构建你比较满意的分布式扫描平台（上）

0x00、前言

在云安全内部安全能力建设中，对云资产的端口扫描是一个必需要作的事情，由于开放一个端口对外提供一个服务都是扩大了您在云上攻击面。对于这种危险须要尽早的通知云上用户。那么如何对几万甚至几十万云主机作有效的端口扫描和精确的服务识别？这须要一套分布式的扫描系统来支撑。

0x0一、实践的认知

在此以前，作了一些的小实践

方向3的代码以下：

# coding=utf-8
#!/usr/env/bin python
//存储到redis
def store(result):
 r=redis.Redis(host='127.0.0.1',port=6379,decode_responses=True,password=xxxx)
 with open(result,'r') as f:
 for line in f:
 if line.startswith('{ '}:
 try:
 temp = json.loads(line[:-2])
 tmp1=temp["ports"][0]
 r.append(temp["ip"],str(tmp1["port"])+",")
 except:
 continue
 return r
//masscan扫描模块
def Scan():
 try:
 global g_queue
 while not g_queue.empty():
 item = g_queue.get()
 result = "result"+item+".json"
 p = subprocess.Popen("/root/masscan/bin/masscan "+item+" -p T:21-23,25,80,81,88,110,143,443,1080,1433,1521,1158,3306-3308,3389,3690,5432,5900,6379,7001,8000,8080,9000,9418,27017-27019,50060,111,11211,2049 -oJ "+result, shell=True)
 p.wait()
 if p.returncode==0:
 print ('ok')
 if os.path.getsize(result) != 0:
 print item
 store(result)
 if g_queue.qsize() == 0:
 print (u'公有云高危端口扫描结束')
 return "ok"
 except Exception,e:
 print e
 return e
if __name__ == '__main__':
// ip地址压入队列
 csvfile2 = file('xxx_public_ip.csv', 'r')
 reader = csv.reader(csvfile2)
 for x in reader:
 ips = IP(x[0])
 for y in ips:
 g_queue.put(y.strNormal(0))

Nmap扫描模块

def NmapScan():
 try:
 global g_queue
 
 while not g_queue.empty():
 item = g_queue.get()
 filename = item.split(' ')[1]+"_"+item.split(' ')[0]
 result = "result"+filename.strip()+".xml"
 print result
 p = subprocess.Popen("/usr/bin/nmap -oX "+result+" -sV -p"+item, shell=True)
 p.wait()
 if p.returncode==0:
 nmap_report = NmapParser.parse_fromfile(result)
 for scanned_hosts in nmap_report.hosts:
 print scanned_hosts.address
 for serv in scanned_hosts.services:
 if serv.state == "open":
 m = serv.service_dict.get('extrainfo', '')
 print m
 if m.find('\'') != -1:
 pass
 else:
 writer.writerow([scanned_hosts.address,str(serv.port),serv.service,serv.service_dict.get('product', ''),serv.service_dict.get('version', ''),serv.service_dict.get('extrainfo', '')])
 print "size = ", g_queue.qsize()
 if g_queue.qsize() == 0:
 print (u'公网服务指纹扫描结束')
 return "ok"
 except Exception,e:
 print e
 return e

//从队列中读取扫描目标