python調用nmap掃描區域網路存活主機和端口

文章目錄

python調用nmap掃描區域網路存活主機和端口
- 操作環境
- 運作代碼
- 關鍵代碼
- - 1. nm.scan(ip,port,args)
  - 2. 字典的解析
- 運作結果
- 參考文章

操作環境

python2

sudo apt install nmap

pip install nmap json

運作代碼

sudo python2 scan.py

代碼經過調試，使用root可直接運作

#!python2 
# scan.py must be sudo to run
import nmap
import json

nm = nmap.PortScanner()
iprange = raw_input("input ip range(eg:192.168.224.0/24)>")
port = raw_input("input target port(eg:8888)>")
if not port:
	port = 8888
if not iprange:
    iprange = "192.168.224.0/24"
print("scan ip range " + iprange)
a = nm.scan(iprange, str(port), '-sS -O')
a = a.get("scan")

target = 0
for key, value in a.items():
    if value.get("tcp").get(port).get("state") == "open":
        print "target ip maybe :" + key
        print "some information"
        print value
        target = target + 1

if target == 0:
    print "no target machine detectd...."

關鍵代碼

1. nm.scan(ip,port,args)

請查閱參考文檔一，有詳細的解釋

傳回的結果a形式如下：a是個字典

{'nmap': {'scanstats': {'uphosts': '4', 'timestr': 'Sat Jun 27 13:29:19 2020', 'downhosts': '252', 'totalhosts': '256', 'elapsed': '9.86'}, 'scaninfo': {'tcp': {'services': '8888', 'method': 'syn'}}, 'command_line': 'nmap -oX - -p 8888 -sS -O 192.168.224.0/24'}, 'scan': {'192.168.224.132': {'status': {'state': 'up', 'reason': 'localhost-response'}, 'uptime': {'seconds': '1999559', 'lastboot': 'Thu Jun  4 10:03:20 2020'}, 'vendor': {}, 'addresses': {'ipv4': '192.168.224.132'}, 'tcp': {8888: {'product': '', 'state': 'open', 'version': '', 'name': 'sun-answerbook', 'conf': '3', 'extrainfo': '', 'reason': 'syn-ack', 'cpe': ''}}, 'hostnames': [{'type': '', 'name': ''}], 'osmatch': [{'osclass': [{'osfamily': 'Linux', 'vendor': 'Linux', 'cpe': ['cpe:/o:linux:linux_kernel:2.6.32'], 'type': 'general purpose', 'osgen': '2.6.X', 'accuracy': '100'}], 'line': '50174', 'name': 'Linux 2.6.32', 'accuracy': '100'}], 'portused': [{'state': 'open', 'portid': '8888', 'proto': 'tcp'}, {'state': 'closed', 'portid': '34334', 'proto': 'udp'}]}, '192.168.224.1': {'status': {'state': 'up', 'reason': 'arp-response'}, 'vendor': {'00:50:56:C0:00:08': 'VMware'}, 'addresses': {'mac': '00:50:56:C0:00:08', 'ipv4': '192.168.224.1'}, 'tcp': {8888: {'product': '', 'state': 'filtered', 'version': '', 'name': 'sun-answerbook', 'conf': '3', 'extrainfo': '', 'reason': 'no-response', 'cpe': ''}}, 'hostnames': [{'type': '', 'name': ''}], 'osmatch': [], 'portused': []}, '192.168.224.2': {'status': {'state': 'up', 'reason': 'arp-response'}, 'vendor': {'00:50:56:E8:9C:1A': 'VMware'}, 'addresses': {'mac': '00:50:56:E8:9C:1A', 'ipv4': '192.168.224.2'}, 'tcp': {8888: {'product': '', 'state': 'closed', 'version': '', 'name': 'sun-answerbook', 'conf': '3', 'extrainfo': '', 'reason': 'reset', 'cpe': ''}}, 'hostnames': [{'type': '', 'name': ''}], 'osmatch': [{'osclass': [{'osfamily': 'embedded', 'vendor': 'Aethra', 'cpe': ['cpe:/h:aethra:starvoice_1042'], 'type': 'broadband router', 'osgen': None, 'accuracy': '91'}], 'line': '1615', 'name': 'Aethra Starvoice 1042 ADSL router', 'accuracy': '91'}, {'osclass': [{'osfamily': 'AOS', 'vendor': 'APC', 'cpe': ['cpe:/o:apc:aos:5'], 'type': 'power-device', 'osgen': '5.X', 'accuracy': '91'}], 'line': '2920', 'name': 'APC AOS 5', 'accuracy': '91'}, {'osclass': [{'osfamily': 'SuperDOS', 'vendor': 'Bluebird', 'cpe': ['cpe:/o:bluebird:superdos'], 'type': 'general purpose', 'osgen': None, 'accuracy': '91'}], 'line': '9384', 'name': 'Bluebird SuperDOS', 'accuracy': '91'}, {'osclass': [{'osfamily': 'embedded', 'vendor': 'Brother', 'cpe': ['cpe:/h:brother:nc-130h'], 'type': 'print server', 'osgen': None, 'accuracy': '91'}], 'line': '9587', 'name': 'Brother NC-130h print server', 'accuracy': '91'}, {'osclass': [{'osfamily': 'embedded', 'vendor': 'Brother', 'cpe': ['cpe:/h:brother:hl-1870n'], 'type': 'printer', 'osgen': None, 'accuracy': '91'}], 'line': '9767', 'name': 'Brother HL-1870N printer', 'accuracy': '91'}, {'osclass': [{'osfamily': 'embedded', 'vendor': 'Brother', 'cpe': ['cpe:/h:brother:hl-2070n', 'cpe:/h:brother:mfc-5460cn'], 'type': 'printer', 'osgen': None, 'accuracy': '91'}], 'line': '9786', 'name': 'Brother HL-2070N or MFC-5460CN printer', 'accuracy': '91'}, {'osclass': [{'osfamily': 'embedded', 'vendor': 'Brother', 'cpe': ['cpe:/h:brother:hl-2070n'], 'type': 'printer', 'osgen': None, 'accuracy': '91'}], 'line': '9805', 'name': 'Brother HL-2070N printer', 'accuracy': '91'}, {'osclass': [{'osfamily': 'embedded', 'vendor': 'Brother', 'cpe': ['cpe:/h:brother:hl-5070n'], 'type': 'printer', 'osgen': None, 'accuracy': '91'}], 'line': '10112', 'name': 'Brother HL-5070N printer', 'accuracy': '91'}, {'osclass': [{'osfamily': 'embedded', 'vendor': 'Brother', 'cpe': ['cpe:/h:brother:mfc-7820n'], 'type': 'printer', 'osgen': None, 'accuracy': '91'}], 'line': '10480', 'name': 'Brother MFC-7820N printer', 'accuracy': '91'}, {'osclass': [{'osfamily': 'embedded', 'vendor': 'Brother', 'cpe': ['cpe:/h:brother:mfc-9420cn'], 'type': 'printer', 'osgen': None, 'accuracy': '91'}], 'line': '10595', 'name': 'Brother MFC-9420CN printer', 'accuracy': '91'}], 'portused': [{'state': 'closed', 'portid': '8888', 'proto': 'tcp'}]}, '192.168.224.254': {'status': {'state': 'up', 'reason': 'arp-response'}, 'vendor': {'00:50:56:F5:F1:1D': 'VMware'}, 'addresses': {'mac': '00:50:56:F5:F1:1D', 'ipv4': '192.168.224.254'}, 'tcp': {8888: {'product': '', 'state': 'filtered', 'version': '', 'name': 'sun-answerbook', 'conf': '3', 'extrainfo': '', 'reason': 'no-response', 'cpe': ''}}, 'hostnames': [{'type': '', 'name': ''}], 'osmatch': [], 'portused': []}}}

2. 字典的解析

為了更好地測試，最好使用jupyter或控制台去單步執行，去使用dict的get方法去逐漸解析，防止錯誤

for key, value in a.items():
    if value.get("tcp").get(port).get("state") == "open":
        print "target ip maybe :" + key
        print "some information"
        print value
        target = target + 1

運作結果

[email protected]:~/Desktop/project$ sudo python scan.py
[sudo] password for zhao:
input ip range(eg:192.168.224.0/24)>
input target port(eg:8888)>
scan ip range 192.168.224.0/24
target ip maybe :192.168.224.132
some information
{'status': {'state': 'up', 'reason': 'localhost-response'}, 'uptime': {'seconds': '2001774', 'lastboot': 'Thu Jun  4 10:03:22 2020'}, 'vendor': {}, 'addresses': {'ipv4': '192.168.224.132'}, 'tcp': {8888: {'product': '', 'state': 'open', 'version': '', 'name': 'sun-answerbook', 'conf': '3', 'extrainfo': '', 'reason': 'syn-ack', 'cpe': ''}}, 'hostnames': [{'type': '', 'name': ''}], 'osmatch': [{'osclass': [{'osfamily': 'Linux', 'vendor': 'Linux', 'cpe': ['cpe:/o:linux:linux_kernel:2.6.32'], 'type': 'general purpose', 'osgen': '2.6.X', 'accuracy': '100'}], 'line': '50174', 'name': 'Linux 2.6.32', 'accuracy': '100'}], 'portused': [{'state': 'open', 'portid': '8888', 'proto': 'tcp'}, {'state': 'closed', 'portid': '30317', 'proto': 'udp'}]}

參考文章

Python中python-nmap子產品的使用
nmap指令掃描存活主機

python調用nmap掃描區域網路存活主機和端口python調用nmap掃描區域網路存活主機和端口

python調用nmap掃描區域網路存活主機和端口

文章目錄

操作環境

運作代碼

關鍵代碼

1. nm.scan(ip,port,args)

2. 字典的解析

運作結果

參考文章

繼續閱讀

Nmap基本技能方法(一)一、Nmap基礎二、活躍主機探測總結

3，nmap，NSE腳本格式和編寫

Nmap相關介紹及使用一、Nmap介紹二、Nmap基本用法三、基本用法舉例四、Nmap進階用法

nmap參數詳情前提正題常用組合

端口掃描：masscan+nmapjava+masscan+nmap

端口掃描之Nmap（二）

Nmap端口掃描工具

Python之滲透測試筆記（二）——python-nmap子產品python-nmap 子產品

《Four .1》Kali Linux之資訊收集（Nmap）

弱密碼檢測、端口掃描

滲透測試工具之Nmap的使用

nmap繞過防火牆

（網絡安全）主動資訊收集服務掃描

affair，scandal，anecdote有什麼差別？

（網絡安全）nmap可實作的功能以及使用方法1X01：主機掃描1X02：掃描技巧1X04：服務和版本探測1X05：腳本掃描1X06：作業系統探測

記一次GoldenEye靶場滲透測試過程一、資訊收集二、漏洞探測三、漏洞利用四、提權