确保服务器上装了nmap 并能正常执行,
确保服务器上装了perl
chmod u+x scalport.pl
创建一个ip列表文件(一个ip一行)all.ip
执行 ./scalport.pl all.ip 开始扫描
结果保存为all.csv
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
#!/usr/bin/env perl use warnings; use strict; my $filename=shift @ARGV; open my $IN,'<',$filename or die $!; my @ip=<$IN>; my $out; $out=(split /\./,$filename)[-1] unless defined $out and $out eq ""; $out=(split /\./,$filename)[-2]; $out.=".csv"; my $port=q(80,8080,3306,9200,6379,11211,21,22); my @resul; my $host; print "Start scan.\n"; my %result; open my $OUT,'>',$out or die $!; for (@ip) { chomp; next if /(#|\$)/; $host=$_; my $result=`nmap -T3 -sV -p $port $_ `; @resul= split /\n/ms,$result; for(@resul) { chomp; next if /^$/; next if /Starting Nmap/; next if /Nmap scan report/; next if /PORT/; next if /filtered/; next if /Host is up/; next if /Service detection performed/; next if /Nmap done:/; next if /service unrecognized/; next if /SF/; next if /Service Info/; my $info="$host $_"; $info =~s/\s+/,/g; $info =~s/\/tcp//g; print $OUT $info."\n"; } print "scan $_ ok!\n"; } close $OUT; |
扫描过程比较长,尤其是当ip较多时候,建议用 screen 执行
扫描结果搜索
显示为open 并且 显示服务名称(比如Tomcat 或者 Mysql) 或者nginx 并有版本显示的需要处理:
x.x.x.x,51366,open,ssh,OpenSSH,5.3,(protocol,2.0)
需要封禁sshd端口
x.x.x.x,3306,open,mysql MySQL 5.6.19
Mysql需要封禁端口
x.x.x.x,8080,open,http,Apache,Tomcat/Coyote,JSP,engine,1.1
Tomcat需要屏蔽版本信息
x.x.x.x,80,open,http,nginx 1.9.4
nginx 有版本信息的需要处理