用Python解析Masscan/Nmap的扫描结果

本文最后更新于2016年5月14日,已超过 1 年没有更新,如果文章内容失效,还请反馈给我,谢谢!

=Start=

缘由:

做安全的一般都会用到Nmap进行端口扫描,在小范围内进行扫描时Nmap绝对是首选——丰富的扫描选项/模块、较高的准确度;在大范围的扫描中,你应该选择Masscan,因为它速度奇快,而且准确率还可以接受。它们都支持自定义结果的输出格式,其中比较通用的就是XML格式(Masscan为了尽量和Nmap做到兼容,除了扫描选项比较像之外,输出结果的XML格式也基本兼容)。扫描完了之后需要对结果进行解析,这就是本文的具体场景需求。

参考解答:
1.解析Masscan的XML格式扫描结果
#!/usr/bin/env python
# coding=utf-8

import sys, time
import xmltodict

def main():
    with open('./masscan_result.xml') as fp:
        xml_obj = xmltodict.parse(fp.read())
        nmaprun = xml_obj['nmaprun']
        host = nmaprun['host']
        for entry in host[:10]:  #调试阶段只打印前10条记录
            port = entry['ports']['port']
            if int(port['@portid']) == 80:
                name = entry['address']['@addr']
                print 'http://' + name + '/'
            elif int(port['@portid']) == 443:
                name = entry['address']['@addr']
                print 'https://' + name + '/'
            elif int(port['@portid']) == 21:
                name = entry['address']['@addr']
                print 'ftp://' + name + '/'
            else:
                name = entry['address']['@addr']
                print 'http://' + name + ':' + str(port['@portid']) + '/'

if __name__ == '__main__':
    time_start = time.time()
    try:
        main()
    except KeyboardInterrupt:
        print 'Killed by user'
        sys.exit(0)
    print "Spend {0} seconds.\n".format(time.time() - time_start)
2.解析Nmap的XML格式扫描结果
#!/usr/bin/env python
# coding=utf-8

import sys, time
import xmltodict

def main():
    fp_content = ''
    try:
        with open(sys.argv[1]) as fp:
            fp_content = fp.read().replace('\n', '')
    except IOError:
        print 'File IO Error'
        sys.exit(-1)

    nmap_xml = xmltodict.parse(fp_content)
    nmaprun = nmap_xml['nmaprun']
    scanhost = nmaprun['host']
    for i in scanhost:
        address = i['address']['@addr']
        port1 = dict(i)
        try:
            if int(port1['ports']['port']['@portid']) > 0:
                port2 = port1['ports']['port']['@portid']
                if port2 == '80':
                    print 'http://'+address+'/'
                elif port2 == '443':
                    print 'https://'+address+'/'
                else:
                    print 'http://'+address+':'+port2+'/'
        except:
            port2 = i['ports']['port']
            for z in port2:
                x = z['@portid']
                if x == '80':
                    print 'http://'+address+'/'
                elif x == '443':
                    print 'https://'+address+'/'
                else:
                    print 'http://'+address+':'+x+'/'

if __name__ == '__main__':
    time_start = time.time()
    try:
        main()
    except KeyboardInterrupt:
        print 'Killed by user'
        sys.exit(0)
    print "Spend {0} seconds.\n".format(time.time() - time_start)
参考链接:

=EOF=

声明: 除非注明,ixyzero.com文章均为原创,转载请以链接形式标明本文地址,谢谢!
https://ixyzero.com/blog/archives/2676.html

12 thoughts on “用Python解析Masscan/Nmap的扫描结果”

  1. Howl: 网络设备 web 服务指纹扫描与检索
    https://github.com/0xbug/Howl
    `
    利用 flask 开发 api,通过调用 api 来实现添加任务或检索数据;
    利用 celery 来进行异步调用 masscan 扫描开放端口的主机再利用 whatweb 来进行扫描,然后保存数据到 elasticsearch 方便检索;
    `

发表评论

电子邮件地址不会被公开。 必填项已用*标注