系统环境:Windows 10 64-bit
开发环境:vs2017
这是一个简单的基于完全连接的主机端口扫描器,原理很简单,创建套接字的时候与主机指定端口进行连接,连接成功则目的端口开放,否则未开放。
优点:实现简单
缺点:很容易被发现,导致检测报文被拦截,扫描结果出错。
#include <stdio.h>
#include <winsock.h>
#include <windows.h>
#pragma comment(lib,"ws2_32")
void usage(char *prog)
{
printf("Usage:%s 127.0.0.1 1 65535\n", prog);
printf("%s IP StartPort EndPort\n", prog);
}
int main(int argc, char *argv[])
{
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), FOREGROUND_INTENSITY | FOREGROUND_BLUE);
if (argc != 4)
{
usage(argv[0]);
return -1;
}
WSADATA wsa;
//初始化socket版本
if (WSAStartup(MAKEWORD(2, 2), &wsa) != 0)
{
printf("Winsock Dll init failed!\n");
return -1;
}
//定义当前端口和计数器
int nowport, count = 0;
int startport = atoi(argv[2]);
int endport = atoi(argv[3]);
//检查端口有效性
if (endport < startport)
{
printf("end port should larger than start port!\n");
return -1;
}
nowport = startport;
printf("start scanning......\n");
struct sockaddr_in sa;
for (nowport; nowport < endport; nowport++)
{
//目标主机信息
sa.sin_family = AF_INET;
sa.sin_addr.S_un.S_addr = inet_addr(argv[1]);
sa.sin_port = htons(nowport);
SOCKET sockFD = socket(AF_INET, SOCK_STREAM, 0);
if (sockFD == INVALID_SOCKET)
{
printf("socket create error!\n");
return -1;
}
int iTimeOut = 5000; //超时时间
setsockopt(sockFD, SOL_SOCKET, SO_RCVTIMEO, (char*)&iTimeOut, sizeof(iTimeOut));
printf("testing if %d port is open\n", nowport);
if (connect(sockFD, (const sockaddr*)&sa, sizeof(sa)) == SOCKET_ERROR)
{
closesocket(sockFD);
}
else
{
count++;
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), FOREGROUND_INTENSITY | FOREGROUND_RED);
printf("%s find %d port is open!\n", argv[1], nowport);
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), FOREGROUND_INTENSITY | FOREGROUND_BLUE);
closesocket(sockFD);
}
}
printf("Scan end...\nFind %d ports is open!\n", count);
WSACleanup();
return 0;
}
结果展示:
这个demo没有结合多线程进行实现,因此效率也比较低。
后续将实现TCP SYN扫描,尽量完善一点