A-A+

python3 端口扫描器脚本 逻辑详解

2019年03月31日 11:51 汪洋大海 暂无评论 阅读 151 views 次

前言

人生苦短,我用python。有人可能会文这样的问题,既然市面上已经十分完美的同种类型的工具,为什么还需要自己写呢?我个人认为通过一定限度”造轮子”才能提高能力,通过“造轮子”才能能脱离“脚本小子”的阵营。
这个系列我将使用python写出端口扫描,端口爆破,服务识别,cms识别等工具。能力有限。

正文

端口扫描,就是对一段端口或指定的端口进行扫描。通过扫描结果可以知道一台计算机上都提供了哪些服务,然后就可以通过所提供的这些服务的己知漏洞就可进行攻击。其原理是当一个主机向远端一个服务器的某一个端口提出建立一个连接的请求,如果对方有此项服务,就会应答,如果对方未安装此项服务时,即使你向相应的端口发出请求,对方仍无应答,利用这个原理,如果对所有熟知端口或自己选定的某个范围内的熟知端口分别建立连接,并记录下远端服务器所给予的应答,便可知道哪些端口是开放的。

著名的端口扫描器有namp等等

nmap 扫描器

nmap 扫描器


下面将使用Python提供socket模块制造一个简易的端口扫描器,分为三个版本,分别是最基础的版本,多线程版本以及最后的交互式版本,需要学习python3的socket和threading模块的简单使用。
端口扫描的原理:

调用socket.connect_ex((ip, port)),端口开放则返回0,否则返回错误代码,实现和nmap的全连接扫描类似的功能。

单线程版本,对top50、top100、top1000以及自定义端口扫描,使用socket模块进行端口扫描。

#!/usr/bin/env python3
#-*-coding:utf-8-*-

import time
import socket

def get_ip_by_name(domain):
    '''
    提供域名转ip的功能,利用socket.gethostbyname,返回str
    '''
    try:
        return socket.gethostbyname
    except Exception as e:
        print("%s:%s"%(domain, e))

def __port_scan(ip, port_list, timeout):
    '''
    端口扫描核心代码
    '''
    START_MSG = ""
    OPEN_MSG = "% 6d [OPEN]"
    result_list = list()

    for port in port_list:
        try:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.settimeout(timeout)
            result_code = s.connect_ex((ip, port)) #开放放回0
            if result_code == 0:
                print(OPEN_MSG % port)
                result_list.append(port)
            else:
                continue
        except Exception as e:
            print(e)
        finally:
            s.close()
    return result_list


def all_port_scan(ip, start_port = 1, end_port = 65535, timeout=3):
    '''
    扫描所有的端口(1-65535),返回一个包含所有开放的端口list,可以通过参数start_port和参数end_port自定义开始端口和结束端口
    '''
    port_list = range(start_port,end_port+1)
    result_list =  __port_scan(ip, port_list, timeout)
    return result_list

def value_port_scan(ip, top = 1000, timeout = 3):
    '''
    扫描top的端口,top的值可以选择50、100、1000(default),返回一个包含所有开放的端口list,可以通过参数top设置top值
    '''
    top50_list = [21,22,25,53,80,110,113,135,139,143,179,199,443,445,465,514,548,554,587,646,993,995,1025,1026,1433,1720,1723,2000,3306,3389,5060,5666,5900,6001,8000,8008,8080,8443,8888,10000,32768,49152,49154]
    top100_list = [7,9,13,21,22,25,37,53,79,80,88,106,110,113,119,135,139,143,179,199,389,427,443,444,465,513,514,543,548,554,587,631,646,873,990,993,995,1025,1026,1027,1028,1110,1433,1720,1723,1755,1900,2000,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000,6646,7070,8000,8008,8080,8443,8888,9100,9999,32768,49152,49153,49154,49155,49156]
    top1000_list = [1,3,6,9,13,17,19,20,21,22,23,24,25,30,32,37,42,49,53,70,79,80,81,82,83,84,88,89,99,106,109,110,113,119,125,135,139,143,146,161,163,179,199,211,222,254,255,259,264,280,301,306,311,340,366,389,406,416,425,427,443,444,458,464,481,497,500,512,513,514,524,541,543,544,548,554,563,587,593,616,625,631,636,646,648,666,667,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800,808,843,873,880,888,898,900,901,902,911,981,987,990,992,995,999,1000,1001,1007,1009,1010,1021,1022,1023,1024,1025,1026,1027,1028,1029,1030,1031,1032,1033,1034,1035,1036,1037,1038,1039,1040,1041,1042,1043,1044,1045,1046,1047,1048,1049,1050,1051,1052,1053,1054,1055,1056,1057,1058,1059,1060,1061,1062,1063,1064,1065,1066,1067,1068,1069,1070,1071,1072,1073,1074,1075,1076,1077,1078,1079,1080,1081,1082,1083,1084,1085,1086,1087,1088,1089,1090,1091,1092,1093,1094,1095,1096,1097,1098,1099,1102,1104,1105,1106,1107,1110,1111,1112,1113,1117,1119,1121,1122,1123,1126,1130,1131,1137,1141,1145,1147,1148,1151,1154,1163,1164,1165,1169,1174,1183,1185,1186,1192,1198,1201,1213,1216,1217,1233,1236,1244,1247,1259,1271,1277,1287,1296,1300,1309,1310,1322,1328,1334,1352,1417,1433,1443,1455,1461,1494,1500,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687,1700,1717,1718,1719,1720,1723,1755,1761,1782,1801,1805,1812,1839,1862,1863,1875,1900,1914,1935,1947,1971,1974,1984,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2013,2020,2021,2030,2033,2034,2038,2040,2041,2042,2045,2046,2047,2048,2065,2068,2099,2103,2105,2106,2111,2119,2121,2126,2135,2144,2160,2170,2179,2190,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381,2382,2393,2399,2401,2492,2500,2522,2525,2557,2601,2604,2607,2638,2701,2710,2717,2725,2800,2809,2811,2869,2875,2909,2920,2967,2998,3000,3003,3005,3006,3011,3013,3017,3030,3052,3071,3077,3128,3168,3211,3221,3260,3268,3283,3300,3306,3322,3323,3324,3333,3351,3367,3369,3370,3371,3389,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689,3703,3737,3766,3784,3800,3809,3814,3826,3827,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000,4001,4002,4003,4004,4005,4045,4111,4125,4129,4224,4242,4279,4321,4343,4443,4444,4445,4449,4550,4567,4662,4848,4899,4998,5000,5001,5002,5003,5009,5030,5033,5050,5054,5060,5080,5087,5100,5101,5120,5190,5200,5214,5221,5225,5269,5280,5298,5357,5405,5414,5431,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678,5718,5730,5800,5801,5810,5815,5822,5825,5850,5859,5862,5877,5900,5901,5902,5903,5906,5910,5915,5922,5925,5950,5952,5959,5960,5961,5962,5987,5988,5998,5999,6000,6001,6002,6003,6004,6005,6006,6009,6025,6059,6100,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565,6566,6580,6646,6666,6667,6668,6689,6692,6699,6779,6788,6792,6839,6881,6901,6969,7000,7001,7004,7007,7019,7025,7070,7100,7103,7106,7200,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777,7800,7911,7920,7937,7999,8000,8001,8007,8008,8009,8010,8021,8031,8042,8045,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8093,8099,8180,8192,8193,8200,8222,8254,8290,8291,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651,8654,8701,8800,8873,8888,8899,8994,9000,9001,9002,9009,9010,9040,9050,9071,9080,9090,9099,9100,9101,9102,9110,9200,9207,9220,9290,9415,9418,9485,9500,9502,9535,9575,9593,9594,9618,9666,9876,9877,9898,9900,9917,9929,9943,9968,9998,9999,10000,10001,10002,10003,10009,10012,10024,10082,10180,10215,10243,10566,10616,10621,10626,10628,10778,11110,11967,12000,12174,12265,12345,13456,13722,13782,14000,14238,14441,15000,15002,15003,15660,15742,16000,16012,16016,16018,16080,16113,16992,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221,20828,21571,22939,23502,24444,24800,25734,26214,27000,27352,27355,27715,28201,30000,30718,30951,31038,31337,32768,32769,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779,32780,32781,32782,32783,32784,33354,33899,34571,34572,35500,38292,40193,40911,41511,42510,44176,44442,44501,45100,48080,49152,49153,49154,49155,49156,49157,49158,49159,49160,49163,49165,49167,49175,49400,49999,50000,50001,50002,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055,55555,55600,56737,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389]

    if top == 50:
        port_list = top50_list
    elif top == 100:
        port_list = top100_list
    else:
        port_list = top1000_list

    result_list = __port_scan(ip, port_list, timeout)
    return result_list

if __name__ == '__main__':
    #all_port_scan("127.0.0.1")
    value_port_scan("127.0.0.1")

第一个版本的扫描器扫描全部端口结果:

python2 第一版扫描器结果

python2 第一版扫描器结果


单线程肯定是很慢的,端口个数是65535个一共花费了307秒钟,第二个版本就是多线程版本,优化第一个版本扫描的代码,并且对代码进行了封装。

#!/usr/bin/env python3
#-*-coding:utf-8-*-

import time, sys
import socket
import queue
import threading

class PortScaner(object):
    '''
    这个版本(v2)的端口扫描器相对于上一个版本(v1),大概变化是:使用类(class)来封装,增加多线程,细节上的变化
    '''

    class PortScan(threading.Thread):
        def __init__(self, port_queue, ip, timeout = 3):
            '''
            初始化参数
            '''
            threading.Thread.__init__(self)
            self.__port_queue = port_queue
            self.__ip = ip
            self.__timeout = timeout
        def run(self):
            '''
            多线程实际调用的方法,如果端口队列不为空,循环执行
            '''
            while True:
                if self.__port_queue.empty():
                    break
                OPEN_MSG = "% 6d [OPEN]\n"
                port = self.__port_queue.get(timeout = 0.5)
                ip  = self.__ip
                timeout = self.__timeout

                try:
                    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                    s.settimeout(timeout)
                    result_code = s.connect_ex((ip, port)) #开放放回0
                    if result_code == 0:
                        #print(OPEN_MSG % port) # print不适合多线程
                        sys.stdout.write(OPEN_MSG % port)
                        #result_list.append(port)
                    # else:
                    #     sys.stdout.write("% 6d [CLOSED]\n" % port)
                except Exception as e:
                    print(e)
                finally:
                    s.close()

    def get_port_lists(self, top = None, start_port = 1, end_port = 65535):
        '''
        获取扫描的端口list,top == None, start_port和end_port有效,top取值为50,100,1000分为为前top端口,当top == None时,并且端口号无效返回[1-65535]
        '''
        top50_list = [21,22,25,53,80,110,113,135,139,143,179,199,443,445,465,514,548,554,587,646,993,995,1025,1026,1433,1720,1723,2000,3306,3389,5060,5666,5900,6001,8000,8008,8080,8443,8888,10000,32768,49152,49154]
        top100_list = [7,9,13,21,22,25,37,53,79,80,88,106,110,113,119,135,139,143,179,199,389,427,443,444,465,513,514,543,548,554,587,631,646,873,990,993,995,1025,1026,1027,1028,1110,1433,1720,1723,1755,1900,2000,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000,6646,7070,8000,8008,8080,8443,8888,9100,9999,32768,49152,49153,49154,49155,49156]
        top1000_list = [1,3,6,9,13,17,19,20,21,22,23,24,25,30,32,37,42,49,53,70,79,80,81,82,83,84,88,89,99,106,109,110,113,119,125,135,139,143,146,161,163,179,199,211,222,254,255,259,264,280,301,306,311,340,366,389,406,416,425,427,443,444,458,464,481,497,500,512,513,514,524,541,543,544,548,554,563,587,593,616,625,631,636,646,648,666,667,683,687,691,700,705,711,714,720,722,726,749,765,777,783,787,800,808,843,873,880,888,898,900,901,902,911,981,987,990,992,995,999,1000,1001,1007,1009,1010,1021,1022,1023,1024,1025,1026,1027,1028,1029,1030,1031,1032,1033,1034,1035,1036,1037,1038,1039,1040,1041,1042,1043,1044,1045,1046,1047,1048,1049,1050,1051,1052,1053,1054,1055,1056,1057,1058,1059,1060,1061,1062,1063,1064,1065,1066,1067,1068,1069,1070,1071,1072,1073,1074,1075,1076,1077,1078,1079,1080,1081,1082,1083,1084,1085,1086,1087,1088,1089,1090,1091,1092,1093,1094,1095,1096,1097,1098,1099,1102,1104,1105,1106,1107,1110,1111,1112,1113,1117,1119,1121,1122,1123,1126,1130,1131,1137,1141,1145,1147,1148,1151,1154,1163,1164,1165,1169,1174,1183,1185,1186,1192,1198,1201,1213,1216,1217,1233,1236,1244,1247,1259,1271,1277,1287,1296,1300,1309,1310,1322,1328,1334,1352,1417,1433,1443,1455,1461,1494,1500,1503,1521,1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687,1700,1717,1718,1719,1720,1723,1755,1761,1782,1801,1805,1812,1839,1862,1863,1875,1900,1914,1935,1947,1971,1974,1984,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2013,2020,2021,2030,2033,2034,2038,2040,2041,2042,2045,2046,2047,2048,2065,2068,2099,2103,2105,2106,2111,2119,2121,2126,2135,2144,2160,2170,2179,2190,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381,2382,2393,2399,2401,2492,2500,2522,2525,2557,2601,2604,2607,2638,2701,2710,2717,2725,2800,2809,2811,2869,2875,2909,2920,2967,2998,3000,3003,3005,3006,3011,3013,3017,3030,3052,3071,3077,3128,3168,3211,3221,3260,3268,3283,3300,3306,3322,3323,3324,3333,3351,3367,3369,3370,3371,3389,3404,3476,3493,3517,3527,3546,3551,3580,3659,3689,3703,3737,3766,3784,3800,3809,3814,3826,3827,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000,4001,4002,4003,4004,4005,4045,4111,4125,4129,4224,4242,4279,4321,4343,4443,4444,4445,4449,4550,4567,4662,4848,4899,4998,5000,5001,5002,5003,5009,5030,5033,5050,5054,5060,5080,5087,5100,5101,5120,5190,5200,5214,5221,5225,5269,5280,5298,5357,5405,5414,5431,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678,5718,5730,5800,5801,5810,5815,5822,5825,5850,5859,5862,5877,5900,5901,5902,5903,5906,5910,5915,5922,5925,5950,5952,5959,5960,5961,5962,5987,5988,5998,5999,6000,6001,6002,6003,6004,6005,6006,6009,6025,6059,6100,6106,6112,6123,6129,6156,6346,6389,6502,6510,6543,6547,6565,6566,6580,6646,6666,6667,6668,6689,6692,6699,6779,6788,6792,6839,6881,6901,6969,7000,7001,7004,7007,7019,7025,7070,7100,7103,7106,7200,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777,7800,7911,7920,7937,7999,8000,8001,8007,8008,8009,8010,8021,8031,8042,8045,8080,8081,8082,8083,8084,8085,8086,8087,8088,8089,8093,8099,8180,8192,8193,8200,8222,8254,8290,8291,8300,8333,8383,8400,8402,8443,8500,8600,8649,8651,8654,8701,8800,8873,8888,8899,8994,9000,9001,9002,9009,9010,9040,9050,9071,9080,9090,9099,9100,9101,9102,9110,9200,9207,9220,9290,9415,9418,9485,9500,9502,9535,9575,9593,9594,9618,9666,9876,9877,9898,9900,9917,9929,9943,9968,9998,9999,10000,10001,10002,10003,10009,10012,10024,10082,10180,10215,10243,10566,10616,10621,10626,10628,10778,11110,11967,12000,12174,12265,12345,13456,13722,13782,14000,14238,14441,15000,15002,15003,15660,15742,16000,16012,16016,16018,16080,16113,16992,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,20031,20221,20828,21571,22939,23502,24444,24800,25734,26214,27000,27352,27355,27715,28201,30000,30718,30951,31038,31337,32768,32769,32770,32771,32772,32773,32774,32775,32776,32777,32778,32779,32780,32781,32782,32783,32784,33354,33899,34571,34572,35500,38292,40193,40911,41511,42510,44176,44442,44501,45100,48080,49152,49153,49154,49155,49156,49157,49158,49159,49160,49163,49165,49167,49175,49400,49999,50000,50001,50002,50006,50300,50389,50500,50636,50800,51103,51493,52673,52822,52848,52869,54045,54328,55055,55555,55600,56737,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389]

        if(top != None):
            if(top == 50):
                return top50_list
            elif(top == 100):
                return top100_list
            else:
                return top1000_list
        else:
            if start_port >= 1 and end_port <= 65535 and start_port <= end_port:
                return list(range(start_port, end_port+1))
            else:
                return list(range(1, 65535+1))

    def get_ip_by_name(self, domain):
        '''
        提供域名转ip的功能,利用socket.gethostbyname,返回str
        '''
        try:
            return socket.gethostbyname
        except Exception as e:
            print("%s:%s"%(domain, e))

def main():
    start_time = time.time() # 脚本开始执行的时间
    port_scner = PortScaner()
    port_queue = queue.Queue() # py3的写法,使用queue模块, 线程专用
    thread_num = 100 # 线程数量
    threads = [] # 保存新线程
    top = None # 取端口top数
    ip = "xxx.xxx.xx.xx" # 扫描的ip
    port_list = port_scner.get_port_lists(top = top) # 根据参数获取总端口list
    #print(port_list)

    for port in port_list:
        port_queue.put(port)
    for t in range(thread_num):
        threads.append(port_scner.PortScan(port_queue, ip, timeout = 3))
    # 启动线程
    for thread in threads:
        thread.start()
    # 阻塞线程
    for thread in threads:
        thread.join()
    end_time = time.time() # 脚本结束执行的时间
    print("[end time] %3ss"%(end_time-start_time,))
if __name__ == '__main__':
    main()

下面是第二版扫描器的运行结果,扫描本局域网中的另一台主机全部端口,大概需要十二秒钟。

python3 第二版扫描器结果

python3 第二版扫描器结果


如果是扫描top1000端口,扫描时间是0.15秒钟,默认100线程,当时top1000扫描的只是top1000的端口,不常用端口不能识别。
python3 快速端口扫描器结果

python3 快速端口扫描器结果


对比单线程版本,速度简直不要太快好吗?但是这个版本有一个较大的问题是所有的配置都需要在main()函数中修改,使用起来不是特别方便。

   thread_num = 100 # 线程数量
    threads = [] # 保存新线程
    top = None # 取端口top数
    ip = "xxx.xxx.xx.xx" # 扫描的ip
    port_list = port_scner.get_port_lists(top = top) # 根据参数获取总端口list

而第三个版本则主要解决了这个问题,可以通过命令行进行交互,当然代码质量因为能力有限不是很好。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
#!/usr/bin/env python3
# -*-coding:utf-8-*-
 
import time, sys
import socket
import queue
import threading
import base64
 
 
class PortScaner:
    '''
    这个版本(v3)的端口扫描器相对于上一个版本(v2),大概变化是:增加交互功能和LOGO
    '''
 
    class PortScan(threading.Thread):
        def __init__(self, port_queue, ip, timeout=5):
            '''
            初始化参数
            '''
            threading.Thread.__init__(self)
            self.__port_queue = port_queue
            self.__ip = ip
            self.__timeout = timeout
 
        def run(self):
            '''
            多线程实际调用的方法,如果端口队列不为空,循环执行
            '''
            while True:
                if self.__port_queue.empty():
                    break
                OPEN_MSG = "% 6d [OPEN]\n"
                port = self.__port_queue.get(timeout=0.5)
                ip = self.__ip
                timeout = self.__timeout
 
                try:
                    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                    s.settimeout(timeout)
                    result_code = s.connect_ex((ip, port))  # 开放放回0
                    if result_code == 0:
                        # print(OPEN_MSG % port) # print不适合多线程
                        sys.stdout.write(OPEN_MSG % port)
                        # result_list.append(port)
                    # else:
                    #     sys.stdout.write("% 6d [CLOSED]\n" % port)
                except Exception as e:
                    print(e)
                finally:
                    s.close()
 
    def get_port_lists(self, top=None, start_port=1, end_port=65535):
        '''
        获取扫描的端口list,top == None, start_port和end_port有效,top取值为50,100,1000分为为前top端口,当top == None时,并且端口号无效返回[1-65535]
        '''
        top50_list = [21, 22, 25, 53, 80, 110, 113, 135, 139, 143, 179, 199, 443, 445, 465, 514, 548, 554, 587, 646,
                      993, 995, 1025, 1026, 1433, 1720, 1723, 2000, 3306, 3389, 5060, 5666, 5900, 6001, 8000, 8008,
                      8080, 8443, 8888, 10000, 32768, 49152, 49154]
        top100_list = [7, 9, 13, 21, 22, 25, 37, 53, 79, 80, 88, 106, 110, 113, 119, 135, 139, 143, 179, 199, 389, 427,
                       443, 444, 465, 513, 514, 543, 548, 554, 587, 631, 646, 873, 990, 993, 995, 1025, 1026, 1027,
                       1028, 1110, 1433, 1720, 1723, 1755, 1900, 2000, 2049, 2121, 2717, 3000, 3128, 3306, 3389, 3986,
                       4899, 5000, 5009, 5051, 5060, 5101, 5190, 5357, 5432, 5631, 5666, 5800, 5900, 6000, 6646, 7070,
                       8000, 8008, 8080, 8443, 8888, 9100, 9999, 32768, 49152, 49153, 49154, 49155, 49156]
        top1000_list = [1, 3, 6, 9, 13, 17, 19, 20, 21, 22, 23, 24, 25, 30, 32, 37, 42, 49, 53, 70, 79, 80, 81, 82, 83,
                        84, 88, 89, 99, 106, 109, 110, 113, 119, 125, 135, 139, 143, 146, 161, 163, 179, 199, 211, 222,
                        254, 255, 259, 264, 280, 301, 306, 311, 340, 366, 389, 406, 416, 425, 427, 443, 444, 458, 464,
                        481, 497, 500, 512, 513, 514, 524, 541, 543, 544, 548, 554, 563, 587, 593, 616, 625, 631, 636,
                        646, 648, 666, 667, 683, 687, 691, 700, 705, 711, 714, 720, 722, 726, 749, 765, 777, 783, 787,
                        800, 808, 843, 873, 880, 888, 898, 900, 901, 902, 911, 981, 987, 990, 992, 995, 999, 1000, 1001,
                        1007, 1009, 1010, 1021, 1022, 1023, 1024, 1025, 1026, 1027, 1028, 1029, 1030, 1031, 1032, 1033,
                        1034, 1035, 1036, 1037, 1038, 1039, 1040, 1041, 1042, 1043, 1044, 1045, 1046, 1047, 1048, 1049,
                        1050, 1051, 1052, 1053, 1054, 1055, 1056, 1057, 1058, 1059, 1060, 1061, 1062, 1063, 1064, 1065,
                        1066, 1067, 1068, 1069, 1070, 1071, 1072, 1073, 1074, 1075, 1076, 1077, 1078, 1079, 1080, 1081,
                        1082, 1083, 1084, 1085, 1086, 1087, 1088, 1089, 1090, 1091, 1092, 1093, 1094, 1095, 1096, 1097,
                        1098, 1099, 1102, 1104, 1105, 1106, 1107, 1110, 1111, 1112, 1113, 1117, 1119, 1121, 1122, 1123,
                        1126, 1130, 1131, 1137, 1141, 1145, 1147, 1148, 1151, 1154, 1163, 1164, 1165, 1169, 1174, 1183,
                        1185, 1186, 1192, 1198, 1201, 1213, 1216, 1217, 1233, 1236, 1244, 1247, 1259, 1271, 1277, 1287,
                        1296, 1300, 1309, 1310, 1322, 1328, 1334, 1352, 1417, 1433, 1443, 1455, 1461, 1494, 1500, 1503,
                        1521, 1524, 1533, 1556, 1580, 1583, 1594, 1600, 1641, 1658, 1666, 1687, 1700, 1717, 1718, 1719,
                        1720, 1723, 1755, 1761, 1782, 1801, 1805, 1812, 1839, 1862, 1863, 1875, 1900, 1914, 1935, 1947,
                        1971, 1974, 1984, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2013,
                        2020, 2021, 2030, 2033, 2034, 2038, 2040, 2041, 2042, 2045, 2046, 2047, 2048, 2065, 2068, 2099,
                        2103, 2105, 2106, 2111, 2119, 2121, 2126, 2135, 2144, 2160, 2170, 2179, 2190, 2196, 2200, 2222,
                        2251, 2260, 2288, 2301, 2323, 2366, 2381, 2382, 2393, 2399, 2401, 2492, 2500, 2522, 2525, 2557,
                        2601, 2604, 2607, 2638, 2701, 2710, 2717, 2725, 2800, 2809, 2811, 2869, 2875, 2909, 2920, 2967,
                        2998, 3000, 3003, 3005, 3006, 3011, 3013, 3017, 3030, 3052, 3071, 3077, 3128, 3168, 3211, 3221,
                        3260, 3268, 3283, 3300, 3306, 3322, 3323, 3324, 3333, 3351, 3367, 3369, 3370, 3371, 3389, 3404,
                        3476, 3493, 3517, 3527, 3546, 3551, 3580, 3659, 3689, 3703, 3737, 3766, 3784, 3800, 3809, 3814,
                        3826, 3827, 3851, 3869, 3871, 3878, 3880, 3889, 3905, 3914, 3918, 3920, 3945, 3971, 3986, 3995,
                        3998, 4000, 4001, 4002, 4003, 4004, 4005, 4045, 4111, 4125, 4129, 4224, 4242, 4279, 4321, 4343,
                        4443, 4444, 4445, 4449, 4550, 4567, 4662, 4848, 4899, 4998, 5000, 5001, 5002, 5003, 5009, 5030,
                        5033, 5050, 5054, 5060, 5080, 5087, 5100, 5101, 5120, 5190, 5200, 5214, 5221, 5225, 5269, 5280,
                        5298, 5357, 5405, 5414, 5431, 5440, 5500, 5510, 5544, 5550, 5555, 5560, 5566, 5631, 5633, 5666,
                        5678, 5718, 5730, 5800, 5801, 5810, 5815, 5822, 5825, 5850, 5859, 5862, 5877, 5900, 5901, 5902,
                        5903, 5906, 5910, 5915, 5922, 5925, 5950, 5952, 5959, 5960, 5961, 5962, 5987, 5988, 5998, 5999,
                        6000, 6001, 6002, 6003, 6004, 6005, 6006, 6009, 6025, 6059, 6100, 6106, 6112, 6123, 6129, 6156,
                        6346, 6389, 6502, 6510, 6543, 6547, 6565, 6566, 6580, 6646, 6666, 6667, 6668, 6689, 6692, 6699,
                        6779, 6788, 6792, 6839, 6881, 6901, 6969, 7000, 7001, 7004, 7007, 7019, 7025, 7070, 7100, 7103,
                        7106, 7200, 7402, 7435, 7443, 7496, 7512, 7625, 7627, 7676, 7741, 7777, 7800, 7911, 7920, 7937,
                        7999, 8000, 8001, 8007, 8008, 8009, 8010, 8021, 8031, 8042, 8045, 8080, 8081, 8082, 8083, 8084,
                        8085, 8086, 8087, 8088, 8089, 8093, 8099, 8180, 8192, 8193, 8200, 8222, 8254, 8290, 8291, 8300,
                        8333, 8383, 8400, 8402, 8443, 8500, 8600, 8649, 8651, 8654, 8701, 8800, 8873, 8888, 8899, 8994,
                        9000, 9001, 9002, 9009, 9010, 9040, 9050, 9071, 9080, 9090, 9099, 9100, 9101, 9102, 9110, 9200,
                        9207, 9220, 9290, 9415, 9418, 9485, 9500, 9502, 9535, 9575, 9593, 9594, 9618, 9666, 9876, 9877,
                        9898, 9900, 9917, 9929, 9943, 9968, 9998, 9999, 10000, 10001, 10002, 10003, 10009, 10012, 10024,
                        10082, 10180, 10215, 10243, 10566, 10616, 10621, 10626, 10628, 10778, 11110, 11967, 12000,
                        12174, 12265, 12345, 13456, 13722, 13782, 14000, 14238, 14441, 15000, 15002, 15003, 15660,
                        15742, 16000, 16012, 16016, 16018, 16080, 16113, 16992, 17877, 17988, 18040, 18101, 18988,
                        19101, 19283, 19315, 19350, 19780, 19801, 19842, 20000, 20005, 20031, 20221, 20828, 21571,
                        22939, 23502, 24444, 24800, 25734, 26214, 27000, 27352, 27355, 27715, 28201, 30000, 30718,
                        30951, 31038, 31337, 32768, 32769, 32770, 32771, 32772, 32773, 32774, 32775, 32776, 32777,
                        32778, 32779, 32780, 32781, 32782, 32783, 32784, 33354, 33899, 34571, 34572, 35500, 38292,
                        40193, 40911, 41511, 42510, 44176, 44442, 44501, 45100, 48080, 49152, 49153, 49154, 49155,
                        49156, 49157, 49158, 49159, 49160, 49163, 49165, 49167, 49175, 49400, 49999, 50000, 50001,
                        50002, 50006, 50300, 50389, 50500, 50636, 50800, 51103, 51493, 52673, 52822, 52848, 52869,
                        54045, 54328, 55055, 55555, 55600, 56737, 57294, 57797, 58080, 60020, 60443, 61532, 61900,
                        62078, 63331, 64623, 64680, 65000, 65129, 65389]
 
        if (top != None):
            if (top == 50):
                return top50_list
            elif (top == 100):
                return top100_list
            else:
                return top1000_list
        else:
            if start_port >= 1 and end_port <= 65535 and start_port <= end_port:
                return list(range(start_port, end_port + 1))
            else:
                return list(range(1, 65535 + 1))
 
    def get_ip_by_name(self, domain):
        '''
        提供域名转ip的功能,利用socket.gethostbyname,返回str
        '''
        domain = (domain.replace("http://", "")).replace("https://", "")  # py3
        print(domain)
        try:
            return socket.gethostbyname(domain)
        except Exception as e:
            print("%s:%s" % (domain, e))
 
    def split(self, args):
        port_temp = args.split("-")
        start_port = int(port_temp[0])
        end_port = int(port_temp[1])
        return int(start_port), int(end_port)
 
    def banber(self):
        logo = '''
 ____            _   ____
|  _ \ ___  _ __| |_/ ___|  ___ __ _ _ __   ___ _ __
| |_) / _ \| '__| __\___ \ / __/ _` | '_ \ / _ \ '__|
|  __/ (_) | |  | |_ ___) | (_| (_| | | | |  __/ |
|_|   \___/|_|   \__|____/ \___\__,_|_| |_|\___|_|   v3.0
        '''
        return logo
 
    def help(self):
        help = """
[Usage]
    python portscaner_v3.py -i ip -p [port_scope|top_num] [-t thread_num]
    python portscaner_v3.py -u url -p [port_scope|top_num] [-t thread_num]\n\n[Example]
    python3 portscaner_v3.py -i 127.0.0.1 -p 1000 -t 100
    python3 portscaner_v3.py -u https://www.baidu.com -p 1-65535
 
[Value]
    ip              0.0.0.0-255.255.255.255
    top_num         [50|100|1000(default)]
    port_scope      1-65535
    thread_num      [int|10(default)]
        """
        return help
 
 
def main():
    start_time = time.time()  # 脚本开始执行的时间
    port_scner = PortScaner()
    logo = port_scner.banber()
    # usage = port_scner.usage()
    port_queue = queue.Queue()  # py3的写法,使用queue模块, 线程专用
    thread_num = 10  # 线程数量,default=10
    threads = []  # 保存新线程
    top = None  # 取端口top数
    start_port = 0
    end_port = 0
    ip = "127.0.0.1"  # 扫描的ip
 
    # 命令行交互
    print(logo)
    args = sys.argv
    if "-h" in args or "--help" in args:
        help = port_scner.help()
        print(help)
        sys.exit(1)
    if len(args) == 7:
        # ['portscaner_v3.py', '-i', 'ip', '-p', '10-100', '-t', 'thread_num']
        if args[1] == "-i" and args[3] == "-p" and args[5] == "-t":
            ip = args[2]
            thread_num = args[6]
            if args[4].find("-") != -1:
                split = port_scner.split(args[4])
                start_port = split[0]
                end_port = split[1]
            else:
                top = args[4]
 
        elif args[1] == "-u" and args[3] == "-p" and args[5] == "-t":
            ip = port_scner.get_ip_by_name(args[2])
            thread_num = args[6]
            if args[4].find("-") != -1:
                split = port_scner.split(args[4])
                start_port = split[0]
                end_port = split[1]
            else:
                top = args[4]
        else:
            sys.exit(1)
    elif len(args) == 5:  # thread_num default 10
        if args[1] == "-i" and args[3] == "-p":
            ip = args[2]
            if args[4].find("-") != -1:
                split = port_scner.split(args[4])
                start_port = split[0]
                end_port = split[1]
            else:
                top = args[4]
        elif args[1] == "-u" and args[3] == "-p":
            ip = port_scner.get_ip_by_name(args[2])
            if args[4].find("-") != -1:
                split = port_scner.split(args[4])
                start_port = split[0]
                end_port = split[1]
            else:
                top = args[4]
        else:
            sys.exit(1)
    else:
        help = port_scner.help()
        print(help)
        sys.exit(1)
    # print("ip:%s,top:%s,start_port:%s,end_port:%s,thread_num:%s"%(ip,type(top),type(start_port),type(end_port),type(thread_num)))
 
    if top != None:
        port_list = port_scner.get_port_lists(top=top)  # 根据参数获取总端口list
    else:
        port_list = port_scner.get_port_lists(start_port=start_port, end_port=end_port)
 
    for port in port_list:
        port_queue.put(port)
 
    for t in range(int(thread_num)):
        threads.append(port_scner.PortScan(port_queue, ip, timeout=5))
 
    print("[RESULT]\n")
    # 启动线程
    for thread in threads:
        thread.start()
    # 阻塞线程
    for thread in threads:
        thread.join()
    end_time = time.time()  # 脚本结束执行的时间
    print("[end time] %3ss" % (end_time - start_time,))
 
 
if __name__ == '__main__':
    main()

下面是运行第三个版本扫描器的截图,帮助说明

python3 扫描端口最终版程序样式

python3 扫描端口最终版程序样式


扫描结果
python3 扫描器 扫描结果

python3 扫描器 扫描结果

后言

共勉

文章来源:https://blog.csdn.net/huanghelouzi/article/details/83833737

布施恩德可便相知重

微信扫一扫打赏

支付宝扫一扫打赏

×
标签:

给我留言