# coding=utf-8
from queue import queue
import nmap
import threading
import requests
import chardet
import re
import json
import os
# 儲存所有掃瞄的ip和埠服務
final_domains =
# 儲存每個ip的埠的臨時列表
ports =
# 全域性鎖
glock = threading.lock()
# 埠服務掃瞄類
class portscan(threading.thread):
def __init__(self, queue):
threading.thread.__init__(self)
self._queue = queue
# 作為執行緒類,需要重寫run方法
def run(self):
while not self._queue.empty():
scan_ip = self._queue.get() # 從佇列出取出每乙個掃瞄的ip
glock.acquire()
try:
self.portscan(scan_ip)
self.scan(scan_ip)
except exception as e:
print(e)
pass
glock.release()
# 呼叫masscan識別埠
def portscan(self, scan_ip):
temp_ports = # 設定乙個臨時埠列表
os.system('masscan.exe ' + scan_ip + ' -p 1-100 -oj masscan.json --rate 2000')
# 提取json檔案中的埠
with open('masscan.json', 'r') as f:
for line in f:
if line.startswith('{ '):
temp = json.loads(line[:-2]) # 取出一條完整json形式的資料
print(temp_ports)
if len(temp_ports) > 25:
temp_ports.clear() # 如果埠數量大於30,說明可能存在防火牆,屬於誤報,清空列表
else:
ports.extend(temp_ports) # 小於30則放到總埠列表裡
# 獲取**的web應用程式名和**標題資訊
def title(self,scan_url_port, service_name):
try:
resp = requests.get(scan_url_port, timeout=3, verify=false)
# 獲取**的頁面編碼並且應用
detectencode = chardet.detect(resp.content) # 利用chardet模組檢測編碼
response = re.findall(r'(.*?)', resp.content.decode(detectencode['encoding']), re.s) # re.s的作用 匹配的時候擴充套件到整個字串(包括換行這些\n)
if response: # 如果訪問的時候正則匹配到標籤
# 將頁面解碼為utf-8,獲取中文標題
# 如果訪問的時候正則匹配到title標籤
res = response[0]
banner = resp.headers['server']
else:
except:
pass
# 呼叫nmap識別服務
def scan(self,scan_ip):
nm = nmap.portscanner()
try:
for port in ports:
ret = nm.scan(scan_ip, port, arguments='-pn -ss')
service_name = ret['scan'][scan_ip]['tcp'][int(port)]['name']
print('[*] 主機 ' + scan_ip + ' 的 ' + str(port) + ' 埠服務為: ' + service_name)
# 形式為:["47.96.196.217:443 https","47.96.196.217:80 blackice-icecap"]....
except exception as e:
print(e)
pass
ports.clear() # 掃一次清理一次
# 啟用多執行緒掃瞄
def main():
queue = queue(1000)
try:
f = open('ip.txt', 'r') # 把文字中的內容按\n分割加入到queue佇列中
for line in f.readlines():
final_ip = line.strip('\n')
queue.put(final_ip)
print("加入佇列---->" + final_ip)
threads = # 建立乙個列表
thread_count = 50
for i in range(thread_count):
for t in threads:
t.start()
for t in threads:
t.join()
f.close()
except:
pass
if __name__ == '__main__':
main() # 主程序
tmp_domians =
for tmp_domain in final_domains: # 迴圈一次 轉移到tmp_domains裡面
if tmp_domain not in tmp_domians:
for url in tmp_domians:
with open('scan_url_port.txt', 'a') as ff:
ff.write(url+'\n')
參考文章: python實現埠掃瞄
一 import socket import multiprocessing def ports ports service 獲取常用埠對應的服務名稱 for port in list range 1,100 143,145,113,443,445,3389,8080 try ports servi...
python指令碼 埠掃瞄
記錄在b站學習的知識 利用tcp原理,通過編寫python指令碼,來檢測某個主機的埠開放情況,下面介紹兩種掃瞄,syn掃瞄和fin掃瞄 實驗環境 準備工作 展示from scapy.layers.inet import ip,tcp from scapy.sendrecv import sr syn...
Python 內網埠掃瞄
import socket,threadpool ports def scan poort port ip 192.168.1.131 s socket.socket socket.af inet,socket.sock stream socket.socket 建立socket 例項 af ine...