使用masscan扫描以及相关优化

第一步：安装masscan

yum安装（适用于RedHat系类及其衍生版本）

yum install masscan

apt安装（适合debian系列以及其衍生版本）

apt-get install masscan

第二步：使用masscan扫描靶机

靶机地址为：192.168.68.139

参数解析：-p指定端口；--rate指定同时发包数

扫描命令以及结果结果：

root@xw:~# masscan -p0-65535 192.168.68.139 --rate=10000000


Starting masscan 1.0.4 (http://bit.ly/14GZzcT) at 2017-11-27 02:46:00 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [65536 ports/host]
Discovered open port 43967/tcp on 192.168.68.139
Discovered open port 21/tcp on 192.168.68.139
Discovered open port 512/tcp on 192.168.68.139
Discovered open port 50993/tcp on 192.168.68.139
Discovered open port 1524/tcp on 192.168.68.139
Discovered open port 8180/tcp on 192.168.68.139
Discovered open port 513/tcp on 192.168.68.139
Discovered open port 8009/tcp on 192.168.68.139
Discovered open port 6000/tcp on 192.168.68.139
Discovered open port 111/tcp on 192.168.68.139
Discovered open port 3632/tcp on 192.168.68.139
Discovered open port 39281/tcp on 192.168.68.139
Discovered open port 6697/tcp on 192.168.68.139
Discovered open port 22/tcp on 192.168.68.139
Discovered open port 3306/tcp on 192.168.68.139
Discovered open port 53/tcp on 192.168.68.139
Discovered open port 514/tcp on 192.168.68.139
Discovered open port 34462/tcp on 192.168.68.139
Discovered open port 6667/tcp on 192.168.68.139
Discovered open port 25/tcp on 192.168.68.139
Discovered open port 2121/tcp on 192.168.68.139
Discovered open port 80/tcp on 192.168.68.139
Discovered open port 445/tcp on 192.168.68.139
Discovered open port 8787/tcp on 192.168.68.139
Discovered open port 23/tcp on 192.168.68.139
Discovered open port 139/tcp on 192.168.68.139
Discovered open port 5432/tcp on 192.168.68.139
Discovered open port 2049/tcp on 192.168.68.139
Discovered open port 1099/tcp on 192.168.68.139
Discovered open port 5900/tcp on 192.168.68.139

结果解析：masscan扫描速度极快，但是其结果不是按端口大小排序的，使用Python写脚本完成排序

脚本如下：

masscan-port.py

#!/usr/bin/env python3
#coding:utf-8

#作者:TIDE
#许可:GPL
import re

Port ={}
Port1 =[]

f = open('mas.txt')
line = f.readline()
while line:
   Port[(re.search(r'port ([\d.]+)/tcp' , line)).group(1)]=line
   Port1.append(int((re.search(r'port ([\d.]+)/tcp' , line)).group(1)))
   #print((re.search(r'port ([\d.]+)/tcp' , line)).group(1))
   line =f.readline()
f.close()
Port1.sort()
for i in range(0,len(Port1)):
    print(Port[str(Port1[i])])

输出结果：

"D:\Program Files\Python36\python.exe" "D:/PycharmProjects/CTF GAME/masscan-port.py"
Discovered open port 21/tcp on 192.168.68.139


Discovered open port 22/tcp on 192.168.68.139


Discovered open port 23/tcp on 192.168.68.139


Discovered open port 25/tcp on 192.168.68.139


Discovered open port 53/tcp on 192.168.68.139


Discovered open port 80/tcp on 192.168.68.139


Discovered open port 111/tcp on 192.168.68.139


Discovered open port 139/tcp on 192.168.68.139


Discovered open port 445/tcp on 192.168.68.139


Discovered open port 512/tcp on 192.168.68.139


Discovered open port 513/tcp on 192.168.68.139


Discovered open port 514/tcp on 192.168.68.139


Discovered open port 1099/tcp on 192.168.68.139


Discovered open port 1524/tcp on 192.168.68.139


Discovered open port 2049/tcp on 192.168.68.139


Discovered open port 2121/tcp on 192.168.68.139


Discovered open port 3306/tcp on 192.168.68.139


Discovered open port 3632/tcp on 192.168.68.139


Discovered open port 5432/tcp on 192.168.68.139


Discovered open port 5900/tcp on 192.168.68.139
Discovered open port 6000/tcp on 192.168.68.139


Discovered open port 6667/tcp on 192.168.68.139


Discovered open port 6697/tcp on 192.168.68.139


Discovered open port 8009/tcp on 192.168.68.139


Discovered open port 8180/tcp on 192.168.68.139


Discovered open port 8787/tcp on 192.168.68.139


Discovered open port 34462/tcp on 192.168.68.139


Discovered open port 39281/tcp on 192.168.68.139


Discovered open port 43967/tcp on 192.168.68.139


Discovered open port 50993/tcp on 192.168.68.139




Process finished with exit code 0