扫描整个IP范围/子网以打开端口80?

时间:2014-03-05 23:05:55

标签: centos port

我需要一种快速有效的方法来扫描端口80打开的ip范围。

因此,例如,如果我想扫描OVH IP范围“46.105.0.0/16”,我需要它扫描该范围内的每个IP,并输出端口80打开的每个IP的列表。

46.105.0.51
46.105.0.72
46.105.0.91
46.105.0.7
46.105.0.15

我需要扫描多个子网,我需要它输出到文件。

编辑:我也在带有1Gbit上行链路的专用机箱上运行CentOS。

3 个答案:

答案 0 :(得分:3)

nmap to the rescue!

nmap -Pn -p80 --open 46.105.0.0/16

...会为您提供在tcp/80和相应的nmap输出上回复的主机列表;

  • -Pn:跳过ping测试,因为你只关心一个开放端口
  • --open:仅返回您的端口打开的IP

有一点点awk(和grep,因为我很懒,而且awk不太好 - awk主人可以为我解决这个问题吗?) ,你只能得到IP列表:

nmap -Pn -p80 --open 46.105.0.0/16 | grep 46.105 | awk '{print  $5}NF == 6{print $6}'

nmap也有输出特定格式文件的选项,或者只能>到文件:

nmap -Pn -p80 --open 46.105.0.0/16 | grep 46.105 | awk '{print  $5}NF == 6{print $6}' > output.txt

答案 1 :(得分:1)

对于阅读此帖的人来说,碰巧无法访问nmap,这是一种快速而基本的扫描网络端口80的方法。这个脚本唯一需要的是ipcalc,它最有可能。

#!/bin/bash
# easier to end the script if signal is caught
trap exit 1 2 3 4 5 6 7 8
# define a function that emulate netcat by opening a port to an ip via file descriptor
netcat() {
        exec 20<>/dev/tcp/${1}/${2}
}

# using ipcalc, get the nwtork address and the broadcast address and make both $NETWORK and $BROADCAST available to the script
export $(ipcalc -b -n $1)

# Convert the NETWORK and BROADCAST from dotted notation to hex
printf -v startHexIP "%0.2x%0.2x%0.2x%0.2x" $(tr '\.' ' ' <<< $NETWORK)
printf -v endHexIP "%0.2x%0.2x%0.2x%0.2x" $(tr '\.' ' ' <<< $BROADCAST)

# computations are done in decimal so we need decimal representation of the BROADCAST address to control the list of IP addresses
printf -v endDecIP "%d" 0x${endHexIP}

# legitimate IP addresses start from NETWORK ADDRESS + 1 and end at BROADCAST ADDRESS - 1
for((i=$(( 0x$startHexIP + 1 )); i<$endDecIP; i++)); do
        # $i is in decimal. we need to convert to hex
        printf -v hexI "%8.8x" $i
        # convert hex to dotted notation.
        printf -v ip "%d.%d.%d.%d" 0x${hexI:0:2} 0x${hexI:2:2} 0x${hexI:4:2} 0x${hexI:6:2}
        if (netcat $ip 80 > /dev/null 2>&1); then
                echo $ip
        fi
done

只需传递一个参数<network>/<prefix>即可执行脚本。

实施例

./script 192.168.1.5/23

答案 2 :(得分:0)

只需四行脚本即可完成。

创建名为“ scanall”的脚本文件(仅作为示例) 并复制下面的代码,它将扫描/ 24网络。 (1-254)

# SCRIPT NAME: scanall
# USAGE      : scanall SUBNET PORT # put up to 3rd octet
#
# EXAMPLE    : scanall 192.168.1 80
#                       subnet  port

END=254
for i in $(seq 1 $END); do
    netcat -vz -w1 $1.$i $2;
done

# script will put 4th octet starting from 1 to 254 each line of netcat test.
# edit END to 128 if you want ip range 1~128 to be checked which is /25

所以如果我想扫描所有192.168.1.0/24来找到打开的端口22,只需运行 (在chmod + x之后)

bash:~$ scanall 192.168.1 22

然后结果将显示

192.168.1.1 [192.168.1.2] 22 (ssh): open
192.168.1.2 [192.168.1.2] 22 (ssh): Connection refused
.
.
192.168.1.183 [192.168.1.183] 22 (ssh): Operation timed out
192.168.1.184 [192.168.1.184] 22 (ssh): Connection refused 
192.168.1.185 [192.168.1.185] 22 (ssh) open                
192.168.1.186 [192.168.1.186] 22 (ssh): Operation timed out
192.168.1.187 [192.168.1.187] 22 (ssh): Operation timed out
192.168.1.188 [192.168.1.188] 22 (ssh): Operation timed out
.
.
192.168.1.254 [192.168.1.254] 22 (ssh): Operation timed out
相关问题
最新问题