三千年读史无外乎功名利禄,九万里悟道终归是诗酒田园。

批量端口扫描和服务版本探测shell脚本- 集成nmap

写这个脚本的目的完全是为了检测网站安全性,希望大家别拿去做坏事哈~主要用于批量扫描目标端口开放情况与探测服务版本等,速度上也做了很大程度的优化,靠后台进程来实现多线程扫描。

缺点:当目标大于300个的时候,会出现后台进程一直处于等待状态,扫描结果也会漏掉30-60个左右。所以你可以分批扫描,使用crontab定时批量切换文件扫描,如果你觉得有更好的方式去实现与改进可以随时与我联系。

以下是脚本源代码:

#!/bin/bash
##welcome to use my sciprt       
echo "The scirpt by qq1798996632,welocme to visit me."
trap "echo 'STOP ERROR'" SIGINT
trap "echo 'Bye~'" EXIT
NULL=/dev/null
PV_URL='http://ftp.br.debian.org/debian/pool/main/p/pv/pv_1.6.0-1+b1_amd64.deb'
PV_i3URL='http://ftp.br.debian.org/debian/pool/main/p/pv/pv_1.6.0-1+b1_i386.deb'
PV_URL_C='http://dl.fedoraproject.org/pub/epel/6/x86_64/Packages/p/pv-1.1.4-3.el6.x86_64.rpm'
PV_i3URL_C='http://dl.fedoraproject.org/pub/epel/6/i386/Packages/p/pv-1.1.4-3.el6.i686.rpm'
RELEASE=$(cat /etc/issue|awk '{print $1}'|sed -ne '1p')
ARCH=$(uname -a|awk -F '[.| ]+' '{print $9}')
[ $RELEASE = 'CentOS' ] && CENTOS_PV=$(rpm -eq pv >& $NULL && echo $?)
[ $RELEASE = 'Kali' ] && KALI_PV=$(dpkg -s pv >& $NULL && echo $?)
[ $RELEASE != 'CentOS' -a $RELEASE != 'Kali' ] && echo "Your system don't support the scirpt" && exit 1
[ $RELEASE != 'CentOS' -a $RELEASE != 'Kali' ] && exit 1
[ $RELEASE = 'CentOS' ] && INSTALL="sudo yum install -y" || ([ $RELEASE = 'Kali' -o $RELEASE = 'Debian' ] && INSTALL="sudo apt-get install -y")

function FILTER()   ##filter the scan result 
{
  sleep 2
  cat result|sed -ne '/Nmap scan/,+3p'|grep -vE "host down|Nmap done|Read data|Raw pa"|grep "Nmap scan"|awk '{print $5}' > ipv4 
  cat result|sed -ne '/Nmap scan/,+3p'|grep -vE "host down|Nmap done|Read data|Raw pa"|grep '[[:digit:]]/' >portv4 
  for i in ipv4  port statu service version;do touch $i;done && awk '{print $1}' portv4 > port && awk '{print $2}' portv4 > statu && \
  awk '{print $3}' portv4 > service && awk '{print $4" "$5}' portv4 >version 
  paste ipv4  port statu service version|sed '1 itest'|awk -F \
     '[ ]+' 'NR==1 {printf "%-16s%-8s%-8s%-8s%-12s","IP","PORT","STATUS","SERVICE","VERSION\n"} \
     NR>=2 {printf "%16s%-8s%-9s%-12s%-12s\n",$1,$2,$3,$4,$5}'|awk '{printf "%-20s%-12s%-14s%-14s%-12s\n",$1,$2,$3,$4,$5}'\
     |sort -n|tee $(date "+%F-%H:%M").RESULT && echo && echo -e "[Scan Finished!]" && echo \
     "Successfully scanned $(expr $(cat $(ls -rt|tail -1)|wc -l) - 1) targets" && \
      RESULT=$(ls -rlt *.RESULT|awk '{print $9}'|sed -ne '$p'); echo && echo "Scan result saved to ==> '$(pwd)/$RESULT'" && echo 
}
function DOS2UNIX()  ##check and install dos2unix
{
    WIN_LIN=$(head -1 $2|cat -A); LAST=${WIN_LIN:0-3}  ##检查文件是否是Windows文件格式
    if [ "$LAST" = '^M$' ];then 
       if [ "$RELEASE" = 'CentOS' -o $RELEASE = 'RedHat' ]; then 
        rpm -eq dos2unix >& $NULL

         CONFIRM=$(echo $?)
       elif [ "$RELEASE" == 'Kali' -o "$RELEASE" == 'Debian' ]; then
            dpkg -s dos2unix >& $NULL && CONFIRM=$(echo $?)
       fi

              if [ "$CONFIRM" = '0' ];then

               dos2unix $2 >& $NULL

              elif [[ "$CONFIRM" != '0' ]];then 
                    $INSTALL dos2unix >& $NULL && INSTALL_CONFIRM=`echo $?`      #install dos2unix
                   if [ "$INSTALL_CONFIRM" == '0' ];then 
                        dos2unix $2 >& $NULL
                   else  echo "Sorry,your file is windows file,and I can't convert it to unix file,error reason:install 'dos2unix' false,you can \
                            manual installation it then run the scirpt" && exit 1
                    fi 
              fi
    fi
}
function INSTALL_CHECK()  ##check and install pv
{
if [ $CENTOS_PV != 0 ];then
 [ $RELEASE = 'CentOS' -a $ARCH = 'x86_64' ] && { wget -q $PV_URL_C >& $NULL; sudo rpm -ih $(basename $PV_URL_C) >& $NULL &&\
 rm -f `basename $PV_URL_C` || echo 'install pv error' && exit 1 ;}

 [ $RELEASE = 'CentOS' -a $ARCH = 'i386' ] && { wget -q $PV_i3URL_C >& $NULL; sudo rpm -ih $(basename $PV_i3URL_C) >& $NULL &&\
 rm -f `basename $PV_i3URL_C`|| echo 'install pv error' && exit 1 ;}
fi
if [ "$KALI_PV" != '0' ];then
 [ $RELEASE = 'Kali' -a $ARCH = 'x86_64' ] && { wget -q $PV_URL >& $NULL; sudo dpkg -i `basename $PV_URL` >& $NULL &&\
 rm -f `basename $PV_URL` || echo 'install pv error' && exit 1 ; }

 [ $RELEASE = 'Kali' -a $ARCH = 'i386' ] && { wget -q $PV_i3URL >& $NULL; sudo dpkg -i `basename $PV_i3URL` >& $NULL &&\
 rm -f `basename $PV_i3URL` || echo "install pv error" && exit 1; }
fi
 }
function DISTORY()   ##finished filter data and destroy the generated file
{
 shred -f -u -z result ipv4 portv4 port statu service version >$NULL 2>&1   
}

#######################main############################

#INSTALL_CHECK  ###安装pv和检查pv是否安装成功,如不需要实时同步可以注释掉

[ -e "result" ] && cat $NULL > result || touch result 
while [ -n '$1' ]
do 
case  "$1" in 
  -f) 

    if [ -f $2 ];then
       DOS2UNIX && echo -n "Scanning..."     
        while read line
        do 
          IP=$(echo $line|sed -ne 's/\([[:digit:]]\{1,3\}.*\):[[:alnum:]].*$/\1/gp') 
          PORT=$(echo $line|sed -ne 's@^.*:\([[:digit:]].\)@\1@gp') 
          (nmap -sV -p $PORT -n -Pn $IP >> result 2>&1) &
        done < $2
           judgment=$(jobs -l|wc -l)     ##monitoring background process...
           sleep 2 && echo -ne '##### (33%)\r'
          # sleep 2 |pv && echo -ne '##### (33%)\r'  ##使用pv执行实时同步,如不使用实时同步,则去掉|pv       
           while [ $judgment != '1' ];do
             #sleep 3|pv &&  judgment=$(jobs -l|wc -l)
             sleep 3 && judgment=$(jobs -l|wc -l)
              if [ $judgment = '1' ];then
                echo -ne '######################### (66%)\r' && 
                sleep 3 && echo -ne '######################################## (100%)\r' && echo -ne '\n' && FILTER  &&  break
              fi  
           done && DISTORY

    elif [ -d $2 ];then
         echo "scan: $2 is a drecrory"
    else
         echo "scan: $2:No such file or directory"
    fi;; 
  "-h") echo '-f [file] '
        echo '          file format: ipv4adress1:port1'
        echo '                       ipv4adress2:port2';;
  *)
     echo "Usage:" 
     echo "       scan [-f file]"
     echo '                      file format: ipv4adress1:port1'
     echo '                                   ipv4adress2:port2'
     echo "       scan [-h]"
     exit 1;;
  esac
break
done
exit 0

<strong>你可以<a href='https://www.linux-code.com/wp-content/uploads/2018/05/test.sh'><font color='blue'>点此下载</font></a>或者通过wget下载到系统</strong>

wget 'https://www.linux-code.com/wp-content/uploads/2018/05/test.sh'
那么怎么去执行该脚本,以及文件格式是什么呢?

你只需要:

bash test.sh -f file

注意file(文件可以任意指定)的格式必须是ipaddress:port形式,比如:

127.0.0.1:80
192.168.1.1:23
45.32.117.7:443

以下是运行截图:

可以看到,扫描17个目标端口和服务版本耗时18.89秒,速度惊人,同时扫描结果保存到了时间格式的.RESULT文件中:

注意:
本脚本可能存在一定Bug,或者您觉得还有可以优化的地方,都可以联系我:
QQ:1798996632
邮箱:lonlyterminals@gmail.com

赞(16)
转载请注明出处:RokasYang's Blog » 批量端口扫描和服务版本探测shell脚本-