概覽
本文將展示如何使用Python語言編寫 簡單易用的端口掃描程序.
使用Python實現端口掃描的方式有很多,這裏我們使用Python內置的模塊Socket.
套接字Socket
Python中的套接字socket模塊提供對BSD套接字接口的訪問。
它包括用於處理實際數據通道的套接字類,以及用於網絡相關任務的函數,例如將服務器名稱轉換為地址和
格式化要通過網絡發送的數據。 Source
套接字廣泛用於Internet,因為它們支持您的計算機進行的任何類型的網絡通信。
INET 套接字至少占使用中套接字的99%。
您使用的Web瀏覽器打開一個套接字並連接到Web服務器。
任何網絡通信都需要通過套接字。
有關套接字模塊的更多信息,請參閱套接字 官方文檔.
套接字功能
在我們開始使用示例程序之前,讓我們先看一些
我們將要使用的套接字功能。
sock = socket.socket (socket_family, socket_type)
Syntax for creating a socket
sock = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
Creates a stream socket
AF_INET
Socket Family (here Address Family version 4 or IPv4)
SOCK_STREAM
Socket type TCP connections
SOCK_DGRAM
Socket type UDP connections
gethostbyname(“host”)
Translate a host name to IPv4 address format
socket.gethostbyname_ex(“host”)
Translate a host name to IPv4 address format, extended interface
socket.getfqdn(“8.8.8.8”)
Get the fqdn (fully qualified domain name)
socket.gethostname()
Returns the hostname of the machine..
socket.error
Exception handling
使用Python套接字創建程序
如何在Python中創建一個簡單的端口掃描程序 這個小端口掃描程序將嘗試連接您為特定主機定義的每個端口。 我們必須做的第一件事是導入套接字庫和我們需要的其他庫。 打開文本編輯器,複製粘貼下麵的代碼。將文件另存為: "portscanner.py" 然後退出編輯器。
#!/usr/bin/env python
import socket
import subprocess
import sys
from datetime import datetime
# Clear the screen
subprocess.call('clear', shell=True)
# Ask for input
remoteServer = raw_input("Enter a remote host to scan: ")
remoteServerIP = socket.gethostbyname(remoteServer)
# Print a nice banner with information on which host we are about to scan
print "-" * 60
print "Please wait, scanning remote host", remoteServerIP
print "-" * 60
# Check what time the scan started
t1 = datetime.now()
# Using the range function to specify ports (here it will scans all ports between 1 and 1024)
# We also put in some error handling for catching errors
try:
for port in range(1,1025):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
result = sock.connect_ex((remoteServerIP, port))
if result == 0:
print "Port {}: Open".format(port)
sock.close()
except KeyboardInterrupt:
print "You pressed Ctrl+C"
sys.exit()
except socket.gaierror:
print 'Hostname could not be resolved. Exiting'
sys.exit()
except socket.error:
print "Couldn't connect to server"
sys.exit()
# Checking the time again
t2 = datetime.now()
# Calculates the difference of time, to see how long it took to run the script
total = t2 - t1
# Printing the information to screen
print 'Scanning Completed in: ', total
樣本輸出
Let's run the program and see how an output can look like
$ python portscanner.py Enter a remote host to scan: www.your_host_example.com ------------------------------------------------------------ Please wait, scanning remote host xxxx.xxxx.xxxx.xxxx ------------------------------------------------------------ Port 21: Open Port 22: Open Port 23: Open Port 80: Open Port 110: Open Port 111: Open Port 143: Open Port 443: Open Port 465: Open Port 587: Open Port 993: Open Port 995: Open Scanning Completed in: 0:06:34.705170
聲明
此程序適用於個人測試自己的設備以確定是否安全性較差,如果將其用於任何其他用途,作者將不承擔任何責任。
