批量端口扫描和服务版本探测shell脚本- 集成nmap

caocao1年前教程204

在线wifi跑包 金刚包跑包 cap跑包 hccapx ewsa在线 就来 曹操wifi

各位好 又见面了 我是曹操 今天给大家带来一篇新的教程

希望各位细心学习 低调用网

#!/bin/bash
##welcome to use my sciprt       
echo "The scirpt by qq1798996632,welocme to visit me."
trap "echo 'STOP ERROR'" SIGINT
trap "echo 'Bye~'" EXIT
NULL=/dev/null
PV_URL='http://ftp.br.debian.org/debian/pool/main/p/pv/pv_1.6.0-1+b1_amd64.deb'
PV_i3URL='http://ftp.br.debian.org/debian/pool/main/p/pv/pv_1.6.0-1+b1_i386.deb'
PV_URL_C='http://dl.fedoraproject.org/pub/epel/6/x86_64/Packages/p/pv-1.1.4-3.el6.x86_64.rpm'
PV_i3URL_C='http://dl.fedoraproject.org/pub/epel/6/i386/Packages/p/pv-1.1.4-3.el6.i686.rpm'
RELEASE=$(cat /etc/issue|awk '{print $1}'|sed -ne '1p')
ARCH=$(uname -a|awk -F '[.| ]+' '{print $9}')
[ $RELEASE = 'CentOS' ] && CENTOS_PV=$(rpm -eq pv >& $NULL && echo $?)
[ $RELEASE = 'Kali' ] && KALI_PV=$(dpkg -s pv >& $NULL && echo $?)
[ $RELEASE != 'CentOS' -a $RELEASE != 'Kali' ] && echo "Your system don't support the scirpt" && exit 1
[ $RELEASE != 'CentOS' -a $RELEASE != 'Kali' ] && exit 1
[ $RELEASE = 'CentOS' ] && INSTALL="sudo yum install -y" || ([ $RELEASE = 'Kali' -o $RELEASE = 'Debian' ] && INSTALL="sudo apt-get install -y")
function FILTER()   ##filter the scan result 
{
  sleep 2
  cat result|sed -ne '/Nmap scan/,+3p'|grep -vE "host down|Nmap done|Read data|Raw pa"|grep "Nmap scan"|awk '{print $5}' > ipv4 
  cat result|sed -ne '/Nmap scan/,+3p'|grep -vE "host down|Nmap done|Read data|Raw pa"|grep '[[:digit:]]/' >portv4 
  for i in ipv4  port statu service version;do touch $i;done && awk '{print $1}' portv4 > port && awk '{print $2}' portv4 > statu && \
  awk '{print $3}' portv4 > service && awk '{print $4" "$5}' portv4 >version 
  paste ipv4  port statu service version|sed '1 itest'|awk -F \
     '[ ]+' 'NR==1 {printf "%-16s%-8s%-8s%-8s%-12s","IP","PORT","STATUS","SERVICE","VERSION\n"} \
     NR>=2 {printf "s%-8s%-9s%-12s%-12s\n",$1,$2,$3,$4,$5}'|awk '{printf "%-20s%-12s%-14s%-14s%-12s\n",$1,$2,$3,$4,$5}'\
     |sort -n|tee $(date "+%F-%H:%M").RESULT && echo && echo -e "[Scan Finished!]" && echo \
     "Successfully scanned $(expr $(cat $(ls -rt|tail -1)|wc -l) - 1) targets" && \
      RESULT=$(ls -rlt *.RESULT|awk '{print $9}'|sed -ne '$p'); echo && echo "Scan result saved to ==> '$(pwd)/$RESULT'" && echo 
}
function DOS2UNIX()  ##check and install dos2unix
{
    WIN_LIN=$(head -1 $2|cat -A); LAST=${WIN_LIN:0-3}  ##检查文件是否是Windows文件格式
    if [ "$LAST" = '^M$' ];then 
       if [ "$RELEASE" = 'CentOS' -o $RELEASE = 'RedHat' ]; then 
        rpm -eq dos2unix >& $NULL
         CONFIRM=$(echo $?)
       elif [ "$RELEASE" == 'Kali' -o "$RELEASE" == 'Debian' ]; then
            dpkg -s dos2unix >& $NULL && CONFIRM=$(echo $?)
       fi
              if [ "$CONFIRM" = '0' ];then
               dos2unix $2 >& $NULL
              elif [[ "$CONFIRM" != '0' ]];then 
                    $INSTALL dos2unix >& $NULL && INSTALL_CONFIRM=`echo $?`      #install dos2unix
                   if [ "$INSTALL_CONFIRM" == '0' ];then 
                        dos2unix $2 >& $NULL
                   else  echo "Sorry,your file is windows file,and I can't convert it to unix file,error reason:install 'dos2unix' false,you can \
                            manual installation it then run the scirpt" && exit 1
                    fi 
              fi
    fi
}
function INSTALL_CHECK()  ##check and install pv
{
if [ $CENTOS_PV != 0 ];then
 [ $RELEASE = 'CentOS' -a $ARCH = 'x86_64' ] && { wget -q $PV_URL_C >& $NULL; sudo rpm -ih $(basename $PV_URL_C) >& $NULL &&\
 rm -f `basename $PV_URL_C` || echo 'install pv error' && exit 1 ;}
 [ $RELEASE = 'CentOS' -a $ARCH = 'i386' ] && { wget -q $PV_i3URL_C >& $NULL; sudo rpm -ih $(basename $PV_i3URL_C) >& $NULL &&\
 rm -f `basename $PV_i3URL_C`|| echo 'install pv error' && exit 1 ;}
fi
if [ "$KALI_PV" != '0' ];then
 [ $RELEASE = 'Kali' -a $ARCH = 'x86_64' ] && { wget -q $PV_URL >& $NULL; sudo dpkg -i `basename $PV_URL` >& $NULL &&\
 rm -f `basename $PV_URL` || echo 'install pv error' && exit 1 ; }
 [ $RELEASE = 'Kali' -a $ARCH = 'i386' ] && { wget -q $PV_i3URL >& $NULL; sudo dpkg -i `basename $PV_i3URL` >& $NULL &&\
 rm -f `basename $PV_i3URL` || echo "install pv error" && exit 1; }
fi
 }
function DISTORY()   ##finished filter data and destroy the generated file
{
 shred -f -u -z result ipv4 portv4 port statu service version >$NULL 2>&1   
}
#######################main############################
#INSTALL_CHECK  ###安装pv和检查pv是否安装成功,如不需要实时同步可以注释掉
[ -e "result" ] && cat $NULL > result || touch result 
while [ -n '$1' ]
do 
case  "$1" in 
  -f) 
    if [ -f $2 ];then
       DOS2UNIX && echo -n "Scanning..."     
        while read line
        do 
          IP=$(echo $line|sed -ne 's/\([[:digit:]]\{1,3\}.*\):[[:alnum:]].*$/\1/gp') 
          PORT=$(echo $line|sed -ne 's@^.*:\([[:digit:]].\)@\1@gp') 
          (nmap -sV -p $PORT -n -Pn $IP >> result 2>&1) &
        done < $2
           judgment=$(jobs -l|wc -l)     ##monitoring background process...
           sleep 2 && echo -ne '##### (33%)\r'
          # sleep 2 |pv && echo -ne '##### (33%)\r'  ##使用pv执行实时同步,如不使用实时同步,则去掉|pv       
           while [ $judgment != '1' ];do
             #sleep 3|pv &&  judgment=$(jobs -l|wc -l)
             sleep 3 && judgment=$(jobs -l|wc -l)
              if [ $judgment = '1' ];then
                echo -ne '######################### (66%)\r' && 
                sleep 3 && echo -ne '######################################## (100%)\r' && echo -ne '\n' && FILTER  &&  break
              fi  
           done && DISTORY
    elif [ -d $2 ];then
         echo "scan: $2 is a drecrory"
    else
         echo "scan: $2:No such file or directory"
    fi;; 
  "-h") echo '-f [file] '
        echo '          file format: ipv4adress1:port1'
        echo '                       ipv4adress2:port2';;
  *)
     echo "Usage:" 
     echo "       scan [-f file]"
     echo '                      file format: ipv4adress1:port1'
     echo '                                   ipv4adress2:port2'
     echo "       scan [-h]"
     exit 1;;
  esac
break
done
exit 0

这个脚本的目的完全是为了检测网站安全性,希望大家别拿去做坏事哈~主要用于批量扫描目标端口开放情况与探测服务版本等,速度上也做了很大程度的优化,靠后台进程来实现多线程扫描。缺点:当目标大于300个的时候,会出现后台进程一直处于等待状态,扫描结果也会漏掉30-60个左右。所以你可以分批扫描,使用crontab定时批量切换文件扫描,如果你觉得有更好的方式去实现与改进可以随时与我联系。以下是脚本源代码: 

wget 'https://www.linux-code.com/wp-content/uploads/2018/05/test.sh'
bash test.sh -f file

127.0.0.1:80
192.168.1.1:23
45.32.117.7:443

你可以点击这里下载或者通过wget下载到系统。那么怎么去执行该脚本,以及文件格式是什么呢?你只需要:

注意file(文件可以任意指定)的格式必须是ipaddress:port形式,比如:

以下是运行截图:

运行截图

可以看到,扫描17个目标端口和服务版本耗时18.89秒,速度惊人,同时扫描结果保存到了时间格式的.RESULT文件中。

注意:本脚本可能存在一定Bug,或者您觉得还有可以优化的地方,都可以联系我: ```

返回列表

上一篇:苹果macbookair安装win11-小白装机教程图解_飞外

下一篇:Kali Linux Web渗透测试视频教程技术

相关文章

全新 Kali Linux 系统安装指南

全新 Kali Linux 系统安装指南

导读 Kali Linux系统是一款在安全测试方面非常出色的Linux发行版。它预装了许多安全工具软件,可在大多数Linux发行版中安装。Offensive Security团队在Kali系统的开发过...

cdlinux miniwdep 配置无线网卡

cdlinux miniwdep 配置无线网卡

回答1:虚拟机CDlinux没有发现内置网卡的问题可能有以下几个原因: 虚拟机网络设置错误:在虚拟机软件中,可能没有正确配置网络设置,使得虚拟机无法识别和使用内置网卡。你可以检查虚拟机的网络设置,确...

如何在线破解握手包?

如何在线破解握手包?

在线wifi跑包 金刚包跑包 cap跑包 hccapx ewsa在线 就来 曹操wifi 各位好 又见面了 我是曹操 今天给大家带来一篇新的教程 希望各位细心学习 低调用网 如何在线破解握手包 随着...

破解Wif密码最简单的步骤,仅需三步

破解Wif密码最简单的步骤,仅需三步

在线wifi跑包 金刚包跑包 cap跑包 hccapx ewsa在线 就来 曹操wifi 各位好 又见面了 我是曹操 今天给大家带来一篇新的教程 希望各位细心学习 低调用网 写在前面,此教程为自娱自...

CopyRight@哈希极客

Powered By Z-BlogPHP. Theme by TOYEAN.