web-dev-qa-db-ja.com

高速ポートスキャナーを作る

だから私はPythonでポートスキャナーを作っています...

import socket
ip = "External IP"
s = socket.socket(2, 1) #socket.AF_INET, socket.SOCK_STREAM

def porttry(ip, port):
    try:
        s.connect((ip, port))
        return True
    except:
        return None

for port in range(0, 10000):
    value = porttry(ip, port)
    if value == None:
        print("Port not opened on %d" % port)
    else:
        print("Port opened on %d" % port)
        break
raw_input()

しかし、これは遅すぎるので、何も返さない期間があると、どういうわけかコードをどれほど近づけたり、壊したりできるようにしたいです。

7
Shane

ソケットタイムアウトの設定に加えて、マルチスレッド化手法を適用してプロセスをターボブーストすることもできます。スキャンするポートがN個ある場合、せいぜいN倍高速です。

# This script runs on Python 3
import socket, threading


def TCP_connect(ip, port_number, delay, output):
    TCPsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    TCPsock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    TCPsock.settimeout(delay)
    try:
        TCPsock.connect((ip, port_number))
        output[port_number] = 'Listening'
    except:
        output[port_number] = ''



def scan_ports(Host_ip, delay):

    threads = []        # To run TCP_connect concurrently
    output = {}         # For printing purposes

    # Spawning threads to scan ports
    for i in range(10000):
        t = threading.Thread(target=TCP_connect, args=(Host_ip, i, delay, output))
        threads.append(t)

    # Starting threads
    for i in range(10000):
        threads[i].start()

    # Locking the main thread until all threads complete
    for i in range(10000):
        threads[i].join()

    # Printing listening ports from small to large
    for i in range(10000):
        if output[i] == 'Listening':
            print(str(i) + ': ' + output[i])



def main():
    Host_ip = input("Enter Host IP: ")
    delay = int(input("How many seconds the socket is going to wait until timeout: "))   
    scan_ports(Host_ip, delay)

if __name__ == "__main__":
    main()
17
Billy T

socket.setdefaulttimeout(timeout)を使用して、forループの代わりにタイムアウトを設定することを検討してください。

4
Dataman

これは少し速いはずです。

#-*-coding:utf8;-*-
#qpy:3
#qpy:console

import socket
import os

# This is used to set a default timeout on socket
# objects.
DEFAULT_TIMEOUT = 0.5

# This is used for checking if a call to socket.connect_ex
# was successful.
SUCCESS = 0

def check_port(*Host_port, timeout=DEFAULT_TIMEOUT):
    ''' Try to connect to a specified Host on a specified port.
    If the connection takes longer then the TIMEOUT we set we assume
    the Host is down. If the connection is a success we can safely assume
    the Host is up and listing on port x. If the connection fails for any
    other reason we assume the Host is down and the port is closed.'''

    # Create and configure the socket.
    sock = socket.socket()
    sock.settimeout(timeout)

    # the SO_REUSEADDR flag tells the kernel to reuse a local 
    # socket in TIME_WAIT state, without waiting for its natural
    # timeout to expire.
    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

    # Like connect(address), but return an error indicator instead
    # of raising an exception for errors returned by the C-level connect() 
    # call (other problems, such as “Host not found,” can still raise exceptions). 
    # The error indicator is 0 if the operation succeeded, otherwise the value of 
    # the errnovariable. This is useful to support, for example, asynchronous connects.
    connected = sock.connect_ex(Host_port) is SUCCESS

    # Mark the socket closed. 
    # The underlying system resource (e.g. a file descriptor)
    # is also closed when all file objects from makefile() are closed.
    # Once that happens, all future operations on the socket object will fail. 
    # The remote end will receive no more data (after queued data is flushed).
    sock.close()

    # return True if port is open or False if port is closed.
    return connected


con = check_port('www.google.com', 83)
print(con)
1
Ricky Wilson

これはすばやく簡単なポートスキャナーで、180秒で100000個のポートをスキャンします。

import threading
import socket

target = 'pythonprogramming.net'
#ip = socket.gethostbyname(target)

def portscan(port):

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.settimeout(0.5)# 

    try:
        con = s.connect((target,port))

        print('Port :',port,"is open.")

        con.close()
    except: 
        pass
r = 1 
for x in range(1,100): 

    t = threading.Thread(target=portscan,kwargs={'port':r}) 

    r += 1     
    t.start() 
1
Gysi Rrjolli

socket.setdefualttimeout(時間)

特定の時間ポートとの接続を試行し続けるために使用されます...リクエストを送信し、タイムアウトが2秒に設定されている場合、2秒の間ポートとの接続を試行します...それから応答がない場合2秒でポートが....それはデッドポートとしてカウントされます

0
Nisarg

socket.setdefaulttimeout(0.5)これにより、プログラムが速くなります!

0

私はこの1つのスニペットがあなたを助けることができると思います: http://www.coderholic.com/python-port-scanner/

0
Lukasz Ciesluk

次のポートスキャナーには、必要に応じて変更できるいくつかの定数が上部に定義されています。

  • 目的-コマンドラインのヘルプメッセージ
  • PORTS-スキャンするポートの範囲
  • POOL_SIZE-スキャンするプロセスの数
  • TIMEOUT-サーバー接続を待機する時間

これを要件に応じて自由に調整してください。たぶんいくつかのコマンドライン引数を追加しますか?

#! /usr/bin/env python3
import argparse
import collections
import itertools
import multiprocessing
import operator
import socket

PURPOSE = 'Scan for open ports on a computer.'
PORTS = range(1 << 16)
POOL_SIZE = 1 << 8
TIMEOUT = 0.01


def main():
    """Get computer to scan, connect with process pool, and show open ports."""
    parser = argparse.ArgumentParser(description=PURPOSE)
    parser.add_argument('Host', type=str, help='computer you want to scan')
    Host = parser.parse_args().Host
    with multiprocessing.Pool(POOL_SIZE, socket.setdefaulttimeout, [TIMEOUT]) \
            as pool:
        results = pool.imap_unordered(test, ((Host, port) for port in PORTS))
        servers = filter(operator.itemgetter(0), results)
        numbers = map(operator.itemgetter(1), servers)
        ordered = sorted(numbers)
    print(f'Ports open on {Host}:', *format_ports(ordered), sep='\n    ')


field_names = 'family', 'socket_type', 'protocol', 'Canon_name', 'address'
AddressInfo = collections.namedtuple('AddressInfo', field_names)
del field_names


def test(address):
    """Try connecting to the server and return whether or not it succeeded."""
    Host, port = address
    for info in itertools.starmap(AddressInfo, socket.getaddrinfo(Host, port)):
        try:
            probe = socket.socket(info.family, info.socket_type, info.protocol)
        except OSError:
            pass
        else:
            try:
                probe.connect(info.address)
            except OSError:
                pass
            else:
                probe.shutdown(socket.SHUT_RDWR)
                return True, port
            finally:
                probe.close()
    return False, port


def format_ports(ports):
    """Convert port numbers into strings and show all associated services."""
    if ports:
        for port in ports:
            try:
                service = socket.getservbyport(port)
            except OSError:
                service = '?'
            yield f'{port:<5} = {service}'
    else:
        yield 'None'


if __name__ == '__main__':
    main()
0
Noctis Skytower

Threading.Threadおよびthreading.Conditionを使用して、ポートチェックを同期し、新しいスレッドを生成できます。

スクリプトの使用例:

python port_scan.py google.com 70 90
Checking 70 - 80
Checking 80 - 84
Checking 84 - 90
Found active port 80
Checking 90 - 91
Checking 91 - 94
All threads started ...

port_scan.py

# import pdb
import socket, threading
from traceback import print_exc


class AllThreadsStarted(Exception): pass


class IPv4PortScanner(object):
    def __init__(self, domain, timeout=2.0, port_range=(1024, 65535), threadcount=10):
        self.domain               = domain
        self.timeout              = timeout
        self.port_range           = port_range
        self.threadcount          = threadcount
        self._lock                = threading.Lock()
        self._condition           = threading.Condition(self._lock)
        self._ports_active        = []
        self._ports_being_checked = []

        self._next_port = self.port_range[0]

    def check_port_(self, port):
        "If connects then port is active"
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
        sock.settimeout(self.timeout)
        try:
            sock.connect((self.domain, port))
            with self._lock:
                self._ports_active.append(port)
            print ("Found active port {}".format(port))
            sock.close()
        except socket.timeout, ex:
            return
        except:
            print_exc()
            # pdb.set_trace()

    def check_port(self, port):
        "updates self._ports_being_checked list on exit of this method"
        try:
            self.check_port_(port)
        finally:
            self._condition.acquire()
            self._ports_being_checked.remove(port)
            self._condition.notifyAll()
            self._condition.release()

    def start_another_thread(self):
        if self._next_port > self.port_range[1]:
            raise AllThreadsStarted()
        port             = self._next_port
        self._next_port += 1
        t = threading.Thread(target=self.check_port, args=(port,))
        # update books
        with self._lock:
            self._ports_being_checked.append(port)
        t.start()

    def run(self):
        try:
            while True:
                self._condition.acquire()
                while len(self._ports_being_checked) >= self.threadcount:
                    # we wait for some threads to complete the task
                    self._condition.wait()
                slots_available = self.threadcount - len(self._ports_being_checked)
                self._condition.release()
                print ("Checking {} - {}".format(self._next_port, self._next_port+slots_available))
                for i in xrange(slots_available):
                    self.start_another_thread()
        except AllThreadsStarted, ex:
            print ("All threads started ...")
        except:
            print_exc()


if __name__ == "__main__":
    import sys
    domain  = sys.argv[1]
    port_s  = int(sys.argv[2])
    port_e  = int(sys.argv[3])
    scanner = IPv4PortScanner(domain=domain, port_range=(port_s, port_e))
    scanner.run()
0
Alex