我想知道是否可以通过本地网络的IP范围扫描特定号码的开放端口。
基本上我正在寻找nodejs
来查找特定类型的客户端,而不知道他们的IP地址。在这种情况下,RFID读取器侦听端口14150。
我希望这次扫描很快,所以我不希望每个IP地址之间有很长的超时。它们都应该很快发生,可能在几秒钟内 max ,对于最多255个客户端的整个本地IP范围,不包括我自己的IP。
我编写的代码可以实现我想要的功能,但速度非常慢......我希望看到如何通过连接完成并在20ms内无法与给定IP建立连接时更快地完成此操作。我想捕获一个数组中的实际连接,然后我可以将其用于其他目的。
var net = require('net'); // Required to create socket connections
var ip = 254; //IP address to start with on a C class network
function checkConnect () {
ip--;
var thisIP = '192.168.1.' + ip; //concatenate to a real IP address
var S = new net.Socket();
S.connect(80, thisIP);
if(ip > 0) { checkConnect(); }
S.on('connect', function () { console.log('port 80 found on ' + thisIP); });
S.on('error', function () { console.log('no such port on ' + thisIP); });
S.end();
}
checkConnect();
答案 0 :(得分:18)
我为你做了https://github.com/eviltik/evilscan。 (今天刚刚发布v0.0.3)
安装强>:
npm install -g evilscan
用法(端口列表+端口范围):
root@debian:~# evilscan --target=192.168.0.0/24 --port=21-446,5900 --concurrency=100 --progress
192.168.0.3:5900|open
192.168.0.26:53|open
192.168.0.26:111|open
192.168.0.26:81|open
192.168.0.26:23|open
Scanned 192.168.0.253:446 (100%)
提示:
对于非常快速的扫描,您可以使用“并发”参数,超过1000,但您必须首先更新您的linux的ulimit参数:
ulimit -u unlimited
希望得到这个帮助。
答案 1 :(得分:8)
以前的答案都没有真正发挥我的需要。我找到了一个更轻的重量替代品。有了这个解决方案,我很快得到了我的解我的下一次升级将是根据当前子网指定一系列主机。我想我会想把它限制在前254个客户端,所以它不会太过分。这是代码:
//LLRP DEVICE SCANNER
var net = require('net'), Socket = net.Socket;
var checkPort = function(port, host, callback) {
var socket = new Socket(), status = null;
// Socket connection established, port is open
socket.on('connect', function() {status = 'open';socket.end();});
socket.setTimeout(1500);// If no response, assume port is not listening
socket.on('timeout', function() {status = 'closed';socket.destroy();});
socket.on('error', function(exception) {status = 'closed';});
socket.on('close', function(exception) {callback(null, status,host,port);});
socket.connect(port, host);
}
var LAN = '192.168.1'; //Local area network to scan (this is rough)
var LLRP = 5084; //globally recognized LLRP port for RFID readers
//scan over a range of IP addresses and execute a function each time the LLRP port is shown to be open.
for(var i=1; i <=255; i++){
checkPort(LLRP, LAN+'.'+i, function(error, status, host, port){
if(status == "open"){
console.log("Reader found: ", host, port, status);
}
});
}
答案 2 :(得分:5)
您可以使用arp命令获取首先存活的设备列表。在盒子外面思考;)您不必盲目扫描所有设备。
var child = require("child_process");
var async = require("async");
var net = require("net");
var os = require("os");
function scan(port, cb){
var hosts = {};
var result = [];
async.series([
function scan(next, c){
if(c == 1){
next(); return;
}
// scan twice because arp sometimes does not list all hosts on first time
child.exec("arp -n | awk '{print $1}' | tail -n+2", function(err, res){
if(err) cb(err);
else {
var list = res.split("\n").filter(function(x){return x !== "";});
list.map(function(x){
hosts[x] = x;
});
}
scan(next, 1);
});
},
function(next){
// if you want to scan local addresses as well
var ifs = os.networkInterfaces();
Object.keys(ifs).map(function(x){
hosts[((ifs[x][0])||{}).address] = true;
});
// do the scan
async.each(Object.keys(hosts), function(x, next){
var s = new net.Socket();
s.setTimeout(1500, function(){s.destroy(); next();});
s.on("error", function(){
s.destroy();
next();
});
s.connect(port, x, function(){
result.push(x);
s.destroy();
next();
});
}, function(){
next();
});
}
], function(){
cb(null, result);
});
}
scan(80, function(err, hosts){
if(err){
console.error(err);
} else {
console.log("Found hosts: "+hosts);
}
});
您还可以使用arp-scan实用程序,它更可靠。但是arp-scan需要root访问才能工作,所以最好只使用arp。它几乎可以在每个Linux机器上使用。
答案 3 :(得分:1)
我不会只是发布链接(链接可能会在某个时刻失效),我会在网站上发布教程代码:
var net = require('net');
// the machine to scan
var host = 'localhost';
// starting from port number
var start = 1;
// to port number
var end = 10000;
// sockets should timeout asap to ensure no resources are wasted
// but too low a timeout value increases the likelyhood of missing open sockets, so be careful
var timeout = 2000;
// the port scanning loop
while (start <= end) {
// it is always good to give meaningful names to your variables
// since the context is changing, we use `port` to refer to current port to scan
var port = start;
// we create an anonynous function, pass the current port, and operate on it
// the reason we encapsulate the socket creation process is because we want to preseve the value of `port` for the callbacks
(function(port) {
// console.log('CHECK: ' + port);
var s = new net.Socket();
s.setTimeout(timeout, function() { s.destroy(); });
s.connect(port, host, function() {
console.log('OPEN: ' + port);
// we don't destroy the socket cos we want to listen to data event
// the socket will self-destruct in 2 secs cos of the timeout we set, so no worries
});
// if any data is written to the client on connection, show it
s.on('data', function(data) {
console.log(port +': '+ data);
s.destroy();
});
s.on('error', function(e) {
// silently catch all errors - assume the port is closed
s.destroy();
});
})(port);
start++;
}