Nmap是一款网络扫描和主机检测的非常有用的工具。Nmap是不局限于仅仅收集信息和枚举,同时可以用来作为一个漏洞探测器或安全扫描器。它可以适用于winodws,linux,mac等操作系统。
python-nmap是一个帮助使用nmap端口扫描器的python库。它允许轻松操纵nmap扫描结果,并且将是一个完美的选择,为需要自动完成扫描任务的系统管理员提供的工具并报告。它也支持nmap脚本输出。
1. python nmap 安装
需要安装nmap软件和python_nmap第三方库。nmap的下载地址如下是https://nmap.org/download.html。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
| C:\>nmap --version Nmap version 7.70 ( https://nmap.org ) Platform: i686-pc-windows-windows Compiled with: nmap-liblua-5.3.3 openssl-1.0.2n nmap-libssh2-1.8.0 nmap-libz-1.2.8 nmap-libpcre-7.6 Npcap-0.99-r2 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: iocp poll select
C:\> pip install python_nmap Collecting python_nmap Downloading https://files.pythonhosted.org/packages/dc/f2/9e1a2953d4d824e183ac033e3d223055e40e695fa6db2cb3e94a864eaa84/python-nmap-0.6.1.tar.gz (41kB) 100% |████████████████████████████████| 51kB 118kB/s Installing collected packages: python-nmap Running setup.py install for python-nmap ... done Successfully installed python-nmap-0.6.1
C:\> python Python 3.6.5 (v3.6.5:f59c0932b4, Mar 28 2018, 17:00:18) [MSC v.1900 64 bit (AMD64)] on win32 Type "help", "copyright", "credits" or "license" for more information. >>> import nmap >>>
|
2. python nmap 的使用
2.1. 查看nmap版本
1 2 3 4
| >>> import nmap >>> n = nmap.PortScanner() >>> n.nmap_version() (7, 70)
|
2.2. 查看nmap命令
1 2 3
| >>> date = n.scan("117.185.17.151","1-1024","-sV") >>> n.command_line() 'nmap -oX - -p 1-1024 -sV 117.185.17.151'
|
2.3. scan 用法
1 2 3 4 5
| def scan(self, hosts: str = '127.0.0.1', #主机 ports: Any = None, #端口 arguments: str = '-sV', #扫描参数 sudo: bool = False) #是否用管理员身份扫描
|
2.4. 查看nmap扫描信息
1 2 3 4 5 6
| >>> n.scanstats() {'timestr': 'Wed Jan 02 12:46:46 2019', #开始时间 'elapsed': '24.80', #扫描时间 'uphosts': '1', #存活主机 'downhosts': '0', 'totalhosts': '1'}
|
2.5. 查看nmap扫描结果
1 2 3 4
| >>> n.csv() 'host;hostname;hostname_type;protocol;port;name;state;product;extrainfo;reason;version;conf;cpe\r\n 117.185.17.151;;;tcp;80;http;open;Apache httpd;;syn-ack;;10;cpe:/a:apache:http_server\r\n 117.185.17.151;;;tcp;443;http;open;Apache httpd;;syn-ack;;10;cpe:/a:apache:http_server\r\n'
|
列名 | 端口1 | 端口2 | 解释 |
---|
host | 117.185.17.151 | 117.185.17.151 | IP |
hostname | - | - | 主机名称 |
hostname_type | - | - | IP类型 |
protocol | tcp | tcp | 协议 |
port | 80 | 443 | 端口 |
name | http | http | 服务名称 |
state | open | open | 端口状态 |
product | Apache httpd | Apache httpd | 服务器类型 |
extrainfo | - | - | 其他信息 |
reason | syn-ack | syn-ack | 端口回复 |
version | - | - | 版本 |
conf | 10 | 10 | 配置 |
cpe | cpe:/a:apache:http_server | cpe:/a:apache:http_server | 消息头 |
2.6. 查看nmap扫描IP
1 2
| >>> n.all_hosts() ['117.185.17.151']
|
2.7. 查看对应IP相关信息
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
| #主机状态 >>> >>> n["117.185.17.151"].state() 'up'
#用什么协议发现的端口 >>> n["117.185.17.151"].all_protocols() ['tcp']
#tcp协议开放的端口 >>> n["117.185.17.151"]["tcp"].keys() dict_keys([80, 443])
#查看指定协议端口是否开放 >>> n["117.185.17.151"].has_tcp(80) True >>> n["117.185.17.151"].has_tcp(81) False
#查看指定端口协议的信息 >>> n["117.185.17.151"]["tcp"][80] {'state': 'open', 'reason': 'syn-ack', 'name': 'http', 'product': 'Apache httpd', 'version': '', 'extrainfo': '', 'conf': '10', 'cpe': 'cpe:/a:apache:http_server'} >>> n["117.185.17.151"].tcp(80) {'state': 'open', 'reason': 'syn-ack', 'name': 'http', 'product': 'Apache httpd', 'version': '', 'extrainfo': '', 'conf': '10', 'cpe': 'cpe:/a:apache:http_server'} >>> n["117.185.17.151"]["tcp"][80]["name"] 'http'
|
3. python namp 主机存活检测
1 2 3 4 5 6 7 8 9 10 11
| import nmap n = nmap.PortScanner() n.scan(hosts="192.168.1.1/29", arguments="-sP") for x in n.all_hosts(): print(x+":"+n[x]["status"]["state"])
192.168.1.1:up 192.168.1.2:up 192.168.1.4:up 192.168.1.5:up
|
4. python nmap 端口检测
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
| import nmap n = nmap.PortScanner() n.scan(hosts="192.168.1.1/30", arguments="-sV -p 1-1024") for x in n.all_hosts(): print("Host: " + x) print("State: " + n[x].state()) print("************************") for y in n[x].all_protocols(): print("Protocols: " + y) print("↓↓↓↓↓↓↓↓↓") for z in n[x][y].keys(): print("port: " + str(z) + " | name: " + n[x][y][z]["name"] + " | state: " + n[x][y][z]["state"]) print("---------------------------")
Host: 192.168.1.1 State: up ************************ Protocols: tcp ↓↓↓↓↓↓↓↓↓ port: 22 | name: ssh | state: filtered port: 80 | name: http | state: open port: 443 | name: http | state: open --------------------------- Host: 192.168.1.2 State: up ************************ Protocols: tcp ↓↓↓↓↓↓↓↓↓ port: 22 | name: ssh | state: filtered port: 53 | name: domain | state: open port: 514 | name: shell | state: filtered port: 873 | name: rsync | state: filtered ---------------------------
|
5.PortScannerYield的使用
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
| import nmap
n = nmap.PortScannerYield() for x in n.scan(hosts="192.168.0.1/24", arguments="-sP"): print(x[0])
C:\Python\python.exe C:/Code/Python/nmap/2.py 192.168.0.0 192.168.0.1 192.168.0.10 192.168.0.100 192.168.0.101 192.168.0.102 192.168.0.103 192.168.0.104 192.168.0.105 192.168.0.106 192.168.0.107 192.168.0.108 192.168.0.109 192.168.0.11 192.168.0.110 192.168.0.111 192.168.0.112 ......
|
所有评论(0)