python编写端口扫苗渗透测试工具port_scanner.py

import socket
import threading
import queue
import sys
import time

class PortScanner:
    def __init__(self, target, start_port=1, end_port=1024, timeout=1, thread_count=100):
        """
        初始化端口扫描器
        :param target: 目标主机IP
        :param start_port: 起始端口
        :param end_port: 结束端口
        :param timeout: 超时时间（秒）
        :param thread_count: 扫描线程数
        """
        self.target = target
        self.start_port = start_port
        self.end_port = end_port
        self.timeout = timeout
        self.thread_count = thread_count
        self.queue = queue.Queue()
        self.results = []

    def scan_port(self):
        """
        端口扫描方法，作为线程任务运行
        检查端口是否开放并获取banner信息
        """
        while True:
            try:
                port = self.queue.get_nowait()
            except queue.Empty:
                break

            try:
                # 创建TCP套接字
                sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                sock.settimeout(self.timeout)
                
                # 尝试连接目标端口
                result = sock.connect_ex((self.target, port))
                
                if result == 0:
                    try:
                        # 尝试获取服务banner信息
                        banner = self.get_banner(sock)
                        self.results.append((port, "开放", banner))
                        print(f"端口 {port}: 开放 - Banner信息: {banner}")
                    except Exception as e:
                        self.results.append((port, "开放", "无法获取Banner信息"))
                        print(f"端口 {port}: 开放 - 无法获取Banner信息")
                
                sock.close()
                
            except Exception as e:
                print(f"扫描端口 {port} 时出错: {str(e)}")
            
            finally:
                self.queue.task_done()

    def get_banner(self, sock):
        """
        获取服务banner信息
        :param sock: 已建立连接的套接字
        :return: banner信息字符串
        """
        try:
            # 尝试发送HTTP请求获取banner
            sock.send(b"GET / HTTP/1.1\r\n\r\n")
            banner = sock.recv(1024)
            return banner.decode().strip()
        except:
            # 如果HTTP请求失败，尝试直接接收数据
            try:
                banner = sock.recv(1024)
                return banner.decode().strip()
            except:
                raise Exception("无法获取Banner信息")

    def run(self):
        """
        运行端口扫描
        启动多个扫描线程并等待完成
        """
        print(f"\n开始扫描目标主机: {self.target}")
        print("=" * 60)

        # 将待扫描端口加入队列
        for port in range(self.start_port, self.end_port + 1):
            self.queue.put(port)

        # 创建并启动扫描线程
        threads = []
        for _ in range(min(self.thread_count, self.end_port - self.start_port + 1)):
            t = threading.Thread(target=self.scan_port)
            t.daemon = True
            t.start()
            threads.append(t)

        # 等待所有端口扫描完成
        self.queue.join()

        print("\n扫描完成!")
        print("=" * 60)
        return self.results

def main():
    """
    主函数，处理命令行参数并启动扫描
    """
    if len(sys.argv) < 2:
        print("使用方法: python port_scanner.py <目标IP> [起始端口] [结束端口]")
        sys.exit(1)

    target = sys.argv[1]
    start_port = int(sys.argv[2]) if len(sys.argv) > 2 else 1
    end_port = int(sys.argv[3]) if len(sys.argv) > 3 else 1024

    scanner = PortScanner(
        target=target,
        start_port=start_port,
        end_port=end_port,
        timeout=1,
        thread_count=100
    )
    
    scanner.run()

if __name__ == "__main__":
    main()

1. 多线程端口扫描
2. 自动获取服务Banner信息
3. 可自定义扫描端口范围
4. 支持超时设置
5. 可配置线程数量

使用方法：

1. 基本扫描（扫描1-1024端口）：python port_scanner.py 192.168.1.1

2. 指定端口范围扫描：python port_scanner.py 192.168.1.1 80 100