UDP端口扫描
基于端口的扫描,都是针对存活的主机而言的,使用UDP端口扫描时,如果端口开放,则目标系统不响应(可能产生误判),如果端口不开放,则目标系统会响应端口不可达,代表该端口没有开放;
scapy测试
端口关闭:ICMP port-unreachable;
端口开放:没有回包;
root@root:~# scapy
WARNING: No route found for IPv6 destination :: (no default route?)
INFO: Can't import python ecdsa lib. Disabled certificate manipulation tools
Welcome to Scapy (2.3.3)
>>> a=sr1(IP(dst="192.168.37.128")/UDP(dport=53),timeout=1,verbose=0)
>>> a.display() #报错是因为端口开放,没有回包
Traceback (most recent call last):
File "<console>", line 1, in <module>
AttributeError: 'NoneType' object has no attribute 'display'
>>> a=sr1(IP(dst="192.168.37.128")/UDP(dport=90),timeout=1,verbose=0)
>>> a.display() #目标主机的该端口没有开放
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 56
id= 3342
flags=
frag= 0L
ttl= 128
proto= icmp
chksum= 0x6163
src= 192.168.37.128
dst= 192.168.37.131
\options\
###[ ICMP ]###
type= dest-unreach
code= port-unreachable
chksum= 0xc96a
reserved= 0
length= 0
nexthopmtu= 0
###[ IP in ICMP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 28
id= 1
flags=
frag= 0L
ttl= 64
proto= udp
chksum= 0xae7c
src= 192.168.37.131
dst= 192.168.37.128
\options\
###[ UDP in ICMP ]###
sport= domain
dport= 90
len= 8
chksum= 0x32fb
脚本实现扫描
#!/usr/bin/python
#Author:橘子女侠
#该脚本用于实现扫描多个端口
from scapy.all import*
import time
import sys
if len( sys.argv ) !=4:
print "Example - ./udp_scan.py 1.1.1.1 1 100"
sys.exit()
ip=sys.argv[1]
start=int(sys.argv[2])
end=int(sys.argv[3])
for port in range(start,end+1):
a=sr1(IP(dst=ip)/UDP(dport=port),timeout=5,verbose=0)
time.sleep(1) #防止因扫描过快,造成误判
if a==None:
print(port)
else:
pass
Nmap
nmap -sU 1.1.1.1
默认的1000个参数端口
基于ICMP host-unreachable ICMP返回值为1
namp 1.1.1.1 -sU -p 53
namp -iL iplist.txt -sU -P 1-200
-P -默认针对6W个端口扫描
TCP端口扫描
基于三次握手连接
最低0.47元/天 解锁文章
1987
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
