'''
Python 區域網掃描存活主機開放埠 by 鄭瑞國
1、ping指定IP判斷主機是否存活
2、ping所有IP獲取所有存活主機
3、nmap掃描存活主機開放埠
#注: 若在Linux系統下 ping -n 改為 ping -c 
     若在windows系統下 ping -n 不變
'''
import nmap
import socket
import os
import threading
import time 
 
IPList = [] 
def ping_ip(ip):                                          #1、ping指定IP判斷主機是否存活
    output = os.popen('ping -n 1 %s'%ip).readlines()      #注：若在Linux系統下-n 改為 -c
    for w in output:
        if str(w).upper().find('TTL')>=0:
            IPList.append(ip)
 
def ping_net(ip):                                         #2、ping所有IP獲取所有存活主機
    pre_ip = (ip.split('.')[:-1])
    for i in range(1,256):
        add = ('.'.join(pre_ip)+'.'+str(i))
        threading._start_new_thread(ping_ip,(add,))
        time.sleep(0.01)
  
def nmapScan(ip):                                         #3、nmap掃描存活主機開放埠
    nmScan = nmap.PortScanner()
    x=nmScan.scan(ip)
    for port in range(1,65536):
        try:
            state = x['scan'][ip]['tcp'][int(port)]['state']
            if state != 'unknown':
                print(ip,port,state)
        except:
            pass

if __name__ == '__main__':
    ping_net(socket.gethostbyname(socket.gethostname()))
    for ip in IPList:
        nmapScan(ip)