python3-端口扫描(TCP_ACK扫描，NULL扫描，windows扫描，xmas扫描)

接上文

• 扫描方式4：TCP_ACK扫描

from scapy.layers.inet import IP, TCP
from scapy.sendrecv import sr, sr1

'''
只能测试linux机器
通过设置flags位为ACK,不回复表示端口关闭或被过滤，如果回复的数据包TTL小于等于64表示端口开放，大于64端口关闭(windows)
'''

def fin_scan(ip, port):
    p = IP(dst=ip) / TCP(dport=int(port), flags="A")
    ans = sr1(p, timeout=1, verbose=1)
    print(ans)
    if ans == None:
        print(ip, "port", port, "is close.")
    else:
        if ans != None and ans.ttl <= 64:
            print(ip, "port", port, "is open.")
        elif ans != None and ans.ttl > 64:
            print(ip, "port", port, "is closed.")

if __name__ == '__main__':
    ip = '192.168.0.110'
    port = 445
    fin_scan(ip, port)

• 扫描方式5：NULL扫描

from scapy.layers.inet import IP, TCP
from scapy.sendrecv import sr, sr1

'''
适用于Linux设备
通过设置flags位为空,不回复则表示端口开启，回复并且回复的标志位为RS表示端口关闭
'''
def fin_scan(ip, port):
    p = IP(dst=ip) / TCP(dport=int(port), flags="")
    ans = sr1(p, timeout=1, verbose=1)
    print(ans)
    if ans == None:
        print(ip, "port", port, "is open.")
    elif ans != None and ans[TCP].flags == 'RA':
        ans.display()
        print(ip, "port", port, "is closed.")

if __name__ == '__main__':
    ip = '192.168.0.110'
    port = 55
    print()
    fin_scan(ip,port)

• 扫描方式6：windows扫描

from scapy.layers.inet import IP, TCP
from scapy.sendrecv import sr, sr1

'''
只能测试linux机器
通过设置flags位为ACK,不回复表示端口关闭或被过滤，如果回复的数据包TTL小于等于64表示端口开放，大于64端口关闭(windows)
'''

def windowScan(target,ports):
    print("tcp window扫描 %s with ports %s" % (target, ports))
    window_scan_resp = sr1(IP(dst=target)/TCP(dport=ports,flags="A"),timeout=5)
    print(str(type(window_scan_resp)))
    if (str(type(window_scan_resp))=="<class 'NoneType'>"):
        print(ports,"close")
    elif(window_scan_resp.haslayer(TCP)):
        if(window_scan_resp.getlayer(TCP).window == 0):
            print(ports,"close")
        elif(window_scan_resp.getlayer(TCP).window > 0):
            print(ports,"open")
    else:
        print(ports,"close")

if __name__ == '__main__':
    ip = '192.168.0.110'
    port = 445

    windowScan(ip, port)

• 扫描方式7：xmas扫描

from scapy.layers.inet import IP, TCP, ICMP
from scapy.sendrecv import sr, sr1

'''
适用于Linux设备
通过设置flag位FPU
    如果未回复表示端口开启，
    如果回复RA表示端口关闭
    如果返回ICMP状态包，数据类型3，状态码1，2，3，9，10，13表示端口已被过滤
'''

def fin_scan(ip, port):
    p = IP(dst=ip) / TCP(dport=int(port), flags="FPU")
    ans = sr1(p, timeout=1, verbose=1)
    print(ans)
    if ans == None:
        print(ip, "port", port, "is open.")
    elif ans != None and ans[TCP].flags == 'RA':
        ans.display()
        print(ip, "port", port, "is closed.")
    elif (ans.haslayer(ICMP)):
        if (int(ans.getlayer(ICMP).type) == 3
                and int(ans.getlayer(ICMP).code) in [1, 2, 3, 9, 10, 13]):
            print(port, "过滤")


if __name__ == '__main__':
    ip = '192.168.142.129'
    port = 445
    fin_scan(ip, port)