端口扫描器

1.设置Python环境变量

右击此电脑==> 高级系统设置==> 高级==环境变量

新建变量

变量名字随意，变量值是python的安装目录

2.复制下面代码，保存并放到Python安装目录下

import optparse                                            
from socket import *
from threading import *

screenLock = Semaphore(value=1)
def connScan(tgtHost,tgtPort):
    try:
        connSkt = socket(AF_INET, SOCK_STREAM)
        connSkt.connect((tgtHost, tgtPort))
        connSkt.send('ViolentPython\r\n')
        results = connSkt.recv(100)
        screenLock.acquire()
        print '[+]%d/tcp open'% tgtPort
        print '[+] '+ str(results)
    except:
        screenLock.acquire()
        print '[-]%d/tcp closed'% tgtPort
    finally:
        screenLock.release()
        connSkt.close()
def portScan(tgtHost, tgtPorts):
    try:
        tgtIP = gethostbyname(tgtHost)
    except:
        print "[-] Cannot resolve '%s': Unknown host" %tgtHost
        return
    try:
        tgtName = gethostbyaddr(tgtIP)
        print '\n[+] Scan Results for:' +tgtName[0]
    except:
        print '\n[+] Scan Results for:' +tgtIP
    setdefaulttimeout(1)
    for tgtPort in tgtPorts:
         t = Thread(target=connScan,args=(tgtHost, int(tgtPort)))
         t.start()
def main():
    parser = optparse.OptionParser("usege %prog "+"-H <target host> -p <target port>")
    parser.add_option('-H', dest='tgtHost', type='string', help='specify target host')
    parser.add_option('-p', dest='tgtPort', type='string', help='specify target port[s] separated by comma')

    (options, args) = parser.parse_args()
    tgtHost = options.tgtHost
    print options.tgtPort

    tgtPorts = str(options.tgtPort).split(',')
    print tgtPorts
    if (tgtHost == None) | (tgtPorts[0] == None):
        print parser.usage
        exit(0)
    portScan(tgtHost,tgtPorts)
    
if __name__=='__main__':
       main()

可以看到下面我放到python的安装目录下并重命名为：端口扫描

3.开启Linux，安装vsftpd（21端口）并开启服务，关闭防火墙，查看ip（虚拟机要开启桥接模式）

为了更容易看懂，打开一个Linux虚拟机并开启21端口，然后使用脚本扫描21端口是否开启。

1）查看IP地址

[aaa@qq.com ~]# ifconfig ens33   
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.23  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::7992:920f:d01f:6485  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:a8:ad:3c  txqueuelen 1000  (Ethernet)
        RX packets 13301  bytes 14835141 (14.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4672  bytes 354057 (345.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
  //IP地址为192.168.0.23
[aaa@qq.com ~]# ping www.baidu.com
PING www.a.shifen.com (182.61.200.7) 56(84) bytes of data.
64 bytes from 182.61.200.7 (182.61.200.7): icmp_seq=1 ttl=52 time=18.3 ms
64 bytes from 182.61.200.7 (182.61.200.7): icmp_seq=2 ttl=52 time=15.7 ms
  //可以ping同外网
  //如果ping不通外网的话，那肯定是没有开启桥接模式

2）开启21端口

[aaa@qq.com ~]# yum -y install vsftpd
[aaa@qq.com ~]# systemctl start vsftpd
[aaa@qq.com ~]# netstat -anput |grep 21
tcp6       0      0 :::21                   :::*                    LISTEN      3700/vsftpd         

4.验证扫描端口

打开cmd，切换到python的安装目录下。
 

执行命令验证

-H是指定主机

-p指定端口

可以看到扫描到的21端口是开着的，80端口是没有开的