|
1 | | -# STPortScanner |
2 | | -采用.NET开发的端口扫描器 支持端口协议探测 内置多种类型扫描器 TCP/UDP/SYN/SMB/ICMP 等 采用IOCP模型开发 性能表现不错 可视为轻量级NMAP |
| 1 | +## STPortScanner |
| 2 | + |
| 3 | + |
| 4 | + |
| 5 | + |
| 6 | + |
| 7 | +## 关于作者 |
| 8 | +* Blog: [Crystal_lz](http://st233.com) |
| 9 | + |
| 10 | + |
| 11 | +## 可执行程序参数 |
| 12 | + |
| 13 | +```cs |
| 14 | + --------------------------------[STPScan 4.0]-------------------------------- |
| 15 | +-h Host ......................................... [默认:未指定] |
| 16 | + -h target.com,192.168.0.1,192.168.0.2-192.168.1.254,192.168.0.0/24 |
| 17 | +-hf Host from file 从文件加载'\n'分割 ............ [默认:未指定] |
| 18 | + -hf ./iplist.txt |
| 19 | +-p Port ......................................... [默认:Top 300] |
| 20 | + -p 21,22,80,443,8000-8080 |
| 21 | +-pf Port from file 从文件加载'\n'分割 ............ [默认:未指定] |
| 22 | + -pf ./portlist.txt |
| 23 | +-np Null Probe 空探测包 .......................... [默认:未指定] |
| 24 | +-pr The count of probes 进行多少次协议探测........ [默认:2] |
| 25 | + -pr 3 |
| 26 | +-i ICMP only 仅扫描存活主机 ..................... [默认:未指定] |
| 27 | + 该操作需要管理员权限和server系统 |
| 28 | +-is ICMP + Scan 先扫描存活主机再扫描 ............. [默认:未指定] |
| 29 | +-t Timeout 超时时间 ............................. [默认:5] |
| 30 | + -t 3 |
| 31 | +-tt TotalTimeout 一个任务总超时时间 .............. [默认:60] |
| 32 | + -tt 50 |
| 33 | +-r Retry 重试次数 ............................... [默认:2] |
| 34 | + -r 5 |
| 35 | +-st Tcp Scan 使用TCP方式扫描 ..................... [默认:已指定] |
| 36 | +-su Udp Scan 使用UDP方式扫描 ..................... [默认:未指定] |
| 37 | +-ss Syn Scan 使用SYN方式扫描 ..................... [默认:未指定] |
| 38 | + 该操作需要管理员权限和server系统 |
| 39 | +-smb Only scan 445 通过smb探测系统版本(仅扫描445) . [默认:未指定] |
| 40 | +-con Concurrent of Scanner 并发数 ................. [默认:6000] |
| 41 | + -con 20000 |
| 42 | +-stop Stop 当扫描到指定协议时 停止该主机扫描 ....... [默认:未指定] |
| 43 | + -stop http,https |
| 44 | +-order The priority of scanning 优先扫描顺序 ........ [默认:rnd] |
| 45 | + -order (host or port or rnd) |
| 46 | +-delay The delay 控制台进度刷新时间 ................. [默认:2] |
| 47 | + -delay 5 |
| 48 | +-cd Console Display 控制台显示方式 ............... [默认:2] |
| 49 | + -cd (0 or 1 or 2) |
| 50 | + 0 Not display |
| 51 | + 1 xxx.xxx.xxx.xxx:xxx [Protocol] |
| 52 | + 2 xxx.xxx.xxx.xxx:xxx [Protocol][RegexLine][Banner] |
| 53 | +-o Out to file 输出结果到文件 ................... [默认:未指定] |
| 54 | + -o ./result.txt |
| 55 | +-f Format for output 输出文件格式................ [默认:json:h,pr,b] |
| 56 | + -f (json or csv):(fields) |
| 57 | + h Host [127.0.0.1:8080] |
| 58 | + a Address [127.0.0.1] |
| 59 | + p Port [8080] |
| 60 | + pt Protocol Type [TCP] |
| 61 | + pf Protocol Flag [http] |
| 62 | + pr Protocol [(TCP)http] |
| 63 | + l Line for regexpression [123] |
| 64 | + b Banner [SSH-2.0-Ubuntu-Server] |
| 65 | + d Hex data for recv [485454502F312E312032...] |
| 66 | +-cn Convert Nmap config file 转换nmap配置文件为当前扫描器适配文件 |
| 67 | + parameters [Nmap config file] [Save file for STPscan] |
| 68 | + -cn [./nmap-service-probes] [./config_nmap.st] |
| 69 | + |
| 70 | + -2021-03-19----------------Powered by -> Crystal_lz-----------------ST233.COM- |
| 71 | +注: |
| 72 | + icmp 与 syn 不能同时使用 并不推荐使用这两个选项 测试阶段 |
| 73 | + Null Probe -> 是否使用空探测包 |
| 74 | + 若使用 |
| 75 | + 连通后先等待对方返回banner(如:mysql,ftp主动返回banner协议等) 直到超时才进行下一次探测 |
| 76 | + 否则 |
| 77 | + 连通后立即发送探测包 |
| 78 | + 区别 |
| 79 | + 不使用 将影响收到banner是进行规制匹配的顺序 将优先使用发送的探测包的规则匹配 |
| 80 | + 再进行空探测包的规则进行匹配(mysql,ftp等协议无需探测包的规则) |
| 81 | + 不使用速度快精度低 使用速度慢进度高 |
| 82 | + |
| 83 | +eg: |
| 84 | + STPScan -h 192.168.1.1/24 |
| 85 | + STPScan -h 192.168.1.1/24 -pr 3 |
| 86 | + STPScan -h 192.168.1.1/24 -smb |
| 87 | + STPScan -h 192.168.1.1/24 -p 80,443,8000-8080 -pr 3 |
| 88 | + STPScan -h 192.168.1.1/24 -o result.json |
| 89 | + STPScan -h 192.168.1.1/24 -o result.csv -f csv:h,pr,d |
| 90 | +``` |
| 91 | +## 调用库接口 |
| 92 | +```cs |
| 93 | +[Interface] |
| 94 | + IPortScanner : IDispose |
| 95 | + |
| 96 | +[Configer Class] |
| 97 | + ProbeConfiger |
| 98 | + |
| 99 | +[Scanner Class] |
| 100 | + PortScanner : IPortScanner |
| 101 | + TCPScanner : PortScanner |
| 102 | + UDPScanner : PortScanner |
| 103 | + SYNScanner : PortScanner |
| 104 | + SmbScanner : PortScanner |
| 105 | + IcmpScanner : IDispose |
| 106 | + |
| 107 | +[Other Class] |
| 108 | + IcmpEventArgs : EventArgs |
| 109 | + ScanEventArgs : EventArgs |
| 110 | + RawSocket |
| 111 | + |
| 112 | +[RawSocket] |
| 113 | + static RawSocket.Dispose(); |
| 114 | + static RawSocket.InitRawSocket(EndPoint bindEndPoint); |
| 115 | + static RawSocket.SendData(byte[] byBuffer); |
| 116 | + static RawSocket.RecvCompleted -> EventHandler<SocketAsyncEventArgs>; |
| 117 | + |
| 118 | +[IPortScanner] |
| 119 | + event ScanEventHandler Completed; |
| 120 | + uint Scan(uint uIP, int nPort); |
| 121 | + uint Scan(uint uIP, int nPort, int nProbes); |
| 122 | + uint Scan(uint uIP, int nPort, int nProbes, int nTimeout); |
| 123 | + uint Scan(uint uIP, int nPort, int nProbes, int nTimeout, int nRetry); |
| 124 | + uint Scan(uint uIP, int nPort, int nProbes, int nTimeout, int nRegry, int nTotalTimeout); |
| 125 | + uint Scan(uint uIP, int nPort, int nProbes, int nTimeout, int nRetry, int nTotalTimeout, bool bUseNullProbes); |
| 126 | + uint Scan(string strIP, int nPort); |
| 127 | + uint Scan(string strIP, int nPort, int nProbes); |
| 128 | + uint Scan(string strIP, int nPort, int nProbes, int nTimeout); |
| 129 | + uint Scan(string strIP, int nPort, int nProbes, int nTimeout, int nRetry); |
| 130 | + uint Scan(string strIP, int nPort, int nProbes, int nTimeout, int nRetry, int nTotalTimeout); |
| 131 | + uint Scan(string strIP, int nPort, int nProbes, int nTimeout, int nRetry, int nTotalTimeout, bool bUseNullProbes); |
| 132 | + uint Scan(int nPort, EndPoint endPoint, int nProbes, int nTimeout, int nRetry, int nTotalTimeout, bool bUseNullProbes); |
| 133 | + return -> TaskID |
| 134 | + nProbes -> 最多进行多少次探测 |
| 135 | + nRetry -> 重试次数 |
| 136 | + bUseNullProbes -> 是否使用空探测包 |
| 137 | + |
| 138 | +[EventArgs] |
| 139 | + IcmpEventArgs : EventArgs |
| 140 | + .Address |
| 141 | + .TTL |
| 142 | + .CanAccess |
| 143 | + .Times |
| 144 | + |
| 145 | + ScanEventArgs : EventArgs |
| 146 | + .TaskID |
| 147 | + .CanConnect |
| 148 | + .EndPoint |
| 149 | + .Protocol |
| 150 | + .RegexLine |
| 151 | + .Banner |
| 152 | + .Data |
| 153 | + .Length |
| 154 | + .ErrorMessage |
| 155 | + |
| 156 | +[EG] |
| 157 | + ProbeConfiger pc = new ProbeConfiger( |
| 158 | + File.ReadAllText("./config_probes.st"), |
| 159 | + File.ReadAllText("./config_defports.st") |
| 160 | + ); |
| 161 | + IPortScanner ps = new TCPScanner(3000, pc); |
| 162 | + or |
| 163 | + PortScanner ps = new UDPScanner(3000, pc); |
| 164 | + //PortScanner ps = new SYNScanner(3000, pc); |
| 165 | + //PortScanner ps = new SmbScanner(3000); |
| 166 | + ps.Completed += m_scanner_Completed; |
| 167 | + |
| 168 | + void m_scanner_Completed(object sender, ScanEventArgs e) { |
| 169 | + if(e.CanConnect) Console.Write(e.EndPoint + "\t" + e.Protocol); |
| 170 | + } |
| 171 | + |
| 172 | + ps.Scan("127.0.0.1",80); |
| 173 | +``` |
0 commit comments