但是这个速度实在是太感人了,有没有优化的方案?不想写C的
代码如下:
#coding: utf-8
import threading,time,os,argparse,subprocess,re,platform
from scapy.all import *
def port_service(port):
return port_dict[port] if port in port_dict else 'Unknown'
def send_syn(ip,port):
send(IP(dst=ip)/TCP(dport=port,sport=RandShort(),flags=2),verbose=False)
def get_ip_address(iface):
if os.name=='posix':
ipre = '%s.*?inet.*?(([0-9]{1,3}\.){3}[0-9]{1,3})'%iface
ipconfig_process = subprocess.Popen("ifconfig", stdout=subprocess.PIPE)
else:
ipre = 'IPv4.*?(([0-9]{1,3}\.){3}[0-9]{1,3})'%iface
ipconfig_process = subprocess.Popen("ipconfig", stdout=subprocess.PIPE)
output = ipconfig_process.stdout.read()
ip_pattern = re.compile(ipre,re.S)
result=ip_pattern.search(output.decode('utf-8'))
if len(result.groups())==2:
return result.group(1)
def catcher(packet):
global result_dict
ip=packet.getlayer(IP).src
port=packet.getlayer(TCP).sport
if ip in result_dict:
result_dict[ip]['count']+=1
result_dict[ip]['ports'].append(port)
else:
result_dict[ip]={"count":1,"ports":[port]}
print("[+] IP %s | Port %s "%(ip,port))
def sniffer(iface,userIp,targetIpList):
print("[*] Get your ip %s in iface %s , Simple Sniffer starting ......."%(userIp,iface))
fs="".join(["src %s or "%stip for stip in targetIpList])
sniff(iface=iface, filter='tcp and dst %s and tcp[13:1] & 18==18 and (%s)'%(userIp,fs[:len(fs)-3]), prn=catcher)
if __name__ == '__main__':
port_dict={
19:'CG',
21:'FTP',
22:'SSH',
23:'TELNET',
25:'SMTP',
31:'MSG',
53:'DNS',
67:'BPS',
80:'HTTP',
110:'POP3',
443:'HTTPS',
1433:'Microsoft SQL Server',
1521:'Oracle DataBase',
1863:'MSN Message',
1883:'MQTT',
2181:'ZooKeeper',
3306:'Mysql Server',
3389:'Miscrosoft RDP',
4000:'Tencent QQ Client',
5000:'DB2',
6379:'Redis',
8000:'Tencent OICQ',
8080:'Http WWW Proxy',
8161:'Activemq Jetty Service',
11211:'Memcached',
27017:'MongoDB',
61616:'Activemq JMS'
}
result_dict={}
threads=[]
parser=argparse.ArgumentParser(description="PortScanner Via MultiThread , MultiProcess and Coroutine version you can find in the same repository .")
parser.add_argument('-i','--ip_list',dest='ip_list',required=True,type=str,help='Privider the IP list for scan , use "," to split each ip.')
parser.add_argument('-n','--net_iface',dest='net_iface',required=True,type=str,help='Privider the net work iface , i will get you ip.')
parser.add_argument('-r','--if_show',action='store_false',dest='if_show',default=True,help='Design if show the result after ports scan complete .')
parser.add_argument('-p','--if_print',action='store_false',dest='if_print',default=False,help='Design if print the result while scaning the open port')
args=parser.parse_args()
ip_list=args.ip_list.split(',')
if_show=args.if_show
if_print=args.if_print
iface = args.net_iface
userIP = get_ip_address(iface)
if userIP is None:
print('[!] Can not ge ip from iface : %s'%iface)
os._exit(1)
sniffer_thread=threading.Thread(target=sniffer,args=(iface,userIP,ip_list))
sniffer_thread.start()
time.sleep(0.2)
for ip in ip_list:
for port in range(1,65535):
t=threading.Thread(target=send_syn,args=(ip,port,))
threads.append(t)
t.start()
for t in threads:
t.join()
time.sleep(0.2)
if if_show:
for (key,value) in result_dict.items():
print("[+] IP : %s has %d opened port."%(key,value['count']))
for port in value['ports']:
print("-------> %5s | %s "%(port,port_service(port)))
os._exit(0)
我试过把scapy换掉,自己组报文用Raw Socket发,还是这么慢......
You need to know your complexity, len(ip_list) * len(port_list)
Then you can use
cProfile
to analyze your running bottleneck, whether it is waiting timeout, io switching, or thread scheduling problemBecause scanning seems to be an IO-intensive program, it may be limited by bandwidth, maximum number of file handles, thread switching, etc.
Possible solutions:
Switch asynchronous io, eliminating the impact of io switching time
Distributed tasks
The most important thing is to find the bottleneck of the program