通过socket和scapy库进行内网中存活主机IP和开放端口的扫描,其中一些ip我在自己实验时已经写死,如要使用改成自己的内网ip即可。废话不多说,直接上代码,代码中关键地方我已经注释过了。
import socket
import threading
import os
from scapy.layers.inet import IP, TCP
from scapy.layers.l2 import ARP
from scapy.sendrecv import sr1, srp1
def find_port_socket(ip, start):
for port in range(start, start + 50):
try:
s = socket.socket()
s.settimeout(0.5)
s.connect((ip, port))
print(f"端口:{port}可用")
except:
pass
def find_port_scapy(ip, start):
for port in range(start, start + 50):
try:
reply = sr1(IP(src='10.12.189.186', dst=ip) / TCP(dport=port, flags='S'), timeout=1, verbose=False)
if reply[TCP].flags == 0x12:
print(f"端口:{port}可用")
except:
pass
def find_ip_icmp(start):
for ip in range(start, start + 15):
try:
reply = os.popen(f'ping 10.12.189.{ip} -n 1 -w 100').read()
if "TTL=" in reply:
print(f"IP: 10.12.189.{ip}在线")
except:
pass
def find_ip_scapy(start):
for ip in range(start, start + 15):
# try:
reply = sr1(ARP(psrc='10.12.189.186', pdst=f'10.12.189.{ip}'), timeout=3, verbose=False)
print(reply[ARP].hwsrc)
print(f"IP: 10.12.189.{ip}在线")
# except:
# pass
if __name__ == "__main__":
# 基于socket进行多线程端口探测 (探测类型为 x.x.x.x:port x为自己指定的IP,port从1~65535)
# for i in range(1, 65535, 50):
# threading.Thread(target=find_port_socket, args=('117.78.49.99', i)).start()
# # 基于SCAPY进行多线程端口探测 SYN半连接 (探测类型为 x.x.x.x:port x为自己指定的IP,port从1~65535)
# for i in range(1, 500, 50):
# threading.Thread(target=find_port_scapy, args=('117.78.49.99', i)).start()
# 基于icmp进行多线程IP探测 但防火墙可能会对icmo数据包进行拦截,导致搜集到的IP不全 (探测的类型为 x.x.x.1~255,x为自己指定的网段)
# for i in range(1, 255, 15):
# threading.Thread(target=find_ip_icmp, args=(i,)).start()
# 基于SCAPY进行多线程IP探测 发的是ARP数据包 不会被拦截 (探测的类型为 x.x.x.1~255,x为自己指定的网段)
# for i in range(185, 255, 15):
# threading.Thread(target=find_ip_scapy, args=(i,)).start()