0x05抓取应用的banner
--推断服务
先扫描出开放的端口,然后我们向它发送一个数据并等待响应,根据收集到的响应,我们就能推断出目标主机和端口上运行的服务。
工具完整代码
#!/usr/bin/python
# -*- coding: utf-8 -*-
import optparse
from socket import *
from threading import *
screenLock = Semaphore(value=1)
#tcp全连接扫描 用socket去连接以此检测主机端口是否存活
#并抓取响应的banner
def connScan(tgtHost, tgtPort):
try:
connSkt = socket(AF_INET, SOCK_STREAM)
connSkt.connect((tgtHost, tgtPort))
connSkt.send('ViolentPython\r\n')
results = connSkt.recv(100)
screenLock.acquire()
print '[+] %d/tcp open' % tgtPort
print '[+] ' + str(results)
except:
screenLock.acquire()
print '[-] %d/tcp closed' % tgtPort
finally:
screenLock.release()
connSkt.close()
def portScan(tgtHost, tgtPorts):
try:
tgtIP = gethostbyname(tgtHost)
except:
print "[-] Cannot resolve '%s': Unknown host" %tgtHost
return
try:
tgtName = gethostbyaddr(tgtIP)
print '\n[+] Scan Results for: ' + tgtName[0]
except:
print '\n[+] Scan Results for: ' + tgtIP
#设置超时时间
setdefaulttimeout(1)
for tgtPort in tgtPorts:
t = Thread(target=connScan,args=(tgtHost,int(tgtPort)))
t.start()
def main():
#定义使用方法
parser = optparse.OptionParser('usage %prog '+\
'-H <target host> -p <target port>')
parser.add_option('-H', dest='tgtHost', type='string',\
help='specify target host')
parser.add_option('-p', dest='tgtPort', type='string',\
help='specify target port[s] separated by comma')
(options, args) = parser.parse_args()
tgtHost = options.tgtHost
tgtPorts = str(options.tgtPort).split(',')
if (tgtHost == None) | (tgtPorts[0] == None):
print parser.usage
exit(0)
portScan(tgtHost, tgtPorts)
if __name__ == '__main__':
main()