常用的端口扫描工具:netcat
nc -z -v -n IP 10-65535
如果简单的一台机器,几个端口没问题,很多台机器就麻烦了。
下面是一个多线程扫描的python小程序:使用telnet,默认扫TCP端口
#!/usr/bin/env python
import telnetlib
import threading
import queue
import logging
loggers = {}
server = telnetlib.Telnet()
def get_ip_status(a_ip, a_port):
try:
server.open(a_ip, a_port)
loggers[a_ip + '_open'].warning('{0} port {1} is open'.format(a_ip, a_port))
except Exception as err:
# print('{0} port {1} is not open'.format(a_ip, a_port))
loggers[a_ip + '_close'].error('{0} port {1} is not open'.format(a_ip, a_port))
finally:
server.close()
def check_open(a_q):
try:
while True:
the_ip, the_port = a_q.get_nowait()
get_ip_status(the_ip, the_port)
except queue.Empty as e:
print(e)
def init_logger(host_arr):
logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(name)s - %(levelname)s - %(message)s')
for h in host_arr:
loggers[h + '_open'] = get_logger(h + '_open.log')
loggers[h + '_close'] = get_logger(h + '_close.log')
def get_logger(name):
handler = logging.FileHandler(filename=name)
logger = logging.getLogger('port_scan_' + name)
logger.addHandler(handler)
return logger
if __name__ == '__main__':
host = ['10.10.10.1', '10.10.10.2', '10.10.10.3', '10.10.10.4']
init_logger(host)
q = queue.Queue()
[q.put((ip, port)) for ip in host for port in range(1, 65535)]
threads = []
n_thread = 100
for i in range(n_thread):
t = threading.Thread(target=check_open, args=(q,))
t.start()
threads.append(t)
for t in threads:
t.join()
线程数开100个,还是很快的,视端口数量而定,本机测试5个IP*6万
多个端口,大概需要1个小时才能跑完。