Nmap是一款网络扫描和主机检测的非常有用的工具。Nmap是不局限于仅仅收集信息和枚举,同时可以用来作为一个漏洞探测器或安全扫描器。它可以适用于winodws,linux,mac等操作系统。
python-nmap是一个帮助使用nmap端口扫描器的python库。它允许轻松操纵nmap扫描结果,并且将是一个完美的选择,为需要自动完成扫描任务的系统管理员提供的工具并报告。它也支持nmap脚本输出。
1. python nmap 安装
需要安装nmap软件和python_nmap第三方库。nmap的下载地址如下是https://nmap.org/download.html。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| C:\>nmap --version
Nmap version 7.70 ( https://nmap.org )
Platform: i686-pc-windows-windows
Compiled with: nmap-liblua-5.3.3 openssl-1.0.2n nmap-libssh2-1.8.0 nmap-libz-1.2.8 nmap-libpcre-7.6 Npcap-0.99-r2 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: iocp poll select
C:\> pip install python_nmap
Collecting python_nmap
Downloading https://files.pythonhosted.org/packages/dc/f2/9e1a2953d4d824e183ac033e3d223055e40e695fa6db2cb3e94a864eaa84/python-nmap-0.6.1.tar.gz (41kB)
100% |████████████████████████████████| 51kB 118kB/s
Installing collected packages: python-nmap
Running setup.py install for python-nmap ... done
Successfully installed python-nmap-0.6.1
C:\> python
Python 3.6.5 (v3.6.5:f59c0932b4, Mar 28 2018, 17:00:18) [MSC v.1900 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import nmap
>>>
|
2. python nmap 的使用
2.1. 查看nmap版本
1
2
3
4
| >>> import nmap
>>> n = nmap.PortScanner()
>>> n.nmap_version()
(7, 70)
|
2.2. 查看nmap命令
1
2
3
| >>> date = n.scan("117.185.17.151","1-1024","-sV")
>>> n.command_line()
'nmap -oX - -p 1-1024 -sV 117.185.17.151'
|
2.3. scan 用法
1
2
3
4
5
| def scan(self,
hosts: str = '127.0.0.1', #主机
ports: Any = None, #端口
arguments: str = '-sV', #扫描参数
sudo: bool = False) #是否用管理员身份扫描
|
2.4. 查看nmap扫描信息
1
2
3
4
5
6
| >>> n.scanstats()
{'timestr': 'Wed Jan 02 12:46:46 2019', #开始时间
'elapsed': '24.80', #扫描时间
'uphosts': '1', #存活主机
'downhosts': '0',
'totalhosts': '1'}
|
2.5. 查看nmap扫描结果
1
2
3
4
| >>> n.csv()
'host;hostname;hostname_type;protocol;port;name;state;product;extrainfo;reason;version;conf;cpe\r\n
117.185.17.151;;;tcp;80;http;open;Apache httpd;;syn-ack;;10;cpe:/a:apache:http_server\r\n
117.185.17.151;;;tcp;443;http;open;Apache httpd;;syn-ack;;10;cpe:/a:apache:http_server\r\n'
|
| 列名 | 端口1 | 端口2 | 解释 |
|---|
| host | 117.185.17.151 | 117.185.17.151 | IP |
| hostname | - | - | 主机名称 |
| hostname_type | - | - | IP类型 |
| protocol | tcp | tcp | 协议 |
| port | 80 | 443 | 端口 |
| name | http | http | 服务名称 |
| state | open | open | 端口状态 |
| product | Apache httpd | Apache httpd | 服务器类型 |
| extrainfo | - | - | 其他信息 |
| reason | syn-ack | syn-ack | 端口回复 |
| version | - | - | 版本 |
| conf | 10 | 10 | 配置 |
| cpe | cpe:/a:apache:http_server | cpe:/a:apache:http_server | 消息头 |
2.6. 查看nmap扫描IP
1
2
| >>> n.all_hosts()
['117.185.17.151']
|
2.7. 查看对应IP相关信息
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| #主机状态
>>> >>> n["117.185.17.151"].state()
'up'
#用什么协议发现的端口
>>> n["117.185.17.151"].all_protocols()
['tcp']
#tcp协议开放的端口
>>> n["117.185.17.151"]["tcp"].keys()
dict_keys([80, 443])
#查看指定协议端口是否开放
>>> n["117.185.17.151"].has_tcp(80)
True
>>> n["117.185.17.151"].has_tcp(81)
False
#查看指定端口协议的信息
>>> n["117.185.17.151"]["tcp"][80]
{'state': 'open', 'reason': 'syn-ack', 'name': 'http', 'product': 'Apache httpd', 'version': '', 'extrainfo': '', 'conf': '10', 'cpe': 'cpe:/a:apache:http_server'}
>>> n["117.185.17.151"].tcp(80)
{'state': 'open', 'reason': 'syn-ack', 'name': 'http', 'product': 'Apache httpd', 'version': '', 'extrainfo': '', 'conf': '10', 'cpe': 'cpe:/a:apache:http_server'}
>>> n["117.185.17.151"]["tcp"][80]["name"]
'http'
|
3. python namp 主机存活检测
1
2
3
4
5
6
7
8
9
10
11
| import nmap
n = nmap.PortScanner()
n.scan(hosts="192.168.1.1/29", arguments="-sP")
for x in n.all_hosts():
print(x+":"+n[x]["status"]["state"])
192.168.1.1:up
192.168.1.2:up
192.168.1.4:up
192.168.1.5:up
|
4. python nmap 端口检测
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
| import nmap
n = nmap.PortScanner()
n.scan(hosts="192.168.1.1/30", arguments="-sV -p 1-1024")
for x in n.all_hosts():
print("Host: " + x)
print("State: " + n[x].state())
print("************************")
for y in n[x].all_protocols():
print("Protocols: " + y)
print("↓↓↓↓↓↓↓↓↓")
for z in n[x][y].keys():
print("port: " + str(z) + " | name: " + n[x][y][z]["name"] + " | state: " + n[x][y][z]["state"])
print("---------------------------")
Host: 192.168.1.1
State: up
************************
Protocols: tcp
↓↓↓↓↓↓↓↓↓
port: 22 | name: ssh | state: filtered
port: 80 | name: http | state: open
port: 443 | name: http | state: open
---------------------------
Host: 192.168.1.2
State: up
************************
Protocols: tcp
↓↓↓↓↓↓↓↓↓
port: 22 | name: ssh | state: filtered
port: 53 | name: domain | state: open
port: 514 | name: shell | state: filtered
port: 873 | name: rsync | state: filtered
---------------------------
|
5.PortScannerYield的使用
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
| import nmap
n = nmap.PortScannerYield()
for x in n.scan(hosts="192.168.0.1/24", arguments="-sP"):
print(x[0])
C:\Python\python.exe C:/Code/Python/nmap/2.py
192.168.0.0
192.168.0.1
192.168.0.10
192.168.0.100
192.168.0.101
192.168.0.102
192.168.0.103
192.168.0.104
192.168.0.105
192.168.0.106
192.168.0.107
192.168.0.108
192.168.0.109
192.168.0.11
192.168.0.110
192.168.0.111
192.168.0.112
......
|
已为社区贡献5条内容
所有评论(0)