python3-端口扫描(TCP_ACK扫描，NULL扫描，windows扫描，xmas扫描)

接上文

• 扫描方式4：TCP_ACK扫描

• from scapy.layers.inet import IP, TCP
  from scapy.sendrecv import sr, sr1
  
  '''
  只能测试linux机器
  通过设置flags位为ACK,不回复表示端口关闭或被过滤，如果回复的数据包TTL小于等于64表示端口开放，大于64端口关闭(windows)
  '''
  
  def fin_scan(ip, port):
      p = IP(dst=ip) / TCP(dport=int(port), flags="A")
      ans = sr1(p, timeout=1, verbose=1)
      print(ans)
      if ans == None:
          print(ip, "port", port, "is close.")
      else:
          if ans != None and ans.ttl <= 64:
              print(ip, "port", port, "is open.")
          elif ans != None and ans.ttl > 64:
              print(ip, "port", port, "is closed.")
  
  if __name__ == '__main__':
      ip = '192.168.0.110'
      port = 445
      fin_scan(ip, port)

• 扫描方式5：NULL扫描

• from scapy.layers.inet import IP, TCP
  from scapy.sendrecv import sr, sr1
  
  '''
  适用于Linux设备
  通过设置flags位为空,不回复则表示端口开启，回复并且回复的标志位为RS表示端口关闭
  '''
  def fin_scan(ip, port):
      p = IP(dst=ip) / TCP(dport=int(port), flags="")
      ans = sr1(p, timeout=1, verbose=1)
      print(ans)
      if ans == None:
          print(ip, "port", port, "is open.")
      elif ans != None and ans[TCP].flags == 'RA':
          ans.display()
          print(ip, "port", port, "is closed.")
  
  if __name__ == '__main__':
      ip = '192.168.0.110'
      port = 55
      print()
      fin_scan(ip,port)

• 扫描方式6：windows扫描

• from scapy.layers.inet import IP, TCP
  from scapy.sendrecv import sr, sr1
  
  '''
  只能测试linux机器
  通过设置flags位为ACK,不回复表示端口关闭或被过滤，如果回复的数据包TTL小于等于64表示端口开放，大于64端口关闭(windows)
  '''
  
  def windowScan(target,ports):
      print("tcp window扫描 %s with ports %s" % (target, ports))
      window_scan_resp = sr1(IP(dst=target)/TCP(dport=ports,flags="A"),timeout=5)
      print(str(type(window_scan_resp)))
      if (str(type(window_scan_resp))==""):
          print(ports,"close")
      elif(window_scan_resp.haslayer(TCP)):
          if(window_scan_resp.getlayer(TCP).window == 0):
              print(ports,"close")
          elif(window_scan_resp.getlayer(TCP).window > 0):
              print(ports,"open")
      else:
          print(ports,"close")
  
  if __name__ == '__main__':
      ip = '192.168.0.110'
      port = 445
  
      windowScan(ip, port)

• 扫描方式7：xmas扫描

• from scapy.layers.inet import IP, TCP, ICMP
  from scapy.sendrecv import sr, sr1
  
  '''
  适用于Linux设备
  通过设置flag位FPU
      如果未回复表示端口开启，
      如果回复RA表示端口关闭
      如果返回ICMP状态包，数据类型3，状态码1，2，3，9，10，13表示端口已被过滤
  '''
  
  def fin_scan(ip, port):
      p = IP(dst=ip) / TCP(dport=int(port), flags="FPU")
      ans = sr1(p, timeout=1, verbose=1)
      print(ans)
      if ans == None:
          print(ip, "port", port, "is open.")
      elif ans != None and ans[TCP].flags == 'RA':
          ans.display()
          print(ip, "port", port, "is closed.")
      elif (ans.haslayer(ICMP)):
          if (int(ans.getlayer(ICMP).type) == 3
                  and int(ans.getlayer(ICMP).code) in [1, 2, 3, 9, 10, 13]):
              print(port, "过滤")
  
  
  if __name__ == '__main__':
      ip = '192.168.142.129'
      port = 445
      fin_scan(ip, port)