使用python模块nmap,读取excel数据对多个ip端口探活扫描

我一个响指下去,每个人都要少一个睾丸。。。

扫描端口命令(个人电脑搭建服务器)(1)

1、工欲善其事必先利其器。安装python-nmap模块。

pip list #cmd或powershell下 查看已安装模块,至于pip命令环境变量,自己解决 pip install python-nmap

编写简单的nmap单端口跑一下看看效果。
'''如果安装了python-nmap模块还不能使用,那就自行安装nmap图形化界面,然后添加到环境变量里,这样就ok了,我的就是这样;'''import nmap   np = nmap.PortScanner()  a = np.scan(hosts='42.247.22.192',ports='80',arguments='-v -n -T4')print(a)
扫描端口命令(个人电脑搭建服务器)(2)扫描端口命令(个人电脑搭建服务器)(3)
  

	返回结果: (重要的地方我已标红,主要就是看返回端口状态和服务名)
{'nmap': {'command_line': 'nmap -oX - -p 80 -v -n -T4 42.247.22.192', 'scaninfo': {'tcp': {'method': 'syn', 'services': '80'}}, 'scanstats': {'timestr': 'Thu Jun 10 11:31:57 2021', 'elapsed': '1.72', 'uphosts': '1', 'downhosts': '0', 'totalhosts': '1'}}, 'scan': {'42.247.22.192': {'hostnames': [{'name': '', 'type': ''}], 'addresses': {'ipv4': '42.247.22.192'}, 'vendor': {}, 'status': {'state': 'up', 'reason': 'syn-ack'}, 'tcp': {80: {'state': 'open', 'reason': 'syn-ack', 'name': 'http','product': '', 'version': '', 'extrainfo': '', 'conf': '3', 'cpe': ''}}}}}
2、下面对得到的数据整理一下输出,让他看起来简洁一些
import nmap   np = nmap.PortScanner()  a = np.scan(hosts='42.247.22.192',ports='80',arguments='-v -n -T4')ip = '42.247.22.192'for i in a['scan'][ip]['tcp'].keys():    state = a['scan'][ip]['tcp'][i]['state']    name = a['scan'][ip]['tcp'][i]['name']     print(ip,i,state,name)
返回结果: 42.247.22.192 80 open http
扫描端口命令(个人电脑搭建服务器)(4)
  

	看着整洁多了。

  

	后面关于excel读取和线程的代码我直接贴了,今天事情多不细说了。。
3、使用python调用excel模块和线程模块,读取excel数据,对多条数据进行扫描。
import nmapimport threadingfrom openpyxl import load_workbookfrom xlwt import Workbookwk = Workbook(encoding='utf-8')wsheet = wk.add_sheet('Worksheet')co = {}ls = []def read_excel_file():    wb = load_workbook('test/diqu.xlsx')   #读取excel文件    # sheets = wb.get_sheet_names()    # print(sheets)    sheet = wb['暴露面资产全量']    # print(sheet)    m = sheet['G']      #读取excelG列,我的G列是 ip:port,例:1.1.1.1:80    for cell in m:            #这个for循环用于分割ip和端口,存到co字典        # print(cell.value)        mn = cell.value.split(':')        if mn[0] in co:            co[mn[0]].append(mn[1])         else:                 try:                    co[mn[0]] = [mn[1]]            except:                co[mn[0]] = []def thread(ip_port):       # 设置线程    thread_num = threading.Semaphore(20)     # 设置线程数    thread_list = []    for IP, port in ip_port.items():        # 创建线程        t = threading.Thread(target=nmap_ping_scan, args=(IP, port, thread_num,))        thread_list.append(t)        # print(t)    for t in thread_list:     # 开始线程        t.start()    for t in thread_list:    # 等待线程        t.join()    print('线程结束')def nmap_ping_scan(ip,port,thread_num):    #使用nmap扫描,结果存入ls列表    global ls    strport = ','.join(ports for ports in port)    thread_num.acquire()          # 线程锁    try:        nm = nmap.PortScanner()        global result        np = nm.scan(hosts=ip,ports=strport,arguments="-v -n -T4")        for i in np['scan'][ip]['tcp'].keys():            state = np['scan'][ip]['tcp'][i]['state']            name = np['scan'][ip]['tcp'][i]['name']            ls.extend([[ip,i,state,name]])            # print(ip,i,state)    except Exception as e:        # print(e)        pass    thread_num.release()def excel_write(ls):        #把ls列表的数据保存到新的excel中    try:        for u in range(len(ls)):            p = 0            for k in ls[u]:                wsheet.write(u,p,k)                p += 1                # print(u,p,k)    except:        passif __name__ == '__main__':    #程序启动    read_excel_file()    thread(co)    excel_write(ls)    # print(ls)    wk.save('ceshi.xls')    # nmap_dan_scan(co)    # print(ls)
#ok,上述就是全部代码了,上面是开了线程的,下面再加个单线程的方法吧#使用方法,把def thread 和 def nmap_ping_scan 注释掉# 再最后if里把 nmap_dan_scan(co) 注释解掉,上面俩个调用注释掉就行。def nmap_dan_scan(ip_port):    #单线程跑跑    for ip,port in ip_port.items():        strport = ','.join(ports for ports in port)        try:            nm = nmap.PortScanner()            np = nm.scan(hosts=ip,ports=strport,arguments="-v -n -T4")            for i in np['scan'][ip]['tcp'].keys():                state = np['scan'][ip]['tcp'][i]['state']                print(ip,i,state)        except:            pass   
扫描的结果大概就是这个样子。
扫描端口命令(个人电脑搭建服务器)(5)
  

	#注#如果不想使用脚本这么麻烦的话,建议使用masscan命令比较简洁,这个命令有时扫描会存在波动,大多情况下还是不错的;(我是在centos下运行的)

  

	写个平时用的栗子:masscan -p0-65535 -iL ip.txt –rate=2000 > masscan-scan.txt