@conf.commands.register
def send(x, inter=0, loop=0, count=None,
verbose=None, realtime=None,
return_packets=False, socket=None, *args, **kargs):
"""Send packets at layer 3
send(packets, [inter=0], [loop=0], [count=None], [verbose=conf.verb], [realtime=None], [return_packets=False], # noqa: E501
[socket=None]) -> None"""
need_closing = socket is None
socket = socket or conf.L3socket(*args, **kargs)
results = __gen_send(socket, x, inter=inter, loop=loop,
count=count, verbose=verbose,
realtime=realtime, return_packets=return_packets)
if need_closing:
socket.close()
return results
send
从图中可以看出send函数是发送三层的数据包,例如IP()/TCP()/PACKET
syn泛洪攻击时可以使用,只发送不接收,自然也不回复,去消耗资源。
sendp
@conf.commands.register
def sendp(x, inter=0, loop=0, iface=None, iface_hint=None, count=None,
verbose=None, realtime=None,
return_packets=False, socket=None, *args, **kargs):
"""Send packets at layer 2
sendp(packets, [inter=0], [loop=0], [iface=None], [iface_hint=None], [count=None], [verbose=conf.verb], # noqa: E501
[realtime=None], [return_packets=False], [socket=None]) -> None"""
if iface is None and iface_hint is not None and socket is None:
iface = conf.route.route(iface_hint)[0]
need_closing = socket is None
socket = socket or conf.L2socket(iface=iface, *args, **kargs)
results = __gen_send(socket, x, inter=inter, loop=loop,
count=count, verbose=verbose,
realtime=realtime, return_packets=return_packets)
if need_closing:
socket.close()
return results
发送接收函数
sr1
@conf.commands.register
def sr1(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs):
"""Send packets at layer 3 and return only the first answer"""
iface = _interface_selection(iface, x)
s = conf.L3socket(promisc=promisc, filter=filter,
nofilter=nofilter, iface=iface)
ans, _ = sndrcv(s, x, *args, **kargs)
s.close()
if len(ans) > 0:
return ans[0][1]
else:
return None
sr1
发送,并只保存接收的第一个数据包。
from scapy.layers.inet import IP, TCP
from scapy.sendrecv import sr1
SRC_IP = "192.168.31.164"
DST_IP = "121.17.123.130"
def visitBaidu():
pkt = IP(src=SRC_IP, dst=DST_IP) / TCP()
print(pkt.show())
res = sr1(pkt)
print(res.summary())
if __name__ == "__main__":
visitBaidu()
sr1抓包结果
应用
地址段IP发现-Ping
import ipaddress
import multiprocessing
import random
from scapy.layers.inet import IP, ICMP
from scapy.sendrecv import sr1
DIP = "121.17.123.1/24"
BNUM = 20
TNUM = 64
def getBytes(num):
res = ''.join(random.sample('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567', num))
return bytes(res, encoding='utf-8')
def ping(ip):
pkt = IP(dst=ip) / ICMP() / getBytes(BNUM)
res = sr1(pkt, timeout=5, verbose=False)
if res:
return True, ip
else:
return False, ip
def getIpList(ip):
temp = ipaddress.ip_network(ip, False).hosts()
ipList = []
for i in temp:
ipList.append(str(i))
return ipList
def ipScan(ip, num):
ipList = getIpList(ip)
pool = multiprocessing.Pool(processes=int(TNUM))
result = pool.map(ping, ipList)
pool.close()
pool.join()
for res, ip in result:
if res:
print(ip)
if __name__ == "__main__":
ipScan(DIP, TNUM)
ip发现
采用了进程池,有时间再整理下进程(池),线程(池)
端口扫描
# /usr/bin/env python3
# _*_ coding:utf-8 _*_
# auther: saucerman
# project: https://github.com/saucer-man/penetration-script
"""
基于python-nmap的端口扫描器
pip install python-nmap
"""
import sys
import time
from colorama import init, Fore, Back, Style
import getopt
# 颜色定义
init(autoreset=True)
class Colored(object):
def red(self, s):
return Fore.RED + s + Fore.RESET
def blue(self, s):
return Fore.BLUE + s + Fore.RESET
def yellow(self, s):
return Fore.YELLOW + s + Fore.RESET
color = Colored()
try:
import nmap
except:
print("FATAL: Module nmap missing (python-nmap)")
sys.exit(1)
# 使用说明
def usage():
print(color.blue('Usage: port scanner'))
print(color.blue('\t-h/--host:\tpoint the target to scan'))
print(color.blue('\t-p/--port:\tpoint the port to scan(not nessesary)'))
print(color.blue('Examples:'))
print(color.blue('\tpython port_scanner.py -h 10.10.10.1'))
print(color.blue('\tpython port_scanner.py -h 10.10.10.1 -p 80,443,8080'))
print(color.blue('\tpython port_scanner.py -h 10.10.10.1 -p 1-1024'))
print(color.blue('\nSEE THE MAN PAGE (https://github.com/saucer-man/saucer-frame) FOR MORE OPTIONS AND EXAMPLES'))
sys.exit(0)
# 扫描
def scanner(host, ports):
nm = nmap.PortScanner()
try:
print('Scanner report for %s\n' % host)
if len(ports) == 0:
result = nm.scan(host)
else:
result = nm.scan(host, ports)
if result['nmap']['scanstats']['uphosts'] == '0':
print(color.red('Host seems down'))
else:
print('Host is up')
print("{:<7}\t{:<7}\t{:<7}\t{:<7}".format('PORT', 'STATE', 'SERVICE', 'VERSION'))
for k, v in result['scan'][host]['tcp'].items():
if v['state'] == 'open':
print(color.yellow("{:<7}\t{:<7}\t{:<7}\t{:<7}".format(str(k), v['state'], v['name'],
v['product'] + v['version'])))
else:
print(color.yellow("{:<7}\t{:<7}".format(str(k), v['state'])))
except Exception as e:
print(color.red("unhandled Option"))
usage()
def main():
start = time.time()
# 解析命令行
if not len(sys.argv[1:]):
usage()
try:
opts, args = getopt.getopt(sys.argv[1:], "h:p:",
["host=", "port="])
except:
print(color.red("unhandled Option"))
usage()
ports = ''
for o, a in opts:
if o == "-h" or o == "--host":
host = a
elif o == "-p" or o == "--port":
ports = a
print("Starting port scanner...")
scanner(host, ports)
end = time.time()
print('\n\nScanner down with %0.6f seconds.' % (end - start))
if "__main__" == __name__:
main()
端口发现
这个脚本不是我写的,使用了nmap包,我还没看过命令解析的内容。
403
以为谁写的网站,结果给我403了
更多脚本查看:网络安全-python脚本资源整理
最后
自我介绍一下,小编13年上海交大毕业,曾经在小公司待过,也去过华为、OPPO等大厂,18年进入阿里一直到现在。
深知大多数网络安全工程师,想要提升技能,往往是自己摸索成长,但自己不成体系的自学效果低效又漫长,而且极易碰到天花板技术停滞不前!
因此收集整理了一份《2024年网络安全全套学习资料》,初衷也很简单,就是希望能够帮助到想自学提升又不知道该从何学起的朋友。
既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,基本涵盖了95%以上网络安全知识点!真正的体系化!
如果你觉得这些内容对你有帮助,需要这份全套学习资料的朋友可以戳我获取!!
由于文件比较大,这里只是将部分目录截图出来,每个节点里面都包含大厂面经、学习笔记、源码讲义、实战项目、讲解视频,并且会持续更新!
Z7-1715440954598)]
[外链图片转存中…(img-qMmEjHp1-1715440954598)]
[外链图片转存中…(img-vWIA6egv-1715440954598)]
既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,基本涵盖了95%以上网络安全知识点!真正的体系化!
如果你觉得这些内容对你有帮助,需要这份全套学习资料的朋友可以戳我获取!!
由于文件比较大,这里只是将部分目录截图出来,每个节点里面都包含大厂面经、学习笔记、源码讲义、实战项目、讲解视频,并且会持续更新!
扫一扫
505
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
