ICMP主机探测过程

#1
from scapy.all import * from random import randint from optparse import OptionParser

  

#2 对用户输入的参数进行接收和批量处理,并将处理后的ip地址传入Scan函数.
def main():
    parser = OptionParser("Usage:%prog -i <target host> ")   #输出帮助信息
    parser.add_option('-i', type='string', dest='IP', help='specify target host')
            #获取IP地址参数
    options, args = parser.parse_args()
    print("Scan report for " + options.IP + "\n")
    #判断是单台还是多台主机
    #IP中存在-,说明是要扫描多台主机
    if '-' in options.IP:
# 代码举例:192.168.1.1-120
# 通过" - " 进行隔离,把192.168.1.1和120分开
# 把192.168.1.1通过" , "进行隔离,取最后一个数作为range 函数的start ,然后把120+1作为range 函数的stop
# 这样循坏遍历出需要扫描的IP地址
        for i in range (int(options.IP.split('-')[0].split('.')[3]),int
            (options.IP.split('-' )[1]) + 1):
             Scan(
            options.IP.split('.')[0] + '.' + options.IP.split('.')[1] + '.' +
                options.IP.split('.')[2] + '.' + str(i))
            time.sleep (0.2)
    else:
         Scan(options.IP)
         print("\nScan finished!...\n")
if __name__ == "__main__":
         try:
            main()
         except KeyboardInterrupt:
             print('interrupted by user, killing all threads...')
#3 Scan函数通过调用ICMP, 构造好的请求包发送到目的地址.目的地址的应答数据判断目标是否存活,打印存活的主机IP地址"ip.ip.ip.ip"----"Host is up" 对于不存活的主机打印出"ip.ip.ip.ip"---"host is down"
def Scan(ip):
    ip_id =randint(1, 65535)
    icmp_id = randint(1, 65535)
    icmp_seq = randint(1, 65535)
    packet=IP(dst=ip, ttl=64, id=ip_id)/ICMP(id=icmp_id, seq=icmp_seq)/b'rootkit'
    result = sr1(packet, timeout=1, verbose=False)

    if result:
       for rcv in result:
           scan_ip = rcv[IP].src
           print(scan_ip + '--->' 'Host is up')
    else:
        print(ip + '--->' 'host is down')