A third-party module for python, python-nmap, implements efficient port scanning.
1. Preparation
yum -y install nmap #Install the nmap tool pip install python-nmap==0.4.0 #python2.7 environment Use pip to install third-party modules of version 0.4.0
2. Description of common methods of modules
Here we mainly accept two common classes of the python-nmap module, one is the PortScanner() class, which implements the port scanning function encapsulation of an nmap tool; the other is the PortScannerHostDict() class, which stores and accesses the host scan results.
1. Common methods of PortScanner() class
1-1. The scan() method
scan(self, hosts='127.0.0.1', ports=None, arguments='-sV') method, realizes the scan of the specified host, port, and namp command line parameters. The parameter hosts is a string type, indicating the scanned host address. The format can be represented by "scanme.nmap.org", "192.116.0-255.1-127", "216.163.128.20/20"; the parameter ports is a string type, Indicates the port to be scanned, which can be represented by "22, 53, 110, 143-4564"; the parameter namp command line parameter, the format is "-sU -sX -sC", for example:
nm = nmap.PortScanner() nm.scan('192.168.209.121-122', '22,80')
1-2, command_line() method
command_line(self) method, the returned scan method is mapped to the specific nmap command line, such as:
>>> nm.command_line() u'nmap -oX - -p 22,80 -sV 192.168.209.121-122'
1-3, scaninfo() method
scaninfo(self) method, returns nmap scan information, the format is dictionary type, such as:
>>>nm.scanninfo() {'tcp':{'services':'22,80', 'method':'syn'}}
1-4. The all_hosts() method
The all_hosts(self) method returns the list of hosts scanned by nmap in the form of a list type, for example:
['192.168.209.121', '192.168.209.122']
2. Common methods of PortScannerHostDict() class
2-1. The hostname() method
The hostname(self) method returns the hostname of the scanned object, such as:
>>> nm['192.168.209.121'].hostname() 'liuyazhuang'
2-2. The state() method
The state(self) method returns the state of the scanned object, including 4 states (up, down, unknown, skipped), such as:
>>> nm['192.168.209.121'].state() 'up'
2-3. The all_protocols() method
The all_protocols(self) method returns the scanned protocol, such as:
>>> nm['192.168.209.121'].all_protocols() ['tcp']
2-4. The all_tcp() method
The all_tcp(self) method returns the port scanned by the TCP protocol, such as:
>>> nm['192.168.209.121'].all_tcp() [22,80]
2-5. The tcp() method
The tcp(self, port) method returns the information of the scanned TCP protocol port (port), such as:
>>> nm['192.168.209.121'].tcp(22) {'state':'open', 'reason':'syn-ack', 'name':'ssh'}
3. Code example
#!/usr/bin/python #coding=utf-8 import sys import nmap scan_row=[] input_data = raw_input('Please input hosts and port: ') #Enter the host and port scan_row = input_data.split(" ") #Split spaces if len(scan_row)!=2: #Judging that the length of the input character is not equal to 2 print "Input errors,example \"192.168.1.0/24 80,443,22\"" #Output input errors sys.exit(0) hosts=scan_row[0] #Hosts that receive user input port=scan_row[1] #The port to receive user input try: nm = nmap.PortScanner() #Create a port scan object except nmap.PortScannerError: print('Nmap not found', sys.exc_info()[0]) sys.exit(0) except: print("Unexpected error:", sys.exc_info()[0]) sys.exit(0) try: nm.scan(hosts=hosts, arguments=' -v -sS -p '+port) #Call the scan method, the parameter specifies the scan host hosts, and nmap scans the command line parameter arguments except Exception,e: print "Scan erro:"+str(e) for host in nm.all_hosts(): # Traverse scan hosts print('----------------------------------------------------') print('Host : %s (%s)' % (host, nm[host].hostname())) #Output the host and hostname print('State : %s' % nm[host].state()) #Output the host state, such as up, down for proto in nm[host].all_protocols(): # Traverse scanning protocols, such as tcp, udp print('----------') print('Protocol : %s' % proto) #Enter the protocol name lport = nm[host][proto].keys() #Get all scan ports of the protocol lport.sort() #sort port list for port in lport: #traverse port and output port and status print('port : %s\tstate : %s' % (port, nm[host][proto][port]['state']))
The result is shown below: