主动信息收集[1]{ Netdiscover: 专用于二层发现; 可用于无线和交换网络环境; 主动和被动探测; 主动: netdiscover -i wlan0 -r 1.1.1.0/24 netdiscover -i wlan0 -r $(ifconfig wlan0 | awk ‘/.?inet [\d].*?/{print $2}’ | awk -F “.” ‘{$4=0;print $0}’ | awk ‘{gsub(" “,”.",$0);printf $0}END{print “/24”}’) netdiscover -l iplist.txt 被动 ( 不主动发包,等待网络中其他主机发送 arp 包 ): netdiscover -p
Scapy: 作为 Python 库进行调用; 也可作为单独的工具使用; 抓包,分析,创建,修改,注入网络流量; apt-get install python-gnuplot scapy ARP().display() arp = ARP() arp.display() #构建arp包 sr1(arp) sr1(ARP(pdst="192.168.31.1"),timeout=0.1,verbose=0)}
python 扫描的多线程版本:
#!/usr/bin/python3 import os import logging logging.getLogger("scapy.runtime").setLevel(logging.ERROR) from scapy.all import * import threading import queue as Queue class myThread(threading.Thread): def __init__(self,name,q): threading.Thread.__init__(self) self.name = name self.q = q def run(self): print("[*] Strating " + self.name) while True: try: arping(self.name, self.q) except Exception as err: break print("[*] Exiting " + self.name) if len(sys.argv) != 2: print("[-] EXAMPLE: ./name 192.168.31.") sys.exit() ip = str(sys.argv[1]) def arping(threadName, q): addr = q.get(timeout=1) ans = sr1(ARP(pdst=ip + str(addr)), timeout = 0.1, verbose = 0) if ans == None: pass else: print(ip + str(addr)) threadList = [] for abcdefg in range(16): threadList.append(str("Thread-"+ str(abcdefg))) workQueue = Queue.Queue(255) threads = [] for tName in threadList: thread = myThread(tName, workQueue) thread.start() threads.append(thread) for iju in range(1,255): workQueue.put(str(iju)) for t in threads: t.join() print("[*] Exiting.....")