import concurrent.futures
from scapy.all import *
from scapy.layers.dhcp import BOOTP, DHCP
from scapy.layers.inet import IP, UDP
from scapy.layers.l2 import Ether
def check_dhcp_server(ip):
# 禁用IP地址检查
conf.checkIPaddr = False
# 构造DHCP Discover数据包
dhcp_discover = Ether(dst="ff:ff:ff:ff:ff:ff") / \
IP(src="0.0.0.0", dst="255.255.255.255") / \
UDP(sport=68, dport=67) / \
BOOTP(chaddr="00:11:22:33:44:55", xid=RandInt()) / \
DHCP(options=[("message-type", "discover"), "end"])
# 发送数据包并等待回复
ans, _ = srp(dhcp_discover, timeout=30, iface=ip[2] + "mon",
multi=True, verbose=False)
# 检查回复的数据包中是否包含DHCP选项
for pkt in ans:
if pkt[DHCP]:
print(f"[+] DHCP Server found on {ip[2]}: {pkt[IP].src}")
return True
return False
def find_dhcp_servers(ip_range):
# 解析IP地址范围
ip_start = ip_range[0]
ip_end = ip_range[1]
ip_prefix = ".".join(ip_start.split(".")[:3]) + "."
# 构造IP地址列表
ips = [ip_prefix + str(i) for i in range(int(ip_start.split(".")[3]), int(ip_end.split(".")[3]) + 1)]
ips = [(ip, ip.split(".")[2]) for ip in ips]
# 使用多线程并发执行检查DHCP服务器的任务
with concurrent.futures.ThreadPoolExecutor(max_workers=50) as executor:
results = [executor.submit(check_dhcp_server, ip) for ip in ips]
# 处理任务结果
for future in concurrent.futures.as_completed(results):
try:
_ = future.result()
except Exception as e:
print(f"[-] Error: {e}")
if __name__ == '__main__':
# 设置IP地址范围并开始查找DHCP服务器
ip_range = ("192.168.0.1", "192.168.0.10")
find_dhcp_servers(ip_range)
我测试之后报了数组越界 为什么呢?
如果你遇到了数组越界的错误,很可能是因为在构造 IP 地址列表的时