Python调用nmap对内网端口批量扫描

Posted atesetenginner

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Python调用nmap对内网端口批量扫描相关的知识,希望对你有一定的参考价值。

  1 # -*- encoding: utf-8 -*-
  2 # !/usr/bin/env python
  3 
  4 import os
  5 import traceback
  6 import sys
  7 import datetime
  8 import re
  9 import json
 10 import logging
 11 from threading import Lock
 12 
 13 from suds.client import Client
 14 from suds.xsd.doctor import Import, ImportDoctor
 15 from concurrent.futures import ThreadPoolExecutor, as_completed
 16 import nmap
 17 import random
 18 import time
 19 
 20 if not os.path.dirname(os.getcwd()) in sys.path:
 21     sys.path.append(os.path.dirname(os.getcwd()))
 22 from exp.exploit import exploit
 23 from log.exceptionLog import exceptionLog
 24 from log.scanLog import scanLog
 25 from log.operationLog import operationLog
 26 from func_timeout import func_set_timeout
 27 from func_timeout.exceptions import FunctionTimedOut
 28 
 29 FORMAT = [%(asctime)-15s] [%(levelname)s] [%(filename)s %(levelno)s line] %(message)s
 30 logger = logging.getLogger()
 31 logging.basicConfig(format=FORMAT)
 32 logger.setLevel(logging.INFO)
 33 
 34 port_define = "1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144,  35         146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458,  36         464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687,  37         691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990,  38         992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138,  39         1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218,  40         1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417,  41         1433-1434,1443,1455,1461,1494,1500-1501,1503,1521-1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688,  42         1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972,  43         1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107,  44         2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383,  45         2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725,  46         2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3050,  47         3052,3071,3077,3128,3168,3211,3221,3246,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372,  48         3388-3390,3404,3476,3493,3511,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814,  49         3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111,   50         4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009,   51         5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280,   52         5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730,   53         5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952,   54         5959-5963,5984,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6379-6389,6443,6502,6510,6543,6547,   55         6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019,   56         7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921,   57         7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8235,   58         8254,8290-8292,8300-8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994,   59         9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200-9202,9207,9220,9290,9300-9303,9415,9418,9485,   60         9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9943-9944,9968,9998-10004,10009-10010,10012,   61         10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11211,11967,12000,12174,   62         12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016,   63         16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005,   64         20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000-27020,27352-27353,27355-27356,27715,28201,   65         30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443,   66         44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103,   67         51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"
 68 
 69 
 70 class netScanner(object):
 71     Scan the given ips and ports
 72 
 73     def __init__(self):
 74         self.lock = Lock()
 75         self.ports = ‘‘
 76         self.args = ‘‘
 77         self.exploitPoolSize = 240
 78         self.exploitPool = ThreadPoolExecutor(self.exploitPoolSize)
 79 
 80     def chunks(self, l, n):
 81         """Yield successive n-sized chunks from l."""
 82         for i in range(0, len(l), n):
 83             yield l[i:i + n]
 84 
 85     def doscan(self, ip, ports=None, args=None):
 86         operationLog.write(ip +  start scan)
 87         if ports == None:
 88             ports = self.ports
 89         if args == None:
 90             args = self.args
 91         try:
 92             nm = nmap.PortScanner()
 93             nm.scan(ip, ports, args)
 94             csv = nm.csv()
 95         except Exception as e:
 96             exstr = traceback.format_exc()
 97             exceptionLog.write(Exception scan:  + ip + : + ports +   + args)
 98             exceptionLog.write(exstr)
 99             return ip +  Exception:  + str(e)
100         operationLog.write(ip +  done scan)
101         return ip +  done scan!
102 
103     @func_set_timeout(480)
104     def exploit(self, contentLine):
105         attacker = exploit()
106         contentArray = contentLine.split(;)
107         ip = contentArray[0]
108         port = int(contentArray[4])
109         protocol_name = contentArray[5]
110         service_name = contentArray[7]
111         result = [[ip, False, ip + : + str(port), v0, No vulnerabilities found]]
112         if service_name == ‘‘:
113             service_name = None
114         with self.lock:
115             operationLog.write(
116                 ip + : + str(port) + : + protocol_name +  with service name:  + service_name +  start exploit)
117         if contentArray[6] == open:
118             print(exploiting +  + ip +   + str(port) +   + protocol_name)
119             try:
120                 result = attacker.exploitall(ip, port, protocol_name, service_name)
121             except UnicodeEncodeError as e:
122                 exstr = traceback.format_exc()
123                 exceptionLog.write(Exception exploit:  + ip + : + str(port))
124                 exceptionLog.write(str(e))
125                 with self.lock:
126                     operationLog.write(ip + : + str(port) + : + protocol_name +  UnicodeEncodeError exploit)
127                 return ip + : + str(port) +  Exception exploit!
128             except Exception as e:
129                 exstr = traceback.format_exc()
130                 exceptionLog.write(Exception exploit:  + ip + : + str(port))
131                 exceptionLog.write(exstr)
132                 with self.lock:
133                     operationLog.write(ip + : + str(port) + : + protocol_name +  Exception exploit)
134                 return ip + : + str(port) +  Exception exploit!
135             finally:
136                 with self.lock:
137                     scanLog.writeScanLog(result)
138 
139 
140         else:
141             result = [[ip, False, ip + : + str(port), v0, No vulnerabilities found]]
142             with self.lock:
143                 scanLog.writeScanLog(result)
144         with self.lock:
145             operationLog.write(ip + : + str(port) + : + protocol_name +  done exploit)
146         return ip + : + str(port) + : + protocol_name +  done exploit!
147 
148     def exploit_time_limit(self, contentLine):
149         contentArray = contentLine.split(;)
150         ip = contentArray[0]
151         port = int(contentArray[4])
152         protocol_name = contentArray[5]
153         service_name = contentArray[7]
154         result = [[ip, False, ip + : + str(port), v0, No vulnerabilities found]]
155         try:
156             return_str = self.exploit(contentLine)
157         except FunctionTimedOut as e:
158             with self.lock:
159                 scanLog.writeScanLog(result)
160                 operationLog.write(ip + : + str(port) + : + protocol_name +  FunctionTimedOut exploit)
161             return ip + : + str(port) +  FunctionTimedOut exploit!
162 
163         return return_str
164 
165     def get_ips_from_soc(self):
166 
167         ip_set = []
168         f = open(IP2EXP.txt, r)
169         result = list()
170         for line in f.readlines():
171             line = line.strip()
172             if not len(line) or line.startswith(#):
173                 continue
174             result.append(line)
175         ip_set = set(result)
176         ip_set = list(ip_set)
177 
178         ip_set = set(ip_set)
179 
180         return ip_set
181 
182     def get_ips_alive(self, ports=None):
183         nm = nmap.PortScanner()
184         if ports == None:
185             with open(Port.txt) as portFile:
186                 ports = portFile.readline().strip(\n)
187                 if ports == None:
188                     return
189         self.ports = ports
190         input_file_name = " -iL IP2EXP.txt"
191         self.args = input_file_name +  -P0 -T4 -n --host-timeout 180s --min-hostgroup 100 --min-parallelism 500
192         scinfo = nm.scan(arguments=self.args, ports=self.ports)
193         operationLog.write(nmap port scan done)
194         csv = nm.csv()
195         print(csv)
196         return csv
197 
198     def main(self):
199         operationLog.write(scan started)
200         ip_set = self.get_ips_from_soc()
201         ip_set = list(ip_set)
202         # ip_set = ip_set[:-50]
203         ip_set = set(ip_set)
204         print(ip_set)
205         csv = self.get_ips_alive()
206         contents = csv.split(\r\n)
207         contents.remove(contents[0])
208         contents.pop()
209         contents = [line for line in contents if line.find(;open;) > -1]
210         alive_ip_list = [line.split(;)[0] for line in contents]
211         random.shuffle(contents)
212         with open(PORT_OPEN.txt, mode=w) as f:
213             for contentLine in contents:
214                 f.write(contentLine + \n)
215         alive_ip_set = set(alive_ip_list)
216         dead_ip_set = ip_set - alive_ip_set
217         dead_result = [[ip, False, ip + :No_Port_Open, v0, No vulnerabilities found]
218                        for ip in dead_ip_set]
219         with self.lock:
220             scanLog.writeScanLog(dead_result)
221         futures = []
222         result = []
223         result = self.exploitPool.map(self.exploit_time_limit, contents)
224         operationLog.write(start exploit)
225         self.exploitPool.shutdown()
226         # operationLog.write(len(result))
227         operationLog.write(scan finished)
228         return result
229 
230     def test(self):
231         operationLog.write(test scan started)
232         ip_set = self.get_ips_from_soc()
233         ip_set = list(ip_set)
234         # ip_set = ip_set[:-50]
235         ip_set = set(ip_set)
236         print(ip_set)
237         csv = self.get_ips_alive()
238         contents = csv.split(\r\n)
239         contents.remove(contents[0])
240         contents.pop()
241         contents = [line for line in contents if line.find(;open;) > -1]
242         alive_ip_list = [line.split(;)[0] for line in contents]
243         random.shuffle(contents)
244         futures = []
245         result = []
246         with open(PORT_OPEN.txt, mode=w) as f:
247             for contentLine in contents:
248                 f.write(contentLine + \n)
249         alive_ip_set = set(alive_ip_list)
250         dead_ip_set = ip_set - alive_ip_set
251         dead_result = [[ip, False, ip + :No_Port_Open, v0, No vulnerabilities found]
252                        for ip in dead_ip_set]
253         with self.lock:
254             scanLog.writeScanLog(dead_result)
255         contents = list(self.chunks(contents, self.exploitPoolSize))
256         for tmp_ips in contents:
257             tmp_result = self.exploitPool.map(self.exploit_time_limit, tmp_ips)
258             operationLog.write(test start exploit)
259             self.exploitPool.shutdown()
260             operationLog.write(test shutdown)
261             result.extend(tmp_result)
262             operationLog.write(test stop exploit)
263             self.exploitPool = ThreadPoolExecutor(self.exploitPoolSize)
264             operationLog.write(test scan finished)
265         return result
266 
267 
268 
269     def find_port_open(self, from_file=‘‘, to_file=‘‘, ips=[10.34.121.0/24], how=nmap,
270                        port=21,22,23,25,445,139,3389,3306,1521,8081, include_file=finger_ip.txt, rate=100):
271         logger.info(%s%s  % (how, port))
272         logger.info(===== * 5)
273         scan_result = []
274         if how == masscan:
275             mas = masscan_zte.PortScanner()
276             if from_file != ‘‘:
277                 arg = --rate %s --retries 0 --wait 10 -iL %s % (rate, from_file)
278             else:
279                 with open(include_file, wt) as f:
280                     f.writelines([ip + \n for ip in ips])
281                 arg = --rate %s --retries 0 --wait 10 -iL %s % (rate, include_file)
282             scan_result = list(mas.scan(ports=port, arguments=arg)[scan].keys())
283         elif how == nmap:
284             nm = nmap.PortScanner()
285             if from_file != ‘‘:
286                 arg = -P0 -sV -T4 -n --min-hostgroup 100 --min-rate %s  --max-rate %s --randomize-hosts -iL %s % (
287                     rate, rate, from_file)
288             else:
289                 with open(include_file, wt) as f:
290                     f.writelines([ip + \n for ip in ips])
291                 arg = -P0 -sV -T4 -n --min-hostgroup 100 --min-rate %s  --max-rate %s --randomize-hosts -iL %s % (
292                     rate, rate, include_file)
293             nm.scan(ports=port, arguments=arg)
294             scan_list = nm.csv().split(\r\n)
295             header = scan_list.pop(0).split(;)
296             scan_list.pop()
297 
298         logger.info(%s%s % (len(scan_list), port))
299         logger.info(===== * 8)
300         if to_file != ‘‘:
301             with open(to_file, wt) as f:
302                 f.writelines([ip + \n for ip in scan_list])
303         return scan_list
304 
305     def exploit_multiple_ips(self, ips, ports):
306         operationLog.write(test scan started)
307         scan_list = self.find_port_open(ips=ips, port=ports)
308         futures = []
309         result = []
310         scan_list = [line for line in scan_list if line.find(;open;) > -1]
311         for contentLine in scan_list:
312             futures.append(self.exploitPool.submit(self.exploit, contentLine))
313 
314         for x in as_completed(futures):
315             result.append(x.result())
316 
317         operationLog.write(test scan finished)
318         return result
319 
320 
321 if __name__ == __main__:
322 
323     scanner = netScanner()
324     try:
325         #result = scanner.main()
326         result = scanner.test()
327         with open(scandone.txt, mode=w) as f:
328             for line in result:
329                 f.write(line + \n)
330     except Exception as e:
331         exstr = traceback.format_exc()
332         print(exstr)
333         exceptionLog.write(exstr)

 

以上是关于Python调用nmap对内网端口批量扫描的主要内容,如果未能解决你的问题,请参考以下文章

Python-通过调用Nmap来进行端口扫描

如何用Metasploit扫描端口

Python实现端口检测

通过nmap端口扫描获取开放的端口,以达到内网体检的目的

如何通过nmap端口扫描漏洞入侵别人电脑

使用zenmap 扫描端口出现unknow怎么回事?