Bash 内循环赢得';不要打断
代码可以工作,但不会继续运行卡在内部循环中的循环不确定问题出在哪里,或者端口扫描可能需要很多时间Bash 内循环赢得';不要打断,bash,Bash,代码可以工作,但不会继续运行卡在内部循环中的循环不确定问题出在哪里,或者端口扫描可能需要很多时间 #!/bin/bash up() { ping -c 1 $1 > /dev/null [ $? -eq 0 ] && echo IP: $i is up. } for i in 192.168.0.{1..255} do up $i & disown for port in {1..100};do 2>/dev/null echo
#!/bin/bash
up()
{
ping -c 1 $1 > /dev/null
[ $? -eq 0 ] && echo IP: $i is up.
}
for i in 192.168.0.{1..255}
do
up $i & disown
for port in {1..100};do
2>/dev/null echo > /dev/tcp/$i/$port
if [ $? == 0 ]
then
{
echo "port $port is open"
continue
}
fi
done
done
exit
在bash中扫描Ping+TCP
为了保持礼貌,我尝试将脚本限制为8182个分叉
此脚本扫描/etc/services
,然后可以扫描所有(所需)端口。(见评论)
完整扫描我复杂的专用子网需要5分钟以上才能完成(扫描255台主机上的303个端口,发现27个以上)
您正在使用分配给基本服务的端口,这很可能会把事情搞砸。执行
less/etc/services
并查看您尝试使用的保留端口。这可能会有帮助:
#!/bin/bash
BaseIP=${1:-192.168.1}
ports=(21 22 25 80 443 9100)
# ports=({1..100}) # Uncomment this for ports 1-100
while IFS=$' \t\r\n/' read serv port prot comm ;do
[ "$prot" = "tcp" ] && printf -v $prot[$port] %s "$serv"
done </etc/services
# ports=(${!tcp[@]}) # Uncomment this for all known ports
isup() { ping -W 1 -c1 -n $1 &>/dev/null && printf "IP: %-17sis up.\n" $1;}
tstport() { local _tst _prot=${3:-tcp}; local -n _var=$_prot[$2]
{
exec {_tst}<>/dev/$_prot/$1/$2 && exec {_tst}<&- &&
printf "IP: %-16s port %6d open (%s)\n" $1 $2 ${_var:-unassigned}
} 2>/dev/null
}
step=$((8180/(${#ports[@]}+1)))
for ((i=1;i < 255;i+=step)) {
max=$((i+step>255?255:i+step))
for ((l=i;l<max;l++)) {
isup $BaseIP.$l &
exec {dummy}< <(:)
for port in ${ports[@]} ;do
exec {dummy2}< <(:)
tstport $BaseIP.$l $port & read -u $dummy2 -t .02
exec {dummy2}<&-
done &
read -u $dummy -t .02
exec {dummy}<&-
} |
sed -une /./p
}
IP: 192.168.1.1 is up.
IP: 192.168.1.3 is up.
IP: 192.168.1.3 port 22 open (ssh)
IP: 192.168.1.15 is up.
IP: 192.168.1.15 port 22 open (ssh)
IP: 192.168.1.15 port 139 open (netbios-ssn)
IP: 192.168.1.15 port 445 open (microsoft-ds)
IP: 192.168.1.15 port 515 open (printer)
IP: 192.168.1.39 is up.
IP: 192.168.1.39 port 22 open (ssh)