【亲测有效】超高速扫描ip端口，可控制进程数，线程数，异步io链接并发数，超时时间，扫描到的端口服务信息说明

import socket
import ipaddress
import multiprocessing
import threading
import asyncio
import concurrent.futures
#pip install netifaces==0.11.0
import netifaces
from multiprocessing import Pool, Manager#4 linux: pip install uvloop
#import uvloop
# 使用 uvloop 作为默认的事件循环
#asyncio.set_event_loop_policy(uvloop.EventLoopPolicy())# 获取当前的IP地址、子网掩码和网关
def get_network_info():interfaces = netifaces.interfaces()for interface in interfaces:addresses = netifaces.ifaddresses(interface)if netifaces.AF_INET in addresses:ipv4_info = addresses[netifaces.AF_INET][0]ip = ipv4_info.get('addr')netmask = ipv4_info.get('netmask')gateway = netifaces.gateways()['default'][netifaces.AF_INET][0]return ip, netmask, gatewayreturn None, None, None# 打印要扫描的IP范围和端口范围
def print_scan_info(start_ip, end_ip, port_range):print(f"Scanning IP range: {start_ip} - {end_ip}")print(f"Scanning port range: {port_range[0]} - {port_range[1]}")# 尝试检测服务名称
def get_service_name(port, ip=''):try:service_name = socket.getservbyport(port)except OSError:service_name = 'Unknown Service'return service_name# 获取当前IP所在的局域网网段
def get_local_network():hostname = socket.gethostname()local_ip = socket.gethostbyname(hostname)# 假设使用的是标准子网掩码 255.255.255.0 (CIDR: /24)ip_network = ipaddress.ip_network(f'{local_ip}/24', strict=False)return ip_network# 服务识别
def identify_service(response):# 识别 HTTP 服务if 'HTTP' in response:return 'HTTP Service'# 识别 FTP 服务if '220' in response:if 'FTP' in response:return 'FTP Service'# 识别 SMTP 服务if '220' in response:if 'ESMTP' in response:return 'SMTP Service'# 识别 SSH 服务if 'SSH' in response:return 'SSH Service'# 识别 Redis 服务if 'Redis' in response:return 'Redis Service'# 识别 MySQL 服务if 'MySQL' in response:return 'MySQL Service'# 识别 PostgreSQL 服务if 'PostgreSQL' in response or 'postgres' in response:return 'PostgreSQL Service'# 识别 MongoDB 服务if 'MongoDB' in response or 'mongo' in response:return 'MongoDB Service'# 识别 MS SQL 服务if 'Microsoft SQL Server' in response or 'SQL Server' in response:return 'MS SQL Service'# 识别 Oracle DB 服务if 'Oracle' in response:return 'Oracle DB Service'# 识别 RDP 服务if 'RDP' in response or 'Remote Desktop' in response:return 'RDP Service'# 识别 LDAP 服务if 'LDAP' in response or 'Directory Service' in response:return 'LDAP Service'# 识别 SNMP 服务if 'SNMP' in response or 'Simple Network Management Protocol' in response:return 'SNMP Service'# 识别 SIP 服务if 'SIP' in response or 'Session Initiation Protocol' in response:return 'SIP Service'# 识别 VNC 服务if 'VNC' in response or 'Virtual Network Computing' in response:return 'VNC Service'# 识别 XMPP 服务if 'XMPP' in response or 'Extensible Messaging and Presence Protocol' in response:return 'XMPP Service'# 识别 NTP 服务if 'NTP' in response or 'Network Time Protocol' in response:return 'NTP Service'# 识别 DHCP 服务if 'DHCP' in response or 'Dynamic Host Configuration Protocol' in response:return 'DHCP Service'# 识别 IMAP 服务if 'IMAP' in response or 'Internet Message Access Protocol' in response:return 'IMAP Service'# 识别 POP3 服务if 'POP3' in response or 'Post Office Protocol' in response:return 'POP3 Service'# 识别 Telnet 服务if 'Telnet' in response:return 'Telnet Service'# 识别 HTTP Proxy 服务if 'Proxy' in response or 'HTTP Proxy' in response:return 'HTTP Proxy Service'# 识别 Git 服务if 'Git' in response:return 'Git Service'# 识别 Elasticsearch 服务if 'Elasticsearch' in response:return 'Elasticsearch Service'# 识别 Solr 服务if 'Solr' in response:return 'Solr Service'# 识别 Memcached 服务if 'Memcached' in response:return 'Memcached Service'# 识别 RabbitMQ 服务if 'RabbitMQ' in response:return 'RabbitMQ Service'# 识别 Couchbase 服务if 'Couchbase' in response:return 'Couchbase Service'# 识别 CouchDB 服务if 'CouchDB' in response:return 'CouchDB Service'# 识别 MariaDB 服务if 'MariaDB' in response:return 'MariaDB Service'# 识别 Cassandra 服务if 'Cassandra' in response:return 'Cassandra Service'# 识别 InfluxDB 服务if 'InfluxDB' in response:return 'InfluxDB Service'# 识别 Zookeeper 服务if 'Zookeeper' in response:return 'Zookeeper Service'# 识别 Redis Sentinel 服务if 'Redis Sentinel' in response:return 'Redis Sentinel Service'# 识别 Memcached 服务if 'Memcached' in response:return 'Memcached Service'# 识别 Prometheus 服务if 'Prometheus' in response:return 'Prometheus Service'# 识别 Grafana 服务if 'Grafana' in response:return 'Grafana Service'# 识别 Jenkins 服务if 'Jenkins' in response:return 'Jenkins Service'# 识别 Docker 服务if 'Docker' in response:return 'Docker Service'# 识别 Kubernetes 服务if 'Kubernetes' in response:return 'Kubernetes Service'# 识别 Kubernetes Dashboard 服务if 'Kubernetes Dashboard' in response:return 'Kubernetes Dashboard Service'# 识别 Vault 服务if 'Vault' in response:return 'Vault Service'# 识别 Harbor 服务if 'Harbor' in response:return 'Harbor Service'# 识别 Istio 服务if 'Istio' in response:return 'Istio Service'# 识别 Nginx 服务if 'Nginx' in response:return 'Nginx Service'# 识别 HAProxy 服务if 'HAProxy' in response:return 'HAProxy Service'# 识别 OpenVPN 服务if 'OpenVPN' in response:return 'OpenVPN Service'# 识别 WireGuard 服务if 'WireGuard' in response:return 'WireGuard Service'# 识别 Squid Proxy 服务if 'Squid' in response:return 'Squid Proxy Service'# 识别 Samba 服务if 'Samba' in response:return 'Samba Service'# 识别 TeamSpeak 服务if 'TeamSpeak' in response:return 'TeamSpeak Service'# 如果无法识别return 'Unknown Service'# 扫描一个端口是否开放
async def scan_port(ip, port, semaphore, timeout=3):async with semaphore:try:reader, writer = await asyncio.wait_for(asyncio.open_connection(ip, port), timeout=timeout)# async with lock:service_name = get_service_name(port)# 获取服务的banner信息service_banner, service = await identify_service_from_banner(ip, port)print(f"{ip}:{port} is open, 标准Service: {service_name} 网络服务标识返回：{service_banner} 服务含义：{service}")writer.close()await writer.wait_closed()except:pass# 通用的TCP Banner Grabbing方法
async def identify_service_from_banner(ip, port):try:reader, writer = await asyncio.open_connection(ip, port)writer.write(b"\r\n")  # 发送一个空行以触发 Banner 返回await writer.drain()banner = await reader.read(4096)writer.close()await writer.wait_closed()if banner:service_name = identify_service(banner.decode('utf-8', errors='ignore'))return banner.decode('utf-8', errors='ignore').strip(), service_nameelse:return "No banner received", "Unknown Service"except (asyncio.TimeoutError, ConnectionRefusedError, OSError):return "Unknown Service", "Unknown Service"# 多线程扫描指定IP的所有端口
def scan_ip(ip, port_range, timeout=3):# 限制同时进行的任务数量，避免资源占用过多loop = asyncio.new_event_loop()asyncio.set_event_loop(loop)semaphore = asyncio.Semaphore(64)  # 限制同时进行的任务数量tasks = [loop.create_task(scan_port(ip, port, semaphore, timeout=timeout)) for port in range(port_range[0], port_range[1] + 1)]loop.run_until_complete(asyncio.wait(tasks))loop.close()# 每个进程调用的扫描函数
def process_scan(start_ip, end_ip, port_range, timeout=3, max_threads=10):start_int = int(ipaddress.ip_address(start_ip))end_int = int(ipaddress.ip_address(end_ip))with concurrent.futures.ThreadPoolExecutor(max_workers=max_threads) as executor:  # 每个进程内的线程池大小for ip_int in range(start_int, end_int + 1):ip_address = str(ipaddress.ip_address(ip_int))executor.submit(scan_ip, ip_address, port_range, timeout)# 使用进程池扫描一个IP段的所有IP
def scan_network(start_ip, end_ip, max_processes=4, max_threads=4, timeout=3, port_range=(1, 65535)):# 计算每个进程处理的IP段范围start_int = int(ipaddress.ip_address(ip_list[0]))end_int = int(ipaddress.ip_address(ip_list[-1]))total_ips = end_int - start_int + 1ips_per_process = total_ips // max_processeswith Pool(processes=max_processes) as pool:for i in range(max_processes):process_start_ip = str(ipaddress.ip_address(start_int + i * ips_per_process))process_end_ip = str(ipaddress.ip_address(start_int + (i + 1) * ips_per_process - 1)) if i < max_processes - 1 else str(ipaddress.ip_address(end_int))pool.apply_async(process_scan, (process_start_ip, process_end_ip, port_range, timeout, max_threads))pool.close()pool.join()if __name__ == "__main__":# Windows 系统中显式设置 `multiprocessing` 的启动方式为 "spawn"multiprocessing.set_start_method("spawn")# 获取并打印网络信息current_ip, netmask, gateway = get_network_info()print(f"Current IP: {current_ip}")print(f"Netmask: {netmask}")print(f"Gateway: {gateway}")port_range = (1, 65535)max_processes = 2# ip_range_per_process = 32  # 每个进程处理的IP数量# 设置线程数量max_threads = 4# 设置端口扫描超时时间（秒）timeout = 1# 获取当前局域网网段local_network = get_local_network()print(f"Scanning network: {local_network}")# 使用多进程扫描整个网段# processes = []ip_list = list(local_network.hosts())  # 获取所有主机IP# 扫描IP段scan_network(ipaddress.ip_address(ip_list[0]), ipaddress.ip_address(ip_list[-1]), max_processes, max_threads, timeout, port_range)

【亲测有效】超高速扫描ip端口，可控制进程数，线程数，异步io链接并发数，超时时间，扫描到的端口服务信息说明