写这个脚本的目的完全是为了检测网站安全性,希望大家别拿去做坏事哈~主要用于批量扫描目标端口开放情况与探测服务版本等,速度上也做了很大程度的优化,靠后台进程来实现多线程扫描。
缺点:当目标大于300个的时候,会出现后台进程一直处于等待状态,扫描结果也会漏掉30-60个左右。所以你可以分批扫描,使用crontab定时批量切换文件扫描,如果你觉得有更好的方式去实现与改进可以随时与我联系。
以下是脚本源代码:
#!/bin/bash
##welcome to use my sciprt
echo "The scirpt by qq1798996632,welocme to visit me."
trap "echo 'STOP ERROR'" SIGINT
trap "echo 'Bye~'" EXIT
NULL=/dev/null
PV_URL='http://ftp.br.debian.org/debian/pool/main/p/pv/pv_1.6.0-1+b1_amd64.deb'
PV_i3URL='http://ftp.br.debian.org/debian/pool/main/p/pv/pv_1.6.0-1+b1_i386.deb'
PV_URL_C='http://dl.fedoraproject.org/pub/epel/6/x86_64/Packages/p/pv-1.1.4-3.el6.x86_64.rpm'
PV_i3URL_C='http://dl.fedoraproject.org/pub/epel/6/i386/Packages/p/pv-1.1.4-3.el6.i686.rpm'
RELEASE=(cat /etc/issue|awk '{print1}'|sed -ne '1p')
ARCH=(uname -a|awk -F '[.| ]+' '{print9}')
[ RELEASE = 'CentOS' ] && CENTOS_PV=(rpm -eq pv >& NULL && echo?)
[ RELEASE = 'Kali' ] && KALI_PV=(dpkg -s pv >& NULL && echo?)
[ RELEASE != 'CentOS' -aRELEASE != 'Kali' ] && echo "Your system don't support the scirpt" && exit 1
[ RELEASE != 'CentOS' -aRELEASE != 'Kali' ] && exit 1
[ RELEASE = 'CentOS' ] && INSTALL="sudo yum install -y" || ([RELEASE = 'Kali' -o RELEASE = 'Debian' ] && INSTALL="sudo apt-get install -y")
function FILTER() ##filter the scan result
{
sleep 2
cat result|sed -ne '/Nmap scan/,+3p'|grep -vE "host down|Nmap done|Read data|Raw pa"|grep "Nmap scan"|awk '{print5}' > ipv4
cat result|sed -ne '/Nmap scan/,+3p'|grep -vE "host down|Nmap done|Read data|Raw pa"|grep '[[:digit:]]/' >portv4
for i in ipv4 port statu service version;do touch i;done && awk '{print1}' portv4 > port && awk '{print 2}' portv4>statu && \
awk '{print3}' portv4 > service && awk '{print 4" "5}' portv4 >version
paste ipv4 port statu service version|sed '1 itest'|awk -F \
'[ ]+' 'NR==1 {printf "%-16s%-8s%-8s%-8s%-12s","IP","PORT","STATUS","SERVICE","VERSION\n"} \
NR>=2 {printf "%16s%-8s%-9s%-12s%-12s\n",1,2,3,4,5}'|awk '{printf "%-20s%-12s%-14s%-14s%-12s\n",1,2,3,4,5}'\
|sort -n|tee (date "+%F-%H:%M").RESULT && echo && echo -e "[Scan Finished!]" && echo \
"Successfully scanned(expr (cat(ls -rt|tail -1)|wc -l) - 1) targets" && \
RESULT=(ls -rlt *.RESULT|awk '{print9}'|sed -ne 'p'); echo && echo "Scan result saved to ==> '(pwd)/RESULT'" && echo
}
function DOS2UNIX() ##check and install dos2unix
{
WIN_LIN=(head -1 2|cat -A); LAST={WIN_LIN:0-3} ##检查文件是否是Windows文件格式
if [ "LAST" = '^M' ];then
if [ "RELEASE" = 'CentOS' -oRELEASE = 'RedHat' ]; then
rpm -eq dos2unix >& NULL
CONFIRM=(echo ?)
elif [ "RELEASE" == 'Kali' -o "RELEASE" == 'Debian' ]; then
dpkg -s dos2unix >&NULL && CONFIRM=(echo?)
fi
if [ "CONFIRM" = '0' ];then
dos2unix2 >& NULL
elif [[ "CONFIRM" != '0' ]];then
INSTALL dos2unix >&NULL && INSTALL_CONFIRM=`echo ?` #install dos2unix
if [ "INSTALL_CONFIRM" == '0' ];then
dos2unix 2 >&NULL
else echo "Sorry,your file is windows file,and I can't convert it to unix file,error reason:install 'dos2unix' false,you can \
manual installation it then run the scirpt" && exit 1
fi
fi
fi
}
function INSTALL_CHECK() ##check and install pv
{
if [ CENTOS_PV != 0 ];then
[RELEASE = 'CentOS' -a ARCH = 'x86_64' ] && { wget -qPV_URL_C >& NULL; sudo rpm -ih(basename PV_URL_C) >&NULL &&\
rm -f `basename PV_URL_C` || echo 'install pv error' && exit 1 ;}
[RELEASE = 'CentOS' -a ARCH = 'i386' ] && { wget -qPV_i3URL_C >& NULL; sudo rpm -ih(basename PV_i3URL_C) >&NULL &&\
rm -f `basename PV_i3URL_C`|| echo 'install pv error' && exit 1 ;}
fi
if [ "KALI_PV" != '0' ];then
[ RELEASE = 'Kali' -aARCH = 'x86_64' ] && { wget -q PV_URL >&NULL; sudo dpkg -i `basename PV_URL` >&NULL &&\
rm -f `basename PV_URL` || echo 'install pv error' && exit 1 ; }
[RELEASE = 'Kali' -a ARCH = 'i386' ] && { wget -qPV_i3URL >& NULL; sudo dpkg -i `basenamePV_i3URL` >& NULL &&\
rm -f `basenamePV_i3URL` || echo "install pv error" && exit 1; }
fi
}
function DISTORY() ##finished filter data and destroy the generated file
{
shred -f -u -z result ipv4 portv4 port statu service version >NULL 2>&1
}
#######################main############################
#INSTALL_CHECK ###安装pv和检查pv是否安装成功,如不需要实时同步可以注释掉
[ -e "result" ] && catNULL > result || touch result
while [ -n '1' ]
do
case "1" in
-f)
if [ -f 2 ];then
DOS2UNIX && echo -n "Scanning..." while read line
do IP=(echo line|sed -ne 's/\([[:digit:]]\{1,3\}.*\):[[:alnum:]].*/\1/gp')
PORT=(echoline|sed -ne 's@^.*:\([[:digit:]].\)@\1@gp')
(nmap -sV -p PORT -n -PnIP >> result 2>&1) &
done < 2
judgment=(jobs -l|wc -l) ##monitoring background process...
sleep 2 && echo -ne '##### (33%)\r'
# sleep 2 |pv && echo -ne '##### (33%)\r' ##使用pv执行实时同步,如不使用实时同步,则去掉|pv
while [ judgment != '1' ];do
#sleep 3|pv && judgment=(jobs -l|wc -l)
sleep 3 && judgment=(jobs -l|wc -l)
if [judgment = '1' ];then
echo -ne '######################### (66%)\r' &&
sleep 3 && echo -ne '######################################## (100%)\r' && echo -ne '\n' && FILTER && break
fi
done && DISTORY
elif [ -d 2 ];then
echo "scan:2 is a drecrory"
else
echo "scan: $2:No such file or directory"
fi;;
"-h") echo '-f [file] '
echo ' file format: ipv4adress1:port1'
echo ' ipv4adress2:port2';;
*)
echo "Usage:"
echo " scan [-f file]"
echo ' file format: ipv4adress1:port1'
echo ' ipv4adress2:port2'
echo " scan [-h]"
exit 1;;
esac
break
done
exit 0
你可以点此下载或者通过wget下载到系统
wget 'https://www.linux-code.com/wp-content/uploads/2018/05/test.sh'
那么怎么去执行该脚本,以及文件格式是什么呢?
你只需要:
bash test.sh -f file
注意file(文件可以任意指定)的格式必须是ipaddress:port形式,比如:
127.0.0.1:80
192.168.1.1:23
45.32.117.7:443
可以看到,扫描17个目标端口和服务版本耗时18.89秒,速度惊人,同时扫描结果保存到了时间格式的.RESULT文件中:
注意:
本脚本可能存在一定Bug,或者您觉得还有可以优化的地方,都可以联系我:
QQ:1798996632
邮箱:lonlyterminals@gmail.com