Python调用nmap对内网端口批量扫描
2020-12-13 05:48
标签:limit adp basic readline return sts key int star Python调用nmap对内网端口批量扫描 标签:limit adp basic readline return sts key int star 原文地址:https://www.cnblogs.com/AtesetEnginner/p/11149190.html 1 # -*- encoding: utf-8 -*-
2 # !/usr/bin/env python
3
4 import os
5 import traceback
6 import sys
7 import datetime
8 import re
9 import json
10 import logging
11 from threading import Lock
12
13 from suds.client import Client
14 from suds.xsd.doctor import Import, ImportDoctor
15 from concurrent.futures import ThreadPoolExecutor, as_completed
16 import nmap
17 import random
18 import time
19
20 if not os.path.dirname(os.getcwd()) in sys.path:
21 sys.path.append(os.path.dirname(os.getcwd()))
22 from exp.exploit import exploit
23 from log.exceptionLog import exceptionLog
24 from log.scanLog import scanLog
25 from log.operationLog import operationLog
26 from func_timeout import func_set_timeout
27 from func_timeout.exceptions import FunctionTimedOut
28
29 FORMAT = ‘[%(asctime)-15s] [%(levelname)s] [%(filename)s %(levelno)s line] %(message)s‘
30 logger = logging.getLogger()
31 logging.basicConfig(format=FORMAT)
32 logger.setLevel(logging.INFO)
33
34 port_define = "1,3-4,6-7,9,13,17,19-26,30,32-33,37,42-43,49,53,70,79-85,88-90,99-100,106,109-111,113,119,125,135,139,143-144, 35 146,161,163,179,199,211-212,222,254-256,259,264,280,301,306,311,340,366,389,406-407,416-417,425,427,443-445,458, 36 464-465,481,497,500,512-515,524,541,543-545,548,554-555,563,587,593,616-617,625,631,636,646,648,666-668,683,687, 37 691,700,705,711,714,720,722,726,749,765,777,783,787,800-801,808,843,873,880,888,898,900-903,911-912,981,987,990, 38 992-993,995,999-1002,1007,1009-1011,1021-1100,1102,1104-1108,1110-1114,1117,1119,1121-1124,1126,1130-1132,1137-1138, 39 1141,1145,1147-1149,1151-1152,1154,1163-1166,1169,1174-1175,1183,1185-1187,1192,1198-1199,1201,1213,1216-1218, 40 1233-1234,1236,1244,1247-1248,1259,1271-1272,1277,1287,1296,1300-1301,1309-1311,1322,1328,1334,1352,1417, 41 1433-1434,1443,1455,1461,1494,1500-1501,1503,1521-1524,1533,1556,1580,1583,1594,1600,1641,1658,1666,1687-1688, 42 1700,1717-1721,1723,1755,1761,1782-1783,1801,1805,1812,1839-1840,1862-1864,1875,1900,1914,1935,1947,1971-1972, 43 1974,1984,1998-2010,2013,2020-2022,2030,2033-2035,2038,2040-2043,2045-2049,2065,2068,2099-2100,2103,2105-2107, 44 2111,2119,2121,2126,2135,2144,2160-2161,2170,2179,2190-2191,2196,2200,2222,2251,2260,2288,2301,2323,2366,2381-2383, 45 2393-2394,2399,2401,2492,2500,2522,2525,2557,2601-2602,2604-2605,2607-2608,2638,2701-2702,2710,2717-2718,2725, 46 2800,2809,2811,2869,2875,2909-2910,2920,2967-2968,2998,3000-3001,3003,3005-3007,3011,3013,3017,3030-3031,3050, 47 3052,3071,3077,3128,3168,3211,3221,3246,3260-3261,3268-3269,3283,3300-3301,3306,3322-3325,3333,3351,3367,3369-3372, 48 3388-3390,3404,3476,3493,3511,3517,3527,3546,3551,3580,3659,3689-3690,3703,3737,3766,3784,3800-3801,3809,3814, 49 3826-3828,3851,3869,3871,3878,3880,3889,3905,3914,3918,3920,3945,3971,3986,3995,3998,4000-4006,4045,4111, 50 4125-4126,4129,4224,4242,4279,4321,4343,4443-4446,4449,4550,4567,4662,4848,4899-4900,4998,5000-5004,5009, 51 5030,5033,5050-5051,5054,5060-5061,5080,5087,5100-5102,5120,5190,5200,5214,5221-5222,5225-5226,5269,5280, 52 5298,5357,5405,5414,5431-5432,5440,5500,5510,5544,5550,5555,5560,5566,5631,5633,5666,5678-5679,5718,5730, 53 5800-5802,5810-5811,5815,5822,5825,5850,5859,5862,5877,5900-5904,5906-5907,5910-5911,5915,5922,5925,5950,5952, 54 5959-5963,5984,5987-5989,5998-6007,6009,6025,6059,6100-6101,6106,6112,6123,6129,6156,6346,6379-6389,6443,6502,6510,6543,6547, 55 6565-6567,6580,6646,6666-6669,6689,6692,6699,6779,6788-6789,6792,6839,6881,6901,6969,7000-7002,7004,7007,7019, 56 7025,7070,7100,7103,7106,7200-7201,7402,7435,7443,7496,7512,7625,7627,7676,7741,7777-7778,7800,7911,7920-7921, 57 7937-7938,7999-8002,8007-8011,8021-8022,8031,8042,8045,8080-8090,8093,8099-8100,8180-8181,8192-8194,8200,8222,8235, 58 8254,8290-8292,8300-8333,8383,8400,8402,8443,8500,8600,8649,8651-8652,8654,8701,8800,8873,8888,8899,8994, 59 9000-9003,9009-9011,9040,9050,9071,9080-9081,9090-9091,9099-9103,9110-9111,9200-9202,9207,9220,9290,9300-9303,9415,9418,9485, 60 9500,9502-9503,9535,9575,9593-9595,9618,9666,9876-9878,9898,9900,9917,9943-9944,9968,9998-10004,10009-10010,10012, 61 10024-10025,10082,10180,10215,10243,10566,10616-10617,10621,10626,10628-10629,10778,11110-11111,11211,11967,12000,12174, 62 12265,12345,13456,13722,13782-13783,14000,14238,14441-14442,15000,15002-15004,15660,15742,16000-16001,16012,16016, 63 16018,16080,16113,16992-16993,17877,17988,18040,18101,18988,19101,19283,19315,19350,19780,19801,19842,20000,20005, 64 20031,20221-20222,20828,21571,22939,23502,24444,24800,25734-25735,26214,27000-27020,27352-27353,27355-27356,27715,28201, 65 30000,30718,30951,31038,31337,32768-32785,33354,33899,34571-34573,35500,38292,40193,40911,41511,42510,44176,44442-44443, 66 44501,45100,48080,49152-49161,49163,49165,49167,49175-49176,49400,49999-50003,50006,50300,50389,50500,50636,50800,51103, 67 51493,52673,52822,52848,52869,54045,54328,55055-55056,55555,55600,56737-56738,57294,57797,58080,60020,60443,61532,61900,62078,63331,64623,64680,65000,65129,65389"
68
69
70 class netScanner(object):
71 ‘Scan the given ips and ports‘
72
73 def __init__(self):
74 self.lock = Lock()
75 self.ports = ‘‘
76 self.args = ‘‘
77 self.exploitPoolSize = 240
78 self.exploitPool = ThreadPoolExecutor(self.exploitPoolSize)
79
80 def chunks(self, l, n):
81 """Yield successive n-sized chunks from l."""
82 for i in range(0, len(l), n):
83 yield l[i:i + n]
84
85 def doscan(self, ip, ports=None, args=None):
86 operationLog.write(ip + ‘ start scan‘)
87 if ports == None:
88 ports = self.ports
89 if args == None:
90 args = self.args
91 try:
92 nm = nmap.PortScanner()
93 nm.scan(ip, ports, args)
94 csv = nm.csv()
95 except Exception as e:
96 exstr = traceback.format_exc()
97 exceptionLog.write(‘Exception scan: ‘ + ip + ‘:‘ + ports + ‘ ‘ + args)
98 exceptionLog.write(exstr)
99 return ip + ‘ Exception: ‘ + str(e)
100 operationLog.write(ip + ‘ done scan‘)
101 return ip + ‘ done scan!‘
102
103 @func_set_timeout(480)
104 def exploit(self, contentLine):
105 attacker = exploit()
106 contentArray = contentLine.split(‘;‘)
107 ip = contentArray[0]
108 port = int(contentArray[4])
109 protocol_name = contentArray[5]
110 service_name = contentArray[7]
111 result = [[ip, False, ip + ‘:‘ + str(port), ‘v0‘, ‘No vulnerabilities found‘]]
112 if service_name == ‘‘:
113 service_name = ‘None‘
114 with self.lock:
115 operationLog.write(
116 ip + ‘:‘ + str(port) + ‘:‘ + protocol_name + ‘ with service name: ‘ + service_name + ‘ start exploit‘)
117 if contentArray[6] == ‘open‘:
118 print(‘exploiting + ‘ + ip + ‘ ‘ + str(port) + ‘ ‘ + protocol_name)
119 try:
120 result = attacker.exploitall(ip, port, protocol_name, service_name)
121 except UnicodeEncodeError as e:
122 exstr = traceback.format_exc()
123 exceptionLog.write(‘Exception exploit: ‘ + ip + ‘:‘ + str(port))
124 exceptionLog.write(str(e))
125 with self.lock:
126 operationLog.write(ip + ‘:‘ + str(port) + ‘:‘ + protocol_name + ‘ UnicodeEncodeError exploit‘)
127 return ip + ‘:‘ + str(port) + ‘ Exception exploit!‘
128 except Exception as e:
129 exstr = traceback.format_exc()
130 exceptionLog.write(‘Exception exploit: ‘ + ip + ‘:‘ + str(port))
131 exceptionLog.write(exstr)
132 with self.lock:
133 operationLog.write(ip + ‘:‘ + str(port) + ‘:‘ + protocol_name + ‘ Exception exploit‘)
134 return ip + ‘:‘ + str(port) + ‘ Exception exploit!‘
135 finally:
136 with self.lock:
137 scanLog.writeScanLog(result)
138
139
140 else:
141 result = [[ip, False, ip + ‘:‘ + str(port), ‘v0‘, ‘No vulnerabilities found‘]]
142 with self.lock:
143 scanLog.writeScanLog(result)
144 with self.lock:
145 operationLog.write(ip + ‘:‘ + str(port) + ‘:‘ + protocol_name + ‘ done exploit‘)
146 return ip + ‘:‘ + str(port) + ‘:‘ + protocol_name + ‘ done exploit!‘
147
148 def exploit_time_limit(self, contentLine):
149 contentArray = contentLine.split(‘;‘)
150 ip = contentArray[0]
151 port = int(contentArray[4])
152 protocol_name = contentArray[5]
153 service_name = contentArray[7]
154 result = [[ip, False, ip + ‘:‘ + str(port), ‘v0‘, ‘No vulnerabilities found‘]]
155 try:
156 return_str = self.exploit(contentLine)
157 except FunctionTimedOut as e:
158 with self.lock:
159 scanLog.writeScanLog(result)
160 operationLog.write(ip + ‘:‘ + str(port) + ‘:‘ + protocol_name + ‘ FunctionTimedOut exploit‘)
161 return ip + ‘:‘ + str(port) + ‘ FunctionTimedOut exploit!‘
162
163 return return_str
164
165 def get_ips_from_soc(self):
166
167 ip_set = []
168 f = open(‘IP2EXP.txt‘, ‘r‘)
169 result = list()
170 for line in f.readlines():
171 line = line.strip()
172 if not len(line) or line.startswith(‘#‘):
173 continue
174 result.append(line)
175 ip_set = set(result)
176 ip_set = list(ip_set)
177
178 ip_set = set(ip_set)
179
180 return ip_set
181
182 def get_ips_alive(self, ports=None):
183 nm = nmap.PortScanner()
184 if ports == None:
185 with open(‘Port.txt‘) as portFile:
186 ports = portFile.readline().strip(‘\n‘)
187 if ports == None:
188 return
189 self.ports = ports
190 input_file_name = " -iL IP2EXP.txt"
191 self.args = input_file_name + ‘ -P0 -T4 -n --host-timeout 180s --min-hostgroup 100 --min-parallelism 500‘
192 scinfo = nm.scan(arguments=self.args, ports=self.ports)
193 operationLog.write(‘nmap port scan done‘)
194 csv = nm.csv()
195 print(csv)
196 return csv
197
198 def main(self):
199 operationLog.write(‘scan started‘)
200 ip_set = self.get_ips_from_soc()
201 ip_set = list(ip_set)
202 # ip_set = ip_set[:-50]
203 ip_set = set(ip_set)
204 print(ip_set)
205 csv = self.get_ips_alive()
206 contents = csv.split(‘\r\n‘)
207 contents.remove(contents[0])
208 contents.pop()
209 contents = [line for line in contents if line.find(‘;open;‘) > -1]
210 alive_ip_list = [line.split(‘;‘)[0] for line in contents]
211 random.shuffle(contents)
212 with open(‘PORT_OPEN.txt‘, mode=‘w‘) as f:
213 for contentLine in contents:
214 f.write(contentLine + ‘\n‘)
215 alive_ip_set = set(alive_ip_list)
216 dead_ip_set = ip_set - alive_ip_set
217 dead_result = [[ip, False, ip + ‘:No_Port_Open‘, ‘v0‘, ‘No vulnerabilities found‘]
218 for ip in dead_ip_set]
219 with self.lock:
220 scanLog.writeScanLog(dead_result)
221 futures = []
222 result = []
223 result = self.exploitPool.map(self.exploit_time_limit, contents)
224 operationLog.write(‘start exploit‘)
225 self.exploitPool.shutdown()
226 # operationLog.write(len(result))
227 operationLog.write(‘scan finished‘)
228 return result
229
230 def test(self):
231 operationLog.write(‘test scan started‘)
232 ip_set = self.get_ips_from_soc()
233 ip_set = list(ip_set)
234 # ip_set = ip_set[:-50]
235 ip_set = set(ip_set)
236 print(ip_set)
237 csv = self.get_ips_alive()
238 contents = csv.split(‘\r\n‘)
239 contents.remove(contents[0])
240 contents.pop()
241 contents = [line for line in contents if line.find(‘;open;‘) > -1]
242 alive_ip_list = [line.split(‘;‘)[0] for line in contents]
243 random.shuffle(contents)
244 futures = []
245 result = []
246 with open(‘PORT_OPEN.txt‘, mode=‘w‘) as f:
247 for contentLine in contents:
248 f.write(contentLine + ‘\n‘)
249 alive_ip_set = set(alive_ip_list)
250 dead_ip_set = ip_set - alive_ip_set
251 dead_result = [[ip, False, ip + ‘:No_Port_Open‘, ‘v0‘, ‘No vulnerabilities found‘]
252 for ip in dead_ip_set]
253 with self.lock:
254 scanLog.writeScanLog(dead_result)
255 contents = list(self.chunks(contents, self.exploitPoolSize))
256 for tmp_ips in contents:
257 tmp_result = self.exploitPool.map(self.exploit_time_limit, tmp_ips)
258 operationLog.write(‘test start exploit‘)
259 self.exploitPool.shutdown()
260 operationLog.write(‘test shutdown‘)
261 result.extend(tmp_result)
262 operationLog.write(‘test stop exploit‘)
263 self.exploitPool = ThreadPoolExecutor(self.exploitPoolSize)
264 operationLog.write(‘test scan finished‘)
265 return result
266
267
268
269 def find_port_open(self, from_file=‘‘, to_file=‘‘, ips=[‘10.34.121.0/24‘], how=‘nmap‘,
270 port=‘21,22,23,25,445,139,3389,3306,1521,8081‘, include_file=‘finger_ip.txt‘, rate=100):
271 logger.info(‘%s%s ‘ % (how, port))
272 logger.info(‘=====‘ * 5)
273 scan_result = []
274 if how == ‘masscan‘:
275 mas = masscan_zte.PortScanner()
276 if from_file != ‘‘:
277 arg = ‘--rate %s --retries 0 --wait 10 -iL %s‘ % (rate, from_file)
278 else:
279 with open(include_file, ‘wt‘) as f:
280 f.writelines([ip + ‘\n‘ for ip in ips])
281 arg = ‘--rate %s --retries 0 --wait 10 -iL %s‘ % (rate, include_file)
282 scan_result = list(mas.scan(ports=port, arguments=arg)[‘scan‘].keys())
283 elif how == ‘nmap‘:
284 nm = nmap.PortScanner()
285 if from_file != ‘‘:
286 arg = ‘-P0 -sV -T4 -n --min-hostgroup 100 --min-rate %s --max-rate %s --randomize-hosts -iL %s‘ % (
287 rate, rate, from_file)
288 else:
289 with open(include_file, ‘wt‘) as f:
290 f.writelines([ip + ‘\n‘ for ip in ips])
291 arg = ‘-P0 -sV -T4 -n --min-hostgroup 100 --min-rate %s --max-rate %s --randomize-hosts -iL %s‘ % (
292 rate, rate, include_file)
293 nm.scan(ports=port, arguments=arg)
294 scan_list = nm.csv().split(‘\r\n‘)
295 header = scan_list.pop(0).split(‘;‘)
296 scan_list.pop()
297
298 logger.info(‘%s%s‘ % (len(scan_list), port))
299 logger.info(‘=====‘ * 8)
300 if to_file != ‘‘:
301 with open(to_file, ‘wt‘) as f:
302 f.writelines([ip + ‘\n‘ for ip in scan_list])
303 return scan_list
304
305 def exploit_multiple_ips(self, ips, ports):
306 operationLog.write(‘test scan started‘)
307 scan_list = self.find_port_open(ips=ips, port=ports)
308 futures = []
309 result = []
310 scan_list = [line for line in scan_list if line.find(‘;open;‘) > -1]
311 for contentLine in scan_list:
312 futures.append(self.exploitPool.submit(self.exploit, contentLine))
313
314 for x in as_completed(futures):
315 result.append(x.result())
316
317 operationLog.write(‘test scan finished‘)
318 return result
319
320
321 if __name__ == ‘__main__‘:
322
323 scanner = netScanner()
324 try:
325 #result = scanner.main()
326 result = scanner.test()
327 with open(‘scandone.txt‘, mode=‘w‘) as f:
328 for line in result:
329 f.write(line + ‘\n‘)
330 except Exception as e:
331 exstr = traceback.format_exc()
332 print(exstr)
333 exceptionLog.write(exstr)