python---项目5-TCP单线程扫描器与TCP多线程TCP扫描器(公网/局域网IP与域名)、Nmap扫描器(局域网/公网)

python—项目5-TCP扫描器与多线程TCP扫描器(公网/内网IP与域名)

一、TCP扫描器单线程

TCP全连接扫描、抓取应用的Banner

1、环境与源码
python---项目5-TCP单线程扫描器与TCP多线程TCP扫描器(公网/局域网IP与域名)、Nmap扫描器(局域网/公网)_第1张图片

root@kali:~# cd /root/python/anquangongji/
root@kali:~/python/anquangongji# clear
root@kali:~/python/anquangongji# ls
creakzipfile.py    pingip_false.txt  portscanner.py    scanhostsingalport.py  vulnbanners.txt
dictionaryzip.txt  pingip_true.txt   scanftpbanner.py  test.zip

root@kali:~/python/anquangongji# vi portscanner.py 
root@kali:~/python/anquangongji# 
root@kali:~/python/anquangongji# cat portscanner.py 
#!/usr/bin/python
# --*-- coding:utf-8 --*--

import optparse
import socket
from socket import *

def connScan(tgtHost,tgtPort):#在connScan()函数中,socket方法中有两个参数AF_INET和SOCK_STREAM,分别表示使用IPv4地址和TCP流,这两个参数是默认的
    try:
        connSkt = socket(AF_INET,SOCK_STREAM)
        connSkt.connect((tgtHost,tgtPort))
        connSkt.send("ViolentPython\r\n")
        result = connSkt.recv(100)
        print "[+] %d/tcp open"%tgtPort
        print "[+] " + str(result)
        connSkt.close()
    except:
        print "[+] %d/tcp close"%tgtPort

def portScan(tgtHost,tgtPorts):
    try:
        tgtIP = gethostbyname(tgtHost)#从主机名获取IP,若获取不了则解析IP失败程序结束
    except:
        print "[+] Cannot resolve '%s' : Unkown host "%tgtHost
        return

    try:
        tgtName = gethostbyadd(tgtIP)#从IP获取主机名相关信息,若获取成功则输出列表的第一项主机名否则直接输出IP,接着遍历端口调用connScan()函数进行端口扫描
        print "\n[+] Scan Results for: " + tgtName[0]
    except:
        print "\n[+] Scan Results for: " + tgtIP

    setdefaulttimeout(1)

    for tgtPort in tgtPorts:
        print "Scanning port " + tgtPort
        connScan(tgtHost,int(tgtPort))#遍历端口调用connScan()函数进行端口扫描

def main():
    #用法:python portscannerthread.py -H 192.168.40.239 -p 21,22,25,110,80,8080,443,145
    parser = optparse.OptionParser("[*] Usage : ./portscanner.py -H  -p ")
    parser.add_option("-H",dest="tgtHost",type="string",help="specify target host")
    parser.add_option("-p",dest="tgtPort",type="string",help="specify target port[s]")
    (options,args) = parser.parse_args()
    tgtHost = options.tgtHost
    tgtPorts = str(options.tgtPort).split(",")
    if (tgtHost == None) | (tgtPorts[0] == None):
        print parse.usage
        exit(0)
    portScan(tgtHost,tgtPorts)

if __name__ == "__main__":
    main()

root@kali:~/python/anquangongji# 

2、脚本的运行情况

这段代码实现了命令行参数输入,需要用户输入主机IP和扫描的端口号,其中多个端口号之间可以用,号分割开;若参数输入不为空时(注意检测端口参数列表不为空即检测至少存在第一个值不为空即可)则调用函数进行端口扫描;在portScan()函数中先尝试调用gethostbyname()来从主机名获取IP,若获取不了则解析IP失败程序结束,若成功则继续尝试调用gethostbyaddr()从IP获取主机名相关信息,若获取成功则输出列表的第一项主机名否则直接输出IP,接着遍历端口调用connScan()函数进行端口扫描;在connScan()函数中,socket方法中有两个参数AF_INET和SOCK_STREAM,分别表示使用IPv4地址和TCP流,这两个参数是默认的,在上一章的代码中没有添加但是默认是这两个参数,其余的代码和之前的差不多了。

注意一个小问题就是,设置命令行参数的时候,是已经默认添加了-h和–help参数来提示参数信息的,如果在host参数使用-h的话就会出现错误,因而要改为用大写的H即书上的“-H”即可。

运行结果:root@kali:~/python/anquangongji# python portscanner.py -H 192.168.40.239 -p 21,22,80,8080,433,145

[+] Scan Results for: 192.168.40.239
Scanning port 21
[+] 21/tcp open
[+] 220 you are welcome!! go to miniftp!!
530 Please login with USER and PASS.

Scanning port 22
[+] 22/tcp close
Scanning port 80
[+] 80/tcp open
[+] HTTP/1.1 400 Bad Request
Date: Sat, 23 Dec 2017 07:24:27 GMT
Server: Apache/2.4.23 (Win32) OpenSSL
Scanning port 8080
[+] 8080/tcp open
[+] HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Sat, 23 Dec 2
Scanning port 433
[+] 433/tcp close
Scanning port 145
[+] 145/tcp close
root@kali:~/python/anquangongji# 

3、单线程逐个扫描JD商城、163、qq域名的端口开放的情况

root@kali:~/python/anquangongji# python portscanner.py -H www.qq.com -p 137,136,21,22,25,110,80,8080,443,145

[+] Scan Results for: 14.17.42.40
Scanning port 137
[+] 137/tcp close
Scanning port 136
[+] 136/tcp close
Scanning port 21
[+] 21/tcp close
Scanning port 22
[+] 22/tcp close
Scanning port 25
[+] 25/tcp close
Scanning port 110
[+] 110/tcp close
Scanning port 80
[+] 80/tcp open
[+] HTTP/1.1 400 Bad Request
Server: squid/3.5.24
Date: Sat, 23 Dec 2017 08:02:58 GMT
Content-Type: t
Scanning port 8080
[+] 8080/tcp close
Scanning port 443
[+] 443/tcp close
Scanning port 145
[+] 145/tcp close
root@kali:~/python/anquangongji# python portscanner.py -H www.jd.com -p 137,136,21,22,25,110,80,8080,443,145

[+] Scan Results for: 183.56.147.1
Scanning port 137
[+] 137/tcp close
Scanning port 136
[+] 136/tcp close
Scanning port 21
[+] 21/tcp close
Scanning port 22
[+] 22/tcp close
Scanning port 25
[+] 25/tcp close
Scanning port 110
[+] 110/tcp close
Scanning port 80
[+] 80/tcp open
[+] HTTP/1.1 302 Moved Temporarily
Server: JDWS/2.0
Date: Sat, 23 Dec 2017 08:03:14 GMT
Content-Type:
Scanning port 8080
[+] 8080/tcp close
Scanning port 443
[+] 443/tcp open
[+] HTTP/1.1 302 Moved Temporarily
Server: JDWS/2.0
Date: Sat, 23 Dec 2017 08:03:15 GMT
Content-Type:
Scanning port 145
[+] 145/tcp close
root@kali:~/python/anquangongji# python portscanner.py -H www.163.com -p 137,136,21,22,25,110,80,8080,443,145

[+] Scan Results for: 14.18.201.47
Scanning port 137
[+] 137/tcp close
Scanning port 136
[+] 136/tcp close
Scanning port 21
[+] 21/tcp close
Scanning port 22
[+] 22/tcp close
Scanning port 25
[+] 25/tcp close
Scanning port 110
[+] 110/tcp close
Scanning port 80
[+] 80/tcp open
[+] HTTP/1.0 502 Bad Gateway
Cache-Control: no-cache
Connection: close
Content-Type: text/html

8080
[+] 8080/tcp open
[+] "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd
Scanning port 443
[+] 443/tcp close
Scanning port 145
[+] 145/tcp close
root@kali:~/python/anquangongji# 

二、多线程TCP扫描器

1、环境与源码
python---项目5-TCP单线程扫描器与TCP多线程TCP扫描器(公网/局域网IP与域名)、Nmap扫描器(局域网/公网)_第2张图片

线程扫描
将上一小节单线程端口扫描器的代码修改一下,添加线程实现,同时为了让一个函数获得完整的屏幕控制权,这里使用一个信号量semaphore,它能够阻止其他线程运行而避免出现多线程同时输出造成的乱码和失序等情况。在打印输出前带调用screenLock.acquire()函数执行一个加锁操作,若信号量还没被锁定则线程有权继续运行并输出打印到屏幕上,若信号量被锁定则只能等待直到信号量被释放。

root@kali:~/python/anquangongji# clear
root@kali:~/python/anquangongji# ls
creakzipfile.py    pingip_false.txt  portscanner.py        scanftpbanner.py       test.zip
dictionaryzip.txt  pingip_true.txt   portscannerthread.py  scanhostsingalport.py  vulnbanners.txt
root@kali:~/python/anquangongji# cat portscannerthread.py 
#!/usr/bin/python
# --*-- coding:utf-8 --*--

import optparse
import socket
from socket import *
from threading import *

#定义一个信号量
screenLock = Semaphore(value=1)

def connScan(tgtHost,tgtPort):#在connScan()函数中,socket方法中有两个参数AF_INET和SOCK_STREAM,分别表示使用IPv4地址和TCP流,这两个参数是默认的
    try:
        connSkt = socket(AF_INET,SOCK_STREAM)
        connSkt.connect((tgtHost,tgtPort))
        connSkt.send("ViolentPython\r\n")
        result = connSkt.recv(100)

        #执行一个加锁操作
        screenLock.acquire()

        print "[+] %d/tcp open"%tgtPort
        print "[+] " + str(result)
    except:
        #执行一个加锁操作
        screenLock.acquire()
        print "[+] %d/tcp closed"%tgtPort
    finally:
        #执行释放锁的操作,同时将socket的连接在其后关闭
        screenLock.release()
        connSkt.close()

def portScan(tgtHost,tgtPorts):
    try:
        tgtIP = gethostbyname(tgtHost)#从主机名获取IP,若获取不了则解析IP失败程序结束
    except:
        print "[+] Cannot resolve '%s' : Unkown host "%tgtHost
        return

    try:
        tgtName = gethostbyadd(tgtIP)#从IP获取主机名相关信息,若获取成功则输出列表的第一项主机名否则直接输出IP,接着遍历端口调用connScan()函数进行端口扫描
        print "\n[+] Scan Results for: " + tgtName[0]
    except:
        print "\n[+] Scan Results for: " + tgtIP

    setdefaulttimeout(1)

    for tgtPort in tgtPorts:
        t = Thread(target=connScan,args=(tgtHost,int(tgtPort)))
        t.start()

def main():
    #用法:python portscanner.py -H 192.168.40.239 -p 21,22,80,8080,433,145
    parser = optparse.OptionParser("[*] Usage : ./portscanner.py -H  -p ")
    parser.add_option("-H",dest="tgtHost",type="string",help="specify target host")
    parser.add_option("-p",dest="tgtPort",type="string",help="specify target port[s]")
    (options,args) = parser.parse_args()
    tgtHost = options.tgtHost
    tgtPorts = str(options.tgtPort).split(",")
    if (tgtHost == None) | (tgtPorts[0] == None):
        print parse.usage
        exit(0)
    portScan(tgtHost,tgtPorts)

if __name__ == "__main__":
    main()

root@kali:~/python/anquangongji# 

2、脚本运行情况

root@kali:~/python/anquangongji# python portscannerthread.py -H 192.168.40.239 -p 21,22,25,110,80,8080,443,145

[+] Scan Results for: 192.168.40.239
[+] 25/tcp closed
[+] 110/tcp closed
[+] 443/tcp closed
[+] 80/tcp open
[+] HTTP/1.1 400 Bad Request
Date: Sat, 23 Dec 2017 07:49:30 GMT
Server: Apache/2.4.23 (Win32) OpenSSL
[+] 8080/tcp open
[+] HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Transfer-Encoding: chunked
Date: Sat, 23 Dec 2
[+] 145/tcp closed
[+] 21/tcp open
[+] 220 you are welcome!! go to miniftp!!

[+] 22/tcp open
[+] SSH-2.0-OpenSSH_7.1

root@kali:~/python/anquangongji# 

从结果可以看到,使用多线程之后端口的扫描并不是按输入的顺序进行的了,而是同时进行,但是因为有信号量实现加锁等操作所以输出的结果并没有出现乱码等情况。

3、多线程同时扫描JD商城、163、qq域名的端口开放的情况

root@kali:~/python/anquangongji# python portscannerthread.py -H 183.56.147.1 -p 137,136,21,22,25,110,80,8080,443,145

[+] Scan Results for: 183.56.147.1
[+] 80/tcp open
[+] HTTP/1.1 302 Moved Temporarily
Server: JDWS/2.0
Date: Sat, 23 Dec 2017 07:57:46 GMT
Content-Type:
[+] 443/tcp open
[+] HTTP/1.1 302 Moved Temporarily
Server: JDWS/2.0
Date: Sat, 23 Dec 2017 07:57:46 GMT
Content-Type:
[+] 137/tcp closed
[+] 136/tcp closed
[+] 21/tcp closed
[+] 22/tcp closed
[+] 25/tcp closed
[+] 110/tcp closed
[+] 8080/tcp closed
[+] 145/tcp closed
root@kali:~/python/anquangongji# python portscannerthread.py -H www.jd.com -p 137,136,21,22,25,110,80,8080,443,145

[+] Scan Results for: 183.56.147.1
[+] 80/tcp open
[+] HTTP/1.1 302 Moved Temporarily
Server: JDWS/2.0
Date: Sat, 23 Dec 2017 07:58:18 GMT
Content-Type:
[+] 443/tcp open
[+] HTTP/1.1 302 Moved Temporarily
Server: JDWS/2.0
Date: Sat, 23 Dec 2017 07:58:18 GMT
Content-Type:
[+] 136/tcp closed
[+] 22/tcp closed
[+] 110/tcp closed
[+] 137/tcp closed
[+] 21/tcp closed
[+] 25/tcp closed
[+] 8080/tcp closed
[+] 145/tcp closed
root@kali:~/python/anquangongji# 
root@kali:~/python/anquangongji# python portscannerthread.py -H www.163.com -p 137,136,21,22,25,110,80,8080,443,145 

[+] Scan Results for: 14.18.201.47
[+] 8080/tcp open
[+] DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd
[+] 80/tcp open
[+] HTTP/1.0 502 Bad Gateway
Cache-Control: no-cache
Connection: close
Content-Type: text/html

三、Nmap扫描
如果在前面没有下载该模块,则需要先到http://xael.org/pages/python-nmap-en.html中下载Python-Nmap

1、安装nmap模块

root@kali:~/python/anquangongji# cd /usr/share/
root@kali:/usr/share# rz#从windows系统内导入文件
rz waiting to receive.
root@kali:/usr/share# tar zxvf python-nmap-0.6.1.tar.gz  
python-nmap-0.6.1/
python-nmap-0.6.1/nmap/
python-nmap-0.6.1/nmap/test_nmap.py
python-nmap-0.6.1/nmap/nmap.py
python-nmap-0.6.1/nmap/test.py
python-nmap-0.6.1/nmap/__init__.py
python-nmap-0.6.1/example.py
python-nmap-0.6.1/MANIFEST.in
python-nmap-0.6.1/gpl-3.0.txt
python-nmap-0.6.1/PKG-INFO
python-nmap-0.6.1/nmap.html
python-nmap-0.6.1/README.txt
python-nmap-0.6.1/requirements.txt
python-nmap-0.6.1/Makefile
python-nmap-0.6.1/CHANGELOG
python-nmap-0.6.1/setup.py
root@kali:/usr/share# cd python-nmap-0.6.1/
root@kali:/usr/share/python-nmap-0.6.1# ls
CHANGELOG   gpl-3.0.txt  MANIFEST.in  nmap.html  README.txt        setup.py
example.py  Makefile     nmap         PKG-INFO   requirements.txt
root@kali:/usr/share/python-nmap-0.6.1# python setup.py install
/usr/lib/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'bugtrack_url'
  warnings.warn(msg)
running install
running build
running build_py
creating build
creating build/lib.linux-i686-2.7
creating build/lib.linux-i686-2.7/nmap
copying nmap/nmap.py -> build/lib.linux-i686-2.7/nmap
copying nmap/test_nmap.py -> build/lib.linux-i686-2.7/nmap
copying nmap/__init__.py -> build/lib.linux-i686-2.7/nmap
copying nmap/test.py -> build/lib.linux-i686-2.7/nmap
running install_lib
creating /usr/local/lib/python2.7/dist-packages/nmap
copying build/lib.linux-i686-2.7/nmap/nmap.py -> /usr/local/lib/python2.7/dist-packages/nmap
copying build/lib.linux-i686-2.7/nmap/test_nmap.py -> /usr/local/lib/python2.7/dist-packages/nmap
copying build/lib.linux-i686-2.7/nmap/__init__.py -> /usr/local/lib/python2.7/dist-packages/nmap
copying build/lib.linux-i686-2.7/nmap/test.py -> /usr/local/lib/python2.7/dist-packages/nmap
byte-compiling /usr/local/lib/python2.7/dist-packages/nmap/nmap.py to nmap.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/nmap/test_nmap.py to test_nmap.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/nmap/__init__.py to __init__.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/nmap/test.py to test.pyc
running install_egg_info
Writing /usr/local/lib/python2.7/dist-packages/python_nmap-0.6.1.egg-info

#查看nmap模块是否安装成功
root@kali:/usr/share/python-nmap-0.6.1# python 
Python 2.7.3 (default, Mar 14 2014, 11:57:14) 
[GCC 4.7.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import nmap
>>> 

2、环境与源码

root@kali:~/python/anquangongji# ls
creakzipfile.py    pingip_true.txt     portscannerthread.py   test.zip
dictionaryzip.txt  portscannernmap.py  scanftpbanner.py       vulnbanners.txt
pingip_false.txt   portscanner.py      scanhostsingalport.py
root@kali:~/python/anquangongji# 
root@kali:~/python/anquangongji# cat portscannernmap.py 
#!/usr/bin/python
#--*-- coding:utf-8 --*--

import nmap
import optparse

def nmapScan(tgtHost,tgtPort):
    #创建一个PortScanner()类对象
    nmScan = nmap.PortScanner()

    #调用PortScanner类的scan()函数,将目标和端口作为参数输入并进行nmap扫描
    nmScan.scan(tgtHost,tgtPort)

    #输出扫描结果中的状态信息
    state = nmScan[tgtHost]["tcp"][int(tgtPort)]["state"]
    print " [+**+] " + tgtHost + "tcp/" + tgtPort + "  " + state

def main():
    #用法:python portscannernmap.py -H 192.168.40.239 -p 21,22,25,110,135,136,137,80,8080,445,443
    parser=optparse.OptionParser("[+**+] Usage : /protscannernmap.py -H  -p ")
    parser.add_option("-H",dest="tgtHost",type="string",help="specify target host")
    parser.add_option("-p",dest="tgtPorts",type="string",help="specify target port[s]")
    (options,args) = parser.parse_args()
    tgtHost = options.tgtHost
    tgtPorts = str(options.tgtPorts).split(",")
    if (tgtHost == None) | (tgtPorts[0] == None):
        print parser.usage
        exit(0)
    for tgtPort in tgtPorts:
        nmapScan(tgtHost,tgtPort)

if __name__ == "__main__":
    main()

root@kali:~/python/anquangongji# 

3、运行情况

root@kali:~/python/anquangongji# vi portscannernmap.py
root@kali:~/python/anquangongji# python portscannernmap.py -H 192.168.40.239 -p 21,22,25,110,135,136,137,80,8080,445,443
 [+**+] 192.168.40.239tcp/21  open
 [+**+] 192.168.40.239tcp/22  open
 [+**+] 192.168.40.239tcp/25  closed
 [+**+] 192.168.40.239tcp/110  closed
 [+**+] 192.168.40.239tcp/135  open
 [+**+] 192.168.40.239tcp/136  closed
 [+**+] 192.168.40.239tcp/137  closed
 [+**+] 192.168.40.239tcp/80  open
 [+**+] 192.168.40.239tcp/8080  open
 [+**+] 192.168.40.239tcp/445  open
 [+**+] 192.168.40.239tcp/443  closed
root@kali:~/python/anquangongji#

四、nmap扫描局域网
转载:http://blog.csdn.net/adidala/article/details/42869879

1、环境配置(libnmap模块安装)

root@kali:/usr/share# date
20171223日 星期六 17:12:54 CST
root@kali:/usr/share# git clone https://github.com/savon-noir/python-libnmap.git
正克隆到 'python-libnmap'...
error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none while accessing https://github.com/savon-noir/python-libnmap.git/info/refs
fatal: HTTP request failed
root@kali:/usr/share# export GIT_SSL_NO_VERIFY=1
root@kali:/usr/share# git clone https://github.com/savon-noir/python-libnmap.git
正克隆到 'python-libnmap'...
remote: Counting objects: 2001, done.
remote: Total 2001 (delta 0), reused 0 (delta 0), pack-reused 2001
Receiving objects: 100% (2001/2001), 1.27 MiB | 232 KiB/s, done.
Resolving deltas: 100% (1241/1241), done.
root@kali:/usr/share# cd python-libnmap/
root@kali:/usr/share/python-libnmap# ls
CHANGES.txt  docs      libnmap      MANIFEST     README.rst  TODO
config       examples  LICENSE.txt  MANIFEST.in  setup.py    tox.ini
root@kali:/usr/share/python-libnmap# python setup.py install
running install
running build
running build_py
creating build
creating build/lib.linux-i686-2.7
creating build/lib.linux-i686-2.7/libnmap
copying libnmap/process.py -> build/lib.linux-i686-2.7/libnmap
copying libnmap/reportjson.py -> build/lib.linux-i686-2.7/libnmap
copying libnmap/parser.py -> build/lib.linux-i686-2.7/libnmap
copying libnmap/__init__.py -> build/lib.linux-i686-2.7/libnmap
copying libnmap/diff.py -> build/lib.linux-i686-2.7/libnmap
creating build/lib.linux-i686-2.7/libnmap/plugins
copying libnmap/plugins/sql.py -> build/lib.linux-i686-2.7/libnmap/plugins
copying libnmap/plugins/s3.py -> build/lib.linux-i686-2.7/libnmap/plugins
copying libnmap/plugins/backendpluginFactory.py -> build/lib.linux-i686-2.7/libnmap/plugins
copying libnmap/plugins/backendplugin.py -> build/lib.linux-i686-2.7/libnmap/plugins
copying libnmap/plugins/es.py -> build/lib.linux-i686-2.7/libnmap/plugins
copying libnmap/plugins/__init__.py -> build/lib.linux-i686-2.7/libnmap/plugins
copying libnmap/plugins/mongodb.py -> build/lib.linux-i686-2.7/libnmap/plugins
creating build/lib.linux-i686-2.7/libnmap/objects
copying libnmap/objects/host.py -> build/lib.linux-i686-2.7/libnmap/objects
copying libnmap/objects/report.py -> build/lib.linux-i686-2.7/libnmap/objects
copying libnmap/objects/cpe.py -> build/lib.linux-i686-2.7/libnmap/objects
copying libnmap/objects/os.py -> build/lib.linux-i686-2.7/libnmap/objects
copying libnmap/objects/__init__.py -> build/lib.linux-i686-2.7/libnmap/objects
copying libnmap/objects/service.py -> build/lib.linux-i686-2.7/libnmap/objects
running install_lib
creating /usr/local/lib/python2.7/dist-packages/libnmap
copying build/lib.linux-i686-2.7/libnmap/process.py -> /usr/local/lib/python2.7/dist-packages/libnmap
copying build/lib.linux-i686-2.7/libnmap/reportjson.py -> /usr/local/lib/python2.7/dist-packages/libnmap
creating /usr/local/lib/python2.7/dist-packages/libnmap/objects
copying build/lib.linux-i686-2.7/libnmap/objects/host.py -> /usr/local/lib/python2.7/dist-packages/libnmap/objects
copying build/lib.linux-i686-2.7/libnmap/objects/report.py -> /usr/local/lib/python2.7/dist-packages/libnmap/objects
copying build/lib.linux-i686-2.7/libnmap/objects/cpe.py -> /usr/local/lib/python2.7/dist-packages/libnmap/objects
copying build/lib.linux-i686-2.7/libnmap/objects/os.py -> /usr/local/lib/python2.7/dist-packages/libnmap/objects
copying build/lib.linux-i686-2.7/libnmap/objects/__init__.py -> /usr/local/lib/python2.7/dist-packages/libnmap/objects
copying build/lib.linux-i686-2.7/libnmap/objects/service.py -> /usr/local/lib/python2.7/dist-packages/libnmap/objects
copying build/lib.linux-i686-2.7/libnmap/parser.py -> /usr/local/lib/python2.7/dist-packages/libnmap
copying build/lib.linux-i686-2.7/libnmap/__init__.py -> /usr/local/lib/python2.7/dist-packages/libnmap
copying build/lib.linux-i686-2.7/libnmap/diff.py -> /usr/local/lib/python2.7/dist-packages/libnmap
creating /usr/local/lib/python2.7/dist-packages/libnmap/plugins
copying build/lib.linux-i686-2.7/libnmap/plugins/sql.py -> /usr/local/lib/python2.7/dist-packages/libnmap/plugins
copying build/lib.linux-i686-2.7/libnmap/plugins/s3.py -> /usr/local/lib/python2.7/dist-packages/libnmap/plugins
copying build/lib.linux-i686-2.7/libnmap/plugins/backendpluginFactory.py -> /usr/local/lib/python2.7/dist-packages/libnmap/plugins
copying build/lib.linux-i686-2.7/libnmap/plugins/backendplugin.py -> /usr/local/lib/python2.7/dist-packages/libnmap/plugins
copying build/lib.linux-i686-2.7/libnmap/plugins/es.py -> /usr/local/lib/python2.7/dist-packages/libnmap/plugins
copying build/lib.linux-i686-2.7/libnmap/plugins/__init__.py -> /usr/local/lib/python2.7/dist-packages/libnmap/plugins
copying build/lib.linux-i686-2.7/libnmap/plugins/mongodb.py -> /usr/local/lib/python2.7/dist-packages/libnmap/plugins
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/process.py to process.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/reportjson.py to reportjson.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/objects/host.py to host.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/objects/report.py to report.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/objects/cpe.py to cpe.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/objects/os.py to os.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/objects/__init__.py to __init__.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/objects/service.py to service.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/parser.py to parser.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/__init__.py to __init__.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/diff.py to diff.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/plugins/sql.py to sql.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/plugins/s3.py to s3.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/plugins/backendpluginFactory.py to backendpluginFactory.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/plugins/backendplugin.py to backendplugin.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/plugins/es.py to es.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/plugins/__init__.py to __init__.pyc
byte-compiling /usr/local/lib/python2.7/dist-packages/libnmap/plugins/mongodb.py to mongodb.pyc
running install_egg_info
Writing /usr/local/lib/python2.7/dist-packages/python_libnmap-0.7.0.egg-info
root@kali:/usr/share/python-libnmap# ls
build        config  examples  LICENSE.txt  MANIFEST.in  setup.py  tox.ini
CHANGES.txt  docs    libnmap   MANIFEST     README.rst   TODO
root@kali:/usr/share/python-libnmap# cd /root/python/anquangongji/
root@kali:~/python/anquangongji#

2、源码

#!/usr/bin/python  
# -*- coding: utf-8 -*-  
from libnmap.process import NmapProcess  
from libnmap.parser import NmapParser  
import requests  
x=90  

while x < 255:  
    print "\033[1;31mstart 118.192.%s.0/24\033[0m" %(str(x))  
    #调用nmap扫描段内开放80端口的IP  
    mission = NmapProcess("118.192.%s.0/24" % (str(x)),options = "-p 80")  
    mission.run()  
    hosts_hash = {}  
    #处理nmap输出结果  
    report = NmapParser.parse(mission.stdout)  
    #得到每一个开放80端口的IP,结果存放到hash中  
    for _host in report.hosts:  
        if _host.is_up() and _host.services[0].state =='open':  
            hosts_hash[_host.address] = str(_host.services[0].port)+"/"+_host.services[0].state  
    print hosts_hash.keys()  
    #对每一个IP反向域名解析  
    for ips in hosts_hash.keys():  
        print "\033[1;32m[+]"+ips+"\033[0m"  
        target_page = 1  
        count = 1  
        #循环遍历每一页  
        while 1:  
            try:  
                r = requests.get("http://dns.aizhan.com/index.php?r=index/domains&ip=%s&page=%s" % (ips,str(target_page)))  
                #对每一个域名验证连接  
                for domain in  r.json()[u'domains']:  
                    try:  
                        test_domain = requests.get("http://" + domain)  
                        print count,":",domain,"\t:",test_domain.status_code  
                    except:  
                        print count,":",domain,"\t:","error"  
                    count += 1  
                #若不是最后一页,就继续,否则就退出循环  
                if int(r.json()[u'maxpage'])>target_page:  
                    target_page += 1  
                else:  
                    break  
            except:  
                #没有域名解析到此IP  
                print "NONE"  
                break  
    x += 1  

3、运行情况

root@kali:~/python/anquangongji# ls
creakzipfile.py    pingip_true.txt             portscanner.py        scanhostsingalport.py
dictionaryzip.txt  portscannernmapinternet.py  portscannerthread.py  test.zip
pingip_false.txt   portscannernmap.py          scanftpbanner.py      vulnbanners.txt
root@kali:~/python/anquangongji# python portscannernmapinternet.py 
start 118.192.90.0/24
[]
start 118.192.91.0/24
[]
start 118.192.92.0/24
[]
start 118.192.93.0/24
[]
start 118.192.94.0/24
['118.192.94.43', '118.192.94.44']
[+]118.192.94.43
NONE
[+]118.192.94.44
NONE
start 118.192.95.0/24
['118.192.95.67', '118.192.95.66', '118.192.95.68', '118.192.95.74']
[+]118.192.95.67
NONE
[+]118.192.95.66
NONE
[+]118.192.95.68
NONE
[+]118.192.95.74
NONE
start 118.192.96.0/24
['118.192.96.9', '118.192.96.8', '118.192.96.7', '118.192.96.6', '118.192.96.1', '118.192.96.100', '118.192.96.101', '118.192.96.254', '118.192.96.33', '118.192.96.30']
[+]118.192.96.9
NONE
[+]118.192.96.8
NONE
[+]118.192.96.7
NONE
[+]118.192.96.6
NONE
[+]118.192.96.1
NONE
[+]118.192.96.100
NONE
[+]118.192.96.101
NONE
[+]118.192.96.254
NONE
[+]118.192.96.33
NONE
[+]118.192.96.30
NONE
start 118.192.97.0/24
[]
start 118.192.98.0/24
[]
start 118.192.99.0/24
[]
start 118.192.100.0/24
[]
start 118.192.101.0/24
['118.192.101.230', '118.192.101.231', '118.192.101.232', '118.192.101.233', '118.192.101.93', '118.192.101.193', '118.192.101.194', '118.192.101.147']
[+]118.192.101.230
NONE
[+]118.192.101.231
NONE
[+]118.192.101.232
NONE
[+]118.192.101.233
NONE
[+]118.192.101.93
NONE
[+]118.192.101.193
NONE
[+]118.192.101.194
NONE
[+]118.192.101.147
NONE
start 118.192.102.0/24
[]
start 118.192.103.0/24
[]
start 118.192.104.0/24
['118.192.104.85', '118.192.104.35', '118.192.104.36']
[+]118.192.104.85
NONE
[+]118.192.104.35
NONE
[+]118.192.104.36
NONE
start 118.192.105.0/24
^Z
[3]+  已停止               python portscannernmapinternet.py
root@kali:~/python/anquangongji# vi portscannernmapinternet.py 

你可能感兴趣的:(python,tcp单-多线程扫描,Nmap扫描)