python调用nmap扫描局域网存活主机和端口

最新推荐文章于 2025-10-20 12:45:17 发布

原创最新推荐文章于 2025-10-20 12:45:17 发布 · 2.3k 阅读

1 ·

CC 4.0 BY-SA版权

文章标签：

#nmap #scan #内网扫描 #主机扫描

本文介绍如何使用Python结合Nmap模块扫描局域网内的存活主机及开放端口，通过输入IP范围和目标端口，实现对局域网内主机的快速探测，并展示扫描结果。

python调用nmap扫描局域网存活主机和端口

文章目录

python调用nmap扫描局域网存活主机和端口

操作环境

python2

sudo apt install nmap

pip install nmap json

运行代码

sudo python2 scan.py

代码经过调试，使用root可直接运行

#!python2 
# scan.py must be sudo to run
import nmap
import json

nm = nmap.PortScanner()
iprange = raw_input("input ip range(eg:192.168.224.0/24)>")
port = raw_input("input target port(eg:8888)>")
if not port:
	port = 8888
if not iprange:
    iprange = "192.168.224.0/24"
print("scan ip range " + iprange)
a = nm.scan(iprange, str(port), '-sS -O')
a = a.get("scan")

target = 0
for key, value in a.items():
    if value.get("tcp").get(port).get("state") == "open":
        print "target ip maybe :" + key
        print "some information"
        print value
        target = target + 1

if target == 0:
    print "no target machine detectd...."

关键代码

1. nm.scan(ip,port,args)

请查阅参考文档一，有详细的解释

返回的结果a形式如下：a是个字典

{'nmap': {'scanstats': {'uphosts': '4', 'timestr': 'Sat Jun 27 13:29:19 2020', 'downhosts': '252', 'totalhosts': '256', 'elapsed': '9.86'}, 'scaninfo': {'tcp': {'services': '8888', 'method': 'syn'}}, 'command_line': 'nmap -oX - -p 8888 -sS -O 192.168.224.0/24'}, 'scan': {'192.168.224.132': {'status': {'state': 'up', 'reason': 'localhost-response'}, 'uptime': {'seconds': '1999559', 'lastboot': 'Thu Jun  4 10:03:20 2020'}, 'vendor': {}, 'addresses': {'ipv4': '192.168.224.132'}, 'tcp': {8888: {'product': '', 'state': 'open', 'version': '', 'name': 'sun-answerbook', 'conf': '3', 'extrainfo': '', 'reason': 'syn-ack', 'cpe': ''}}, 'hostnames': [{'type': '', 'name': ''}], 'osmatch': [{'osclass': [{'osfamily': 'Linux', 'vendor': 'Linux', 'cpe': ['cpe:/o:linux:linux_kernel:2.6.32'], 'type': 'general purpose', 'osgen': '2.6.X', 'accuracy': '100'}], 'line': '50174', 'name': 'Linux 2.6.32', 'accuracy': '100'}], 'portused': [{'state': 'open', 'portid': '8888', 'proto': 'tcp'}, {'state': 'closed', 'portid': '34334', 'proto': 'udp'}]}, '192.168.224.1': {'status': {'state': 'up', 'reason': 'arp-response'}, 'vendor': {'00:50:56:C0:00:08': 'VMware'}, 'addresses': {'mac': '00:50:56:C0:00:08', 'ipv4': '192.168.224.1'}, 'tcp': {8888: {'product': '', 'state': 'filtered', 'version': '', 'name': 'sun-answerbook', 'conf': '3', 'extrainfo': '', 'reason': 'no-response', 'cpe': ''}}, 'hostnames': [{'type': '', 'name': ''}], 'osmatch': [], 'portused': []}, '192.168.224.2': {'status': {'state': 'up', 'reason': 'arp-response'}, 'vendor': {'00:50:56:E8:9C:1A': 'VMware'}, 'addresses': {'mac': '00:50:56:E8:9C:1A', 'ipv4': '192.168.224.2'}, 'tcp': {8888: {'product': '', 'state': 'closed', 'version': '', 'name': 'sun-answerbook', 'conf': '3', 'extrainfo': '', 'reason': 'reset', 'cpe': ''}}, 'hostnames': [{'type': '', 'name': ''}], 'osmatch': [{'osclass': [{'osfamily': 'embedded', 'vendor': 'Aethra', 'cpe': ['cpe:/h:aethra:starvoice_1042'], 'type': 'broadband router', 'osgen': None, 'accuracy': '91'}], 'line': '1615', 'name': 'Aethra Starvoice 1042 ADSL router', 'accuracy': '91'}, {'osclass': [{'osfamily': 'AOS', 'vendor': 'APC', 'cpe': ['cpe:/o:apc:aos:5'], 'type': 'power-device', 'osgen': '5.X', 'accuracy': '91'}], 'line': '2920', 'name': 'APC AOS 5', 'accuracy': '91'}, {'osclass': [{'osfamily': 'SuperDOS', 'vendor': 'Bluebird', 'cpe': ['cpe:/o:bluebird:superdos'], 'type': 'general purpose', 'osgen': None, 'accuracy': '91'}], 'line': '9384', 'name': 'Bluebird SuperDOS', 'accuracy': '91'}, {'osclass': [{'osfamily': 'embedded', 'vendor': 'Brother', 'cpe': ['cpe:/h:brother:nc-130h'], 'type': 'print server', 'osgen': None, 'accuracy': '91'}], 'line': '9587', 'name': 'Brother NC-130h print server', 'accuracy': '91'}, {'osclass': [{'osfamily': 'embedded', 'vendor': 'Brother', 'cpe': ['cpe:/h:brother:hl-1870n'], 'type': 'printer', 'osgen': None, 'accuracy': '91'}], 'line': '9767', 'name': 'Brother HL-1870N printer', 'accuracy': '91'}, {'osclass': [{'osfamily': 'embedded', 'vendor': 'Brother', 'cpe': ['cpe:/h:brother:hl-2070n', 'cpe:/h:brother:mfc-5460cn'], 'type': 'printer', 'osgen': None, 'accuracy': '91'}], 'line': '9786', 'name': 'Brother HL-2070N or MFC-5460CN printer', 'accuracy': '91'}, {'osclass': [{'osfamily': 'embedded', 'vendor': 'Brother', 'cpe': ['cpe:/h:brother:hl-2070n'], 'type': 'printer', 'osgen': None, 'accuracy': '91'}], 'line': '9805', 'name': 'Brother HL-2070N printer', 'accuracy': '91'}, {'osclass': [{'osfamily': 'embedded', 'vendor': 'Brother', 'cpe': ['cpe:/h:brother:hl-5070n'], 'type': 'printer', 'osgen': None, 'accuracy': '91'}], 'line': '10112', 'name': 'Brother HL-5070N printer', 'accuracy': '91'}, {'osclass': [{'osfamily': 'embedded', 'vendor': 'Brother', 'cpe': ['cpe:/h:brother:mfc-7820n'], 'type': 'printer', 'osgen': None, 'accuracy': '91'}], 'line': '10480', 'name': 'Brother MFC-7820N printer', 'accuracy': '91'}, {'osclass': [{'osfamily': 'embedded', 'vendor': 'Brother', 'cpe': ['cpe:/h:brother:mfc-9420cn'], 'type': 'printer', 'osgen': None, 'accuracy': '91'}], 'line': '10595', 'name': 'Brother MFC-9420CN printer', 'accuracy': '91'}], 'portused': [{'state': 'closed', 'portid': '8888', 'proto': 'tcp'}]}, '192.168.224.254': {'status': {'state': 'up', 'reason': 'arp-response'}, 'vendor': {'00:50:56:F5:F1:1D': 'VMware'}, 'addresses': {'mac': '00:50:56:F5:F1:1D', 'ipv4': '192.168.224.254'}, 'tcp': {8888: {'product': '', 'state': 'filtered', 'version': '', 'name': 'sun-answerbook', 'conf': '3', 'extrainfo': '', 'reason': 'no-response', 'cpe': ''}}, 'hostnames': [{'type': '', 'name': ''}], 'osmatch': [], 'portused': []}}}

2. 字典的解析

为了更好地测试，最好使用jupyter或控制台去单步执行，去使用dict的get方法去逐步解析，防止错误

for key, value in a.items():
    if value.get("tcp").get(port).get("state") == "open":
        print "target ip maybe :" + key
        print "some information"
        print value
        target = target + 1

运行结果

zhao@zhao:~/Desktop/project$ sudo python scan.py
[sudo] password for zhao:
input ip range(eg:192.168.224.0/24)>
input target port(eg:8888)>
scan ip range 192.168.224.0/24
target ip maybe :192.168.224.132
some information
{'status': {'state': 'up', 'reason': 'localhost-response'}, 'uptime': {'seconds': '2001774', 'lastboot': 'Thu Jun  4 10:03:22 2020'}, 'vendor': {}, 'addresses': {'ipv4': '192.168.224.132'}, 'tcp': {8888: {'product': '', 'state': 'open', 'version': '', 'name': 'sun-answerbook', 'conf': '3', 'extrainfo': '', 'reason': 'syn-ack', 'cpe': ''}}, 'hostnames': [{'type': '', 'name': ''}], 'osmatch': [{'osclass': [{'osfamily': 'Linux', 'vendor': 'Linux', 'cpe': ['cpe:/o:linux:linux_kernel:2.6.32'], 'type': 'general purpose', 'osgen': '2.6.X', 'accuracy': '100'}], 'line': '50174', 'name': 'Linux 2.6.32', 'accuracy': '100'}], 'portused': [{'state': 'open', 'portid': '8888', 'proto': 'tcp'}, {'state': 'closed', 'portid': '30317', 'proto': 'udp'}]}