我可以快速扫描本地networking的特定开放端口吗?
我想知道是否有方法来扫描我的本地networking的IP范围为特定号码的开放端口。
本质上,我正在寻找nodejs来查找特定types的客户端而不知道他们的IP地址。 在这种情况下,在端口14150上侦听的RFID阅读器。
我想这个扫描速度很快,所以我不希望每个IP地址之间有一个很长的超时时间。 它们都应该发生得很快,可能在最多几秒钟内,对于多达255个客户端的整个本地IP范围,不包括我自己的IP。
我写了代码,做我想要的,但它是痛苦的缓慢…我想看看如果我可以使这个速度更快通过连接,并得出如果连接不能在20ms内给定的IP。 我想捕获数组中的实际连接,然后我可以将其用于其他目的。
var net = require('net'); // Required to create socket connections var ip = 254; //IP address to start with on a C class network function checkConnect () { ip--; var thisIP = '192.168.1.' + ip; //concatenate to a real IP address var S = new net.Socket(); S.connect(80, thisIP); if(ip > 0) { checkConnect(); } S.on('connect', function () { console.log('port 80 found on ' + thisIP); }); S.on('error', function () { console.log('no such port on ' + thisIP); }); S.end(); } checkConnect();
我已经为你做了https://github.com/eviltik/evilscan 。 (刚发布v0.0.3今天)
安装 :
npm install -g evilscan
用法 (端口列表+端口范围):
root@debian:~# evilscan --target=192.168.0.0/24 --port=21-446,5900 --concurrency=100 --progress 192.168.0.3:5900|open 192.168.0.26:53|open 192.168.0.26:111|open 192.168.0.26:81|open 192.168.0.26:23|open Scanned 192.168.0.253:446 (100%)
提示 :
对于非常快速的扫描,您可以使用超过1000个“并发”参数进行播放,但您必须先更新您的linux的ulimit参数:
ulimit -u unlimited
希望这个帮助。
您可以使用arp命令获取首先激活的设备列表。 在盒子外面思考;)你不必盲目扫描所有的设备。
var child = require("child_process"); var async = require("async"); var net = require("net"); var os = require("os"); function scan(port, cb){ var hosts = {}; var result = []; async.series([ function scan(next, c){ if(c == 1){ next(); return; } // scan twice because arp sometimes does not list all hosts on first time child.exec("arp -n | awk '{print $1}' | tail -n+2", function(err, res){ if(err) cb(err); else { var list = res.split("\n").filter(function(x){return x !== "";}); list.map(function(x){ hosts[x] = x; }); } scan(next, 1); }); }, function(next){ // if you want to scan local addresses as well var ifs = os.networkInterfaces(); Object.keys(ifs).map(function(x){ hosts[((ifs[x][0])||{}).address] = true; }); // do the scan async.each(Object.keys(hosts), function(x, next){ var s = new net.Socket(); s.setTimeout(1500, function(){s.destroy(); next();}); s.on("error", function(){ s.destroy(); next(); }); s.connect(port, x, function(){ result.push(x); s.destroy(); next(); }); }, function(){ next(); }); } ], function(){ cb(null, result); }); } scan(80, function(err, hosts){ if(err){ console.error(err); } else { console.log("Found hosts: "+hosts); } });
您也可以使用arp-scan实用程序来更可靠。 但是arp-scan需要root访问才行,所以最好使用arp。 它在几乎所有的Linux机器上都可用。
以前的答案没有真正的工作,我需要。 我发现了一个更轻的select。 有了这个解决scheme,我很快得到了我的解 我的下一次升级是根据当前子网指定一系列主机。 我想我会想限制这第254个客户端,所以它不是矫枉过正。 这里是代码:
//LLRP DEVICE SCANNER var net = require('net'), Socket = net.Socket; var checkPort = function(port, host, callback) { var socket = new Socket(), status = null; // Socket connection established, port is open socket.on('connect', function() {status = 'open';socket.end();}); socket.setTimeout(1500);// If no response, assume port is not listening socket.on('timeout', function() {status = 'closed';socket.destroy();}); socket.on('error', function(exception) {status = 'closed';}); socket.on('close', function(exception) {callback(null, status,host,port);}); socket.connect(port, host); } var LAN = '192.168.1'; //Local area network to scan (this is rough) var LLRP = 5084; //globally recognized LLRP port for RFID readers //scan over a range of IP addresses and execute a function each time the LLRP port is shown to be open. for(var i=1; i <=255; i++){ checkPort(LLRP, LAN+'.'+i, function(error, status, host, port){ if(status == "open"){ console.log("Reader found: ", host, port, status); } }); }
而不是只发布链接(链接可能会死在一会儿),我会在网站上发布教程代码:
var net = require('net'); // the machine to scan var host = 'localhost'; // starting from port number var start = 1; // to port number var end = 10000; // sockets should timeout asap to ensure no resources are wasted // but too low a timeout value increases the likelyhood of missing open sockets, so be careful var timeout = 2000; // the port scanning loop while (start <= end) { // it is always good to give meaningful names to your variables // since the context is changing, we use `port` to refer to current port to scan var port = start; // we create an anonynous function, pass the current port, and operate on it // the reason we encapsulate the socket creation process is because we want to preseve the value of `port` for the callbacks (function(port) { // console.log('CHECK: ' + port); var s = new net.Socket(); s.setTimeout(timeout, function() { s.destroy(); }); s.connect(port, host, function() { console.log('OPEN: ' + port); // we don't destroy the socket cos we want to listen to data event // the socket will self-destruct in 2 secs cos of the timeout we set, so no worries }); // if any data is written to the client on connection, show it s.on('data', function(data) { console.log(port +': '+ data); s.destroy(); }); s.on('error', function(e) { // silently catch all errors - assume the port is closed s.destroy(); }); })(port); start++; }