Python编写渗透工具学习笔记一 | 0x04 nmap实现端口扫描(准确性更高)
0x04 nmap实现端口扫描
在windows下安装nmap模块会遇到一些障碍,主要是路径的一些问题,在linux下会比较容易。
#实现功能 端口扫描
先介绍一下nmap在这个脚本中用到的方法
nmScan = nmap.PortScanner()#创建一个portscanner()类对象
nmScan.scan(tgtHost,tgtPort)#进行基本的nmap扫描
state=nmScan[tgtHost]['tcp'][int(tgtPort)]['state']#获取扫描状态
附上一个描述和一个使用例子
例子
实现思路:
用sys模块接受命令行参数,使得用户可以自定义扫描的主机和端口
具体实现脚本
import nmap
import optparse
#扫描
def nmapScan(tgtHost,tgtPort):
nmScan = nmap.PortScanner()#创建一个portscanner()类对象
nmScan.scan(tgtHost,tgtPort)#进行基本的nmap扫描
state=nmScan[tgtHost]['tcp'][int(tgtPort)]['state']#获取扫描状态
print "[*] " + tgtHost + " tcp/"+tgtPort +" "+state
def main():
parser = optparse.OptionParser('usage %prog '+
'-H <target host> -p <target port>')
parser.add_option('-H', dest='tgtHost', type='string',
help='specify target host')
parser.add_option('-p', dest='tgtPort', type='string',
help='specify target port[s] separated by comma')
(options, args) = parser.parse_args()
tgtHost = options.tgtHost
#对接收到的端口参数进行分割
tgtPorts = str(options.tgtPort).split(',')
if (tgtHost == None) | (tgtPorts[0] == None):
print parser.usage
exit(0)
for tgtPort in tgtPorts:
nmapScan(tgtHost, tgtPort)
if __name__ == '__main__':
main()
进一步优化脚本
这里的逻辑较为简单易懂,上面的脚本中用户需要自己用逗号一个一个地输入端口,但如果当端口数量比较大的时候,这明显就会非常不方便了,所以下面优化一下脚本,让这个脚本可以实现对一个特定范围的端口扫描或者对自己自定义的特定某几个端口进行扫描
具体代码如下
以下为源码:
端口扫描
可以实现对一个特定范围的端口扫描或者
对自己自定义的特定某几个端口进行扫描
import nmap
import optparse
def nmapScan(tgtHost,tgtPort):
nmScan = nmap.PortScanner()#创建一个portscanner()类对象
nmScan.scan(tgtHost,tgtPort)#进行基本的nmap扫描
state=nmScan[tgtHost]['tcp'][int(tgtPort)]['state']#获取扫描状态
print "[*] " + tgtHost + " tcp/"+tgtPort +" "+state
def main():
#定义说明等
parser = optparse.OptionParser('usage %prog -H <target host> -p <target port> -prange <target ports>')
parser.add_option('-H', dest='tgtHost', type='string',help='specify target host')
parser.add_option('-p', dest='tgtPort', type='string',help='specify target port[s] separated by comma')
parser.add_option('-P',dest='prange',type='string',help='define ports')
(options, args) = parser.parse_args()
tgtHost = options.tgtHost
tgtPorts = str(options.tgtPort).split(',')
prange=str(options.prange).split('-')
#参数为空则打印使用方法
if prange[0]==None:
if (tgtHost == None) | (tgtPorts[0] == None):
print parser.usage
print '[#]example:'
print 'python 2-nmapScan.py -H 127.0.0.1 -p 21,22,23,25,80,8001,8010,8080,1433,3389,445'
print 'python 2-nmapScan.py -H 127.0.0.1 -prange 1-65535'
exit(0)
for tgtPort in tgtPorts:
nmapScan(tgtHost, tgtPort)
else:
if tgtHost==None:
print parser.usage
print '[#]example:'
print 'python 2-nmapScan.py -H 127.0.0.1 -p 21,22,23,25,80,8001,8010,8080,1433,3389,445'
print 'python 2-nmapScan.py -H 127.0.0.1 -P 1-65535'
exit(0)
low=int(prange[0])
height=int(prange[1])
for i in range(low,height+1):
tgtPort=str(i)
nmapScan(tgtHost, tgtPort)
if __name__ == '__main__':
main()
'''
先创建一个portscanner()类对象,这使我们能用这个对象完成扫描操作
该类有个scan()函数,它可以将目标和端口的列表作为参数输入,
并对它们进行基本的nmap扫描
需安装python_nmap包,支持2.x以及3.x
python_nmap包提供了python调用nmap的一系列接口
(一)重要类及方法:
1.创建nmap扫描器
class PortScanner()
__init__(self, nmap_search_path=('nmap', '/usr/bin/nmap', '/usr/local/bin/nmap', '/sw/bin/nmap', '/opt/local/bin/nmap'))
Initialize PortScanner module
* detects nmap on the system and nmap version
* may raise PortScannerError exception if nmap is not found in the path
:param nmap_search_path: tupple of string where to search for nmap executable. Change this if you want to use a specific version of nmap.
:returns: nothing
2.扫描器方法
scan(self, hosts='127.0.0.1', ports=None, arguments='-sV', sudo=False)
Scan given hosts
May raise PortScannerError exception if nmap output was not xml
Test existance of the following key to know if something went wrong : ['nmap']['scaninfo']['error']
If not present, everything was ok.
:param hosts: string for hosts as nmap use it 'scanme.nmap.org' or '198.116.0-255.1-127' or '216.163.128.20/20'
:param ports: string for ports as nmap use it '22,53,110,143-4564'
:param arguments: string of arguments for nmap '-sU -sX -sC'
:param sudo: launch nmap with sudo if True
:returns: scan_result as dictionnary
(二)例子
import nmap
scanner = nmap.PortScanner() #nmap_search_path已包含了nmap所在路径,若默认路径中没有nmap,则需指出
results = scanner.scan(hosts='192.168.2.1',ports='80')
print results
{'nmap': {'command_line': 'nmap -oX - -p 80 -sV 192.168.2.1',
'scaninfo': {'tcp': {'method': 'syn', 'services': '80'}},
'scanstats': {'downhosts': '0',
'elapsed': '11.59',
'timestr': 'Thu Jul 21 10:08:34 2016',
'totalhosts': '1',
'uphosts': '1'}},
'scan': {'192.168.2.1': {'addresses': {'ipv4': '192.168.2.1',
'mac': 'D0:C7:C0:6A:F6:A0'},
'hostnames': [],
'status': {'reason': 'arp-response',
'state': 'up'},
'tcp': {80: {'conf': '3',
'cpe': '',
'extrainfo': '',
'name': 'http',
'product': '',
'reason': 'no-response',
'state': 'filtered',
'version': ''}},
'vendor': {'D0:C7:C0:6A:F6:A0': 'Tp-link '
'Technologies'}}}}
root@kali64:~# python test.py
{'nmap':
{
'scanstats':
{ 'uphosts': '1',
'timestr': 'Mon Nov 20 22:26:21 2017',
'downhosts': '0',
'totalhosts': '1',
'elapsed': '9.09'},
'scaninfo':
{'tcp':
{'services': '80',
'method': 'syn'
}
},
'command_line': 'nmap -oX - -p 80 -sV 10.10.10.1'
},
'scan':
{'10.10.10.1':
{'status':
{'state': 'up',
'reason': 'arp-response'
},
'hostnames': [{'type': '', 'name': ''}],
'vendor': {'00:50:56:C0:00:08': 'VMware'},
'addresses': {'mac': '00:50:56:C0:00:08', 'ipv4': '10.10.10.1'},
'tcp': {80:
{ 'product': 'Apache httpd',
'state': 'open',
'version': '2.4.18',
'name': 'http',
'conf': '10',
'extrainfo': '(Win32) OpenSSL/1.0.2e PHP/5.5.30',
'reason': 'syn-ack',
'cpe': 'cpe:/a:apache:http_server:2.4.18'
}
}
}
}
}
'''
先创建一个portscanner()类对象,这使我们能用这个对象完成扫描操作
该类有个scan()函数,它可以将目标和端口的列表作为参数输入,
并对它们进行基本的nmap扫描
需安装python_nmap包,支持2.x以及3.x
python_nmap包提供了python调用nmap的一系列接口
(一)重要类及方法:
1.创建nmap扫描器
class PortScanner()
__init__(self, nmap_search_path=('nmap', '/usr/bin/nmap', '/usr/local/bin/nmap', '/sw/bin/nmap', '/opt/local/bin/nmap'))
Initialize PortScanner module
* detects nmap on the system and nmap version
* may raise PortScannerError exception if nmap is not found in the path
:param nmap_search_path: tupple of string where to search for nmap executable. Change this if you want to use a specific version of nmap.
:returns: nothing
2.扫描方法
scan(self, hosts='127.0.0.1', ports=None, arguments='-sV', sudo=False)
Scan given hosts
May raise PortScannerError exception if nmap output was not xml
Test existance of the following key to know if something went wrong : ['nmap']['scaninfo']['error']
If not present, everything was ok.
:param hosts: string for hosts as nmap use it 'scanme.nmap.org' or '198.116.0-255.1-127' or '216.163.128.20/20'
:param ports: string for ports as nmap use it '22,53,110,143-4564'
:param arguments: string of arguments for nmap '-sU -sX -sC'
:param sudo: launch nmap with sudo if True
:returns: scan_result as dictionnary
(二)例子
import nmap
scanner = nmap.PortScanner() #nmap_search_path已包含了nmap所在路径,若默认路径中没有nmap,则需指出
results = scanner.scan(hosts='192.168.2.1',ports='80')
print results
{'nmap': {'command_line': 'nmap -oX - -p 80 -sV 192.168.2.1',
'scaninfo': {'tcp': {'method': 'syn', 'services': '80'}},
'scanstats': {'downhosts': '0',
'elapsed': '11.59',
'timestr': 'Thu Jul 21 10:08:34 2016',
'totalhosts': '1',
'uphosts': '1'}},
'scan': {'192.168.2.1': {'addresses': {'ipv4': '192.168.2.1',
'mac': 'D0:C7:C0:6A:F6:A0'},
'hostnames': [],
'status': {'reason': 'arp-response',
'state': 'up'},
'tcp': {80: {'conf': '3',
'cpe': '',
'extrainfo': '',
'name': 'http',
'product': '',
'reason': 'no-response',
'state': 'filtered',
'version': ''}},
'vendor': {'D0:C7:C0:6A:F6:A0': 'Tp-link '
'Technologies'}}}}
root@kali64:~# python test.py
{'nmap':
{
'scanstats':
{ 'uphosts': '1',
'timestr': 'Mon Nov 20 22:26:21 2017',
'downhosts': '0',
'totalhosts': '1',
'elapsed': '9.09'},
'scaninfo':
{'tcp':
{'services': '80',
'method': 'syn'
}
},
'command_line': 'nmap -oX - -p 80 -sV 10.10.10.1'
},
'scan':
{'10.10.10.1':
{'status':
{'state': 'up',
'reason': 'arp-response'
},
'hostnames': [{'type': '', 'name': ''}],
'vendor': {'00:50:56:C0:00:08': 'VMware'},
'addresses': {'mac': '00:50:56:C0:00:08', 'ipv4': '10.10.10.1'},
'tcp': {80:
{ 'product': 'Apache httpd',
'state': 'open',
'version': '2.4.18',
'name': 'http',
'conf': '10',
'extrainfo': '(Win32) OpenSSL/1.0.2e PHP/5.5.30',
'reason': 'syn-ack',
'cpe': 'cpe:/a:apache:http_server:2.4.18'
}
}
}
}
}
未完待续
- 【专业技术】如何写出优美的C 代码?
- StringUtils工具类常用方法
- 数据刷新中的并行改进(三) (r5笔记第79天)
- SSH【史上最详细整合】
- Github 项目推荐 | TensorFlow 项目模板架构最佳实践
- 两个死锁的实例 (r5笔记第90天)
- SSM【史上最详细整合】
- 终结 finalize()和垃圾回收(garbage collection)
- 代码+实战:TensorFlow Estimator of Deep CTR —— DeepFM/NFM/AFM/FNN/PNN
- 【SSH测试整合Demo】企业人事管理系统
- Hybris 项目工程配置
- 购物车案例【简单版】
- 再学习之MyBatis.
- 用户登陆注册【JDBC版】
- JavaScript 教程
- JavaScript 编辑工具
- JavaScript 与HTML
- JavaScript 与Java
- JavaScript 数据结构
- JavaScript 基本数据类型
- JavaScript 特殊数据类型
- JavaScript 运算符
- JavaScript typeof 运算符
- JavaScript 表达式
- JavaScript 类型转换
- JavaScript 基本语法
- JavaScript 注释
- Javascript 基本处理流程
- Javascript 选择结构
- Javascript if 语句
- Javascript if 语句的嵌套
- Javascript switch 语句
- Javascript 循环结构
- Javascript 循环结构实例
- Javascript 跳转语句
- Javascript 控制语句总结
- Javascript 函数介绍
- Javascript 函数的定义
- Javascript 函数调用
- Javascript 几种特殊的函数
- JavaScript 内置函数简介
- Javascript eval() 函数
- Javascript isFinite() 函数
- Javascript isNaN() 函数
- parseInt() 与 parseFloat()
- escape() 与 unescape()
- Javascript 字符串介绍
- Javascript length属性
- javascript 字符串函数
- Javascript 日期对象简介
- Javascript 日期对象用途
- Date 对象属性和方法
- Javascript 数组是什么
- Javascript 创建数组
- Javascript 数组赋值与取值
- Javascript 数组属性和方法
- laravel5使用freetds连接sql server的方法
- opencv 图像滤波(均值,方框,高斯,中值)
- opencv 阈值分割的具体使用
- 浅谈keras 的抽象后端(from keras import backend as K)
- 在Keras中利用np.random.shuffle()打乱数据集实例
- 浅谈matplotlib中FigureCanvasXAgg的用法
- Keras自定义实现带masking的meanpooling层方式
- 利用keras使用神经网络预测销量操作
- 获取python运行输出的数据并解析存为dataFrame实例
- 如何使用Cython对python代码进行加密
- PHP快速排序算法实现的原理及代码详解
- 从ThinkPHP3.2.3过渡到ThinkPHP5.0学习笔记图文详解
- keras实现VGG16 CIFAR10数据集方式
- PyTorch: Softmax多分类实战操作
- 为什么称python为胶水语言