系統環境:Windows 10 64-bit
開發環境:vs2017
這是一個簡單的基於完全連接的主機端口掃描器,原理很簡單,創建套接字的時候與主機指定端口進行連接,連接成功則目的端口開放,否則未開放。
優點:實現簡單
缺點:很容易被發現,導致檢測報文被攔截,掃描結果出錯。
#include <stdio.h>
#include <winsock.h>
#include <windows.h>
#pragma comment(lib,"ws2_32")
void usage(char *prog)
{
printf("Usage:%s 127.0.0.1 1 65535\n", prog);
printf("%s IP StartPort EndPort\n", prog);
}
int main(int argc, char *argv[])
{
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), FOREGROUND_INTENSITY | FOREGROUND_BLUE);
if (argc != 4)
{
usage(argv[0]);
return -1;
}
WSADATA wsa;
//初始化socket版本
if (WSAStartup(MAKEWORD(2, 2), &wsa) != 0)
{
printf("Winsock Dll init failed!\n");
return -1;
}
//定義當前端口和計數器
int nowport, count = 0;
int startport = atoi(argv[2]);
int endport = atoi(argv[3]);
//檢查端口有效性
if (endport < startport)
{
printf("end port should larger than start port!\n");
return -1;
}
nowport = startport;
printf("start scanning......\n");
struct sockaddr_in sa;
for (nowport; nowport < endport; nowport++)
{
//目標主機信息
sa.sin_family = AF_INET;
sa.sin_addr.S_un.S_addr = inet_addr(argv[1]);
sa.sin_port = htons(nowport);
SOCKET sockFD = socket(AF_INET, SOCK_STREAM, 0);
if (sockFD == INVALID_SOCKET)
{
printf("socket create error!\n");
return -1;
}
int iTimeOut = 5000; //超時時間
setsockopt(sockFD, SOL_SOCKET, SO_RCVTIMEO, (char*)&iTimeOut, sizeof(iTimeOut));
printf("testing if %d port is open\n", nowport);
if (connect(sockFD, (const sockaddr*)&sa, sizeof(sa)) == SOCKET_ERROR)
{
closesocket(sockFD);
}
else
{
count++;
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), FOREGROUND_INTENSITY | FOREGROUND_RED);
printf("%s find %d port is open!\n", argv[1], nowport);
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), FOREGROUND_INTENSITY | FOREGROUND_BLUE);
closesocket(sockFD);
}
}
printf("Scan end...\nFind %d ports is open!\n", count);
WSACleanup();
return 0;
}
結果展示:
這個demo沒有結合多線程進行實現,因此效率也比較低。
後續將實現TCP SYN掃描,儘量完善一點