0x00、前言python
在云安全内部安全能力建设中,对云资产的端口扫描是一个必需要作的事情,由于开放一个端口对外提供一个服务都是扩大了您在云上攻击面。对于这种危险须要尽早的通知云上用户。那么如何对几万甚至几十万云主机作有效的端口扫描和精确的服务识别?这须要一套分布式的扫描系统来支撑。redis
0x0一、实践的认知shell
在此以前,作了一些的小实践json
方向3的代码以下:安全
# coding=utf-8 #!/usr/env/bin python //存储到redis def store(result): r=redis.Redis(host='127.0.0.1',port=6379,decode_responses=True,password=xxxx) with open(result,'r') as f: for line in f: if line.startswith('{ '}: try: temp = json.loads(line[:-2]) tmp1=temp["ports"][0] r.append(temp["ip"],str(tmp1["port"])+",") except: continue return r //masscan扫描模块 def Scan(): try: global g_queue while not g_queue.empty(): item = g_queue.get() result = "result"+item+".json" p = subprocess.Popen("/root/masscan/bin/masscan "+item+" -p T:21-23,25,80,81,88,110,143,443,1080,1433,1521,1158,3306-3308,3389,3690,5432,5900,6379,7001,8000,8080,9000,9418,27017-27019,50060,111,11211,2049 -oJ "+result, shell=True) p.wait() if p.returncode==0: print ('ok') if os.path.getsize(result) != 0: print item store(result) if g_queue.qsize() == 0: print (u'公有云高危端口扫描结束') return "ok" except Exception,e: print e return e if __name__ == '__main__': // ip地址压入队列 csvfile2 = file('xxx_public_ip.csv', 'r') reader = csv.reader(csvfile2) for x in reader: ips = IP(x[0]) for y in ips: g_queue.put(y.strNormal(0))
Nmap扫描模块app
def NmapScan(): try: global g_queue while not g_queue.empty(): item = g_queue.get() filename = item.split(' ')[1]+"_"+item.split(' ')[0] result = "result"+filename.strip()+".xml" print result p = subprocess.Popen("/usr/bin/nmap -oX "+result+" -sV -p"+item, shell=True) p.wait() if p.returncode==0: nmap_report = NmapParser.parse_fromfile(result) for scanned_hosts in nmap_report.hosts: print scanned_hosts.address for serv in scanned_hosts.services: if serv.state == "open": m = serv.service_dict.get('extrainfo', '') print m if m.find('\'') != -1: pass else: writer.writerow([scanned_hosts.address,str(serv.port),serv.service,serv.service_dict.get('product', ''),serv.service_dict.get('version', ''),serv.service_dict.get('extrainfo', '')]) print "size = ", g_queue.qsize() if g_queue.qsize() == 0: print (u'公网服务指纹扫描结束') return "ok" except Exception,e: print e return e
//从队列中读取扫描目标分布式