1基于ICMP的主机发现
python脚本
#!/usr/bin/python
#coding:utf-8
from scapy.all import *
from random import randint
from optparse import OptionParser
def Scan(ip):
ip_id = randint(1, 65535)
icmp_id = randint(1, 65535)
icmp_seq = randint(1, 65535)
packet=IP(dst=ip,ttl=64,id=ip_id)/ICMP(id=icmp_id,seq=icmp_seq)/b'rootkit'
result = sr1(packet, timeout=1, verbose=False)
if result:
for rcv in result:
scan_ip = rcv[IP].src
print(scan_ip + '--->' 'Host is up')
else:
print(ip + '--->' 'host is down')
def main():
parser = OptionParser("Usage:%prog -i <target host> ")
parser.add_option('-i',type='string',dest='IP',help='specify target host') #获取ip地址
options,args = parser.parse_args()
print("Scan report for " + options.IP + "\n")
if '-' in options.IP:
for i in range(int(options.IP.split('-')[0].split('.')[3]), int(options.IP.split('-')[1]) + 1):
Scan(
options.IP.split('.')[0] + '.' + options.IP.split('.')[1] + '.' + options.IP.split('.')[2] + '.' + str(i))
time.sleep(0.2
)
else:
Scan(options.IP)
print("\nScan finished!....\n")
if __name__ == "__main__":
try:
main()
except KeyboardInterrupt:
print("interrupted by user, killing all threads")
Windows下使用bat
@echo off
set /p ip="请输入IP地址段,格式如:"192.168.1." >>> "
for /L %%i in (1,1,254) do (
Ping.exe -n 1 -l 16 -w 100 %ip%%%i |findstr TTL= >nul && echo %ip%%%i is up. || echo %ip%%%i is down.
)
echo 检测ping完成!& pause
linux下的bash脚本
#!/bin/bash
$ip
read -p "please inpur ip :" ip
for((i=0;i<=255;i++)); do
ping -c 1 -W 0.1 $ip$i > /dev/null && echo "$ip$i is up." || echo "$ip$i is down."
done
echo "检测ping完成"
2.基于TCP的主机发现
import os
import time
from optparse import OptionParser
from random import randint
from scapy.all import *
def scan(ip):
try:
dport = random.randint(1, 65535 )
packet = IP(dst=ip)/TCP(flags="A",dport=dport) #ack标志包
respone = sr1(packet,timeout=1.0, verbose=0)
if respone:
if int(respone[TCP].flags) == 4:
time.sleep(0.5)
print(ip + ' ' + "is up.")
else:
print(ip + ' ' + 'is down.')
else:
print(ip + ' ' + 'is down.')
except:
pass
def main():
usage = "Usage: %prog -i <ip address>"
parse = OptionParser(usage=usage)
parse.add_option("-i", '--ip', type='string', dest='targetIP', help='specify the IP address')
options, args = parse.parse_args()
if '-' in options.targetIP:
for i in range(int(options.targetIP.split('-')[0].split('.')[3]), int(options.targetIP.split('-')[1]) + 1):
scan(options.targetIP.split('.')[0] + '.' + options.targetIP.split('.')[1] + '.' + options.targetIP.split('.')[2] + '.' + str(i))
else:
scan(options.targetIP)
if __name__ == "__main__":
main()
3.基于UDP的主机发现
import os
import time
from optparse import OptionParser
from random import randint
from scapy.all import *
def scan(ip):
try:
dport = random.randint(1, 65535)
packet = IP(dst=ip)/UDP(dport=80)
respone = sr1(packet, timeout=1.0, verbose=0)
if respone:
if int(respone[IP].proto) == 1:
time.sleep(0.5)
print(ip + ' ' + 'is up.')
else:
print(ip + ' ' + 'is down.')
else:
print(ip + ' ' + 'is down.')
except:
pass
def main():
usage = "Usage: %prog -i <ip address>"
parse = OptionParser(usage=usage)
parse.add_option("-i", '--ip', type='string', dest='targetIP', help='specify the IP address')
options, args = parse.parse_args()
if '-' in options.targetIP:
for i in range(int(options.targetIP.split('-')[0].split('.')[3]), int(options.targetIP.split('-')[1]) + 1):
scan(options.targetIP.split('.')[0] + '.' + options.targetIP.split('.')[1] + '.' + options.targetIP.split('.')[2] + '.' + str(i))
else:
scan(options.targetIP)
if __name__ == "__main__":
main()
4.[端口扫描]
(https://blog.csdn.net/qq_34640691/article/details/109319197)