因此,介紹另一個工具“Hping”給各位參考
hping 官方網頁:
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
該工具好處,可以自定封包大小,測試次數...等,
例如:
要測試10.0.0.1 的 80 port是否開啟?
指令: sudo hping3 -S -c 1 10.0.0.1 -p 80
下面自己寫了一個Ruby的多線程版本
Scan.rb
#!/usr/bin/ruby
require 'target_gen.rb'
ip=gets()
scan_result=[]
threads = []
t=Time.now
xx=t.strftime("%Y%m%d-%H%M%S.txt")
myfile=File.new(xx, "w")
start_time=Time.new
my_hscan=Target_gen.new(ip,[23,25,80,110,143,443,1433,3306,3389,5800,5900,8080])
my_hscan.gethosts
my_hscan.getports
my_hscan.targets
(my_hscan.targets.size).times{|i|
threads << Thread.new(i) { |j|
scan_result[i] = `#{my_hscan.targets[i]}`
}
}
threads.each { |aThread| aThread.join }
print"==============================================================\n"
print"== Hping Scan Report ==\n"
print"== Written by james Lai Ver 0.12 ==\n"
print"==============================================================\n"
print "Targets: "+ip.chomp+".1/24\n"
puts "Targets_number: "+my_hscan.gethosts.length.to_s()
puts "Targets_ports: "+my_hscan.getports.length.to_s()
puts "Times:"+my_hscan.targets.length.to_s()
print"==============================================================\n"
myfile.puts("==============================================================\n")
myfile.puts("========================= Scan Report ===================\n")
myfile.puts("==============================================================\n")
myfile.puts( "Targets: "+ip.chomp+".1/24\n")
myfile.puts( "Targets_number: "+my_hscan.gethosts.length.to_s())
myfile.puts("Targets_ports: "+my_hscan.getports.length.to_s())
myfile.puts( "Times:"+my_hscan.targets.length.to_s())
myfile.puts("==============================================================\n")
(scan_result.size).times{|i|
if (scan_result[i].match("flags=SA") != nil) and(scan_result[i].match("id=0") == nil)
result=(scan_result[i].gsub("DF","")
ss=result.split(" ")
result = ss[13]+" "+ss[14]+" "+ss[15]+" "+ss[16]+" "+ss[17]+" "+ss[18]+" "+ss[19]
myfile.puts(result.to_s())
end
}
print"==============================================================\n"
puts "Start: "+ start_time.to_s()
stop_time=Time.now
puts "Stop : "+ stop_time.to_s()
puts "Scantime: "+(stop_time-start_time).to_s()+"sec"
print"==============================================================\n"
myfile.puts("==============================================================\n")
myfile.puts("Start: "+ start_time.to_s())
myfile.puts( "Stop : "+ stop_time.to_s())
myfile.puts( "Scantime: "+(stop_time-start_time).to_s()+"sec")
myfile.puts("==============================================================\n")
myfile.close
target_gen.rb
class Target_gen
def initialize(hosts, ports)
@a_hosts = hosts
@a_ports = ports
@scan_ip=[]
@scan_str=[]
end
def getports
@a_ports.each_index{|i|
j = rand(i+1)
@a_ports[i], @a_ports[j] = @a_ports [j] , @a_ports [i]
}
return @a_ports
end
def gethosts
@scan_ip = (1..255).to_a
@scan_ip.each_index{|i|
j = rand(i+1)
@scan_ip[i], @scan_ip[j] = @scan_ip [j] , @scan_ip [i]
}
(@scan_ip.size).times{|i|
@scan_ip[i] = @a_hosts.chomp+"."+@scan_ip[i].to_s()
}
return @scan_ip
end
def targets
nums=0
(@a_ports.size).times{|i|
(@scan_ip.size).times{|j|
@scan_str[nums] = "sudo hping3 -S -c 1 "+@scan_ip[j].to_s()+" -p "+@a_ports[i].to_s()
nums=nums+1
}
}
return @scan_str
end
end
沒有留言:
張貼留言