首页 » NetworkSec » AWD » 正文

综合扫描器lsascan_v1(python版)

最近用Python写了个菜鸟级别的综合扫描器(lsascan_v1),有端口扫描,mac扫描,存活主机扫描,v1版bug比较多,先发出来作为阶段性的总结,v2版本会修复一些bug和完善功能,大家有好的建议欢迎联系我。(建议在linux下使用,不仅效率高,而且方便,windows下scapy库很难搞,如果你能搞定,也可以用windows运行)

更新日志:

20170315: lsascan_v1。功能:

(1)多线程主机端口扫描(支持ip和主机名)

(2)mac地址扫描(仅支持/24)

(3)多线程存活主机扫描(ping,默认未开启,若需要开启请去掉注释)

lsascan_v1:

#!/usr/bin/python
#coding:utf-8
#Author:LSA
#Description:comprehensive scanner lsascan_v1
#Date:20170315

import sys,thread,time,platform,os,datetime
import optparse

from socket import *
import threading

from scapy.all import srp,Ether,ARP,conf

screenLock = threading.Semaphore(value=1)

global p
p = -1


def tcp_scan(target_ip,port):
    try:
        sock = socket(AF_INET,SOCK_STREAM)
        sock.settimeout(1)
        sock.connect((target_ip,port))
        screenLock.acquire()
        print port
    except:
        screenLock.acquire()
    finally:
        screenLock.release()
        sock.close()

def connScan(tgtHost, port):

    try:
        
        connSkt = socket(AF_INET, SOCK_STREAM)
        connSkt.settimeout(1)
        connSkt.connect((tgtHost, port))
        screenLock.acquire()
            
        #connSkt.send('onlytest\r\n')
        #results = connSkt.recv(100)
            
        print '[+] %d/tcp open' % port
        #print '[+] ' + str(results)
              
    except:
        screenLock.acquire()
        
    finally:
        
        screenLock.release()
        connSkt.close()
        
   
class sniff(threading.Thread):
    def __init__(self,target_ip):
        threading.Thread.__init__(self)
        self.target_ip = target_ip

    def run(self):
        global mutex,portBegin,portEnd
        while True:
            mutex.acquire()
            portBegin += 1
            if portBegin > portEnd:
                mutex.release()
                break
            mutex.release()
            tcp_scan(self.target_ip,portBegin)
            

def portscan(tgtHost, ports):

    setdefaulttimeout(1)
    global p

    portnums = len(ports)
    while True:
        
        screenLock.acquire()
        p = p + 1
        if p >= portnums:
            screenLock.release()
            break
        screenLock.release()
        connScan(tgtHost,int(ports[p]))
        
        
        
      

def get_os():
    os = platform.system()
    if os == "Windows":
        return "n"
    else:
        return "c"

def ping_ip(ip_str):
    cmd = ["ping", "-{op}".format(op=get_os()),
           "1", ip_str]
    output = os.popen(" ".join(cmd)).readlines() 
    flag = False
    for line in list(output):
        if not line:
            continue
        if str(line).upper().find("TTL") >=0:
            flag = True
            break
    if flag:
        activeiplist.append(ip_str)

def find_ip(ip_prefix):
    for i in range(1,256):
        ip = '%s.%s'%(ip_prefix,i)
        thread.start_new_thread(ping_ip, (ip,))
        time.sleep(0.3)


if __name__=='__main__':
    global mutex,portBegin,portEnd,portslist,activeiplist
    portslist = []
    threadlist = []
    activeiplist = []
    
    parser = optparse.OptionParser('usage %prog '+\
      '-H <target host> -p <target port[s]> [-n] [<target network>]')
    parser.add_option('-H', dest='tgtHost', type='string',\
      help='specify target host')
    parser.add_option('-p', dest='port', type='string',\
      help='specify port range or separate port[s]',metavar='1-100[1,2,3]')
    parser.add_option('-n', dest='net', type='string',\
      help='specify target network',metavar='192.168.0')
    parser.add_option('-t', dest='threads', type='int',\
      help='specify thread nums,default 10',metavar='20',default=10)
    
    (options, args) = parser.parse_args()
    port = options.port
    tgthost = options.tgtHost
    threads = options.threads

    
    
    

    if (port) and (tgthost):

        try:
            tgtip = gethostbyname(tgthost)
        except:
            print "[-] Cannot resolve '%s': Unknown host" %tgthost
            sys.exit(1)

        try:
            tgtName = gethostbyaddr(tgtip)
            print '\n[+] Scan Results for: ' + tgtName[0]
        except:
            print '\n[+] Scan Results for: ' + tgtip

        if ',' not in port and '-' not in port:   #only one port
            ports = port.split('AAAAAAAAAAAAAAA')
            portscan(tgthost,ports)
            
        else:
            
            ports = port.split(',')   #ports---list
            if len(ports)==1:   #port list
                global mutex, portBegin, portEnd
            
                ports = ports[0].split('-')
                portBegin = int(ports[0]) - 1
                portEnd = int(ports[1])
                mutex = threading.Lock()
                start = time.clock()
                for th in range(threads):
                    thread = sniff(tgthost)
                    thread.start()
                    threadlist.append(thread)
                for t in threadlist:
                    t.join()
                end = time.clock()
                print end - start
                
            
            else:   #port set
                start = time.clock()
                for thread in range(threads):
                    t = threading.Thread(target=portscan,args=(tgthost,ports))
                    t.start()
                    threadlist.append(t)
                for thr in threadlist:
                    thr.join()
                end = time.clock()
                print end - start

            
            
        
    if options.net:   #must use root

        scanlan = options.net
        print "start time %s"%time.ctime()
        print "scanning %s.1-255:\n"%scanlan
    print "--------------"
        starttime = datetime.datetime.now()
        #find_ip(scanlan)
        macscan = '%s.1/24' %scanlan
        try:
            ans,unans = srp(Ether(dst="FF:FF:FF:FF:FF:FF")/ARP(pdst=macscan),timeout=5,verbose=False)
        except Exception,e:
            print str(e)
        else:
        for snd,rcv in ans:
                    list_mac = rcv.sprintf("%Ether.src% - %ARP.psrc%")
                    print list_mac
    #for activeip in activeiplist:
    #   print activeip
        endtime = datetime.datetime.now()
    print "---------------"
        print "end time %s"%time.ctime()
        print "total use %s s"%(endtime - starttime).total_seconds()

Comment