '--port', dest='port', default='80', type='string', help='scann port')
78     # 线程数量参数-t
79     parser.add_option('-t', '--thread', dest='threadNum', default=100, type='int', help='scann thread number')
80     (options, args) = parser.parse_args()
81     StartScan(options.targetIP, options.port, options.threadNum)

 方法2:

root@kali:~/code/chap4/4.2.4# python3 portScanBanner.py -i 192.168.1.1 -p 80
Scan report for 192.168.1.1

[80] open HTTP

Scan finished!....

 

 portScanBanner.py

 1 #!/usr/bin/python3.7
 2 #!coding:utf-8
 3 from optparse import OptionParser
 4 import time
 5 import socket
 6 import os
 7 import re
 8 
 9 SIGNS = (
10     # 协议 | 版本 | 关键字
11     b'FTP|FTP|^220.*FTP',
12     b'MySQL|MySQL|mysql_native_password',
13     b'oracle-https|^220- ora',
14     b'Telnet|Telnet|Telnet',
15     b'Telnet|Telnet|^\r\n%connection closed by remote host!\x00$',
16     b'VNC|VNC|^RFB',
17     b'IMAP|IMAP|^\* OK.*?IMAP',
18     b'POP|POP|^\+OK.*?',
19     b'SMTP|SMTP|^220.*?SMTP',
20     b'Kangle|Kangle|HTTP.*kangle',
21     b'SMTP|SMTP|^554 SMTP',
22     b'SSH|SSH|^SSH-',
23     b'HTTPS|HTTPS|Location: https',
24     b'HTTP|HTTP|HTTP/1.1',
25     b'HTTP|HTTP|HTTP/1.0',
26 )
27 def regex(response, port):
28     text = ""
29     if re.search(b'<title>502 Bad Gateway', response):
30         proto = {"Service failed to access!!"}
31     for pattern in SIGNS:
32         pattern = pattern.split(b'|')
33         if re.search(pattern[-1], response, re.IGNORECASE):
34             proto = "["+port+"]" + " open " + pattern[1].decode()
35             break
36         else:
37             proto = "["+port+"]" + " open " + "Unrecognized"
38     print(proto)
39 
40 def request(ip,port):
41     response = ''
42     PROBE = 'GET / HTTP/1.0\r\n\r\n'
43     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
44     sock.settimeout(10)
45     result = sock.connect_ex((ip, int(port)))
46     if result == 0:
47         try:
48             sock.sendall(PROBE.encode())
49             response = sock.recv(256)
50             if response:
51                 regex(response, port)
52         except ConnectionResetError:
53             pass
54     else:
55         pass
56     sock.close()
57 
58 def main():
59     parser = OptionParser("Usage:%prog -i <target host> ")   # 输出帮助信息
60     parser.add_option('-i',type='string',dest='IP',help='specify target host')   # 获取ip地址参数
61     parser.add_option('-p', type='string', dest='PORT', help='specify target host')  # 获取ip地址参数
62     options,args = parser.parse_args()
63     ip = options.IP
64     port = options.PORT
65     print("Scan report for "+ip+"\n")
66     for line in port.split(','):
67         request(ip,line)
68         time.sleep(0.2)
69     print("\nScan finished!....\n")
70 
71 if __name__ == "__main__":
72     try:
73         main()
74     except KeyboardInterrupt:
75         print("interrupted by user, killing all threads..."

posted @ 2021-11-16 11:36  冰雪2021  阅读(107)  评论(0编辑  收藏  举报
// 侧边栏目录 // https://blog-static.cnblogs.com/files/douzujun/marvin.nav.my1502.css