【原创源码】综合扫描器lsascan_v1 python版

LSA · 发表于 2017-3-15 15:20

最近用Python写了个菜鸟级别的综合扫描器（lsascan_v1），有端口扫描，mac扫描，存活主机扫描，v1版bug比较多，先发出来作为阶段性的总结，v2版本会修复一些bug和完善功能，大家有好的建议欢迎联系我。（建议在linux下使用，不仅效率高，而且方便，windows下scapy库很难搞，如果你能搞定，也可以用windows运行）
更新日志：
20170315: lsascan_v1。功能：
（1）多线程主机端口扫描（支持ip和主机名）
（2）mac地址扫描（仅支持/24）
(3)多线程存活主机扫描（ping,默认未开启，若需要开启请去掉注释）

先放部分功能效果图：

lsascan2

lsascan3

代码打包：

lsascan_v1.rar (2.04 KB, 下载次数: 44)

lsascan_v1:

[Python] 纯文本查看 复制代码

#!/usr/bin/python
#coding:utf-8
#Author:LSA
#Description:comprehensive scanner lsascan_v1
#Date:20170315

import sys,thread,time,platform,os,datetime
import optparse

from socket import *
import threading

from scapy.all import srp,Ether,ARP,conf

screenLock = threading.Semaphore(value=1)

global p
p = -1


def tcp_scan(target_ip,port):
    try:
        sock = socket(AF_INET,SOCK_STREAM)
        sock.settimeout(1)
        sock.connect((target_ip,port))
        screenLock.acquire()
        print port
    except:
        screenLock.acquire()
    finally:
        screenLock.release()
        sock.close()

def connScan(tgtHost, port):

    try:
        
        connSkt = socket(AF_INET, SOCK_STREAM)
        connSkt.settimeout(1)
        connSkt.connect((tgtHost, port))
        screenLock.acquire()
            
        #connSkt.send('onlytest\r\n')
        #results = connSkt.recv(100)
            
        print '[+] %d/tcp open' % port
        #print '[+] ' + str(results)
              
    except:
        screenLock.acquire()
        
    finally:
        
        screenLock.release()
        connSkt.close()
        
   
class sniff(threading.Thread):
    def __init__(self,target_ip):
        threading.Thread.__init__(self)
        self.target_ip = target_ip

    def run(self):
        global mutex,portBegin,portEnd
        while True:
            mutex.acquire()
            portBegin += 1
            if portBegin > portEnd:
                mutex.release()
                break
            mutex.release()
            tcp_scan(self.target_ip,portBegin)
            

def portscan(tgtHost, ports):

    setdefaulttimeout(1)
    global p

    portnums = len(ports)
    while True:
        
        screenLock.acquire()
        p = p + 1
        if p >= portnums:
            screenLock.release()
            break
        screenLock.release()
        connScan(tgtHost,int(ports[p]))
        
        
        
      

def get_os():
    os = platform.system()
    if os == "Windows":
        return "n"
    else:
        return "c"

def ping_ip(ip_str):
    cmd = ["ping", "-{op}".format(op=get_os()),
           "1", ip_str]
    output = os.popen(" ".join(cmd)).readlines() 
    flag = False
    for line in list(output):
        if not line:
            continue
        if str(line).upper().find("TTL") >=0:
            flag = True
            break
    if flag:
        activeiplist.append(ip_str)

def find_ip(ip_prefix):
    for i in range(1,256):
        ip = '%s.%s'%(ip_prefix,i)
        thread.start_new_thread(ping_ip, (ip,))
        time.sleep(0.3)


if __name__=='__main__':
    global mutex,portBegin,portEnd,portslist,activeiplist
    portslist = []
    threadlist = []
    activeiplist = []
    
    parser = optparse.OptionParser('usage %prog '+\
      '-H <target host> -p <target port[s]> [-n] [<target network>]')
    parser.add_option('-H', dest='tgtHost', type='string',\
      help='specify target host')
    parser.add_option('-p', dest='port', type='string',\
      help='specify port range or separate port[s]',metavar='1-100[1,2,3]')
    parser.add_option('-n', dest='net', type='string',\
      help='specify target network',metavar='192.168.0')
    parser.add_option('-t', dest='threads', type='int',\
      help='specify thread nums,default 10',metavar='20',default=10)
    
    (options, args) = parser.parse_args()
    port = options.port
    tgthost = options.tgtHost
    threads = options.threads

    
    
    

    if (port) and (tgthost):

        try:
            tgtip = gethostbyname(tgthost)
        except:
            print "[-] Cannot resolve '%s': Unknown host" %tgthost
            sys.exit(1)

        try:
            tgtName = gethostbyaddr(tgtip)
            print '\n[+] Scan Results for: ' + tgtName[0]
        except:
            print '\n[+] Scan Results for: ' + tgtip

        if ',' not in port and '-' not in port:   #only one port
            ports = port.split('AAAAAAAAAAAAAAA')
            portscan(tgthost,ports)
            
        else:
            
            ports = port.split(',')   #ports---list
            if len(ports)==1:   #port list
                global mutex, portBegin, portEnd
            
                ports = ports[0].split('-')
                portBegin = int(ports[0]) - 1
                portEnd = int(ports[1])
                mutex = threading.Lock()
                start = time.clock()
                for th in range(threads):
                    thread = sniff(tgthost)
                    thread.start()
                    threadlist.append(thread)
                for t in threadlist:
                    t.join()
                end = time.clock()
                print end - start
                
            
            else:   #port set
                start = time.clock()
                for thread in range(threads):
                    t = threading.Thread(target=portscan,args=(tgthost,ports))
                    t.start()
                    threadlist.append(t)
                for thr in threadlist:
                    thr.join()
                end = time.clock()
                print end - start

            
            
        
    if options.net:   #must use root

        scanlan = options.net
        print "start time %s"%time.ctime()
        print "scanning %s.1-255:\n"%scanlan
    print "--------------"
        starttime = datetime.datetime.now()
        #find_ip(scanlan)
        macscan = '%s.1/24' %scanlan
        try:
            ans,unans = srp(Ether(dst="FF:FF:FF:FF:FF:FF")/ARP(pdst=macscan),timeout=5,verbose=False)
        except Exception,e:
            print str(e)
        else:
        for snd,rcv in ans:
                    list_mac = rcv.sprintf("%Ether.src% - %ARP.psrc%")
                    print list_mac
    #for activeip in activeiplist:
    #   print activeip
        endtime = datetime.datetime.now()
    print "---------------"
        print "end time %s"%time.ctime()
        print "total use %s s"%(endtime - starttime).total_seconds()

LSA · 发表于 2017-3-15 15:38

ForGot_227 发表于 2017-3-15 15:31
使用方法是不是跟常用扫描器相同？

这是命令行版本，-h显示帮助信息

LSA · 发表于 2017-3-15 17:59

老和尚发表于 2017-3-15 16:02
@LSA 楼主大表哥您好！能不能出一个类似御剑的脚本！顺便能实现自动代{过}{滤}理检测与更换、自定义扫描路 ...

我会考虑你的建议，不知你说的御剑脚本是那个后台扫描还是游戏辅助，后台扫描v2版可能会加上，游戏辅助在lsascan这里就不搞了，v2版本会新增一些功能，敬请期待，多谢支持！

yuxing818 · 发表于 2017-3-15 15:23

虽然看不懂还是谢谢楼主的分享精神呵呵

当红灬依赖 · 发表于 2017-3-15 15:27

这个看起来不错的样子

ForGot_227 · 发表于 2017-3-15 15:31

使用方法是不是跟常用扫描器相同？

grayhat · 发表于 2017-3-15 15:39

看看编的扫描器咋样

那人那山那狗 · 发表于 2017-3-15 15:54

虽然看不懂

老和尚 · 发表于 2017-3-15 16:02

@LSA 楼主大表哥您好！能不能出一个类似御剑的脚本！顺便能实现自动代{过}{滤}理检测与更换、自定义扫描路径等等功能呢！

redwater · 发表于 2017-3-15 16:13

虽然看不懂还是谢谢楼主的分享精神呵呵{:1_912:}

帐号		自动登录	找回密码
密码			注册[Register]

[Python 原创] 【原创源码】综合扫描器lsascan_v1 python版

免费评分

个人中心