网络攻击的一般步骤就是找到目标网络,扫描目标主机开放端口,找到主机弱点,隐藏地址并发动攻击,抹除攻击痕迹并留下后门。
扫描端口windows有很多软件可以使用,但是Linux可以自己写一个小脚本来实现简单的扫描端口。
下面是多进程扫描目的ip的python代码
#!/usr/local/python3.6.3/bin/python3.6
# coding = utf-8
import socket
import datetime
import re
from concurrent.futures import ThreadPoolExecutor, wait
DEBUG = False
def check_ip(ipAddr):
compile_ip = re.compile('^(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|[1-9])\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)$')
if compile_ip.match(ipAddr):
return True
else:
return Fals
def portscan(ip, port):
try:
s = socket.socket()
s.settimeout(0.2)
s.connect((ip, port))
openstr = f'[+] {ip} port:{port} open'
print(openstr)
except Exception as e:
if DEBUG is True:
print(ip + str(port) + str(e))
else:
return f'[+] {ip} port:{port} error'
finally:
s.close
def main():
while True:
ip = input("enter ip:")
if check_ip(ip):
start_time = datetime.datetime.now()
executor = ThreadPoolExecutor(max_workers=100)
t = [executor.submit(portscan, ip, n) for n in range(1, 65536)]
if wait(t, return_when='ALL_COMPLETED'):
end_time = datetime.datetime.now()
print("扫描完成,用时:", (end_time - start_time).seconds)
break
if __name__ == '__main__':
main()
这里再写一个扫描域名端口的
# -*- coding:utf-8 -*-
'''
使用多线程,检测一个目标地址的端口开放情况,目标地址由用户输入,端口暂时定义为0~1024,
检测TCP连接是否成功,如果连接成功,则端口开放,不成功则端口关闭
'''
import socket
import threading
def main():
host = input('please input domain:')
portList = range(0,11025)
openPorts = threadingPortScan(host, portList)
print(host,'open ports:', openPorts)
# 对给定的(ip, port)进行TCP连接扫描
def tcpPortScan(ip, port, openPort):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # 创建套接字
sock.settimeout(0.1) # 设置延时时间
try:
result = sock.connect_ex((ip, port))
if result == 0:
openPort.append(port) # 如果端口开放,就把端口port赋给openPort
except:
pass
sock.close() # 关闭套接字
def threadingPortScan(host, portList, openPorts = []):
hostIP = socket.gethostbyname(host) # 获取域名对应的IP地址
nloops = range(len(portList))
threads = []
for i in nloops:
threads[i].join()
return openPorts # 返回值为该域名下开放的端口列表
if __name__ == '__main__':
main()
for i in nloops:
t = threading.Thread(target=tcpPortScan, args=(hostIP, portList[i], openPorts))
threads.append(t)
for i in nloops:
threads[i].start()
以上python版本为3.7
程序运行结果我就不展示了,大家可以自己试一试。