Python做扫描,发包速度实在是太慢了,有优化的方案吗?
伊谢尔伦
伊谢尔伦 2017-04-18 10:24:41
0
1
905

用python做 syn scan

但是这个速度实在是太感人了,有没有优化的方案?不想写C的

代码如下:


#coding: utf-8

import threading,time,os,argparse,subprocess,re,platform
from scapy.all import *

def port_service(port):
    return port_dict[port] if port in port_dict else 'Unknown'

def send_syn(ip,port):
    send(IP(dst=ip)/TCP(dport=port,sport=RandShort(),flags=2),verbose=False)

def get_ip_address(iface):
    if os.name=='posix':
        ipre = '%s.*?inet.*?(([0-9]{1,3}\.){3}[0-9]{1,3})'%iface
        ipconfig_process = subprocess.Popen("ifconfig", stdout=subprocess.PIPE)
    else:
        ipre = 'IPv4.*?(([0-9]{1,3}\.){3}[0-9]{1,3})'%iface
        ipconfig_process = subprocess.Popen("ipconfig", stdout=subprocess.PIPE)
    output = ipconfig_process.stdout.read()
    ip_pattern = re.compile(ipre,re.S)
    result=ip_pattern.search(output.decode('utf-8'))
    if len(result.groups())==2:
        return result.group(1)



def catcher(packet):
    global result_dict
    ip=packet.getlayer(IP).src
    port=packet.getlayer(TCP).sport
    if ip in result_dict:
        result_dict[ip]['count']+=1
        result_dict[ip]['ports'].append(port)
    else:
        result_dict[ip]={"count":1,"ports":[port]}
    print("[+] IP %s | Port %s  "%(ip,port))

def sniffer(iface,userIp,targetIpList):
    print("[*] Get your ip  %s  in iface %s , Simple Sniffer starting ......."%(userIp,iface))
    fs="".join(["src %s or "%stip for stip in targetIpList])
    sniff(iface=iface, filter='tcp and dst %s and tcp[13:1] & 18==18 and (%s)'%(userIp,fs[:len(fs)-3]), prn=catcher)

if __name__ == '__main__':
    port_dict={
        19:'CG',
        21:'FTP',
        22:'SSH',
        23:'TELNET',
        25:'SMTP',
        31:'MSG',
        53:'DNS',
        67:'BPS',
        80:'HTTP',
        110:'POP3',
        443:'HTTPS',
        1433:'Microsoft SQL Server',
        1521:'Oracle DataBase',
        1863:'MSN Message',
        1883:'MQTT',
        2181:'ZooKeeper',
        3306:'Mysql Server',
        3389:'Miscrosoft RDP',
        4000:'Tencent QQ Client',
        5000:'DB2',
        6379:'Redis',
        8000:'Tencent OICQ',
        8080:'Http WWW Proxy',
        8161:'Activemq Jetty Service',
        11211:'Memcached',
        27017:'MongoDB',
        61616:'Activemq JMS'
    }
    result_dict={}
    threads=[]

    parser=argparse.ArgumentParser(description="PortScanner Via MultiThread , MultiProcess and Coroutine version you can find in the same repository .")
    parser.add_argument('-i','--ip_list',dest='ip_list',required=True,type=str,help='Privider the IP list for scan , use "," to split each ip.')
    parser.add_argument('-n','--net_iface',dest='net_iface',required=True,type=str,help='Privider the net work iface , i will get you ip.')
    parser.add_argument('-r','--if_show',action='store_false',dest='if_show',default=True,help='Design if show the result after ports scan complete .')
    parser.add_argument('-p','--if_print',action='store_false',dest='if_print',default=False,help='Design if print the result while scaning the open port')
    args=parser.parse_args()
    ip_list=args.ip_list.split(',')
    if_show=args.if_show
    if_print=args.if_print
    iface = args.net_iface
    userIP = get_ip_address(iface)
    if userIP is None:
        print('[!] Can not ge ip from iface : %s'%iface)
        os._exit(1)
    sniffer_thread=threading.Thread(target=sniffer,args=(iface,userIP,ip_list))
    sniffer_thread.start()
    time.sleep(0.2)
    for ip in ip_list:
        for port in range(1,65535):
            t=threading.Thread(target=send_syn,args=(ip,port,))
            threads.append(t)
            t.start()
    for t in threads:
        t.join()
    time.sleep(0.2)
    if if_show:
        for (key,value) in result_dict.items():
            print("[+] IP : %s has %d opened port."%(key,value['count']))
            for port in value['ports']:
                print("-------> %5s | %s "%(port,port_service(port)))
    os._exit(0)


我试过把scapy换掉,自己组报文用Raw Socket发,还是这么慢......

伊谢尔伦
伊谢尔伦

小伙看你根骨奇佳,潜力无限,来学PHP伐。

reply all(1)
小葫芦
  1. You need to know your complexity, len(ip_list) * len(port_list)

  2. Then you can use cProfile to analyze your running bottleneck, whether it is waiting timeout, io switching, or thread scheduling problem

  3. Because scanning seems to be an IO-intensive program, it may be limited by bandwidth, maximum number of file handles, thread switching, etc.

Possible solutions:

  1. Switch asynchronous io, eliminating the impact of io switching time

  2. Distributed tasks


The most important thing is to find the bottleneck of the program

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template