第一步:安装masscan
yum安装(适用于RedHat系类及其衍生版本)
yum install masscan
apt安装(适合debian系列以及其衍生版本)
apt-get install masscan
第二步:使用masscan扫描靶机
靶机地址为:192.168.68.139
参数解析:-p指定端口;--rate指定同时发包数
扫描命令以及结果结果:
root@xw:~# masscan -p0-65535 192.168.68.139 --rate=10000000
Starting masscan 1.0.4 (http://bit.ly/14GZzcT) at 2017-11-27 02:46:00 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [65536 ports/host]
Discovered open port 43967/tcp on 192.168.68.139
Discovered open port 21/tcp on 192.168.68.139
Discovered open port 512/tcp on 192.168.68.139
Discovered open port 50993/tcp on 192.168.68.139
Discovered open port 1524/tcp on 192.168.68.139
Discovered open port 8180/tcp on 192.168.68.139
Discovered open port 513/tcp on 192.168.68.139
Discovered open port 8009/tcp on 192.168.68.139
Discovered open port 6000/tcp on 192.168.68.139
Discovered open port 111/tcp on 192.168.68.139
Discovered open port 3632/tcp on 192.168.68.139
Discovered open port 39281/tcp on 192.168.68.139
Discovered open port 6697/tcp on 192.168.68.139
Discovered open port 22/tcp on 192.168.68.139
Discovered open port 3306/tcp on 192.168.68.139
Discovered open port 53/tcp on 192.168.68.139
Discovered open port 514/tcp on 192.168.68.139
Discovered open port 34462/tcp on 192.168.68.139
Discovered open port 6667/tcp on 192.168.68.139
Discovered open port 25/tcp on 192.168.68.139
Discovered open port 2121/tcp on 192.168.68.139
Discovered open port 80/tcp on 192.168.68.139
Discovered open port 445/tcp on 192.168.68.139
Discovered open port 8787/tcp on 192.168.68.139
Discovered open port 23/tcp on 192.168.68.139
Discovered open port 139/tcp on 192.168.68.139
Discovered open port 5432/tcp on 192.168.68.139
Discovered open port 2049/tcp on 192.168.68.139
Discovered open port 1099/tcp on 192.168.68.139
Discovered open port 5900/tcp on 192.168.68.139
结果解析:masscan扫描速度极快,但是其结果不是按端口大小排序的,使用Python写脚本完成排序
脚本如下:
masscan-port.py
#!/usr/bin/env python3 #coding:utf-8 #作者:TIDE #许可:GPL import re Port ={} Port1 =[] f = open('mas.txt') line = f.readline() while line: Port[(re.search(r'port ([\d.]+)/tcp' , line)).group(1)]=line Port1.append(int((re.search(r'port ([\d.]+)/tcp' , line)).group(1))) #print((re.search(r'port ([\d.]+)/tcp' , line)).group(1)) line =f.readline() f.close() Port1.sort() for i in range(0,len(Port1)): print(Port[str(Port1[i])])
输出结果:
"D:\Program Files\Python36\python.exe" "D:/PycharmProjects/CTF GAME/masscan-port.py" Discovered open port 21/tcp on 192.168.68.139 Discovered open port 22/tcp on 192.168.68.139 Discovered open port 23/tcp on 192.168.68.139 Discovered open port 25/tcp on 192.168.68.139 Discovered open port 53/tcp on 192.168.68.139 Discovered open port 80/tcp on 192.168.68.139 Discovered open port 111/tcp on 192.168.68.139 Discovered open port 139/tcp on 192.168.68.139 Discovered open port 445/tcp on 192.168.68.139 Discovered open port 512/tcp on 192.168.68.139 Discovered open port 513/tcp on 192.168.68.139 Discovered open port 514/tcp on 192.168.68.139 Discovered open port 1099/tcp on 192.168.68.139 Discovered open port 1524/tcp on 192.168.68.139 Discovered open port 2049/tcp on 192.168.68.139 Discovered open port 2121/tcp on 192.168.68.139 Discovered open port 3306/tcp on 192.168.68.139 Discovered open port 3632/tcp on 192.168.68.139 Discovered open port 5432/tcp on 192.168.68.139 Discovered open port 5900/tcp on 192.168.68.139 Discovered open port 6000/tcp on 192.168.68.139 Discovered open port 6667/tcp on 192.168.68.139 Discovered open port 6697/tcp on 192.168.68.139 Discovered open port 8009/tcp on 192.168.68.139 Discovered open port 8180/tcp on 192.168.68.139 Discovered open port 8787/tcp on 192.168.68.139 Discovered open port 34462/tcp on 192.168.68.139 Discovered open port 39281/tcp on 192.168.68.139 Discovered open port 43967/tcp on 192.168.68.139 Discovered open port 50993/tcp on 192.168.68.139 Process finished with exit code 0