端口扫描器经常在渗透攻击时使用,是网络世界中了解其他主机的工具,下面是一个基于python的多线程的端口扫描器的代码
# coding=UTF-8
import optparse
import socket
import threading
screenLock = threading.Semaphore(value=1)
def connScan(tgtHost, tgtPort):
try:
connSkt = socket.socket(socket.AF_INET, socket.SOCK_STREAM)#建立socket连接
connSkt.connect((tgtHost, tgtPort))#连接到指定的IP地址和端口
connSkt.send('ViolentPython\r\n')#发送信息
results = connSkt.recv(100)#能接收到返回的信息则代表连接成功,该端口是打开的
screenLock.acquire()#因为是多线程允许,如果同时打印文字会使得文字混乱,加个互斥锁
print('[+]%d/tcp open' % tgtPort)#打印出打开的端口信息
print('[+] ' + str(results))#打印出该开启的端口的其他信息
except:
screenLock.acquire()
print('[-]%d/tcp closed' % tgtPort)#打印出端口关闭的信息
finally:
screenLock.release()#释放互斥锁
connSkt.close()
def portScan(tgtHost, tgtPorts):
try:
tgtIP = socket.gethostbyname(tgtHost)#解析主机名
except:
print "[-] Cannot resolve '%s': Unknown host" %tgtHost
return
try:
tgtName = socket.gethostbyaddr(tgtIP)
print('\n[+] Scan Results for: ' + tgtName[0])
except:
print('\n[+] Scan Results for: ' + tgtIP)
socket.setdefaulttimeout(1)
for tgtPort in tgtPorts:
print('Scanning port ' + str(tgtPort))
t = threading.Thread(target=connScan, args=(tgtHost, int(tgtPort)))#多线程运行
t.start()
def main():
parser = optparse.OptionParser('usage %prog –H <target host> -p <target port>')
parser.add_option('-H', dest='tgtHost', type='string', help='specify target host')
parser.add_option('-p', dest='tgtPort', type='int', help='specify target port')
(options, args) = parser.parse_args()
tgtHost = options.tgtHost
tgtPort = options.tgtPort
args.append(tgtPort)
if (tgtHost == None) | (tgtPort == None):
print('[-] You must specify a target host and port[s]!')
exit(0)
portScan(tgtHost, args)
if __name__ == '__main__':
main()
测试脚本