slacr_

Just to record my life and thoughts.
笔记/编程/杂乱/极简

126Archives20Categories

[Python]简易TCP端口扫描

Dec 10, 2023Python1059 words in 7 min

作业

关于端口扫描

端口扫描是一种网络安全技术,用于识别目标主机上开放的网络端口。通过扫描目标主机的端口,可以了解主机上运行的网络服务和应用程序,并评估其安全性。端口扫描的主要用途是确认远程机器某个服务的可用性。按扫描的方式和目标的协议可以划分为:

  • 基于连接的扫描(Connection-based Scans)
    • 全连接扫描(TCP Connect Scan)
    • SYN 扫描(TCP SYN Scan)
  • 基于协议的扫描(Protocol-based Scans)
    • TCP 扫描
    • UDP 扫描

端口扫描的应用实例

Linux中nmap 和 nc 等shell工具

nmap

nmap 是一个功能强大的跨平台的网络探测和安全扫描工具, 可用于进行端口扫描、服务探测、操作系统识别、漏洞扫描等网络安全相关的任务。

nc

nc(netcat)是一个网络工具,可以在命令行上进行网络连接和数据传输。它也可以用于进行简单的端口扫描。

使用编程语言的网络库

通过使用编程语言(如Python、Go、Java等)的网络库,可以编写自定义的端口扫描脚本。通过建立网络连接并尝试连接到目标主机的各个端口,可以确定哪些端口是开放的。具体的实现方法因编程语言而异,但基本思路是相似的。

Python简单TCP扫描

Code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
import socket
import threading
import sys
import argparse
import pyfiglet
from datetime import datetime

# some colors
class bcolors:
    BLUE = '\033[94m'
    RED = '\033[31m'
    GREEN = '\033[92m'
    GOLD = '\033[93m'
    ENDC = '\033[0m'
    BOLD = '\033[1m'


# creating the tcp socket
def portscan(target, port, lock, isfilter):
    # use IPv4, tcp
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    # socket connetcion setup-time limit for 0.5s
    s.settimeout(0.5)
    isOpen = False
    try:
        con = s.connect((target,port))
        lock.acquire()  
        print(bcolors.GREEN + "[+] " + 'Port:', port, "status: Open")
        open_ports.append(port)
        lock.release()
    except socket.timeout as e:
        lock.acquire()  
        if not isfilter:
            print(bcolors.RED + "[x] " + 'Port:', port, "Status: Timeout")
            # print(bcolors.WARNING + "[-] " + str(e))
        lock.release()
    except socket.error as e:
        lock.acquire()  
        if not isfilter:
            print(bcolors.RED + "[x] " + 'Port:', port, "Status: Error:", str(e))
        lock.release()
    finally:
        s.close()
# add banner
def printBanner(width):
    ascii_banner = pyfiglet.figlet_format('TCP Port Scanner', font="slant", width=100)
    print (bcolors.BLUE + ascii_banner)
    print (bcolors.BLUE + "writed by @slacr".rjust(width))
    print (bcolors.BLUE + "inspired by @bvr0n".rjust(width) + bcolors.ENDC)


open_ports = []
def main():
    target = ""
    width = 80
    printBanner(width)

    parser = argparse.ArgumentParser()
    parser.add_argument('-t', '--target', help='set Target')
    parser.add_argument('-p', '--port', help='set Port Range (e.g. 1-2000 or 80)')
    parser.add_argument('-f', '--filter', action='store_true', help='only show open ports')
    args = parser.parse_args()


    if not args.target or not args.port:
        parser.print_help()
        exit()
    else:
        target = args.target
        port_range = args.port
    
    print(bcolors.GOLD + "-" * width)
    print("Scanning Target: " + target)
    start_time = datetime.now()
    print("Scanning started at:" + str(start_time))
    print("-" * width)
    print (bcolors.BOLD + "[+] Scanning TCP Ports: " + port_range)

    if '-' in port_range:
        start_port, end_port = port_range.split('-')
        start_port = int(start_port)
        end_port = int(end_port)
    else:
        start_port = int(port_range)
        end_port = int(port_range)
    
    # create thread lock, synchronize print out
    lock = threading.Lock() 

    # thread list
    threads = []
    
    # muti-thread portscan
    for port in range(start_port, end_port+1):
        t = threading.Thread(target=portscan,kwargs={'target':target, 'port':port, 'lock':lock, 'isfilter':args.filter})
        threads.append(t)
        t.start()
    
    # wait for all threads to finish
    for t in threads:
        t.join()
    
    # end
    print(bcolors.GOLD + "-" * width)
    print(bcolors.GOLD + "open_ports:" + " ".join(map(str, open_ports)))
    end_time = datetime.now()
    print("Scanning finished at:" + str(end_time))
    print("Scanning duration:", format((end_time - start_time).total_seconds() * 1000, '.6f'), "ms")
    print("-" * width)
if __name__ == '__main__':
    main()

实现方法简述

pyfiglet 模块实现打印脚本ASCII-art标题; argparse 获取命令行参数, 包括目的IPv4地址, 端口号或端口范围, 是否过滤失败信息; portscan函数使用Socket模块尝试建立TCP连接, 连接成功说明端口开放, 超时或错误打印对应提示信息; 采用多线程遍历端口号, 线程锁使打印输出同步; 最后输出扫描结果.

测试

测下我的新加坡VPS

参考

  1. bvr0n/PortScanner
  2. wikipedia-端口扫描
  3. Python-docs:socket
  • Author:

    slacr_

  • Copyright:

  • Published:

    December 10, 2023

  • Updated:

    December 10, 2023

Buy me a cup of coffee ☕.

read 1000000
1 关于端口扫描
2 端口扫描的应用实例
2.1 Linux中nmap 和 nc 等shell工具
2.1.1 nmap
2.1.2 nc
2.2 使用编程语言的网络库
3 Python简单TCP扫描
3.1 Code
3.2 实现方法简述
3.3 测试
4 参考