TCP端口扫描程序(tcp_connect扫描+tcp_syn扫描)Python
说明
Python2版本
Linux虚拟机(Ubuntu16.04)
tcp_connect扫描
TCPCONNECTSCAN.py文件
用法:IP地址输入格式:点分十进制(如192.168.0.1)
端口输入格式:端口号以逗号分隔,支持输入端口范围(如21,23,100-200),建议端口范围不要太大,会崩的。
# -*- coding: UTF-8 -*-
#Python2.7+Ubuntu
from socket import *
import threading
lock = threading.Lock()
openNum = 0
threads = []
def portScanner(host,port):
global openNum
try:
s = socket(AF_INET,SOCK_STREAM)
s.connect((host,port))
lock.acquire()
openNum+=1
print('[+] %d open' % port)
lock.release()
s.close()
except:
pass
def main():
setdefaulttimeout(1)
IP=raw_input('Input IP :')
PORT=raw_input('Input PORT:')
list = PORT.split(",")
for i in range(len(list)):
if list[i].isdigit():
t = threading.Thread(target=portScanner, args=(IP, int(list[i])))
threads.append(t)
t.start()
else:
newlist = list[i].split("-")
startPort = int(newlist[0])
endPort = int(newlist[1])
for p in range(startPort, endPort):
t = threading.Thread(target=portScanner, args=(IP, p))
threads.append(t)
t.start()
for t in threads:
t.join()
print('[*] The scan is complete!')
print('[*] A total of %d open port ' % (openNum))
if __name__ == '__main__':
main()
运行结果:
tcp_syn扫描
TCPSYNSCAN.py文件
格式如上
需要管理员权限运行
多线程没太明白,所以有点慢(是非常慢),待改进
# -*- coding: UTF-8 -*-
#Python2.7+Ubuntu
#use root privilege!!!!!
import time
import random
import socket
import sys
from struct import *
import threading
lock = threading.Lock()
openNum=0
threads = []
def checksum(msg):
''' Check Summing '''
s = 0
for i in range(0,len(msg),2):
w = (ord(msg[i]) << 8) + (ord(msg[i+1]))
s = s+w
s = (s>>16) + (s & 0xffff)
s = ~s & 0xffff
return s
def CreateSocket(source_ip,dest_ip):
''' create socket connection '''
try:
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
except socket.error as msg:
print ('Socket create error: ',str(msg[0]),'message: ',msg[1])
sys.exit()
''' Set the IP header manually '''
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
return s
def CreateIpHeader(source_ip, dest_ip):
''' create ip header '''
# packet = ''
# ip header option
headerlen = 5
version = 4
tos = 0
tot_len = 20 + 20
id = random.randrange(18000,65535,1)
frag_off = 0
ttl = 255
protocol = socket.IPPROTO_TCP
check = 10
saddr = socket.inet_aton ( source_ip )
daddr = socket.inet_aton ( dest_ip )
hl_version = (version << 4) + headerlen
ip_header = pack('!BBHHHBBH4s4s', hl_version, tos, tot_len, id, frag_off, ttl, protocol, check, saddr, daddr)
return ip_header
def create_tcp_syn_header(source_ip, dest_ip, dest_port):
''' create tcp syn header function '''
source = random.randrange(32000,62000,1) # randon select one source_port
seq = 0
ack_seq = 0
doff = 5
''' tcp flags '''
fin = 0
syn = 1
rst = 0
psh = 0
ack = 0
urg = 0
window = socket.htons (8192) # max windows size
check = 0
urg_ptr = 0
offset_res = (doff << 4) + 0
tcp_flags = fin + (syn<<1) + (rst<<2) + (psh<<3) + (ack<<4) + (urg<<5)
tcp_header = pack('!HHLLBBHHH', source, dest_port, seq, ack_seq, offset_res, tcp_flags, window, check, urg_ptr)
''' headers option '''
source_address = socket.inet_aton( source_ip )
dest_address = socket.inet_aton( dest_ip )
placeholder = 0
protocol = socket.IPPROTO_TCP
tcp_length = len(tcp_header)
psh = pack('!4s4sBBH', source_address, dest_address, placeholder, protocol, tcp_length);
psh = psh + tcp_header;
tcp_checksum = checksum(psh)
''' Repack the TCP header and fill in the correct checksum '''
tcp_header = pack('!HHLLBBHHH', source, dest_port, seq, ack_seq, offset_res, tcp_flags, window, tcp_checksum, urg_ptr)
return tcp_header
def get_host_ip():
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect(('8.8.8.8', 80))
source_ip = s.getsockname()[0]
finally:
s.close()
return source_ip
def syn_scan(source_ip, dest_ip, des_port) :
global openNum
lock.acquire()
s = CreateSocket(source_ip, dest_ip)
ip_header = CreateIpHeader(source_ip, dest_ip)
tcp_header = create_tcp_syn_header(source_ip, dest_ip, des_port)
packet = ip_header + tcp_header
s.sendto(packet, (dest_ip, 0))
data = s.recvfrom(1024) [0][0:]
ip_header_len = (ord(data[0]) & 0x0f) * 4
ip_header_ret = data[0: ip_header_len - 1]
tcp_header_len = (ord(data[32]) & 0xf0)>>2
tcp_header_ret = data[ip_header_len:ip_header_len+tcp_header_len - 1]#SYN/ACK flags
if(ord(tcp_header_ret[13]) == 0x12):
openNum+=1
print ("[+] %d open" % des_port)
lock.release()
def main():
#setdefaulttimeout(1)
source_ip=get_host_ip() #get my ip
dest_ip=raw_input('Input dest_ip :')
dest_port=raw_input('Input dest_port:')
list = dest_port.split(",")
for i in range(len(list)):
if list[i].isdigit():
t = threading.Thread(target=syn_scan, args=(source_ip, dest_ip,int(list[i])))
threads.append(t)
t.start()
else:
newlist = list[i].split("-")
startPort = int(newlist[0])
endPort = int(newlist[1])
for i in range(startPort,endPort):
t = threading.Thread(target=syn_scan, args=(source_ip, dest_ip,i))
threads.append(t)
t.start()
for t in threads:
t.join()
print('[*] The scan is complete!')
print('[*] A total of %d open port ' % (openNum))
if __name__=="__main__":
main()
运行结果:
主程序
scan.py文件
# -*- coding: UTF-8 -*-
#Python2.7+Ubuntu
#use root privilege to run!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
import TCPCONNECTSCAN
import TCPSYNSCAN
def gui():
print("*************************************************")
print("*Command Usage: *")
print("* 1:TCP_SYN_SCAN *")
print("* 2:TCP_CONNECT_SCAN *")
print("* 3:Quit *")
print("*************************************************")
gui()
choice=int(raw_input("Command:"))
while(choice!=3):
if(choice==1):
TCPSYNSCAN.main()
elif(choice==2):
TCPCONNECTSCAN.main()
elif(choice==3):
exit(0)
else:
print("Command Error")
gui()
choice=int(raw_input("Command:"))
gui()
choice=int(raw_input("Command:"))
把两个功能放一块了,heyhey
CSDN
https://blog.csdn.net/qq_28573835/article/details/84845715?spm=1001.2014.3001.5501