Python绝技笔记--------Tcp端口扫描小脚本+nmap版本
之前就写过端口扫描,现在看了书之后,有种整体提升的感觉
# -*- coding: UTF-8 -*-
import optparse
from socket import *
import threading
from threading import Thread
#socket
#设置个信号量
screenLock = threading.Semaphore(value=1)
def connScan(tgtHost,tgtPort):
try:
connSkt = socket(AF_INET,SOCK_STREAM)
connSkt.connect((tgtHost,tgtPort))
connSkt.send('test!')
result = connSkt.recv(1024)
connSkt.close()
#加锁
screenLock.acquire()
print '[+] %d/tcp open ' % tgtPort
print '[+] service: '+str(result)
except:
#加锁
screenLock.acquire()
print '[-] %d/tcp closed '% tgtPort
finally:
#无论如何最后都要释放这个锁和关闭连接
screenLock.release()
connSkt.close()
def portScan(tgtHost,tgtPorts):
setdefaulttimeout(1)
for tgtPort in tgtPorts:
#connScan(tgtHost,int(tgtPort))
t = Thread(target=connScan,args=(tgtHost,int(tgtPort)))
t.start()
#parse
def main():
parse = optparse.OptionParser("usage %prog -H -P " )
parse.add_option('-H',dest='tgtHost',type='string',help='specify target host')
parse.add_option('-P',dest='tgtPort',type='string',help='specify target port')
(options,args) = parse.parse_args()
if (options.tgtHost==None):
print parse.usage
elif (options.tgtPort==None):
print 'use default port'
tgtHost = options.tgtHost
tgtPorts=[20,21,22,23,25,69,80,109,110,139,179,443,445,544,1080,1433,1434,1521,1158,2100,3306,3389,7001,8080,8081,9080,9090]
portScan(tgtHost,tgtPorts)
else:
tgtHost = options.tgtHost
tgtPorts = str(options.tgtPort).split(',')
print tgtHost+':'+str(tgtPorts)
portScan(tgtHost,tgtPorts)
if __name__ =='__main__':
main()
还是用optparse来设置参数,在此基础上我增加了指定端口的话就-P 不写-P的话就用默认的list里的端口扫描。
。
写了两个函数,一个是connScan,用于连接,也就是每一个函数运行就一个线程。写了个portScan函数,用于把port和ip传入给你connScan函数。
还有因为是多线程的,所以屏幕输出会乱。那么就设置个信号量加个锁。
效果:
Nmap版本
上面写的只是TCP全连接。不能完全显示
使用python-nmap模块
# -*- coding: UTF-8 -*-
import nmap
import optparse
#定义使用nmap的函数
def nmapScan(tgtHost,tgtPort):
nmScan = nmap.PortScanner()
nmScan.scan(tgtHost,tgtPort)
state = nmScan[tgtHost]['tcp'][int(tgtPort)]['state']
print "[*] "+tgtHost+"tcp/"+tgtPort+" "+state
#parse
def main():
parse = optparse.OptionParser("usage %prog -H -P " )
parse.add_option('-H',dest='tgtHost',type='string',help='specify target host')
parse.add_option('-P',dest='tgtPort',type='string',help='specify target port')
(options,args) = parse.parse_args()
if (options.tgtHost==None):
print parse.usage
elif (options.tgtPort==None):
print 'use default port'
tgtHost = options.tgtHost
tgtPorts=[20,21,22,23,25,69,80,109,110,139,179,443,445,544,1080,1433,1434,1521,1158,2100,3306,3389,7001,8080,8081,9080,9090]
for tgtPort in tgtPorts:
nmapScan(str(tgtHost),str(tgtPort))
else:
tgtHost = options.tgtHost
tgtPorts = str(options.tgtPort).split(',')
for tgtPort in tgtPorts:
nmapScan(str(tgtHost),str(tgtPort))
if __name__ =='__main__':
main()
速度慢了很多。
同样让我改成了默认与不默认版本
加了下线程
# -*- coding: UTF-8 -*-
import nmap
import optparse
from threading import Thread
#定义使用nmap的函数
def nmapScan(tgtHost,tgtPort):
nmScan = nmap.PortScanner()
nmScan.scan(tgtHost,tgtPort)
state = nmScan[tgtHost]['tcp'][int(tgtPort)]['state']
print "[*] "+tgtHost+"tcp/"+tgtPort+" "+state
#parse
def main():
parse = optparse.OptionParser("usage %prog -H -P " )
parse.add_option('-H',dest='tgtHost',type='string',help='specify target host')
parse.add_option('-P',dest='tgtPort',type='string',help='specify target port')
(options,args) = parse.parse_args()
if (options.tgtHost==None):
print parse.usage
elif (options.tgtPort==None):
print 'use default port'
tgtHost = options.tgtHost
tgtPorts=[20,21,22,23,25,69,80,109,110,139,179,443,445,544,1080,1433,1434,1521,1158,2100,3306,3389,7001,8080,8081,9080,9090]
for tgtPort in tgtPorts:
#nmapScan(str(tgtHost),str(tgtPort))
t = Thread(target=nmapScan,args=(str(tgtHost),str(tgtPort)))
t.start()
else:
tgtHost = options.tgtHost
tgtPorts = str(options.tgtPort).split(',')
for tgtPort in tgtPorts:
#nmapScan(str(tgtHost),str(tgtPort))
t = Thread(target=nmapScan,args=(str(tgtHost),str(tgtPort)))
t.start()
if __name__ =='__main__':
main()