使用python模块nmap,读取excel数据对多个ip端口探活扫描
我一个响指下去,每个人都要少一个睾丸。。。
1、工欲善其事必先利其器。安装python-nmap模块。
pip list #cmd或powershell下 查看已安装模块,至于pip命令环境变量,自己解决 pip install python-nmap
编写简单的nmap单端口跑一下看看效果。
\'\'\'如果安装了python-nmap模块还不能使用,那就自行安装nmap图形化界面,然后添加到环境变量里,这样就ok了,我的就是这样;\'\'\'
import nmap
np = nmap.PortScanner()
a = np.scan(hosts=\'42.247.22.192\',ports=\'80\',arguments=\'-v -n -T4\')
print(a)
返回结果: (重要的地方我已标红,主要就是看返回端口状态和服务名)
{\'nmap\': {\'command_line\': \'nmap -oX - -p 80 -v -n -T4 42.247.22.192\', \'scaninfo\': {\'tcp\':
{\'method\': \'syn\', \'services\': \'80\'}}, \'scanstats\': {\'timestr\': \'Thu Jun 10 11:31:57 2021\',
\'elapsed\': \'1.72\', \'uphosts\': \'1\', \'downhosts\': \'0\', \'totalhosts\': \'1\'}}, \'scan\': {\'42.247.22.192\':
{\'hostnames\': [{\'name\': \'\', \'type\': \'\'}], \'addresses\': {\'ipv4\': \'42.247.22.192\'}, \'vendor\':
{}, \'status\': {\'state\': \'up\', \'reason\': \'syn-ack\'}, \'tcp\': {80: {\'state\': \'open\', \'reason\': \'syn-ack\', \'name\': \'http\',
\'product\': \'\', \'version\': \'\', \'extrainfo\': \'\', \'conf\': \'3\', \'cpe\': \'\'}}}}}
2、下面对得到的数据整理一下输出,让他看起来简洁一些
import nmap
np = nmap.PortScanner()
a = np.scan(hosts=\'42.247.22.192\',ports=\'80\',arguments=\'-v -n -T4\')
ip = \'42.247.22.192\'
for i in a[\'scan\'][ip][\'tcp\'].keys():
state = a[\'scan\'][ip][\'tcp\'][i][\'state\']
name = a[\'scan\'][ip][\'tcp\'][i][\'name\']
print(ip,i,state,name)
返回结果: 42.247.22.192 80 open http
看着整洁多了。
后面关于excel读取和线程的代码我直接贴了,今天事情多不细说了。。
3、使用python调用excel模块和线程模块,读取excel数据,对多条数据进行扫描。
import nmap
import threading
from openpyxl import load_workbook
from xlwt import Workbook
wk = Workbook(encoding=\'utf-8\')
wsheet = wk.add_sheet(\'Worksheet\')
co = {}
ls = []
def read_excel_file():
wb = load_workbook(\'test/diqu.xlsx\') #读取excel文件
# sheets = wb.get_sheet_names()
# print(sheets)
sheet = wb[\'暴露面资产全量\']
# print(sheet)
m = sheet[\'G\'] #读取excelG列,我的G列是 ip:port,例:1.1.1.1:80
for cell in m: #这个for循环用于分割ip和端口,存到co字典
# print(cell.value)
mn = cell.value.split(\':\')
if mn[0] in co:
co[mn[0]].append(mn[1])
else:
try:
co[mn[0]] = [mn[1]]
except:
co[mn[0]] = []
def thread(ip_port): # 设置线程
thread_num = threading.Semaphore(20) # 设置线程数
thread_list = []
for IP, port in ip_port.items(): # 创建线程
t = threading.Thread(target=nmap_ping_scan, args=(IP, port, thread_num,))
thread_list.append(t)
# print(t)
for t in thread_list: # 开始线程
t.start()
for t in thread_list: # 等待线程
t.join()
print(\'线程结束\')
def nmap_ping_scan(ip,port,thread_num): #使用nmap扫描,结果存入ls列表
global ls
strport = \',\'.join(ports for ports in port)
thread_num.acquire() # 线程锁
try:
nm = nmap.PortScanner()
global result
np = nm.scan(hosts=ip,ports=strport,arguments=\"-v -n -T4\")
for i in np[\'scan\'][ip][\'tcp\'].keys():
state = np[\'scan\'][ip][\'tcp\'][i][\'state\']
name = np[\'scan\'][ip][\'tcp\'][i][\'name\']
ls.extend([[ip,i,state,name]])
# print(ip,i,state)
except Exception as e:
# print(e)
pass
thread_num.release()
def excel_write(ls): #把ls列表的数据保存到新的excel中
try:
for u in range(len(ls)):
p = 0
for k in ls[u]:
wsheet.write(u,p,k)
p += 1
# print(u,p,k)
except:
pass
if __name__ == \'__main__\': #程序启动
read_excel_file()
thread(co)
excel_write(ls)
# print(ls)
wk.save(\'ceshi.xls\')
# nmap_dan_scan(co)
# print(ls)
#ok,上述就是全部代码了,上面是开了线程的,下面再加个单线程的方法吧
#使用方法,把def thread 和 def nmap_ping_scan 注释掉
# 再最后if里把 nmap_dan_scan(co) 注释解掉,上面俩个调用注释掉就行。
def nmap_dan_scan(ip_port): #单线程跑跑
for ip,port in ip_port.items():
strport = \',\'.join(ports for ports in port)
try:
nm = nmap.PortScanner()
np = nm.scan(hosts=ip,ports=strport,arguments=\"-v -n -T4\")
for i in np[\'scan\'][ip][\'tcp\'].keys():
state = np[\'scan\'][ip][\'tcp\'][i][\'state\']
print(ip,i,state)
except:
pass
扫描的结果大概就是这个样子。
#注#如果不想使用脚本这么麻烦的话,建议使用masscan命令比较简洁,这个命令有时扫描会存在波动,大多情况下还是不错的;(我是在centos下运行的)
写个平时用的栗子:masscan -p0-65535 -iL ip.txt –rate=2000 > masscan-scan.txt