0x00、前言
在云安全内部安全能力建设中,对云资产的端口扫描是一个必须要做的事情,因为开放一个端口对外提供一个服务都是扩大了您在云上攻击面。对于这种危险需要尽早的通知云上用户。那么如何对几万甚至几十万云主机做有效的端口扫描和精确的服务识别?这需要一套分布式的扫描系统来支撑。
0x01、实践的认知
在此之前,做了一些的小实践
方向3的代码如下:
我有几张阿里云幸运券分享给你,用券购买或者升级阿里云相应产品会有特惠惊喜哦!把想要买的产品的幸运券都领走吧!快下手,马上就要抢光了。
# coding=utf-8
#!/usr/env/bin python
//存储到redis
def store(result):
r=redis.Redis(host='127.0.0.1',port=6379,decode_responses=True,password=xxxx)
with open(result,'r') as f:
for line in f:
if line.startswith('{ '}:
try:
temp = json.loads(line[:-2])
tmp1=temp["ports"][0]
r.append(temp["ip"],str(tmp1["port"])+",")
except:
continue
return r
//masscan扫描模块
def Scan():
try:
global g_queue
while not g_queue.empty():
item = g_queue.get()
result = "result"+item+".json"
p = subprocess.Popen("/root/masscan/bin/masscan "+item+" -p T:21-23,25,80,81,88,110,143,443,1080,1433,1521,1158,3306-3308,3389,3690,5432,5900,6379,7001,8000,8080,9000,9418,27017-27019,50060,111,11211,2049 -oJ "+result, shell=True)
p.wait()
if p.returncode==0:
print ('ok')
if os.path.getsize(result) != 0:
print item
store(result)
if g_queue.qsize() == 0:
print (u'公有云高危端口扫描结束')
return "ok"
except Exception,e:
print e
return e
if __name__ == '__main__':
// ip地址压入队列
csvfile2 = file('xxx_public_ip.csv', 'r')
reader = csv.reader(csvfile2)
for x in reader:
ips = IP(x[0])
for y in ips:
g_queue.put(y.strNormal(0))
Nmap扫描模块
def NmapScan():
try:
global g_queue
while not g_queue.empty():
item = g_queue.get()
filename = item.split(' ')[1]+"_"+item.split(' ')[0]
result = "result"+filename.strip()+".xml"
print result
p = subprocess.Popen("/usr/bin/nmap -oX "+result+" -sV -p"+item, shell=True)
p.wait()
if p.returncode==0:
nmap_report = NmapParser.parse_fromfile(result)
for scanned_hosts in nmap_report.hosts:
print scanned_hosts.address
for serv in scanned_hosts.services:
if serv.state == "open":
m = serv.service_dict.get('extrainfo', '')
print m
if m.find('\'') != -1:
pass
else:
writer.writerow([scanned_hosts.address,str(serv.port),serv.service,serv.service_dict.get('product', ''),serv.service_dict.get('version', ''),serv.service_dict.get('extrainfo', '')])
print "size = ", g_queue.qsize()
if g_queue.qsize() == 0:
print (u'公网服务指纹扫描结束')
return "ok"
except Exception,e:
print e
return e
//从队列中读取扫描目标