首先是最常用的端口扫描器:
虽说有nmap等强大的工具,不过如果由于条件限制无法安装Nmap呢?
我这个脚本写的比较简单,默认扫描1-65535全部的端口
实际的话,可以根据需要自己修改脚本来实现定制化扫描
# -*- coding:utf-8 -*-
__author__ = "Yiqing" import socket
import time
import thread
import optparse
import re socket.setdefaulttimeout(3) def port_scan(ip, port):
"""
对某一个IP的某一个端口进行扫描
:param ip: 目标
:param port: 端口
:return: None
"""
try:
if port > 65535 or port < 1:
print "[!] Port Scan End"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
result = s.connect_ex((ip, port))
if int(result) == 0:
lock.acquire()
print "[-] IP:" + str(ip) + " Port:" + str(port) + " Open"
lock.release()
s.close()
except Exception:
pass def ip_scan(ip):
"""
对IP的所有端口扫描
:param ip:目标
:return: None
"""
try:
print "[*] Start Port Scan : " + ip
start_time = time.time()
for port in range(1, 65535):
thread.start_new_thread(port_scan, (ip, int(port)))
print "[+] Port Scan Complete! Time:" + str(time.time() - start_time)
except Exception:
pass def main():
"""
输入参数处理
:return: None
"""
print "Welcome to PortScanner"
print "Author: %s Version:1.0" % __author__
parse = optparse.OptionParser(
'python %prog -H <target host>')
parse.add_option('-H', dest="target_host", type="string", help='specify the host')
(options, args) = parse.parse_args()
target_host = options.target_host
if target_host is not None and re.match(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', target_host):
ip_scan(target_host)
else:
exit() if __name__ == '__main__':
lock = thread.allocate_lock()
main()
time.sleep(3)
raw_input("Press Enter to Exit")
使用: