标签:
#!/bin/env python # -*- coding: UTF-8 -*- # 必须以root权限运行 import socket import sys import time import random from struct import * # 计算校验和 def checksum(msg): s = 0 # 每次取2个字节 for i in range(0,len(msg),2): w = (ord(msg[i]) << 8) + (ord(msg[i+1])) s = s+w s = (s>>16) + (s & 0xffff) s = ~s & 0xffff return s def CreateSocket(source_ip,dest_ip): try: s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP) s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) except socket.error, msg: print ‘Socket create error: ‘,str(msg[0]),‘message: ‘,msg[1] sys.exit() # 设置手工提供IP头部 # s.setsockopt(socket.IPPROTO_TCP, socket.IP_HDRINCL, 1) return s # 创建IP头部 def CreateIpHeader(source_ip, dest_ip): packet = ‘‘ # ip 头部选项 headerlen = 5 version = 4 tos = 0 tot_len = 20 + 20 id = random.randrange(18000,65535,1) frag_off = 0 ttl = 255 protocol = socket.IPPROTO_TCP check = 10 saddr = socket.inet_aton ( source_ip ) daddr = socket.inet_aton ( dest_ip ) hl_version = (version << 4) + headerlen ip_header = pack(‘!BBHHHBBH4s4s‘, hl_version, tos, tot_len, id, frag_off, ttl, protocol, check, saddr, daddr) return ip_header # 创建TCP头部 def create_tcp_syn_header(source_ip, dest_ip, dest_port): # tcp 头部选项 source = random.randrange(32000,62000,1) # 随机化一个源端口 seq = 0 ack_seq = 0 doff = 5 # tcp flags fin = 0 syn = 1 rst = 0 psh = 0 ack = 0 urg = 0 window = socket.htons (8192) # 最大窗口大小 check = 0 urg_ptr = 0 offset_res = (doff << 4) + 0 tcp_flags = fin + (syn<<1) + (rst<<2) + (psh<<3) + (ack<<4) + (urg<<5) tcp_header = pack(‘!HHLLBBHHH‘, source, dest_port, seq, ack_seq, offset_res, tcp_flags, window, check, urg_ptr) # 伪头部选项 source_address = socket.inet_aton( source_ip ) dest_address = socket.inet_aton( dest_ip ) placeholder = 0 protocol = socket.IPPROTO_TCP tcp_length = len(tcp_header) psh = pack(‘!4s4sBBH‘, source_address, dest_address, placeholder, protocol, tcp_length); psh = psh + tcp_header; tcp_checksum = checksum(psh) # 重新打包TCP头部,并填充正确地校验和 tcp_header = pack(‘!HHLLBBHHH‘, source, dest_port, seq, ack_seq, offset_res, tcp_flags, window, tcp_checksum, urg_ptr) return tcp_header def range_scan(source_ip, dest_ip, start_port, end_port) : syn_ack_received = [] # 开放端口存储列表 for j in range (start_port, end_port) : s = CreateSocket(source_ip, dest_ip) ip_header = CreateIpHeader(source_ip, dest_ip) tcp_header = create_tcp_syn_header(source_ip, dest_ip,j) packet = ip_header + tcp_header s.sendto(packet, (dest_ip, 0)) print ‘s.sendto‘,dest_ip,start_port,end_port data = s.recvfrom(1024) [0][0:] ip_header_len = (ord(data[0]) & 0x0f) * 4 ip_header_ret = data[0: ip_header_len - 1] tcp_header_len = (ord(data[32]) & 0xf0)>>2 tcp_header_ret = data[ip_header_len:ip_header_len+tcp_header_len - 1] if ord(tcp_header_ret[13]) == 0x12: # SYN/ACK flags syn_ack_received.append(j) return syn_ack_received # 程序从这里开始: open_port_list = [] ipsource = ‘192.168.18.17‘ ipdest = ‘192.168.19.43‘ start = 20 stop = 100 step = (stop-start)/10 scan_ports = range(start, stop, step) if scan_ports[len(scan_ports)-1] < stop: scan_ports.append(stop) print ‘scan_ports.append‘,stop for i in range(len(scan_ports)-1): opl = range_scan(ipsource, ipdest, scan_ports[i], scan_ports[i+1]) open_port_list.append(opl) for i in range(len(open_port_list)): print ‘Process #: ‘,i,‘ Open ports: ‘,open_port_list[i] print ‘A list of all open ports found: ‘ for i in range(len(open_port_list)): for j in range(len(open_port_list[i])): print open_port_list[i][j],‘, ‘
标签:
原文地址:http://www.cnblogs.com/ryhan/p/5159704.html
