前面的文章中曾经发布了对指定IP进行批量端口扫描的方法和脚本,过PowerShell收发TCP和UDP消息包的方法以及通过PowerShell尝试登录SQLServer服务的方法,这构成了PSNet程序集用于通过PowerShell对网络状态进行操作。最近在不断尝试之下,找到了对指定范围的IP段进行扫描和对端口进行扫描的方法,本文将会介绍如何通过PowerShell批量扫描IP及其对应的端口。
依然在PSNet程序集的基础上进行扩展,首先在$env:PSSpace/PSNet/TCPOp下创建脚本文件Invoke-ScanIPPort.ps1,并在$env:PSSpace/PSNet/TCPOp/PSNet.psm1中添加对脚本文件的调用:
. $env:PSSpace/PSNet/TCPOp/Invoke-ScanIPPort.ps1
首先对后面代码中将会出现的变量进行介绍:
-StartAddress[扫描的起始IP地址],与-EndAddress配合使用,【此参数必须】
-EndAddress[扫描的结束IP地址],【此参数必须】
-ResolveHost[是否尝试对主机名尝试进行解析]
-ScanPort[是否进行端口扫描],如果要扫描端口此选项必须
-AllPort[是否对所有端口进行扫描],范围为1~65534(注意此选项扫描时间很长建议在选中单个IP的情况下进行使用,并且尽量少使用)
-StartPort[扫描的起始端口端口],与-EndPort配合使用,如果此选项与-Ports选项同时存在则-Port参数失效
-EndPort[扫描的结束端口]
-Ports扫描时默认扫描的端口,如果后续不带参数则仅扫描21,22,23,53,69,71,80,98,110,139,111,389,443,445,1080,1433,2001,2049,
3001,3128,5222,6667,6868,7777,7878,8080,1521,3306,3389,5801,5900,5555,5901如果后续带多个以逗号分割的多个数字则会扫描数字对应的端口,如果只扫描默认的端口,则不需此参数
-TimeOut超时时间,默认值为100ms(毫秒)
此函数的调用方式如下:
Invoke-ScanIPPort -StartAddress 192.168.10.1 -EndAddress 192.168.10.254#扫描IP段
Invoke-ScanIPPort -StartAddress 192.168.10.1 -EndAddress 192.168.10.254 –ResolveHost#扫描IP段,并尝试解析IP对应主机名
Invoke-ScanIPPort -StartAddress 192.168.10.1 -EndAddress 192.168.10.254 -ResolveHost –ScanPort#扫描IP段,并尝试扫描默认端口
Invoke-ScanIPPort -StartAddress 192.168.10.1 -EndAddress 192.168.10.254 -ResolveHost -ScanPort -TimeOut 50 #扫描IP段,尝试扫描默认端口,端口扫描50ms超时
Invoke-ScanIPPort -StartAddress 192.168.10.1 -EndAddress 192.168.10.254 -ResolveHost -ScanPort -Port 80 #扫描IP段,并尝试扫描80端口
Invoke-ScanIPPort -StartAddress 192.168.10.1 -EndAddress 192.168.10.1 -ResolveHost -ScanPort –AllPort#扫描ip,并尝试扫描所有1~65534之间端口
Invoke-ScanIPPort -StartAddress 192.168.10.1 -EndAddress 192.168.10.254 -ScanPort -StarPort 21 -EndPort 81#扫描IP段之间主机所有21至81之间的端口
上图来一张扫描过程中的图片
扫描结束后的结果:
代码如下:
Param(
[parameter(Mandatory = $true,
Position = 0)]
[ValidatePattern( " \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b ")]
[string] $StartAddress,
[parameter(Mandatory = $true,
Position = 1)]
[ValidatePattern( " \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b ")]
[string] $EndAddress,
[ switch] $ResolveHost,
[ switch] $ScanPort,
[ switch] $AllPort,
[int] $StartPort,
[int] $EndPort,
[int[]] $Ports = @(21,22,23,53,69,71,80,98,110,139,111,389,443,445,1080,1433,2001,`
2049,3001,3128,5222,6667,6868,7777,7878,8080,1521,3306,3389,5801,5900,5555,5901),
[int] $TimeOut = 100
)
Begin {
$ping = New-Object System.Net.Networkinformation.Ping
}
Process {
foreach( $a in ( $StartAddress.Split( " . ")[0].. $EndAddress.Split( " . ")[0])) {
foreach( $b in ( $StartAddress.Split( " . ")[1].. $EndAddress.Split( " . ")[1])) {
foreach( $c in ( $StartAddress.Split( " . ")[2].. $EndAddress.Split( " . ")[2])) {
foreach( $d in ( $StartAddress.Split( " . ")[3].. $EndAddress.Split( " . ")[3])) {
$ip = " $a.$b.$c.$d "
write-progress -activity " ScanIP Ping " -status " $ip " -percentcomplete (( $d/( $EndAddress.Split( " . ")[3])) * 100)
$pingStatus = $ping.Send( " $ip ", $TimeOut)
if( $pingStatus.Status -eq " Success ") {
if( $ResolveHost) {
write-progress -activity ResolveHost -status " $ip " -percentcomplete (( $d/( $EndAddress.Split( " . ")[3])) * 100) -Id 1
$getHostEntry = [Net.DNS]::BeginGetHostEntry( $pingStatus.Address, $null, $null)
}
if( $ScanPort) {
if( $AllPort) {
$Ports = @(1..65534)
}
if( $StartPort -ne $null -and $EndPort -ne $null){
$Ports = @( $StartPort.. $EndPort)
}
$openPorts = @()
for( $i = 1; $i -le $Ports.Count; $i++) {
$port = $Ports[( $i-1)]
write-progress -activity " PortScan[$port]$result " -status " $ip " -percentcomplete (( $i/( $Ports.Count)) * 100) -Id 2
$client = New-Object System.Net.Sockets.TcpClient
$beginConnect = $client.BeginConnect( $pingStatus.Address, $port, $null, $null)
if( $client.Connected) {
$openPorts += $port
} else {
# Wait
Start-Sleep -Milli $TimeOut
if( $client.Connected) {
$openPorts += $port
$length= $openPorts.length
$result= " [find $length ports.Last port $port] "
}
}
$client.Close()
}
}
if( $ResolveHost) {
$hostName = ([Net.DNS]::EndGetHostEntry([IAsyncResult] $getHostEntry)).HostName
}
# Return Object
if ( $openPorts -ne $null)
{
write-host " IPAddress " " $ip "
if ( $getHostEntry -ne $null)
{write-host " HostName " $getHostEntry}
write-host " Ports " $openPorts
}
}
}
}
}
}
}
End {
}
}
作者: 付海军
出处:http://fuhj02.cnblogs.com/
版权:本文版权归作者和博客园共有
转载:欢迎转载,为了保存作者的创作热情,请按要求【转载】,谢谢
要求:未经作者同意,必须保留此段声明;必须在文章中给出原文连接且保证内容完整!否则必究法律责任!
个人网站: http://txj.shell.tor.hu/