安装scapy
pip3 install scapy-python3
交互式ip包构造
#scapy
>>> ping = sr(IP(dst='202.100.1.1')/ICMP()/b'welcome to qytang')
>>> b = IP(dst='202.100.1.1')/ICMP()/b'welcome to qytang'
>>> b.show()
>>> ping = sr1(b) #send and receive 1个包
>>> ping.show()
>>> ping.getlayer(ICMP).fields #提取ICMP的头部,并把头部字段提取出来产生一个字典
>>> ping.getlayer(ICMP).fields['id'] #提取id字段
#sr() 发送三层数据包,等待接收一个或者多个数据包的响应
#sr(1) 发送三层数据包,并仅仅只等待接收一个数据包的相应
#srp() 发送二层数据包,并且等待响应
#send() 发送三层数据包,系统会自动处理路由和二层信息
#sendp() 发送二层数据包
Scapy实现ping扫描
scapy_ping_one.py 实现一个ip地址的ping
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *
from random import randint
def scapy_ping_one(host):
id_ip = randint(1,65535)#随机产生IP_ID位
id_ping = randint(1,65535)#随机产生Ping_ID位
seq_ping = randint(1,65535)#随机产生Ping序列号位
#构造Ping数据包
packet = IP(dst = host,ttl = 64,id = id_ip)/ICMP(id = id_ping,seq = seq_ping)/b'Welcome to qytang'
ping = sr1(packet,timeout = 2,verbose = False)#获取相应信息,超时为2秒,关闭详细信息
#ping.show() #被调用来扫描整个网段时候最好注释起来,不然产生大量信息
if ping:#如果又响应信息
os._exit(3)#退出码为3
if __name__ == '__main__':
scapy_ping_one('172.17.168.1')
scapy_ping_scan.py 实现整个网段的ping扫描
import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
import ipaddress
import time
import multiprocessing
from scapy_ping_one import scapy_ping_one
from scapy.all import *
def scapy_ping_scan(network):
net = ipaddress.ip_network(network)
ip_processes = {}
for ip in net:
ip_addr = str(ip)#读取网络中的每一个IP地址,注意需要str转换为字符串!
ping_one = multiprocessing.Process(target = scapy_ping_one,args=(ip_addr))
ping_one.start()
ip_processes[ip_addr] = ping_one#产生IP与进程对应的字典
ip_list = []
for ip,process in ip_processes.items():
if process.exitcode == 3:
ip_list.append(ip)
else:
process.terminate()
return sorted(ip_list)
if __name__ == '__main__':
import time
t = time.time()
active_ip = scapy_ping_scan(sys.argv[1])
print('活动IP地址如下:')
for ip in active_ip:
print(ip)
t2 = time.time()
print(t2 - t1)