該實(shí)例是一個(gè)C實(shí)現(xiàn)的基于命令行模式端口掃描代碼���,并且是以非阻塞方式來(lái)實(shí)現(xiàn)對(duì)IP和端口的連接測(cè)試���。為了大家使用和學(xué)習(xí)方便,已在代碼中盡可能多的地方加入了注釋?zhuān)嘈艑?duì)于幫助大家理解C端口掃描有很大幫助�。
#include <afxext.h>#include <winsock.h>// 編譯時(shí)需使用的庫(kù)#pragma comment(lib,"wsock32.lib")// select()成員定義#define ZERO (fd_set *)0// 變量定義int maxth, scanok, scannum;int portip, hoststart, hoststop, startport, endport; //定義了開(kāi)始I和結(jié)束P地址����,開(kāi)始和結(jié)束端口long searchnum, searched;void usage(char *); // 定義顯示使用方法函數(shù)void playx(int); // 定義狀態(tài)提示函數(shù)void setip2(char *); // 定義設(shè)置IP函數(shù)void customport(char *, char *, char *); // 定義自定義掃描端口函數(shù)void portscannow(int); // 定義端口掃描掃描int main(int argc, char *argv[]){WSADATA wsadata;// 清屏system("cls.exe");// 顯示版本信息printf("/r/n============== 命令行端口掃描器 PortScanner V1.0 ==============");// 檢查輸入if ((argc < 3) || (argc > 4)){// 顯示幫助提示usage(argv[0]);return -1;}// 檢測(cè)是否為port掃描if(!(stricmp(strlwr(argv[1]), "-p") == 0)){usage(argv[0]);return -1;}// 程序初始化if (WSAStartup(MAKEWORD(1,1), &wsadata) != 0) //如果初始化錯(cuò)誤{printf("/r/nWsatartup error"); //出錯(cuò)信息return -1;}// 端口掃描參數(shù)轉(zhuǎn)換// 如果參數(shù)為三個(gè)if (argc == 3){// 直接設(shè)置IPsetip2(argv[2]);}// 如果參數(shù)為四個(gè)elseif (argc == 4){// 進(jìn)入定制端口掃描處理customport(argv[0], argv[2], argv[3]);}// 參數(shù)過(guò)多顯示幫助else{usage(argv[0]);return -1;}// 掃描端口開(kāi)始portscannow(argc);WSACleanup();return 0;}// 幫助提示函數(shù)void usage(char * prog){printf("Usage: %s <Option>", prog);printf("/r/n/n <Option>:");printf("/r/n -p [ Port|StartPort-EndPort ] < HostName|IP|StartIP-EndIP >");printf("/r/n/n Example: ");printf("/r/n %s -p 192.168.0.1", prog);printf("/r/n %s -p 192.168.0.1-192.168.0.254", prog);printf("/r/n %s -p 21-80 192.168.0.1", prog);printf("/r/n %s -p 21-80 192.168.0.1-192.168.0.254/r/n", prog);return;}// 進(jìn)度提示void playx(int play = 0){// 進(jìn)度條char *plays[12]={" | "," / "," - "," // "," | "," / "," - "," // "," | "," / "," - "," // ",};if (searchnum != 0){for (int i = 0 ; i <= 3; i ++){ printf(" =%s= %d%s Completed. /r", plays , searched * 100 / (searchnum + 1), "%"); Sleep(5);}}else{ printf(" =%s=/r", plays[play]); //顯示進(jìn)度 Sleep(10);}}// 設(shè)置IPvoid setip2(char *cp){int host;struct hostent *testhost;char *startip = "", *endip = "";// 判斷是否為 192.168.0.1-192.168.0.254 形式的輸入if (strstr(cp, "-") && strlen(cp) > 15 && strlen(cp) < 32){// 提取出結(jié)束IPendip = strchr(cp, '-') + 1;// 提取出開(kāi)始IPstrncpy(startip, cp, strlen(cp) - strlen(strchr(cp, '-')));// 給控制要掃描IP段的變量賦值hoststart = ntohl(inet_addr(startip));hoststop = ntohl(inet_addr(endip));}else{// 取得輸入的主機(jī)地址testhost = gethostbyname(startip);// 如果地址不存在if(!testhost){ WSACleanup( ); printf("/r/nCan't get ip of: %s", cp); exit(-1);}// 給控制要掃描IP段的變量賦值memcpy(&host, testhost->h_addr, 4);hoststop = hoststart = ntohl(host);}}// 測(cè)試線程是否已滿(mǎn)void TestThread(int thread = 200){for (;;){playx();// 測(cè)試線程是否已滿(mǎn)if (maxth > thread) Sleep(100);else break;}return;}// 等待線程結(jié)束函數(shù)void WaitThreadEnd(){// 延時(shí)Sleep(6000);// 顯示等待提示printf("/r /r/n");printf(" Wait ( %d )Thread end.../r/n", maxth);for(;;){// 判斷所有線程是否已經(jīng)結(jié)束if (maxth > 0){ // 延時(shí)等待線程序結(jié)束 Sleep(100); playx(); continue;}else break;}printf("/r/n");return;}// 定制端口掃描參數(shù)void customport(char *cp, char *cp2, char *cp3){int intport;char *checker;// 處理要掃描的端口// 掃描開(kāi)始端口變量賦值startport = atoi(cp2);// 掃描結(jié)束端口變量賦值endport = atoi(cp2);// 判斷是否 21-80 形式if (strstr(cp2,"-")){intport = atoi(checker = strchr(cp2, '-') + 1);if (intport > 0 && intport < 65536) // 掃描結(jié)束端口變量賦值 endport = intport;}// 端口大小判斷if (startport < 0 || startport > 65536 || endport < 0 || endport > 65535){usage(cp);exit(-1);}// 處理ip地址setip2(cp3);}// 端口掃描函數(shù)UINT portscan(LPVOID port){int addr = portip; // 取得要掃描的地址int sock;struct fd_set mask;struct timeval timeout;struct sockaddr_in server;unsigned long flag = 1;// 創(chuàng)建一個(gè)socksock = socket(AF_INET, SOCK_STREAM, 0);// 創(chuàng)建sock失敗處理if (sock == INVALID_SOCKET){printf("/r/nSock Error:%s", WSAGetLastError());maxth --;return -1;}// 給sock成員賦值server.sin_family=AF_INET;server.sin_addr.s_addr = htonl(addr); // 要掃描的地址server.sin_port = htons(short(port)); // 要掃描的端口// 顯示進(jìn)度playx();// 調(diào)用ioctlsocket()設(shè)置套接字為非阻塞模式if (ioctlsocket(sock, FIONBIO, &flag) != 0){// 設(shè)置失敗處理printf("/r/nSock Error:%s", WSAGetLastError());closesocket(sock);maxth --;return -1;}// 調(diào)用connect()連接遠(yuǎn)程主機(jī)端口connect(sock, (struct sockaddr*)&server, sizeof(server));timeout.tv_sec = 18; // 超時(shí)限制為18秒timeout.tv_usec = 0;FD_ZERO(&mask); // 清空集合maskFD_SET(sock, &mask); // 將sock放入集合mask中// 用select() 處理掃描結(jié)果switch(select(sock + 1, ZERO, &mask, ZERO, &timeout)){case -1:{ printf("/r/nSelect() error"); maxth --; return -1;}// sock超時(shí)處理case 0:{ maxth --; closesocket(sock); return -1;}default:if(FD_ISSET(sock, &mask)){ // 禁止sock發(fā)送和接受數(shù)據(jù) shutdown(sock, 0); // 設(shè)置輸出結(jié)果格式 printf(" [Found:] %s Port: %d open./r/n", inet_ntoa(server.sin_addr), ntohs(server.sin_port)); // 關(guān)閉sock closesocket(sock); scanok ++; maxth --; return 1;}}return 0;}// 掃描開(kāi)始主函數(shù)void portscannow(int xp){int sport;char *timenow, timebuf[32];// 默認(rèn)掃描的端口char *ports[32]={"21","22","23","25","53","79","80","110","111","113","123","135","139","143","443","512","513","514","515","540","1080","1433","1521","1524","3306","3389","5631","6000","6112","8000","8080","12345"http://這里你也可以自己要掃描的端口};// 顯示掃描開(kāi)始的時(shí)間timenow = _strtime(timebuf);printf("/r/nPortScan Start Time: %s/r/n/n",timenow);// 計(jì)數(shù)器初始化.maxth = 0;scanok = 0;scannum = 0;searched = 0;// 計(jì)算要掃描的端口數(shù)量searchnum = hoststop - hoststart +1;if(xp == 3)searchnum = searchnum * 32;if(xp == 4)searchnum = searchnum * (endport - startport +1);// 端口掃描開(kāi)始for (portip = hoststart; portip <= hoststop; portip ++, scannum ++){// *.*.*.0和*.*.*.255 地址處理if ((portip % 256) == 0 || (portip % 256) == 255){ if(xp == 3) searchnum = searchnum - 32; if(xp == 4) searchnum = searchnum - (endport - startport +1); scannum --; playx(); continue;}if(i > 11) i = 0;// 默認(rèn)端口掃描// scan 192.168.0.1// scan 192.168.0.1-192.168.0.254if (xp == 3){ for (sport = 0; sport < 32; sport ++, maxth ++, searched ++) { // 測(cè)試當(dāng)前線程是否大于180 TestThread(180); // 產(chǎn)生新的線程處理端口掃描 CWinThread * pthread = AfxBeginThread(portscan,LPVOID(atoi((char*)ports[sport]))); //延時(shí) Sleep(120); }}// 自端口掃描// scan -p 21 192.168.0.1// scan -p 21-80 192.168.0.1-192.168.0.254if (xp == 4){ // 計(jì)算要掃描的端口 sport = endport - startport; if(sport > 500 ) { // 掃描自的端口 for(sport = startport; sport <= endport; sport ++, maxth ++, searched ++) { TestThread(2000); // 產(chǎn)生新的線程處理端口掃描 CWinThread * pthread = AfxBeginThread(portscan, LPVOID(sport)); // 延時(shí) Sleep(10); } } else { // 掃描自的端口 for(sport = startport; sport <= endport; sport ++, maxth ++, searched ++) { // 測(cè)試當(dāng)前線程是否大于250 TestThread(250); // 產(chǎn)生新的線程處理端口掃描 CWinThread * pthread = AfxBeginThread(portscan, LPVOID(sport)); // 延時(shí) Sleep(100); playx(); } }}}// 等待所有的線程結(jié)束WaitThreadEnd();// 顯示端口掃描結(jié)束時(shí)間timenow = _strtime(timebuf);printf("/r/nPortScan End Time: %s", timenow);printf("/r/nScan %d Hosts completed. Open %d Ports!/r/n", scannum, scanok);}/*此函數(shù)實(shí)現(xiàn)判斷m_server的m_port端口是否可以連上�����,超時(shí)限制為nTimeOut秒*/ BOOL ConnectTest(char * m_server,int m_port) { struct hostent* host = NULL; struct sockaddr_in saddr; unsigned int s = 0; BOOL ret; time_t start; int error; host = gethostbyname (m_server); if (host==NULL)return FALSE; saddr.sin_family = AF_INET; saddr.sin_port = htons(m_port); saddr.sin_addr = *((struct in_addr*)host->h_addr); if( (s=socket(AF_INET, SOCK_STREAM, 0))<0){ return FALSE; } fcntl(s,F_SETFL, O_NONBLOCK); if(connect(s,(struct sockaddr*)&saddr, sizeof(saddr)) == -1) { if (errno == EINPROGRESS){// it is in the connect process struct timeval tv; fd_set writefds; tv.tv_sec = m_nTimeOut; tv.tv_usec = 0; FD_ZERO(&writefds); FD_SET(s, &writefds); if(select(s+1,NULL,&writefds,NULL,&tv)>0){ int len=sizeof(int); //下面的一句一定要���,主要針對(duì)防火墻 getsockopt(s, SOL_SOCKET, SO_ERROR, &error, &len); if(error==0) ret=TRUE; else ret=FALSE; }else ret=FALSE;//timeout or error happen }else ret=FALSE; } else ret=TRUE; close(s); return ret; }
