现在的位置: 首页 > 自动控制 > 工业·编程 > 正文

内网部署nmap监控udp端口

2014-01-16 20:36 工业·编程 ⁄ 共 1834字 ⁄ 字号 暂无评论

最近遇到一个需求,需要监控内网中的udp端口的开放情况,首先想到nmap,自己写个脚本定时调度nmap就行了,不过需要注意的是udp的端口探测并不准确,实际上目前业界的扫描器对UDP端口的探测都不能保证准确,毕竟人家TCP还有3次握手。附上代码:

#!/usr/bin/perl 
my @port = (80,53,46,695,696,697,698,699,32768,32769,32786,2583); 
#my $nmap_cmd = "nmap -sU  -vv 10.128.128.21,10.128.128.26 -p694,695,696,697,698,699,32768,32769,32786,2583"; 
#$result =`$nmap_cmd`; 
  
unless (open (FILE, $ARGV[0])) { 
     print "[-] cannot open ip list file $ARGV[0]! \n[-]the cmd is perl $0 ip.txt"; 
     exit; 

  
while(my $str = <FILE>){ 
    chomp($str); 
#   if(&scan_host($str,@port)){ 
#       &warn($str); 
#   } 

sub scan_host{                                #scan with ip 
    (my $ip,my @ports) = @_; 
    my $port = join(",",@ports); 
    my $nmap_cmd = "nmap -sU -vv $ip -p$port"; 
    print "\nthe current ip is $ip\n"; 
    $result = `$nmap_cmd`; 
    my @result_list = split(/\n/,$result); 
  
    foreach my $item (@result_list){ 
#   print $item."\n\n\n"; 
        if($item =~ /open/ig){ 
#           print $item; 
            if($item =~ /^(\d+)\/udp/){ 
                print &gettime()."\tthe open port is $1\n"; 
                return 1; 
            } 
  
        } 
    } 
return 0;     
}  
  
sub warn{   #告警方式 
  
(my $ip) = @_;   
  
my $msg = "$ip open wrong udp port"; 
($sec,$min,$hour,$mday,$mon,$year,$wday,$ydat,$isdst) = gmtime(); 
my $id = $min.$sec; 
my $cmd = "./LogClient xxxxx error_port info $id \"$msg\""; 
print $cmd; 
`$cmd`; 
  

  
sub gettime{ 
my ($sec,$min,$hour,$day,$mon,$year,$wday,$yday,$isdst)=localtime(time); 
$day=($day<10)?"0$day":$day; 
$mon=($mon<9)?"0".($mon+1):($mon+1); 
$year+=1900; 
my $now="$year-$mon-$day $hour:$min:$sec"; 
return $now; 

  
sub check_conf{ 
    (my $ip,my $port) = @_; 
    unless (open (FILE,"scan.conf")){ 
        print "[-] cannot open the scan rule file scan.conf \n"; 
            exit; 
    }    
    my $flag = 0;   #默认是允许策略1的配置 
    while(my $str = <FILE>){ 
  
        if($str =~ /(\d+?\.\d+?\.\d+\.\d+):(\d+)/){ 
            print $1.":".$2."\n"; 
        } 
    } 

  
#&check_conf("127.0.0.1",5590);

给我留言

留言无头像?