最近遇到一个需求,需要监控内网中的udp端口的开放情况,首先想到nmap,自己写个脚本定时调度nmap就行了,不过需要注意的是udp的端口探测并不准确,实际上目前业界的扫描器对UDP端口的探测都不能保证准确,毕竟人家TCP还有3次握手。附上代码:
#!/usr/bin/perl
my @port = (80,53,46,695,696,697,698,699,32768,32769,32786,2583);
#my $nmap_cmd = "nmap -sU -vv 10.128.128.21,10.128.128.26 -p694,695,696,697,698,699,32768,32769,32786,2583";
#$result =`$nmap_cmd`;
unless (open (FILE, $ARGV[0])) {
print "[-] cannot open ip list file $ARGV[0]! \n[-]the cmd is perl $0 ip.txt";
exit;
}
while(my $str = <FILE>){
chomp($str);
# if(&scan_host($str,@port)){
# &warn($str);
# }
}
sub scan_host{ #scan with ip
(my $ip,my @ports) = @_;
my $port = join(",",@ports);
my $nmap_cmd = "nmap -sU -vv $ip -p$port";
print "\nthe current ip is $ip\n";
$result = `$nmap_cmd`;
my @result_list = split(/\n/,$result);
foreach my $item (@result_list){
# print $item."\n\n\n";
if($item =~ /open/ig){
# print $item;
if($item =~ /^(\d+)\/udp/){
print &gettime()."\tthe open port is $1\n";
return 1;
}
}
}
return 0;
}
sub warn{ #告警方式
(my $ip) = @_;
my $msg = "$ip open wrong udp port";
($sec,$min,$hour,$mday,$mon,$year,$wday,$ydat,$isdst) = gmtime();
my $id = $min.$sec;
my $cmd = "./LogClient xxxxx error_port info $id \"$msg\"";
print $cmd;
`$cmd`;
}
sub gettime{
my ($sec,$min,$hour,$day,$mon,$year,$wday,$yday,$isdst)=localtime(time);
$day=($day<10)?"0$day":$day;
$mon=($mon<9)?"0".($mon+1):($mon+1);
$year+=1900;
my $now="$year-$mon-$day $hour:$min:$sec";
return $now;
}
sub check_conf{
(my $ip,my $port) = @_;
unless (open (FILE,"scan.conf")){
print "[-] cannot open the scan rule file scan.conf \n";
exit;
}
my $flag = 0; #默认是允许策略1的配置
while(my $str = <FILE>){
if($str =~ /(\d+?\.\d+?\.\d+\.\d+):(\d+)/){
print $1.":".$2."\n";
}
}
}
#&check_conf("127.0.0.1",5590);