本文目录导读:
基础 TCP 端口检测(Bash)
#!/bin/bash
# 检测单个端口
check_port() {
local host=$1
local port=$2
# 使用 /dev/tcp 进行检测
if timeout 2 bash -c "echo >/dev/tcp/$host/$port" 2>/dev/null; then
echo "✅ $host:$port - 端口开放"
return 0
else
echo "❌ $host:$port - 端口关闭"
return 1
fi
}
# 检测多个端口
check_ports() {
local host=$1
shift
local ports=("$@")
for port in "${ports[@]}"; do
check_port "$host" "$port"
done
}
# 使用示例
check_ports "192.168.1.1" 80 443 22 3306
使用 nc(Netcat)检测
#!/bin/bash
# 使用 nc 检测端口
check_port_nc() {
local host=$1
local port=$2
if nc -zv -w 3 "$host" "$port" 2>&1 | grep -q "succeeded"; then
echo "✅ $host:$port 开放"
return 0
else
echo "❌ $host:$port 关闭"
return 1
fi
}
# 扫描端口范围
scan_port_range() {
local host=$1
local start=$2
local end=$3
echo "扫描 $host 端口范围 $start-$end"
for ((port=start; port<=end; port++)); do
check_port_nc "$host" "$port" &
done
wait
}
# 扫描常见端口
scan_common_ports() {
local host=$1
local common_ports=(21 22 23 25 53 80 110 143 443 445 993 995 1433 1521 3306 3389 5432 6379 8080 8443 9092)
echo "扫描 $host 的常见端口..."
for port in "${common_ports[@]}"; do
check_port_nc "$host" "$port" &
sleep 0.1
done
wait
}
Python 端口检测脚本
#!/usr/bin/env python3
import socket
import sys
from concurrent.futures import ThreadPoolExecutor, as_completed
def check_port(host, port, timeout=3):
"""检测单个TCP端口"""
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(timeout)
result = sock.connect_ex((host, port))
sock.close()
if result == 0:
return (port, True, "开放")
else:
return (port, False, "关闭")
except Exception as e:
return (port, False, str(e))
def scan_ports(host, ports, max_workers=100):
"""并发扫描多个端口"""
results = []
with ThreadPoolExecutor(max_workers=max_workers) as executor:
future_to_port = {
executor.submit(check_port, host, port): port
for port in ports
}
for future in as_completed(future_to_port):
result = future.result()
results.append(result)
return sorted(results, key=lambda x: x[0])
def main():
host = input("请输入目标主机IP或域名: ").strip()
print("\n选择扫描模式:")
print("1. 常见端口")
print("2. 自定义端口范围")
print("3. 指定端口列表")
choice = input("请输入选项 (1/2/3): ").strip()
if choice == "1":
common_ports = [
21, 22, 23, 25, 53, 80, 110, 143,
443, 445, 993, 995, 1433, 1521,
3306, 3389, 5432, 6379, 8080, 8443, 9092
]
ports = common_ports
print(f"扫描常见端口...")
elif choice == "2":
start = int(input("起始端口: "))
end = int(input("结束端口: "))
ports = range(start, end + 1)
print(f"扫描端口范围 {start}-{end}...")
elif choice == "3":
port_str = input("输入端口列表(空格分隔): ")
ports = [int(p) for p in port_str.split()]
print(f"扫描端口: {ports}")
print(f"\n正在扫描 {host}...")
results = scan_ports(host, ports)
print("\n扫描结果:")
print("-" * 40)
open_ports = [r for r in results if r[1]]
closed_ports = [r for r in results if not r[1]]
if open_ports:
print("开放端口:")
for port, _, status in open_ports:
print(f" ✅ Port {port}: {status}")
else:
print("没有发现开放端口")
print(f"\n扫描完成! 共发现 {len(open_ports)} 个开放端口")
if __name__ == "__main__":
main()
快速检测脚本(适合批量使用)
#!/bin/bash
# 批量检测 - port_check.sh
# 使用方法: ./port_check.sh targets.txt
check_host_ports() {
local host=$1
local ports=($2)
for port in "${ports[@]}"; do
(echo >/dev/tcp/$host/$port) 2>/dev/null && \
echo "$host:$port open"
done
}
# 从文件读取目标
if [ -f "$1" ]; then
while IFS= read -r line; do
host=$(echo $line | cut -d: -f1)
port=$(echo $line | cut -d: -f2)
check_host_ports "$host" "$port"
done < "$1"
fi
# 快速检测常见端口
fast_scan() {
local host=$1
local ports="80 443 22 21 3306 6379 8080"
echo "Fast scanning $host..."
for port in $ports; do
if timeout 1 bash -c "echo >/dev/tcp/$host/$port" 2>/dev/null; then
echo "Open: $host:$port"
fi
done
}
高级功能版本(带服务识别)
#!/usr/bin/env python3
# advanced_port_scanner.py
import socket
import threading
from datetime import datetime
import argparse
class PortScanner:
def __init__(self, host, timeout=2, threads=200):
self.host = socket.gethostbyname(host)
self.timeout = timeout
self.threads = threads
self.lock = threading.Lock()
self.open_ports = []
print(f"目标: {host} ({self.host})")
print(f"开始时间: {datetime.now()}")
def scan_port(self, port):
"""扫描单个端口并尝试识别服务"""
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(self.timeout)
result = sock.connect_ex((self.host, port))
if result == 0:
# 尝试识别服务
service_name = self.identify_service(sock, port)
with self.lock:
self.open_ports.append((port, service_name))
print(f"✅ Port {port}: {service_name}")
sock.close()
except Exception as e:
pass
def identify_service(self, sock, port):
"""识别端口服务"""
common_services = {
21: "FTP",
22: "SSH",
23: "Telnet",
25: "SMTP",
53: "DNS",
80: "HTTP",
110: "POP3",
143: "IMAP",
443: "HTTPS",
445: "SMB",
3306: "MySQL",
3389: "RDP",
5432: "PostgreSQL",
6379: "Redis",
8080: "HTTP-Proxy",
8443: "HTTPS-Alt"
}
# 尝试获取banner
try:
sock.send(b"HEAD / HTTP/1.0\r\n\r\n")
banner = sock.recv(1024).decode('utf-8', errors='ignore').strip()
if banner:
return f"{common_services.get(port, 'Unknown')} - {banner[:50]}"
except:
pass
return common_services.get(port, "Unknown")
def scan(self, start_port=1, end_port=1024):
"""扫描端口范围"""
print(f"扫描端口范围: {start_port}-{end_port}")
print("=" * 50)
threads = []
for port in range(start_port, end_port + 1):
thread = threading.Thread(target=self.scan_port, args=(port,))
threads.append(thread)
thread.start()
# 控制线程数量
if len(threads) >= self.threads:
for t in threads:
t.join()
threads = []
# 等待剩余线程
for t in threads:
t.join()
return self.open_ports
def main():
parser = argparse.ArgumentParser(description="高级端口扫描器")
parser.add_argument("host", help="目标主机IP或域名")
parser.add_argument("-p", "--ports", help="端口范围 (如: 1-1000 或 80,443,3306)")
parser.add_argument("-t", "--timeout", type=int, default=2, help="超时时间(秒)")
parser.add_argument("-n", "--threads", type=int, default=200, help="线程数")
args = parser.parse_args()
scanner = PortScanner(args.host, args.timeout, args.threads)
if args.ports:
if "-" in args.ports:
start, end = map(int, args.ports.split("-"))
else:
ports = [int(p) for p in args.ports.split(",")]
# 扫描指定端口
for port in ports:
scanner.scan_port(port)
scanner.open_ports.sort()
else:
# 默认扫描常见端口
scanner.scan(1, 1024)
print(f"\n扫描完成!")
print(f"发现 {len(scanner.open_ports)} 个开放端口:")
for port, service in scanner.open_ports:
print(f" Port {port}: {service}")
if __name__ == "__main__":
main()
使用说明
Bash 脚本使用:
# 赋予执行权限 chmod +x port_check.sh # 运行基础检测 ./port_check.sh # 批量检测 ./port_check.sh targets.txt
Python 脚本使用:
# 安装依赖(如果需要) pip install concurrent futures # 运行检测 python3 port_scanner.py 192.168.1.1 # 指定端口范围 python3 port_scanner.py 192.168.1.1 -p 1-1000 # 指定端口列表 python3 port_scanner.py 192.168.1.1 -p 80,443,3306,6379 # 使用高级版本 python3 advanced_port_scanner.py example.com -p 1-1000 -t 3 -n 100
这些脚本可以根据你的具体需求进行修改和使用,记得在获得授权的情况下进行端口扫描!
