缘由:
做安全的一般都会用到Nmap进行端口扫描,在小范围内进行扫描时Nmap绝对是首选——丰富的扫描选项/模块、较高的准确度;在大范围的扫描中,你应该选择Masscan,因为它速度奇快,而且准确率还可以接受。它们都支持自定义结果的输出格式,其中比较通用的就是XML格式(Masscan为了尽量和Nmap做到兼容,除了扫描选项比较像之外,输出结果的XML格式也基本兼容)。扫描完了之后需要对结果进行解析,这就是本文的具体场景需求。
参考解答:
1.解析Masscan的XML格式扫描结果
#!/usr/bin/env python # coding=utf-8 import sys, time import xmltodict def main(): with open('./masscan_result.xml') as fp: xml_obj = xmltodict.parse(fp.read()) nmaprun = xml_obj['nmaprun'] host = nmaprun['host'] for entry in host[:10]: #调试阶段只打印前10条记录 port = entry['ports']['port'] if int(port['@portid']) == 80: name = entry['address']['@addr'] print 'http://' + name + '/' elif int(port['@portid']) == 443: name = entry['address']['@addr'] print 'https://' + name + '/' elif int(port['@portid']) == 21: name = entry['address']['@addr'] print 'ftp://' + name + '/' else: name = entry['address']['@addr'] print 'http://' + name + ':' + str(port['@portid']) + '/' if __name__ == '__main__': time_start = time.time() try: main() except KeyboardInterrupt: print 'Killed by user' sys.exit(0) print "Spend {0} seconds.\n".format(time.time() - time_start)字 |
2.解析Nmap的XML格式扫描结果
#!/usr/bin/env python # coding=utf-8 import sys, time import xmltodict def main(): fp_content = '' try: with open(sys.argv[1]) as fp: fp_content = fp.read().replace('\n', '') except IOError: print 'File IO Error' sys.exit(-1) nmap_xml = xmltodict.parse(fp_content) nmaprun = nmap_xml['nmaprun'] scanhost = nmaprun['host'] for i in scanhost: address = i['address']['@addr'] port1 = dict(i) try: if int(port1['ports']['port']['@portid']) > 0: port2 = port1['ports']['port']['@portid'] if port2 == '80': print 'http://'+address+'/' elif port2 == '443': print 'https://'+address+'/' else: print 'http://'+address+':'+port2+'/' except: port2 = i['ports']['port'] for z in port2: x = z['@portid'] if x == '80': print 'http://'+address+'/' elif x == '443': print 'https://'+address+'/' else: print 'http://'+address+':'+x+'/' if __name__ == '__main__': time_start = time.time() try: main() except KeyboardInterrupt: print 'Killed by user' sys.exit(0) print "Spend {0} seconds.\n".format(time.time() - time_start) |
