Python RawSocket Syn
2024-09-04 05:42:58
#!/bin/env python
# -*- coding: UTF-8 -*- # 必须以root权限运行 import socket
import sys
import time
import random from struct import * # 计算校验和
def checksum(msg):
s = 0
# 每次取2个字节
for i in range(0,len(msg),2):
w = (ord(msg[i]) << 8) + (ord(msg[i+1]))
s = s+w s = (s>>16) + (s & 0xffff)
s = ~s & 0xffff return s def CreateSocket(source_ip,dest_ip):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
except socket.error, msg:
print 'Socket create error: ',str(msg[0]),'message: ',msg[1]
sys.exit() # 设置手工提供IP头部
# s.setsockopt(socket.IPPROTO_TCP, socket.IP_HDRINCL, 1)
return s # 创建IP头部
def CreateIpHeader(source_ip, dest_ip):
packet = '' # ip 头部选项
headerlen = 5
version = 4
tos = 0
tot_len = 20 + 20
id = random.randrange(18000,65535,1)
frag_off = 0
ttl = 255
protocol = socket.IPPROTO_TCP
check = 10
saddr = socket.inet_aton ( source_ip )
daddr = socket.inet_aton ( dest_ip )
hl_version = (version << 4) + headerlen
ip_header = pack('!BBHHHBBH4s4s', hl_version, tos, tot_len, id, frag_off, ttl, protocol, check, saddr, daddr) return ip_header # 创建TCP头部
def create_tcp_syn_header(source_ip, dest_ip, dest_port):
# tcp 头部选项
source = random.randrange(32000,62000,1) # 随机化一个源端口
seq = 0
ack_seq = 0
doff = 5
# tcp flags
fin = 0
syn = 1
rst = 0
psh = 0
ack = 0
urg = 0
window = socket.htons (8192) # 最大窗口大小
check = 0
urg_ptr = 0
offset_res = (doff << 4) + 0
tcp_flags = fin + (syn<<1) + (rst<<2) + (psh<<3) + (ack<<4) + (urg<<5)
tcp_header = pack('!HHLLBBHHH', source, dest_port, seq, ack_seq, offset_res, tcp_flags, window, check, urg_ptr)
# 伪头部选项
source_address = socket.inet_aton( source_ip )
dest_address = socket.inet_aton( dest_ip )
placeholder = 0
protocol = socket.IPPROTO_TCP
tcp_length = len(tcp_header)
psh = pack('!4s4sBBH', source_address, dest_address, placeholder, protocol, tcp_length);
psh = psh + tcp_header;
tcp_checksum = checksum(psh) # 重新打包TCP头部,并填充正确地校验和
tcp_header = pack('!HHLLBBHHH', source, dest_port, seq, ack_seq, offset_res, tcp_flags, window, tcp_checksum, urg_ptr)
return tcp_header def range_scan(source_ip, dest_ip, start_port, end_port) :
syn_ack_received = [] # 开放端口存储列表 for j in range (start_port, end_port) :
s = CreateSocket(source_ip, dest_ip)
ip_header = CreateIpHeader(source_ip, dest_ip)
tcp_header = create_tcp_syn_header(source_ip, dest_ip,j)
packet = ip_header + tcp_header s.sendto(packet, (dest_ip, 0))
print 's.sendto',dest_ip,start_port,end_port data = s.recvfrom(1024) [0][0:] ip_header_len = (ord(data[0]) & 0x0f) * 4
ip_header_ret = data[0: ip_header_len - 1]
tcp_header_len = (ord(data[32]) & 0xf0)>>2
tcp_header_ret = data[ip_header_len:ip_header_len+tcp_header_len - 1] if ord(tcp_header_ret[13]) == 0x12: # SYN/ACK flags
syn_ack_received.append(j)
return syn_ack_received # 程序从这里开始:
open_port_list = []
ipsource = '192.168.18.17'
ipdest = '192.168.19.43'
start = 20
stop = 100
step = (stop-start)/10
scan_ports = range(start, stop, step)
if scan_ports[len(scan_ports)-1] < stop:
scan_ports.append(stop)
print 'scan_ports.append',stop for i in range(len(scan_ports)-1):
opl = range_scan(ipsource, ipdest, scan_ports[i], scan_ports[i+1])
open_port_list.append(opl)
for i in range(len(open_port_list)):
print 'Process #: ',i,' Open ports: ',open_port_list[i]
print 'A list of all open ports found: '
for i in range(len(open_port_list)):
for j in range(len(open_port_list[i])):
print open_port_list[i][j],', '
最新文章
- JSF primefaces dataTable paginator 表格分页 问题
- MyEclipse 2016 CI 4新增BootStrap模板
- 为什么用evernote
- linux 互信不生效
- 优秀IT技术文章集(最新)(高质量)
- 通过IL分析C#中的委托、事件、Func、Action、Predicate之间的区别与联系
- spring mvc form表单提交乱码
- 防范ARP网关欺骗, ip mac双向绑定脚本
- 图说Java —— 理解Java机制最受欢迎的8幅图
- synchronize学习
- textarea限制字符数
- Android开发周报:Android L默认加密用户数据
- Linux - IP数据报报头及个字段的意义
- redis五大类型用法
- LIRe 源代码分析 3:基本接口(ImageSearcher)
- 记录一下各个用过 IDE 以及 其他工具 的实用快捷键(持续更新)
- libc++abi.dylib: terminating with uncaught exception of type NSException (lldb)
- HDU1507 Uncle Tom's Inherited Land* 二分图匹配 匈牙利算法 黑白染色
- python实现json转excel
- 分布式开放消息系统RocketMQ的原理与实践(消息的顺序问题、重复问题、可靠消息/事务消息)