信息收集之端口掃描篇

import os
import re
import nmap
import getopt
import sys
import datetime
from threading import Thread, Semaphore

sm = Semaphore(20)
target_t = False
file_t = False
target = ""
file_name = ""
info_list = [[['ip','port','state','name','product','version']]]
error_ip = []

class ThreadWithReturnValue(Thread):
    def __init__(self, group=None, target=None, name=None, args=(), kwargs=None, *, daemon=None):
        Thread.__init__(self, group, target, name, args, kwargs, daemon=daemon)
        self._return = None
    def run(self):
        if self._target is not None:
                self._return = self._target(*self._args,**self._kwargs)
    def join(self):
        Thread.join(self)
        return self._return

def usage():
    print ("test.py -t 127.0.0.1")
    print ("test.py -f ip_list.txt")
    sys.exit(0)

def main():
    global target_t
    global file_t
    global target
    global file_name

    if not len(sys.argv[1:]):
        usage()
    try:
        opts, args = getopt.getopt(sys.argv[1:],'ht:f:',['help','target','file'])
    except getopt.GetoptError as a:
        usage()
    
    for o, a in opts:
        if o in ('-h','--help'):
            usage()
        elif o in ('-t','--target'):
            target_t = True
            target = a
        elif o in ('-f','--file'):
            file_t = True
            file_name = a
        else:
            assert False, "Unhandled Options"
    
    if not file_t and len(target) > 0:
        one(target,target_t)
    if file_t:
        more(file_name,file_t)

def one(target, target_t):
    ip = target
    data = masscan_scan(ip, target_t, file_t)
    for ip in data:
        port = ','.join(data[ip])
        nmap_scan(ip,port)

def more(file_name, file_t):
    global info_list
    thread_list = []
    data = masscan_scan(file_name, target_t, file_t)
    i = 0
    for ip in data:
        i = i + 1
        port = ','.join(data[ip])
        # print('[*]' + str(len(data[ip])))
        if len(data[ip]) < 120:
            t = ThreadWithReturnValue(target=nmap_scan,args=(ip, port))
            thread_list.append(t)
            t.start()
        else:
            print ('[*] error_ip: ' + ip)
            with open('error_ip.txt','a+') as f:
                    f.write(str(ip) + '\n')
    print('[*] SUM ' + str(i))
    for t in thread_list:
        aa = t.join()
        info_list.append(aa)
    


def masscan_scan(ip,t,f):
    if t and not f:
        print ('[*] Masscan_Scaner ' + ip )
        os.system('sudo masscan ' + ip + ' -p 1-65535 -oG test.txt --rate=2000')
    else:
        print ('[*] Masscan_Scaner ' + ip )
        os.system('sudo masscan -iL ' + ip + ' -p 1-65535 -oG test.txt --rate=2000')
    f1 = open("test.txt", 'r')
    re1 = 'Host\:\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+\(\)\s+Ports\:\s+(\d+)/open'
    ip_port = []
    ips_list = []
    data = {}
    for line in f1:
        res = re.findall(re1, line.strip())
        if res:
            ip_port.append((res[0][0], int(res[0][1])))
            ips_list.append(res[0][0])
    ips_list = list(set(ips_list))
    ip_port = list(set(ip_port))
    i = 0
    for info in ip_port:
        i = i + 1
        if info[0] in data:
            data.get(info[0]).append(str(info[1]))
        else:
            data.setdefault(info[0], []).append(str(info[1]))
    print ('[*] sum ' + str(i))
    return data

def nmap_scan(ip, port):
    global info_list
    tmp_info =[]
    with sm:
        for p in port.split(','):
            print ('[*] Nmap_Scaner ' +  ip + ' port '+ p)
            nm = nmap.PortScanner()
            ret = nm.scan(ip, p, arguments='-sV -T5 -Pn')
            if ret['scan'][ip]['tcp'][int(p)]:
                state = ret['scan'][ip]['tcp'][int(p)]['state']
                product = ret['scan'][ip]['tcp'][int(p)]['product']
                version = ret['scan'][ip]['tcp'][int(p)]['version']
                name = ret['scan'][ip]['tcp'][int(p)]['name']
                print ('[*] IP:{},Port:{},State:{},Name:{},Product:{},Version:{}'.format(ip, p, state, name, product, version))
                tmp_info.append([ip,p,state,name,product,version])
    return tmp_info


if __name__ == "__main__":
    main()
    print('[*] end_scan')
    print (info_list)
    with open('info.csv', 'w+') as f:
        for i in info_list:
            if i:
                for j in i:
                    str1 = ','.join(j)
                    f.write(str1 + '\n')

目前該腳本只是bate版本,后續(xù)將數(shù)據(jù)存儲(chǔ)到數(shù)據(jù)庫中,并進(jìn)行標(biāo)記,發(fā)現(xiàn)新開端口或服務(wù)會(huì)進(jìn)行通知,之后也會(huì)將C段掃描和指紋識(shí)別等功能加入其中。
由于masscan本身對于批量IP掃描就已經(jīng)夠快了,所以我只在nmap掃描處做了多線程處理。

項(xiàng)目已上傳至gayhub,后續(xù)更新都會(huì)發(fā)布到gayhub的項(xiàng)目中
https://github.com/HoldOnToYourHeart/qf_scan

使用方法:

python3 test.py -f ip_list.txt
需安裝python-nmap模塊

運(yùn)行效果

running

數(shù)據(jù)保存
save

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

友情鏈接更多精彩內(nèi)容