概览
本文将展示如何使用Python语言编写 简单易用的端口扫描程序.
使用Python实现端口扫描的方式有很多,这里我们使用Python内置的模块Socket.
套接字Socket
Python中的套接字socket模块提供对BSD套接字接口的访问。
它包括用于处理实际数据通道的套接字类,以及用于网络相关任务的函数,例如将服务器名称转换为地址和
格式化要通过网络发送的数据。 Source
套接字广泛用于Internet,因为它们支持您的计算机进行的任何类型的网络通信。
INET 套接字至少占使用中套接字的99%。
您使用的Web浏览器打开一个套接字并连接到Web服务器。
任何网络通信都需要通过套接字。
有关套接字模块的更多信息,请参阅套接字 官方文档.
套接字功能
在我们开始使用示例程序之前,让我们先看一些
我们将要使用的套接字功能。
sock = socket.socket (socket_family, socket_type)
Syntax for creating a socket
sock = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
Creates a stream socket
AF_INET
Socket Family (here Address Family version 4 or IPv4)
SOCK_STREAM
Socket type TCP connections
SOCK_DGRAM
Socket type UDP connections
gethostbyname(“host”)
Translate a host name to IPv4 address format
socket.gethostbyname_ex(“host”)
Translate a host name to IPv4 address format, extended interface
socket.getfqdn(“8.8.8.8”)
Get the fqdn (fully qualified domain name)
socket.gethostname()
Returns the hostname of the machine..
socket.error
Exception handling
使用Python套接字创建程序
如何在Python中创建一个简单的端口扫描程序 这个小端口扫描程序将尝试连接您为特定主机定义的每个端口。 我们必须做的第一件事是导入套接字库和我们需要的其他库。 打开文本编辑器,复制粘贴下面的代码。将文件另存为: "portscanner.py" 然后退出编辑器。
#!/usr/bin/env python
import socket
import subprocess
import sys
from datetime import datetime
# Clear the screen
subprocess.call('clear', shell=True)
# Ask for input
remoteServer = raw_input("Enter a remote host to scan: ")
remoteServerIP = socket.gethostbyname(remoteServer)
# Print a nice banner with information on which host we are about to scan
print "-" * 60
print "Please wait, scanning remote host", remoteServerIP
print "-" * 60
# Check what time the scan started
t1 = datetime.now()
# Using the range function to specify ports (here it will scans all ports between 1 and 1024)
# We also put in some error handling for catching errors
try:
for port in range(1,1025):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
result = sock.connect_ex((remoteServerIP, port))
if result == 0:
print "Port {}: Open".format(port)
sock.close()
except KeyboardInterrupt:
print "You pressed Ctrl+C"
sys.exit()
except socket.gaierror:
print 'Hostname could not be resolved. Exiting'
sys.exit()
except socket.error:
print "Couldn't connect to server"
sys.exit()
# Checking the time again
t2 = datetime.now()
# Calculates the difference of time, to see how long it took to run the script
total = t2 - t1
# Printing the information to screen
print 'Scanning Completed in: ', total
样本输出
Let's run the program and see how an output can look like
$ python portscanner.py Enter a remote host to scan: www.your_host_example.com ------------------------------------------------------------ Please wait, scanning remote host xxxx.xxxx.xxxx.xxxx ------------------------------------------------------------ Port 21: Open Port 22: Open Port 23: Open Port 80: Open Port 110: Open Port 111: Open Port 143: Open Port 443: Open Port 465: Open Port 587: Open Port 993: Open Port 995: Open Scanning Completed in: 0:06:34.705170
声明
此程序适用于个人测试自己的设备以确定是否安全性较差,如果将其用于任何其他用途,作者将不承担任何责任。