批量端口扫描和服务版本探测shell脚本- 集成nmap
#!/bin/bash
##welcome to use my sciprt
echo "The scirpt by qq1798996632,welocme to visit me."
trap "echo 'STOP ERROR'" SIGINT
trap "echo 'Bye~'" EXIT
NULL=/dev/null
PV_URL='http://ftp.br.debian.org/debian/pool/main/p/pv/pv_1.6.0-1+b1_amd64.deb'
PV_i3URL='http://ftp.br.debian.org/debian/pool/main/p/pv/pv_1.6.0-1+b1_i386.deb'
PV_URL_C='http://dl.fedoraproject.org/pub/epel/6/x86_64/Packages/p/pv-1.1.4-3.el6.x86_64.rpm'
PV_i3URL_C='http://dl.fedoraproject.org/pub/epel/6/i386/Packages/p/pv-1.1.4-3.el6.i686.rpm'
RELEASE=$(cat /etc/issue|awk '{print $1}'|sed -ne '1p')
ARCH=$(uname -a|awk -F '[.| ]+' '{print $9}')
[ $RELEASE = 'CentOS' ] && CENTOS_PV=$(rpm -eq pv >& $NULL && echo $?)
[ $RELEASE = 'Kali' ] && KALI_PV=$(dpkg -s pv >& $NULL && echo $?)
[ $RELEASE != 'CentOS' -a $RELEASE != 'Kali' ] && echo "Your system don't support the scirpt" && exit 1
[ $RELEASE != 'CentOS' -a $RELEASE != 'Kali' ] && exit 1
[ $RELEASE = 'CentOS' ] && INSTALL="sudo yum install -y" || ([ $RELEASE = 'Kali' -o $RELEASE = 'Debian' ] && INSTALL="sudo apt-get install -y")
function FILTER() ##filter the scan result
{
sleep 2
cat result|sed -ne '/Nmap scan/,+3p'|grep -vE "host down|Nmap done|Read data|Raw pa"|grep "Nmap scan"|awk '{print $5}' > ipv4
cat result|sed -ne '/Nmap scan/,+3p'|grep -vE "host down|Nmap done|Read data|Raw pa"|grep '[[:digit:]]/' >portv4
for i in ipv4 port statu service version;do touch $i;done && awk '{print $1}' portv4 > port && awk '{print $2}' portv4 > statu && \
awk '{print $3}' portv4 > service && awk '{print $4" "$5}' portv4 >version
paste ipv4 port statu service version|sed '1 itest'|awk -F \
'[ ]+' 'NR==1 {printf "%-16s%-8s%-8s%-8s%-12s","IP","PORT","STATUS","SERVICE","VERSION\n"} \
NR>=2 {printf "s%-8s%-9s%-12s%-12s\n",$1,$2,$3,$4,$5}'|awk '{printf "%-20s%-12s%-14s%-14s%-12s\n",$1,$2,$3,$4,$5}'\
|sort -n|tee $(date "+%F-%H:%M").RESULT && echo && echo -e "[Scan Finished!]" && echo \
"Successfully scanned $(expr $(cat $(ls -rt|tail -1)|wc -l) - 1) targets" && \
RESULT=$(ls -rlt *.RESULT|awk '{print $9}'|sed -ne '$p'); echo && echo "Scan result saved to ==> '$(pwd)/$RESULT'" && echo
}
function DOS2UNIX() ##check and install dos2unix
{
WIN_LIN=$(head -1 $2|cat -A); LAST=${WIN_LIN:0-3} ##检查文件是否是Windows文件格式
if [ "$LAST" = '^M$' ];then
if [ "$RELEASE" = 'CentOS' -o $RELEASE = 'RedHat' ]; then
rpm -eq dos2unix >& $NULL
CONFIRM=$(echo $?)
elif [ "$RELEASE" == 'Kali' -o "$RELEASE" == 'Debian' ]; then
dpkg -s dos2unix >& $NULL && CONFIRM=$(echo $?)
fi
if [ "$CONFIRM" = '0' ];then
dos2unix $2 >& $NULL
elif [[ "$CONFIRM" != '0' ]];then
$INSTALL dos2unix >& $NULL && INSTALL_CONFIRM=`echo $?` #install dos2unix
if [ "$INSTALL_CONFIRM" == '0' ];then
dos2unix $2 >& $NULL
else echo "Sorry,your file is windows file,and I can't convert it to unix file,error reason:install 'dos2unix' false,you can \
manual installation it then run the scirpt" && exit 1
fi
fi
fi
}
function INSTALL_CHECK() ##check and install pv
{
if [ $CENTOS_PV != 0 ];then
[ $RELEASE = 'CentOS' -a $ARCH = 'x86_64' ] && { wget -q $PV_URL_C >& $NULL; sudo rpm -ih $(basename $PV_URL_C) >& $NULL &&\
rm -f `basename $PV_URL_C` || echo 'install pv error' && exit 1 ;}
[ $RELEASE = 'CentOS' -a $ARCH = 'i386' ] && { wget -q $PV_i3URL_C >& $NULL; sudo rpm -ih $(basename $PV_i3URL_C) >& $NULL &&\
rm -f `basename $PV_i3URL_C`|| echo 'install pv error' && exit 1 ;}
fi
if [ "$KALI_PV" != '0' ];then
[ $RELEASE = 'Kali' -a $ARCH = 'x86_64' ] && { wget -q $PV_URL >& $NULL; sudo dpkg -i `basename $PV_URL` >& $NULL &&\
rm -f `basename $PV_URL` || echo 'install pv error' && exit 1 ; }
[ $RELEASE = 'Kali' -a $ARCH = 'i386' ] && { wget -q $PV_i3URL >& $NULL; sudo dpkg -i `basename $PV_i3URL` >& $NULL &&\
rm -f `basename $PV_i3URL` || echo "install pv error" && exit 1; }
fi
}
function DISTORY() ##finished filter data and destroy the generated file
{
shred -f -u -z result ipv4 portv4 port statu service version >$NULL 2>&1
}
#######################main############################
#INSTALL_CHECK ###安装pv和检查pv是否安装成功,如不需要实时同步可以注释掉
[ -e "result" ] && cat $NULL > result || touch result
while [ -n '$1' ]
do
case "$1" in
-f)
if [ -f $2 ];then
DOS2UNIX && echo -n "Scanning..."
while read line
do
IP=$(echo $line|sed -ne 's/\([[:digit:]]\{1,3\}.*\):[[:alnum:]].*$/\1/gp')
PORT=$(echo $line|sed -ne 's@^.*:\([[:digit:]].\)@\1@gp')
(nmap -sV -p $PORT -n -Pn $IP >> result 2>&1) &
done < $2
judgment=$(jobs -l|wc -l) ##monitoring background process...
sleep 2 && echo -ne '##### (33%)\r'
# sleep 2 |pv && echo -ne '##### (33%)\r' ##使用pv执行实时同步,如不使用实时同步,则去掉|pv
while [ $judgment != '1' ];do
#sleep 3|pv && judgment=$(jobs -l|wc -l)
sleep 3 && judgment=$(jobs -l|wc -l)
if [ $judgment = '1' ];then
echo -ne '######################### (66%)\r' &&
sleep 3 && echo -ne '######################################## (100%)\r' && echo -ne '\n' && FILTER && break
fi
done && DISTORY
elif [ -d $2 ];then
echo "scan: $2 is a drecrory"
else
echo "scan: $2:No such file or directory"
fi;;
"-h") echo '-f [file] '
echo ' file format: ipv4adress1:port1'
echo ' ipv4adress2:port2';;
*)
echo "Usage:"
echo " scan [-f file]"
echo ' file format: ipv4adress1:port1'
echo ' ipv4adress2:port2'
echo " scan [-h]"
exit 1;;
esac
break
done
exit 0这个脚本的目的完全是为了检测网站安全性,希望大家别拿去做坏事哈~主要用于批量扫描目标端口开放情况与探测服务版本等,速度上也做了很大程度的优化,靠后台进程来实现多线程扫描。缺点:当目标大于300个的时候,会出现后台进程一直处于等待状态,扫描结果也会漏掉30-60个左右。所以你可以分批扫描,使用crontab定时批量切换文件扫描,如果你觉得有更好的方式去实现与改进可以随时与我联系。以下是脚本源代码:
wget 'https://www.linux-code.com/wp-content/uploads/2018/05/test.sh'bash test.sh -f file
127.0.0.1:80
192.168.1.1:23
45.32.117.7:443
你可以点击这里下载或者通过wget下载到系统。那么怎么去执行该脚本,以及文件格式是什么呢?你只需要:
注意file(文件可以任意指定)的格式必须是ipaddress:port形式,比如:
以下是运行截图:
可以看到,扫描17个目标端口和服务版本耗时18.89秒,速度惊人,同时扫描结果保存到了时间格式的.RESULT文件中。
注意:本脚本可能存在一定Bug,或者您觉得还有可以优化的地方,都可以联系我: ```
