Python调用nmap对内网端口批量扫描

  1 # -*- encoding: utf-8 -*-
  2 # !/usr/bin/env python
  3
  4 import os
  5 import traceback
  6 import sys
  7 import datetime
  8 import re
  9 import json
 10 import logging
 11 from threading import Lock
 12
 13 from suds.client import Client
 14 from suds.xsd.doctor import Import, ImportDoctor
 15 from concurrent.futures import ThreadPoolExecutor, as_completed
 16 import nmap
 17 import random
 18 import time
 19
 20 if not os.path.dirname(os.getcwd()) in sys.path:
 21     sys.path.append(os.path.dirname(os.getcwd()))
 22 from exp.exploit import exploit
 23 from log.exceptionLog import exceptionLog
 24 from log.scanLog import scanLog
 25 from log.operationLog import operationLog
 26 from func_timeout import func_set_timeout
 27 from func_timeout.exceptions import FunctionTimedOut
 28
 29 FORMAT = ‘[%(asctime)-15s] [%(levelname)s] [%(filename)s %(levelno)s line] %(message)s‘
 30 logger = logging.getLogger()
 31 logging.basicConfig(format=FORMAT)
 32 logger.setLevel(logging.INFO)
 33
 34 port_define = "1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,  35         146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,  36         464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,  37         691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,  38         992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,  39         1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,  40         1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,  41         1433-1434,1443,1455,1461,1494,1500-1501,1503,1521-1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,  42         1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,  43         1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,  44         2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,  45         2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,  46         2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3050,  47         3052,3071,3077,3128,3168,3211,3221,3246,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,  48         3388-3390,3404,3476,3493,3511,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,  49         3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,   50         4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,   51         5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,   52         5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,   53         5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,   54         5959-5963,5984,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6379-6389,6443,6502,6510,6543,6547,   55         6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,   56         7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,   57         7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8235,   58         8254,8290-8292,8300-8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,   59         9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200-9202,9207,9220,9290,9300-9303,9415,9418,9485,   60         9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9943-9944,9968,9998-10004,10009-10010,10012,   61         10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11211,11967,12000,12174,   62         12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,   63         16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,   64         20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000-27020,27352-27353,27355-27356,27715,28201,   65         30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,   66         44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,   67         51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"
 68
 69
 70 class netScanner(object):
 71     ‘Scan the given ips and ports‘
 72
 73     def __init__(self):
 74         self.lock = Lock()
 75         self.ports = ‘‘
 76         self.args = ‘‘
 77         self.exploitPoolSize = 240
 78         self.exploitPool = ThreadPoolExecutor(self.exploitPoolSize)
 79
 80     def chunks(self, l, n):
 81         """Yield successive n-sized chunks from l."""
 82         for i in range(0, len(l), n):
 83             yield l[i:i + n]
 84
 85     def doscan(self, ip, ports=None, args=None):
 86         operationLog.write(ip + ‘ start scan‘)
 87         if ports == None:
 88             ports = self.ports
 89         if args == None:
 90             args = self.args
 91         try:
 92             nm = nmap.PortScanner()
 93             nm.scan(ip, ports, args)
 94             csv = nm.csv()
 95         except Exception as e:
 96             exstr = traceback.format_exc()
 97             exceptionLog.write(‘Exception scan: ‘ + ip + ‘:‘ + ports + ‘ ‘ + args)
 98             exceptionLog.write(exstr)
 99             return ip + ‘ Exception: ‘ + str(e)
100         operationLog.write(ip + ‘ done scan‘)
101         return ip + ‘ done scan!‘
102
103     @func_set_timeout(480)
104     def exploit(self, contentLine):
105         attacker = exploit()
106         contentArray = contentLine.split(‘;‘)
107         ip = contentArray[0]
108         port = int(contentArray[4])
109         protocol_name = contentArray[5]
110         service_name = contentArray[7]
111         result = [[ip, False, ip + ‘:‘ + str(port), ‘v0‘, ‘No vulnerabilities found‘]]
112         if service_name == ‘‘:
113             service_name = ‘None‘
114         with self.lock:
115             operationLog.write(
116                 ip + ‘:‘ + str(port) + ‘:‘ + protocol_name + ‘ with service name: ‘ + service_name + ‘ start exploit‘)
117         if contentArray[6] == ‘open‘:
118             print(‘exploiting + ‘ + ip + ‘ ‘ + str(port) + ‘ ‘ + protocol_name)
119             try:
120                 result = attacker.exploitall(ip, port, protocol_name, service_name)
121             except UnicodeEncodeError as e:
122                 exstr = traceback.format_exc()
123                 exceptionLog.write(‘Exception exploit: ‘ + ip + ‘:‘ + str(port))
124                 exceptionLog.write(str(e))
125                 with self.lock:
126                     operationLog.write(ip + ‘:‘ + str(port) + ‘:‘ + protocol_name + ‘ UnicodeEncodeError exploit‘)
127                 return ip + ‘:‘ + str(port) + ‘ Exception exploit!‘
128             except Exception as e:
129                 exstr = traceback.format_exc()
130                 exceptionLog.write(‘Exception exploit: ‘ + ip + ‘:‘ + str(port))
131                 exceptionLog.write(exstr)
132                 with self.lock:
133                     operationLog.write(ip + ‘:‘ + str(port) + ‘:‘ + protocol_name + ‘ Exception exploit‘)
134                 return ip + ‘:‘ + str(port) + ‘ Exception exploit!‘
135             finally:
136                 with self.lock:
137                     scanLog.writeScanLog(result)
138
139
140         else:
141             result = [[ip, False, ip + ‘:‘ + str(port), ‘v0‘, ‘No vulnerabilities found‘]]
142             with self.lock:
143                 scanLog.writeScanLog(result)
144         with self.lock:
145             operationLog.write(ip + ‘:‘ + str(port) + ‘:‘ + protocol_name + ‘ done exploit‘)
146         return ip + ‘:‘ + str(port) + ‘:‘ + protocol_name + ‘ done exploit!‘
147
148     def exploit_time_limit(self, contentLine):
149         contentArray = contentLine.split(‘;‘)
150         ip = contentArray[0]
151         port = int(contentArray[4])
152         protocol_name = contentArray[5]
153         service_name = contentArray[7]
154         result = [[ip, False, ip + ‘:‘ + str(port), ‘v0‘, ‘No vulnerabilities found‘]]
155         try:
156             return_str = self.exploit(contentLine)
157         except FunctionTimedOut as e:
158             with self.lock:
159                 scanLog.writeScanLog(result)
160                 operationLog.write(ip + ‘:‘ + str(port) + ‘:‘ + protocol_name + ‘ FunctionTimedOut exploit‘)
161             return ip + ‘:‘ + str(port) + ‘ FunctionTimedOut exploit!‘
162
163         return return_str
164
165     def get_ips_from_soc(self):
166
167         ip_set = []
168         f = open(‘IP2EXP.txt‘, ‘r‘)
169         result = list()
170         for line in f.readlines():
171             line = line.strip()
172             if not len(line) or line.startswith(‘#‘):
173                 continue
174             result.append(line)
175         ip_set = set(result)
176         ip_set = list(ip_set)
177
178         ip_set = set(ip_set)
179
180         return ip_set
181
182     def get_ips_alive(self, ports=None):
183         nm = nmap.PortScanner()
184         if ports == None:
185             with open(‘Port.txt‘) as portFile:
186                 ports = portFile.readline().strip(‘\n‘)
187                 if ports == None:
188                     return
189         self.ports = ports
190         input_file_name = " -iL IP2EXP.txt"
191         self.args = input_file_name + ‘ -P0 -T4 -n --host-timeout 180s --min-hostgroup 100 --min-parallelism 500‘
192         scinfo = nm.scan(arguments=self.args, ports=self.ports)
193         operationLog.write(‘nmap port scan done‘)
194         csv = nm.csv()
195         print(csv)
196         return csv
197
198     def main(self):
199         operationLog.write(‘scan started‘)
200         ip_set = self.get_ips_from_soc()
201         ip_set = list(ip_set)
202         # ip_set = ip_set[:-50]
203         ip_set = set(ip_set)
204         print(ip_set)
205         csv = self.get_ips_alive()
206         contents = csv.split(‘\r\n‘)
207         contents.remove(contents[0])
208         contents.pop()
209         contents = [line for line in contents if line.find(‘;open;‘) > -1]
210         alive_ip_list = [line.split(‘;‘)[0] for line in contents]
211         random.shuffle(contents)
212         with open(‘PORT_OPEN.txt‘, mode=‘w‘) as f:
213             for contentLine in contents:
214                 f.write(contentLine + ‘\n‘)
215         alive_ip_set = set(alive_ip_list)
216         dead_ip_set = ip_set - alive_ip_set
217         dead_result = [[ip, False, ip + ‘:No_Port_Open‘, ‘v0‘, ‘No vulnerabilities found‘]
218                        for ip in dead_ip_set]
219         with self.lock:
220             scanLog.writeScanLog(dead_result)
221         futures = []
222         result = []
223         result = self.exploitPool.map(self.exploit_time_limit, contents)
224         operationLog.write(‘start exploit‘)
225         self.exploitPool.shutdown()
226         # operationLog.write(len(result))
227         operationLog.write(‘scan finished‘)
228         return result
229
230     def test(self):
231         operationLog.write(‘test scan started‘)
232         ip_set = self.get_ips_from_soc()
233         ip_set = list(ip_set)
234         # ip_set = ip_set[:-50]
235         ip_set = set(ip_set)
236         print(ip_set)
237         csv = self.get_ips_alive()
238         contents = csv.split(‘\r\n‘)
239         contents.remove(contents[0])
240         contents.pop()
241         contents = [line for line in contents if line.find(‘;open;‘) > -1]
242         alive_ip_list = [line.split(‘;‘)[0] for line in contents]
243         random.shuffle(contents)
244         futures = []
245         result = []
246         with open(‘PORT_OPEN.txt‘, mode=‘w‘) as f:
247             for contentLine in contents:
248                 f.write(contentLine + ‘\n‘)
249         alive_ip_set = set(alive_ip_list)
250         dead_ip_set = ip_set - alive_ip_set
251         dead_result = [[ip, False, ip + ‘:No_Port_Open‘, ‘v0‘, ‘No vulnerabilities found‘]
252                        for ip in dead_ip_set]
253         with self.lock:
254             scanLog.writeScanLog(dead_result)
255         contents = list(self.chunks(contents, self.exploitPoolSize))
256         for tmp_ips in contents:
257             tmp_result = self.exploitPool.map(self.exploit_time_limit, tmp_ips)
258             operationLog.write(‘test start exploit‘)
259             self.exploitPool.shutdown()
260             operationLog.write(‘test shutdown‘)
261             result.extend(tmp_result)
262             operationLog.write(‘test stop exploit‘)
263             self.exploitPool = ThreadPoolExecutor(self.exploitPoolSize)
264             operationLog.write(‘test scan finished‘)
265         return result
266
267
268
269     def find_port_open(self, from_file=‘‘, to_file=‘‘, ips=[‘10.34.121.0/24‘], how=‘nmap‘,
270                        port=‘21,22,23,25,445,139,3389,3306,1521,8081‘, include_file=‘finger_ip.txt‘, rate=100):
271         logger.info(‘%s%s ‘ % (how, port))
272         logger.info(‘=====‘ * 5)
273         scan_result = []
274         if how == ‘masscan‘:
275             mas = masscan_zte.PortScanner()
276             if from_file != ‘‘:
277                 arg = ‘--rate %s --retries 0 --wait 10 -iL %s‘ % (rate, from_file)
278             else:
279                 with open(include_file, ‘wt‘) as f:
280                     f.writelines([ip + ‘\n‘ for ip in ips])
281                 arg = ‘--rate %s --retries 0 --wait 10 -iL %s‘ % (rate, include_file)
282             scan_result = list(mas.scan(ports=port, arguments=arg)[‘scan‘].keys())
283         elif how == ‘nmap‘:
284             nm = nmap.PortScanner()
285             if from_file != ‘‘:
286                 arg = ‘-P0 -sV -T4 -n --min-hostgroup 100 --min-rate %s  --max-rate %s --randomize-hosts -iL %s‘ % (
287                     rate, rate, from_file)
288             else:
289                 with open(include_file, ‘wt‘) as f:
290                     f.writelines([ip + ‘\n‘ for ip in ips])
291                 arg = ‘-P0 -sV -T4 -n --min-hostgroup 100 --min-rate %s  --max-rate %s --randomize-hosts -iL %s‘ % (
292                     rate, rate, include_file)
293             nm.scan(ports=port, arguments=arg)
294             scan_list = nm.csv().split(‘\r\n‘)
295             header = scan_list.pop(0).split(‘;‘)
296             scan_list.pop()
297
298         logger.info(‘%s%s‘ % (len(scan_list), port))
299         logger.info(‘=====‘ * 8)
300         if to_file != ‘‘:
301             with open(to_file, ‘wt‘) as f:
302                 f.writelines([ip + ‘\n‘ for ip in scan_list])
303         return scan_list
304
305     def exploit_multiple_ips(self, ips, ports):
306         operationLog.write(‘test scan started‘)
307         scan_list = self.find_port_open(ips=ips, port=ports)
308         futures = []
309         result = []
310         scan_list = [line for line in scan_list if line.find(‘;open;‘) > -1]
311         for contentLine in scan_list:
312             futures.append(self.exploitPool.submit(self.exploit, contentLine))
313
314         for x in as_completed(futures):
315             result.append(x.result())
316
317         operationLog.write(‘test scan finished‘)
318         return result
319
320
321 if __name__ == ‘__main__‘:
322
323     scanner = netScanner()
324     try:
325         #result = scanner.main()
326         result = scanner.test()
327         with open(‘scandone.txt‘, mode=‘w‘) as f:
328             for line in result:
329                 f.write(line + ‘\n‘)
330     except Exception as e:
331         exstr = traceback.format_exc()
332         print(exstr)
333         exceptionLog.write(exstr)

原文地址:https://www.cnblogs.com/AtesetEnginner/p/11149190.html

时间: 2024-10-31 18:25:19

Python调用nmap对内网端口批量扫描的相关文章

python调用nmap进行扫描

1 #coding=utf-8 2 3 import nmap 4 import optparse 5 import threading 6 import sys 7 import re 8 ''' 9 需安装python_nmap包,支持2.x以及3.x 10 python_nmap包提供了python调用nmap的一系列接口 11 12 (一)重要类及方法: 13 1.创建nmap扫描器 14 class PortScanner() 15 __init__(self, nmap_search

python 调用nmap

1.系统中需要安装nmap 2.系统中安装pip 2.安装python调用nmap的lib包 命令为:pip install python-nmap 以下是在centos系统下安装成功后的截图 在命令行下输入python,进入python的交互模式 引入nmap包,并设置好参数 >>> nm.scan(hosts=ip,arguments=arg) 可能的结果如下:

Python-通过调用Nmap来进行端口扫描

首先要安装python-nmap库,还要安装配置好nmap 实验机器IP:192.168.220.139 端口开放情况 代码 # -*- coding:utf-8 -*- __author__ = "MuT6 Sch01aR" import nmap def NmapScan(ip,port): Nmapscan = nmap.PortScanner(nmap_search_path=('nmap',r'C:\Program Files (x86)\Nmap\nmap.exe')) N

Python调用7zip命令实现解压

Python调用7zip命令实现文件批量解压 1.输入压缩文件所在的路径 2.可以在代码中修改解压到的文件路径和所需要解压的类型,列入,解压文件夹下面所有的mp4格式的文件 3.cmd 指的就是Python调用dos命令 ,紧跟着的x -r这些全是参考7zip使用书册,及抽取文件夹下所有的以mp4结尾的文件,把文件放入e盘,测试解压文件夹下的new文件夹 # 调用7z命令批量解压文件 import os folder_name = input("请输入文件夹:") os.chdir(f

python使用nmap端口扫描

第一版:只支持以逗号分隔的端口,不支持端口范围   Firstly:      sudo apt-get install nmap Secondly:pip install python-nmap Thirdly:copy the code bellow to a file like  scan_network.py #!/usr/bin/env python import nmap import optparse def nmapScan(tgtHost,tgtPort):    nmScan

批量扫描雏形之在Java中调用nmap进行主机探测

在Java中通过调用Runtime这个类可以执行其他的可执行程序,执行后返回一个进程(Process),利用Process这个类我们可以取得程序执行的回显,因此在Java中调用nmap进行主机探测的原理就很清晰了.通过给函数传递nmap所在路径和我们需要执行的命令即可 具体实现代码: /**  * 调用nmap进行扫描  * @param nmapDir nmap路径  * @param command 执行命令  *   * @return 执行回显  * */ public String g

『安全工具』Nmap 强悍的端口扫描工具

作为时下流行的端口扫描工具,Nmap有因其扫描的隐密性有“端口扫描之王”之称 上图是黑客帝国(The Matrix)中崔妮蒂用Nmap等工具入侵发电站的能源管理系统 0x 01 Nmap介绍 Nmap是一款用于网络发现和安全审计的安全工具,常用于端口扫描. 用法: nmap [扫描类型] [参数] 目标IP 1. 扫描类型 -sT TCP 连接扫描,会在目标主机中记录大量的链接请求和错误信息 -sS SYN扫描,只完成三次握手前两次,很少有系统记入日志,默认使用,需要root(admin)权限

python实现端口状态扫描

要实现端口状态扫描需要用到python的namp模块. 先到地址:https://pypi.python.org/pypi/python-nmap下载namp的软件包. 我这里下载的是0.6.1版本,OS是centos 7. 执行如下命令安装namp模块: cd python-nmap-0.6.1 python setup install python实现代码如下: #!/usr/bin/env python # -*- coding: utf-8 -*- #python version:  P

批量扫描IP端口程序 (适用于window&linux)

批量扫描IP端口,根据扫描IP导出IP命名的文件的结果.假设1.txt文件内容为127.0.0.1192.168.1.1然后我们获取文件内容IP进行扫描window .bat版本 :1.txt为文件名,根据需求进行修改 :C:\nmap\nmap-6.46\nmap.exe 为namp的路径,根据需求进行修改 :把1.txt与该扫描脚本放一起 @echo off for /f "delims=." %%i in (1.txt) do C:\nmap\nmap-6.46\nmap.exe