第8章：网络

1.列出网络上所有活跃的主机

1).使用Python判断主机是否活跃

import subprocess
import threading

def is_reacheable(ip):
    if subprocess.call(["ping", "-c", "10", ip]):
        print("{0} is alive".format(ip))
    else:
        print("{0} is unreacheable".format(ip))

def main():
    with open('ips.txt') as f:
        lines = f.readlines()
        threads = []
        for line in lines:
            thr = threading.Thread(target=is_reacheable, args=(line,))
            thr.start()
            threads.append(thr)

        for thr in threads:
            thr.join()

if __name__ == '__main__':
    main()

2).使用生产者消费者模型减少线程的数量

import subprocess
import threading
from Queue import Queue
from Queue import Empty

def call_ping(ip):
    if subprocess.call(["ping", "-c", "10", ip]):
        print("{0} is alive".format(ip))
    else:
        print("{0} is unreacheable".format(ip))

def is_reacheable(q):
    try:
        while True:
            ip = q.get_nowait()
            call_ping(ip)
    except Empty:
        pass

def main():
    q = Queue()
    with open('ips.txt') as f:
        for line in f:
            q.put(line)

        threads = []
        for i in range(10):
            thr = threading.Thread(target=is_reacheable, args=(q,))
            thr.start()
            threads.append(thr)

        for thr in threads:
            thr.join()

if __name__ == '__main__':
    main()

2.端口扫描

1).使用Python编写端口扫描器

使用简单的socket接口编写一个端口扫描器
from socket import *

def conn_scan(host, port):
    conn = socket(AF_INET, SOCK_STREAM)
    try:
        conn.connect((host, port))
        print(host, port, ' is available')
    except Exception as e:
        print(host, port, ' is not available')
    finally:
        conn.close()

def main():
    host = "192.168.147.135"
    for port in range(3000,4000):
        conn_scan(host, port)

if __name__ == '__main__':
    main()

使用telnet形式
import telnetlib

def conn_scan(host, port):
    t = telnetlib.Telnet()
    try:
        t.open(host, port, timeout=1)
        print(host, port, ' is available')
    except Exception as e:
        print(host, port, ' is not available')
    finally:
        t.close()

def main():
    host = "192.168.147.135"
    for port in range(3000,4000):
        conn_scan(host, port)

if __name__ == '__main__':
    main()

2).使用nmap扫描端口

主机发现：
nmap -sP 192.168.147.*
端口扫描：
nmap 192.168.147.135
版本侦测：
nmap -sV 192.168.147.135
操作系统检测:
nmap -sO 192.168.147.135

3).使用python-nmap进行端口扫描

Python-nmap是对nmap的Python封装
pip install python-nmap
import nmap
nm = nmap.PortScanner()
nm.scan('192.168.147.135','22-5000')

3.使用IPy进行IP地址管理

    IPy模块是一个处理IP地址的模块

    pip install ipy

4.使用dnspython解析DNS

    dnspython是Python实现的一个DNS工具集

    pip install dnspython

5.网络嗅探器Scapy

1).Scapy简介与安装

    Scapy是一个Python语言编写的工具，使用Scapy可以发送、嗅探、剖析和伪造网络数据报

    pip install scapy

2).Scapy的基本使用

ls()显示Scapy支持的所有协议
lsc()列出Scapy支持的所有命令
conf显示所有的配置信息
help(cmd)显示某一命令的使用帮助等