7  

2 questions here:

这里有2个问题:

1. Am I missing something

我错过了什么

2. Is there another way to implement this?

还有其他方法可以实现吗?

Am I missing something

I think it’s worth checking error codes here:

我认为值得在此检查错误代码:

if code == 0: 
    return True
else:
    return False

given that you’re trying to run a pool of ! 10K threads all kind of errors might follow here - i.e. reach some system/your user limits (check out ulimit -a) and you would treat such errors as a closed port without a notice. It might explain unstable results you experience.

鉴于你正试图运行一个池! 10K线程可能会出现所有类型的错误 - 即达到某个系统/您的用户限制(检查ulimit -a),您可以将此类错误视为封闭端口而不通知。它可能解释您遇到的不稳定结果。

BTW on my MacBook the results are consistent (checking against my live server on a VPS hosting)

BTW在我的MacBook上结果是一致的(在VPS主机上查看我的实时服务器)

I’d also pick fewer number of threads - 10K is an overkill. For example, here are the default values suggested in the python docs:

我也会选择更少的线程--10K是一种矫枉过正。例如,以下是python文档中建议的默认值:

Changed in version 3.5: If max_workers is None or not given, it will default to the number of processors on the machine, multiplied by 5, assuming that ThreadPoolExecutor is often used to overlap I/O instead of CPU work and the number of workers should be higher than the number of workers for ProcessPoolExecutor

在版本3.5中更改:如果max_workers为None或未给出,则默认为机器上的处理器数量乘以5,假设ThreadPoolExecutor经常用于重叠I / O而不是CPU工作且工作者数量应该高于ProcessPoolExecutor的工作者数量

Is there another way to implement this?

First of all, there’s no need to use threads/processes - non-blocking sockets + event multiplexors like epoll are around for years so you’d be able to get away without having additional threads/processed whatsoever.

首先,没有必要使用线程/进程 - 非阻塞套接字+像epoll这样的事件多路复用器已存在多年,所以你可以在没有额外线程/处理的情况下逃脱。

The method to connect/close is also suboptimal, because you just need to check if a port is open or not - you don’t need a full-on TCP connection here.

连接/关闭的方法也不是最理想的,因为您只需要检查端口是否打开 - 这里不需要全连接TCP连接。

In the simplest case, you just need to send a SYN segment and check what the server would respond.

在最简单的情况下,您只需发送一个SYN段并检查服务器将响应什么。

Here’s a good article with a dozen of methods using scapy

这是一篇很好的文章,其中包含十几种使用scapy的方法

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.).

Scapy是一个功能强大的交互式数据包操作程序。它能够伪造或解码大量协议的数据包,通过线路发送它们,捕获它们,匹配请求和回复等等。它可以轻松处理大多数经典任务,如扫描,跟踪路由,探测,单元测试,攻击或网络发现(它可以取代hping,85%的nmap,arpspoof,arp-sk,arping,tcpdump,tethereal,p0f等)。

Here’s one of the methods description (“TCP connect scan”):

这是方法描述之一(“TCP连接扫描”):

The client sends the first handshake using the SYN flag and port to connect to the server in a TCP packet. If the server responds with a RST instead of a SYN-ACK, then that particular port is closed on the server

客户端使用SYN标志和端口发送第一次握手,以连接到TCP数据包中的服务器。如果服务器使用RST而不是SYN-ACK进行响应,则在服务器上关闭该特定端口

And one more method (“TCP stealth scan”):

还有一种方法(“TCP隐形扫描”):

This technique is similar to the TCP connect scan. The client sends a TCP packet with the SYN flag set and the port number to connect to. If the port is open, the server responds with the SYN and ACK flags inside a TCP packet. But this time the client sends a RST flag in a TCP packet and not RST+ACK, which was the case in the TCP connect scan. This technique is used to avoid port scanning detection by firewalls

此技术类似于TCP连接扫描。客户端发送一个TCP数据包,其中设置了SYN标志和要连接的端口号。如果端口打开,服务器将使用TCP数据包内的SYN和ACK标志进行响应。但是这次客户端在TCP数据包中发送RST标志而不是RST + ACK,这是TCP连接扫描中的情况。此技术用于避免防火墙检测端口扫描

Of course if just want to play with sockets/threads your approach would also be fine even without pcap/scapy

当然,如果只想玩套接字/线程,你的方法即使没有pcap / scapy也会很好

5  

I tried your code on jupyter notebook and I always get the same set of ports:

我在jupyter笔记本上尝试了你的代码,我总是得到相同的端口集:

get_open_ports('127.0.0.1')

Output:

[133, 200, 144...60700]

[133,200,144 ... 60700]

Could it be possible that a different number of ports are open at a particular time for the host being queried?

是否有可能在特定时间打开不同数量的端口以供查询主机?

To verify for a small set of ports, I reduced max_port to 10000 and I still get the same set of ports every time:

为了验证一小组端口,我将max_port减少到10000,每次我仍然得到相同的端口集:

def get_open_ports(host, max_port=10000):
open_ports = []

def worker(port):
    if check_open_port(host, port):
        open_ports.append(port)

with ThreadPoolExecutor(max_workers=10000) as executor:
    [executor.submit(worker, port) for port in range(1, max_port + 1)]
    executor.shutdown(wait=True)
return open_ports

get_open_ports('127.0.0.1')

Output: [150, 900, 1035, 7789]

产出:[150,900,1035,7789]

Note: I've changed the port numbers for security sake.

注意:出于安全考虑,我已经更改了端口号。

EDIT:

def get_open_ports(host, max_port=65535):
    open_ports = []

    def worker(port):
        if check_open_port(host, port):
            open_ports.append(port)

# We can use a with statement to ensure threads are cleaned up promptly
    with ThreadPoolExecutor(max_workers=100) as executor:
        print('main:starting')
        wait_for=[executor.submit(worker,port) for port in range(1, max_port + 1)]
        for f in as_completed(wait_for):
            print('main: result: {}'.format(f.result())) #check result on each thread execution

#         executor.shutdown(wait=True)  #not required when using the 'with' statement
    return len(open_ports)

test = get_open_ports('45.60.112.163') #hostname for www.indracompany.com

#max_workers not defined & max_port=10000
# len(test)     #test1: 148
# len(test)     #test 2: 79

#max_workers = 10000 & max_port=65535
# len(test)      #test1: 1
# len(test)      #test2:1
# len(test)      #test3:1

#max_workers = 20000 & max_port=65535

# len(test)  #test1: 14
# len(test)  #test2:1
# len(test)  #test3: 1
# len(test)  #test4:1

#max_workers not defined & max_port=65535 #quite time-consuming
# len(test)   #test1: 63

EDIT 2: A more reliable solution

编辑2:更可靠的解决方案

As suggested by @Tarun, Python's python-nmap library does a better job at scanning hosts.

正如@Tarun所建议的那样,Python的python-nmap库在扫描主机方面做得更好。

The below solution gives an accurate result, however, I observed a significant compromise on performance as the range of port discovery increases. Perhaps, threading could be incorporated into the code to improve performance. I've also imported the time library to get the program execution time in the end. This can be used for comparison purposes when testing for performance.

以下解决方案给出了准确的结果,但是,随着端口发现范围的增加,我观察到了性能上的重大折衷。也许,线程可以合并到代码中以提高性能。我还导入了时间库以最终获得程序执行时间。在测试性能时,这可用于比较目的。

# The python-nmap library helps to programmatically manipulate scanned results of nmap to automate port scanning tasks. 
# To use this library you must have the Nmap software installed. This can be installed from https://nmap.org/download.html.
# Network Mapper (Nmap) is a free and open-source tool used for network discovery and security auditing. 
# It runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.
# For Windows 7 and later, you must also upgrade 'NCap' from https://nmap.org/npcap/ 
# For Windows, make sure nmap.exe is added to PATH.
# When you're ready, pip install python-nmap

import time
import nmap
nm = nmap.PortScanner() #initialize PortScanner object
host = '45.60.112.163'  #specify host
nm.scan(host, '1-100') #run the scan, specify host and range of ports to scan

#Optional steps for verification:

#Output: nmap -oX - -p 1-100 -sV 45.60.112.163
print(nm.command_line()) #command_line command to execute on nmap command prompt

#Output: {'tcp': {'method': 'syn', 'services': '1-100'}}
print(nm.scaninfo())   #nmap scan information

#Now we can scan all hosts
#From Official documentation at https://xael.org/pages/python-nmap-en.html
start_time = time.time()   #To get program execution time
for host in nm.all_hosts(): 
    print('----------------------------------------------------')
    print('Host : %s (%s)' % (host, nm[host].hostname()))
    print('State : %s' % nm[host].state())
    for proto in nm[host].all_protocols():
        print('----------')
        print('Protocol : %s' % proto)
        lport = nm[host][proto].keys()
        for key in sorted(lport):
            for port in lport:
                print ('port : %s\tstate : %s' % (port, nm[host][proto][port]['state']))
print('Execution time: %s seconds' % (time.time() - start_time))

    #Output:
    ----------------------------------------------------
    Host : 45.60.112.163 ()
    State : up
    ----------
    Protocol : tcp
    port : 25       state : open
    port : 51       state : open
    port : 53       state : open
    port : 80       state : open
    port : 81       state : open
    port : 85       state : open
    port : 91       state : open
    port : 25       state : open
    port : 51       state : open
    port : 53       state : open
    port : 80       state : open
    port : 81       state : open
    port : 85       state : open
    port : 91       state : open
    port : 25       state : open
    port : 51       state : open
    port : 53       state : open
    port : 80       state : open
    port : 81       state : open
    port : 85       state : open
    port : 91       state : open
    port : 25       state : open
    port : 51       state : open
    port : 53       state : open
    port : 80       state : open
    port : 81       state : open
    port : 85       state : open
    port : 91       state : open
    port : 25       state : open
    port : 51       state : open
    port : 53       state : open
    port : 80       state : open
    port : 81       state : open
    port : 85       state : open
    port : 91       state : open
    port : 25       state : open
    port : 51       state : open
    port : 53       state : open
    port : 80       state : open
    port : 81       state : open
    port : 85       state : open
    port : 91       state : open
    port : 25       state : open
    port : 51       state : open
    port : 53       state : open
    port : 80       state : open
    port : 81       state : open
    port : 85       state : open
    port : 91       state : open
    Execution time: 0.015624761581420898 seconds

To convert output to csv, use:

要将输出转换为csv,请使用:

print(nm.csv())

As a result of this investigation, Nmap was now installed on my computer. Just for fun, I also ran a scan on the command prompt using the below command. This scan ran for range '1-1000' and took more than 15 minutes(I didn't sit through the whole session!).

经过这次调查,Nmap现已安装在我的计算机上。为了好玩,我还使用下面的命令在命令提示符下运行扫描。这次扫描的范围为“1-1000”,耗时超过15分钟(我没有参加整个会议!)。

1  

I've come across this port scanner in my time working with sockets in python...

我在使用python中的套接字时遇到过这个端口扫描器...

import socket
import threading
from queue import *

print_lock = threading.Lock()
target = input("Enter websit or IP Adress to scan: ")
minPort = int(input("Enter minimum Port to scan (1 is the smallest): "))
maxPort = int(input("Enter maximum Port to scan: "))
threadNo = int(input("Enter No. of threads to use(500 is a good all around number): "))

def portscan(port):
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try:
        con = s.connect((target, port))
        with print_lock:
            print("Port", port, "is open!")
        con.close()
    except:
        pass

def threader():
    while True:
        worker = q.get()
        portscan(worker)
        q.task_done()

q = Queue()

for x in range(threadNo):
    t = threading.Thread(target=threader)
    t.daemon = True
    t.start()

for worker in range (minPort, maxPort):
     q.put(worker)

q.join()

It works fairly well and can be adapted easily :)

它运作得相当好,可以很容易地适应:)