Scapy 網段中ping掃描
阿新 • • 發佈:2018-11-24
安裝scapy
pip3 install scapy-python3
互動式ip包構造
#scapy >>> ping = sr(IP(dst='202.100.1.1')/ICMP()/b'welcome to qytang') >>> b = IP(dst='202.100.1.1')/ICMP()/b'welcome to qytang' >>> b.show() >>> ping = sr1(b) #send and receive 1個包 >>> ping.show() >>> ping.getlayer(ICMP).fields #提取ICMP的頭部,並把頭部欄位提取出來產生一個字典 >>> ping.getlayer(ICMP).fields['id'] #提取id欄位 #sr() 傳送三層資料包,等待接收一個或者多個數據包的響應 #sr(1) 傳送三層資料包,並僅僅只等待接收一個數據包的相應 #srp() 傳送二層資料包,並且等待響應 #send() 傳送三層資料包,系統會自動處理路由和二層資訊 #sendp() 傳送二層資料包
Scapy實現ping掃描
scapy_ping_one.py 實現一個ip地址的ping
import logging logging.getLogger("scapy.runtime").setLevel(logging.ERROR) from scapy.all import * from random import randint def scapy_ping_one(host): id_ip = randint(1,65535)#隨機產生IP_ID位 id_ping = randint(1,65535)#隨機產生Ping_ID位 seq_ping = randint(1,65535)#隨機產生Ping序列號位 #構造Ping資料包 packet = IP(dst = host,ttl = 64,id = id_ip)/ICMP(id = id_ping,seq = seq_ping)/b'Welcome to qytang' ping = sr1(packet,timeout = 2,verbose = False)#獲取相應資訊,超時為2秒,關閉詳細資訊 #ping.show() #被呼叫來掃描整個網段時候最好註釋起來,不然產生大量資訊 if ping:#如果又響應資訊 os._exit(3)#退出碼為3 if __name__ == '__main__': scapy_ping_one('172.17.168.1')
scapy_ping_scan.py 實現整個網段的ping掃描
import logging logging.getLogger("scapy.runtime").setLevel(logging.ERROR) import ipaddress import time import multiprocessing from scapy_ping_one import scapy_ping_one from scapy.all import * def scapy_ping_scan(network): net = ipaddress.ip_network(network) ip_processes = {} for ip in net: ip_addr = str(ip)#讀取網路中的每一個IP地址,注意需要str轉換為字串! ping_one = multiprocessing.Process(target = scapy_ping_one,args=(ip_addr)) ping_one.start() ip_processes[ip_addr] = ping_one#產生IP與程序對應的字典 ip_list = [] for ip,process in ip_processes.items(): if process.exitcode == 3: ip_list.append(ip) else: process.terminate() return sorted(ip_list) if __name__ == '__main__': import time t = time.time() active_ip = scapy_ping_scan(sys.argv[1]) print('活動IP地址如下:') for ip in active_ip: print(ip) t2 = time.time() print(t2 - t1)