利用TCP全连接扫描方式对端口进行扫描,引入了信号量的概念,避免多线程过程中输出乱码的问题。
代码:
import optparse
from socket import *
from threading import *
screenLock = Semaphore(value=1)#信号量,当acquire()函数被调用时,计数器-1,当release()函数被调用时,计数器+1,当计数器为0时,acquire()将阻塞线程直到其他线程调用release()
#扫描函数
def connScan(tgtHost,tgtPort):
try:
connSkt = socket(AF_INET,SOCK_STREAM)
connSkt.connect((tgtHost,tgtPort))
connSkt.send('ViolentPython\r\n')
result = connSkt.recv(100)
screenLock.acquire() #加锁,使其他线程无法进入线程池
print('[+]%d/tcp open'%tgtPort)
print('[+]'+str(result))
except:
screenLock.acquire() #解锁
print('[-]%d/tcp closed'% tgtPort)
finally:
screenLock.release()
connSkt.close()
#获取域名ip,多线程的调用扫描函数
def portScan(tgtHost,tgtPorts):
try:
tgtIP = gethostbyname(tgtHost)
except:
print('[-]请检查域名')
return
try:
tgtName = gethostbyaddr(tgtIP)
print('\n [+] Scan')
except:
print('\n [+]')
setdefaulttimeout(1)
for tgtPort in tgtPorts:
t = Thread(target=connScan,args=(tgtHost,int(tgtPort)))
t.start()
#主函数,对脚本参数的定义
if __name__ == '__main__':
parser = optparse.OptionParser('usage%prog'+ '-H <target host> -p <target port>')
parser.add_option('-H',dest='tgtHost',type='string',help='specify target host')
parser.add_option('-P', dest='tgtPort', type='string', help='specify target port')
(options,args)=parser.parse_args()
tgtHost = options.tgtHost
tgtPort = str(options.tgtPort).split(',')
if (tgtHost == None)|(tgtPort == None):
print(parser.usage)
exit(0)
portScan(tgtHost,tgtPort)
总结:
- Semaphore:信号量,当acquire()函数被调用时,计数器-1,当release()函数被调用时,计数器+1,当计数器为0时,acquire()将阻塞线程直到其他线程调用release()
2.gethostbyname(hostname):
将host主机名转换为ipv4地址
3.gethostbyaddr(ip_address):
通过ip地址,返回包括主机名的三元组:(hostname, aliaslist, ipaddrlist)