sys包半开端口扫描:
from scapy.layers.inet import IP, TCP from scapy.sendrecv import sr def tcp_scan(target_ip, start_port, end_sport): temp = sr(IP(dst=target_ip) / TCP(dport=(int(start_port), int(end_sport)), flags='S'), timeout=3, verbose=False ) # flag='S' 发送一个sys包,3秒,不打印版本信息 result = temp[0].res #结果封装在这个对象里面 #print(result) for i in range(len(result)): #结果取出来 if result[i][1].haslayer(TCP): tcp_pack = result[i][1].getlayer(TCP).fields if tcp_pack['flags']==18: print(target_ip+' '+str(tcp_pack['sport'])+' '+'Open') print(tcp_pack) if __name__ == '__main__': tcp_scan('47.96.38.46','1','65535') #nmap -sS ip 端口 半开扫描用nmap的命令
python信息收集-域名反查ip-识别cdn-端口扫描-子域名扫描
1 #域名反查ip
2 '''
3 import socket,os,time,sys
4 ip = socket.gethostbyname('www.baidu.com')
5 print(ip)
6 '''
7
8
9 #识别cdn 利用nslookup
10 #用py执行系统命令
11 '''
12 import os
13 #cdn_date=os.system('nslookup www.xiaodi8.com')
14 cdn_date = os.popen('nslookup www.baidu.com')
15 cdn_dates=cdn_date.read()
16 x=cdn_dates.count('.')
17 print(cdn_dates)
18 print(x)
19 if x> 10:
20 print("CDN存在")
21
22 else:
23 print("CND不存在")
24 '''
25
26 '''
27 #whois查询-模块库获取
28 def whois_check(url):
29 data=whois(url)
30 print(data)
31 '''
32 '''
33 #端口扫描
34 #1自己写socket协议tcp,udp扫描
35 #2调用系统工具,调用第三方模块
36 import socket
37 def port_check(url):
38 ip = socket.gethostbyname(url)
39 #ip="192.168.76.155"
40 #ports={'21','22','135','443','445','80','1433','3306',"3389",'1521','8000','7002','7001','8080',"9090",'8089',"4848}
41 server = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
42 #for port in ports:
43 try:
44 data=server.connect_ex((ip, 80))
45 if data==0:
46 print(ip+":"+str(80)+"|open")
47 else:
48 print(ip+":"+str(80)+"|close")
49 pass
50 except Exception as err:
51 print("error")
52
53 if __name__ == '__main__':
54 port_check('www.xiaodi8.com')
55
56 '''
57 #子域名查询
58 #1.利用字典记载爆破进行查询
59 #2.利用bing或第三方接口进行查询
60 '''
61 def zym_list_check(url):
62 url=url.replace("www.","")
63 for zym_list in open("dic.txt"):
64 zym_list=zym_list.replace("
","")
65 zym_list_url=zym_list+"."+url
66 try:
67 ip=socket.gethostbyname(zym_list_url)
68 print(zym_list_url+"->"+ip)
69 time.sleep(0.1)
70 except Exception as e:
71 print(zym_list_url+"->"+"error")
72 time.sleep(0.1)
73
74 '''
75 import nmap
76
77 def nmapscan():
78 nm = nmap.PortScanner()
79 try:
80 data=nm.scan(hosts='192.168.8.0/24', arguments='-T4 -F')
81 print(nm.all_hosts())
82 print(nm.csv())
83 print(data)
84 except Exception as err:
85 print("error")
86
87 if __name__ == '__main__':
88 nmapscan()
上面是我写的
下面是完整的项目参考:
import socket,os,time,sys from whois import whois #ip查询 def ip_check(url): ip=socket.gethostbyname(url) print(ip) #whois查询 def whois_check(url): data=whois(url) print(data) #CDN判断-利用返回IP条数进行判断 def cdn_check(url): ns="nslookup "+url #data=os.system(ns) #print(data) #结果无法读取操作 data=os.popen(ns,"r").read() if data.count(".")>8: print("存在CDN") else: print("不存在CDN") #子域名查询- #1.利用字典记载爆破进行查询 #2.利用bing或第三方接口进行查询 def zym_list_check(url): url=url.replace("www.","") for zym_list in open("dic.txt"): zym_list=zym_list.replace(" ","") zym_list_url=zym_list+"."+url try: ip=socket.gethostbyname(zym_list_url) print(zym_list_url+"->"+ip) time.sleep(0.1) except Exception as e: print(zym_list_url+"->"+"error") time.sleep(0.1) def zym_api_check(url): url=url.replace("www.", "") #端口扫描 #1.自写socket协议tcp,udp扫描 #2.调用第三方masscan,nmap等扫描 def port_check(url): ip = socket.gethostbyname(url) #ip="192.168.76.155" #ports={'21','22','135','443','445','80','1433','3306',"3389",'1521','8000','7002','7001','8080',"9090",'8089',"4848} server = socket.socket(socket.AF_INET,socket.SOCK_STREAM) #for port in ports: try: data=server.connect_ex((ip, 80)) if data==0: print(ip+":"+str(80)+"|open") else: print(ip+":"+str(80)+"|close") pass except Exception as err: print("error") #系统判断- #1.基于TTL值进行判断 #2.基于第三方脚本进行判断 def os_check(url): data = os.popen("nmap\nmap -O "+url, "r").read() print(data) if __name__ == '__main__': print("Test:python test.py www.xiaodi8.com all") url = sys.argv[1] check = sys.argv[2] #print(url +" "+ check) if check=="all": ip_check(url) whois_check(url) cdn_check(url) os_check(url) #port_check(url) zym_list_check(url) #zym_list_check("www.xueersi.com") #port_check("www.xiaodi8.com") #os_check("www.xiaodi8.com")