python - TCP 扫描器 Python 多线程

Question

我正在尝试为网络掩码构建一个小型 tcp 扫描器。

代码如下:

import socket,sys,re,struct
from socket import *


host = sys.argv[1]

def RunScanner(host):
    s = socket(AF_INET, SOCK_STREAM)
    s.connect((host,80))
    s.settimeout(0.1)  
    String = "GET / HTTP/1.0"
    s.send(String)
    data = s.recv(1024)
    if data:
       print "host: %s have port 80 open"%(host)

Slash = re.search("/", str(host))

if Slash :
   netR,_,Wholemask = host.partition('/')
   Wholemask = int(Wholemask)
   netR = struct.unpack("!L",inet_aton(netR))[0]
   for host in (inet_ntoa(struct.pack("!L", netR+n)) for n in range(0, 1<<32-Wholemask)):
      try:
         print "Doing host",host
         RunScanner(host)
      except:
         pass
else:
   RunScanner(host)

启动:python script.py 10.50.23.0/24

我遇到的问题是，即使设置了一个荒谬的低 settimeout 值，也需要很长时间才能覆盖 255 个 IP 地址，因为其中大部分都没有分配给机器。

如果端口关闭多线程，我怎样才能做一个更快的扫描器，不会卡住？

谢谢!

Answer 1

你可以试试我过去用线程做的事情。使用您的输入更改它应该非常容易:

import socket
from multiprocessing import Pool
from multiprocessing.dummy import Pool as ThreadPool 

def scan(d):
    s = socket.socket()
    s.settimeout(0.1)
    port = 80  # port number is a number, not string
    try:
        address = '192.168.0.' + str(d)
        s.connect((address, port)) 
    except Exception as e: 
        print("something's wrong with %s:%d. Exception is %s" % (address, port, e))
    finally:
        s.close()

pool = ThreadPool() 

d = range(1, 255)
pool.map(scan, d)

pool.close()
pool.join()