实现一个端口扫描器

端口的开放与否基于如下判断

image.png

第一个端口扫描代码

  1. package main
  3. import (
  4.     "fmt"
  5.     "net"
  6. )
  8. func main() {
  9.     _, err := net.Dial("tcp", "129.211.73.107:80")
  10.      if err == nil {
  11.         fmt.Println("Connection successful")
  12.     }else{
  13.         fmt.Println("connect error")
  14.     }
  15. }

看一下Dial有文档

  1.   p2 go doc net.Dial
  2. warning: pattern "all" matched no module dependencies
  3. package net // import "net"
  5. func Dial(network, address string) (Conn, error) //注意这里第二个参为string类型
  6.     Dial connects to the address on the named network.
  7.     Known networks are "tcp", "tcp4" (IPv4-only), "tcp6" (IPv6-only), "udp",
  8.     "udp4" (IPv4-only), "udp6" (IPv6-only), "ip", "ip4" (IPv4-only), "ip6"
  9.     (IPv6-only), "unix", "unixgram" and "unixpacket".
  11.     For TCP and UDP networks, the address has the form "host:port". The host
  12.     must be a literal IP address, or a host name that can be resolved to IP
  13.     addresses. The port must be a literal port number or a service name. If the
  14.     host is a literal IPv6 address it must be enclosed in square brackets, as in
  15.     "[2001:db8::1]:80" or "[fe80::1%zone]:80". The zone specifies the scope of
  16.     the literal IPv6 address as defined in RFC 4007. The functions JoinHostPort
  17.     and SplitHostPort manipulate a pair of host and port in this form. When
  18.     using TCP, and the host resolves to multiple IP addresses, Dial will try
  19.     each IP address in order until one succeeds.
  21.     Examples:
  23.         Dial("tcp", "golang.org:http")
  24.         Dial("tcp", "192.0.2.1:http")
  25.         Dial("tcp", "198.51.100.1:80")
  26.         Dial("udp", "[2001:db8::1]:domain")
  27.         Dial("udp", "[fe80::1%lo0]:53")
  28.         Dial("tcp", ":80")
  30.     For IP networks, the network must be "ip", "ip4" or "ip6" followed by a
  31.     colon and a literal protocol number or a protocol name, and the address has
  32.     the form "host". The host must be a literal IP address or a literal IPv6
  33.     address with zone. It depends on each operating system how the operating
  34.     system behaves with a non-well known protocol number such as "0" or "255".
  36.     Examples:
  38.         Dial("ip4:1", "192.0.2.1")
  39.         Dial("ip6:ipv6-icmp", "2001:db8::1")
  40.         Dial("ip6:58", "fe80::1%lo0")
  42.     For TCP, UDP and IP networks, if the host is empty or a literal unspecified
  43.     IP address, as in ":80", "0.0.0.0:80" or "[::]:80" for TCP and UDP, "",
  44.     "0.0.0.0" or "::" for IP, the local system is assumed.
  46.     For Unix networks, the address must be a file system path.

扫描1024端口

  1. package main
  3. import (
  4.     "fmt"
  5.     "net"
  6. )
  8. func main()  {
  9.     for i:=1;i<1024;i++{
  10.         address := fmt.Sprintf("129.211.73.107:%d",i)
  11.         _,err := net.Dial("tcp",address)
  12.         if err != nil{
  13.             continue
  14.         } else {
  15.             fmt.Printf("[+] port open -> %d \n",i)
  16.         }
  17.     }
  19. }

image.png
速度巨慢有没有

goroutine版本

  1. import (
  2.     "fmt"
  3.     "net"
  4. )
  6. func main() {
  7.     for i := 1; i <= 1024; i++ {
  8.         go func(j int) {
  9.             address := fmt.Sprintf("129.211.73.107:%d", j)
  10.             conn, err := net.Dial("tcp", address)
  11.             if err != nil {
  12.                 return
  13.             }
  14.             conn.Close()
  15.             fmt.Printf("%d open\n", j)
  16.         }(i)
  17.     }
  18. }

但很遗憾这是没有输出的。原因在上一章已经说明,主线程如果这样来写是不会等待goroutine结束的,当循环1024后就直接退出,也就没有goroutine输出了。

waitGroup版本

  1. package main
  3. import (
  4.     "fmt"
  5.     "net"
  6.     "sync"
  7.     "time"
  8. )
  10. var wg sync.WaitGroup // 声名waitgroup
  11. func main()  {
  12.     stime := time.Now()
  13.     for i:=1;i<1024;i++{
  14.         go func(j int) {
  15.             wg.Add(1) // 当前队伍等待数量--
  16.             defer wg.Done() // defer是一个关键字,当前函数所有操作完成后再执行
  17.             address := fmt.Sprintf("129.211.73.107:%d",j)
  18.             _,err :=net.Dial("tcp",address)
  19.             if err == nil{
  20.                 fmt.Printf("[+] port open -> %d\n",j)
  21.             }
  22.         }(i)
  24.     }
  25.     wg.Wait() // 主线程等待等待队伍为0再结束
  26.     fmt.Println(time.Since(stime)) // 计算程序运行时间
  28. }

image.png

workerpool版本

虽然我也不知道上面的版本有啥问题?没有排序?

  1. package main
  3. import (
  4.     "fmt"
  5.     "net"
  6.     "sort"
  7. )
  9. func worker(ports, results chan int) {
  10.     for p := range ports {
  11.         address := fmt.Sprintf("129.211.73.107:%d", p)
  12.         conn, err := net.Dial("tcp", address)
  13.         if err != nil {
  14.             results <- 0
  15.             continue
  16.         }
  17.         conn.Close()
  18.         results <- p
  19.     }
  20. }
  21. func main() {
  22.     ports := make(chan int, 100)
  23.     results := make(chan int)
  24.     var openports []int
  26.     for i := 0; i < cap(ports); i++ {
  27.         go worker(ports, results)
  28.     }
  30.     go func() {
  31.         for i := 1; i <= 1024; i++ {
  32.             ports <- i
  33.         }
  34.     }()
  36.     for i := 0; i < 1024; i++ {
  37.         port := <-results
  38.         if port != 0 {
  39.             openports = append(openports, port)
  40.         }
  41.     }
  43.     close(ports)
  44.     close(results)
  45.     sort.Ints(openports)
  46.     for _, port := range openports {
  47.         fmt.Printf("%d open\n", port)
  48.     }
  49. }

image.png
使用两个chan来输入和输出结果,好在能够对结果数据进行处理,但并不能实时显示。

课后改进版

  1. package main
  3. import (
  4.     "flag"
  5.     //"debug/elf"
  6.     "fmt"
  7.     "net"
  8.     "strconv"
  9.     "strings"
  10.     "sync"
  11. )
  13. var wg sync.WaitGroup
  15. var (
  16.     h string
  17.     d string
  18.     p string
  19. )
  21. func scan(host string,ports []int)  {
  22.     for _,i := range(ports){
  23.         go func(j int) {
  24.             wg.Add(1)
  25.             defer wg.Done()
  26.             address := fmt.Sprintf("%s:%d",host,j)
  27.             _,err :=net.Dial("tcp",address)
  28.             if err == nil{
  29.                 fmt.Printf("[+] port open -> %d\n",j)
  30.             }
  31.         }(i)
  33.     }
  34.     wg.Wait()
  35. }
  38. func parsePorts(pstring string)  []int {
  39.     var ports = make([]int,0)
  40.     parts := strings.Split(pstring,",")
  41.     for _,part := range(parts){
  42.         if strings.Index(part,"-") == -1{
  43.             port,err := strconv.Atoi(part)
  44.             if err == nil{
  45.                 ports = append(ports, port)
  46.             }else {
  47.                 fmt.Println("psrse error")
  48.                 return nil
  49.             }
  50.         }else {
  51.             left_right := strings.Split(string(part),"-")
  52.             start,err := strconv.Atoi(left_right[0])
  53.             end,err2 := strconv.Atoi(left_right[1])
  54.             if err == nil && err2 == nil{
  55.                 for i := start;i<=end;i++{
  56.                     ports = append(ports,i)
  57.                 }
  58.             }else {}
  60.         }
  62.     }
  63.     //fmt.Println(ports)
  64.     return ports
  67. }
  68. func main()  {
  69.     flag.StringVar(&h,"h","","host")
  70.     flag.StringVar(&p,"p","","ports to scan")
  71.     flag.Parse()
  73.     //stime := time.Now()
  75.     //fmt.Println(time.Since(stime))
  76.     if h!="" && p != ""{
  77.         scan(h,parsePorts(p))
  78.     }else {
  79.         flag.Usage()
  80.     }
  82. }

image.png

TCP代理

stdin和stdout

两个接口

  1. type Reader interface {
  2.     Read(p []byte) (n int, err error)
  3. }
  4. type Writer interface {
  5.     Write(p []byte) (n int, err error)
  6. }
  1. package main
  3. import (
  4.     "fmt"
  5.     "log"
  6.     "os"
  7. )
  11. // FooReader defines an io.Reader to read from stdin.
  12. type FooReader struct{}
  14. // Read reads data from stdin.
  15. func (fooReader *FooReader) Read(b []byte) (int, error) { // 这里实现了Read接口
  16.     fmt.Print("in > ")
  17.     return os.Stdin.Read(b) // 这个函数从系统的标准输入len(b)长度内读取字符,返回读取到的字符长度,此时input内已经存入“123"和4093空字符
  18. }
  20. // FooWriter defines an io.Writer to write to Stdout.
  21. type FooWriter struct{}
  23. // Write writes data to Stdout.
  24. func (fooWriter *FooWriter) Write(b []byte) (int, error) { // 这里实现了Write接口
  25.     fmt.Print("out> ")
  26.     return os.Stdout.Write(b) // 向系统标准输出写入b
  27. }
  29. func main() {
  30.     // Instantiate reader and writer.
  31.     var (
  32.         reader FooReader
  33.         writer FooWriter
  34.     )
  36.     // Create buffer to hold input/output.
  37.     input := make([]byte, 4096)
  39.     // Use reader to read input.
  40.     s, err := reader.Read(input)
  41.     if err != nil {
  42.         log.Fatalln("Unable to read data")
  43.     }
  44.     fmt.Printf("Read %d bytes from stdin\n", s)
  46.     // Use writer to write output.
  47.     s, err = writer.Write(input)
  48.     if err != nil {
  49.         log.Fatalln("Unable to write data")
  50.     }
  51.     fmt.Printf("Wrote %d bytes to stdout\n", s)
  52. }

os.Stdin.Read 这个函数从系统的标准输入len(b)长度内读取字符,返回读取到的字符长度,此时input内已经存入”123”和4093空字符所以将input再写入stdout就会全部写出。

io.Copy函数

  1. func main() {
  2.     var (
  3.         reader FooReader
  4.         writer FooWriter
  5.     )
  6.     if _, err := io.Copy(&writer, &reader)❶; err != nil {
  7.         log.Fatalln("Unable to read/write data")
  8.     }
  9. }

这个函数比较魔幻,隐式调用Read和Write方法,儿没有繁琐的细节。
image.png

io on tcp

  1. package main
  3. import (
  4.     "io"
  5.     "log"
  6.     "net"
  7. )
  9. // echo is a handler function that simply echoes received data.
  10. func echo(conn net.Conn) {
  11.     defer conn.Close() // 函数运行完成关闭Conn
  13.     // Create a buffer to store received data.
  14.     b := make([]byte, 512)
  15.     for {
  16.         // Receive data via conn.Read into a buffer.
  17.         size, err := conn.Read(b[0:])
  18.         if err == io.EOF {
  19.             log.Println("Client disconnected")
  20.             break
  21.         }
  22.         if err != nil {
  23.             log.Println("Unexpected error")
  24.             break
  25.         }
  26.         log.Printf("Received %d bytes: %s\n", size, string(b))
  28.         // Send data via conn.Write.
  29.         log.Println("Writing data")
  30.         if _, err := conn.Write(b[0:size]); err != nil {
  31.             log.Fatalln("Unable to write data")
  32.         }
  33.     }
  34. }
  36. func main() {
  37.     // Bind to TCP port 20080 on all interfaces.
  38.     listener, err := net.Listen("tcp", ":20080")
  39.     if err != nil {
  40.         log.Fatalln("Unable to bind to port")
  41.     }
  42.     log.Println("Listening on 0.0.0.0:20080")
  43.     for {
  44.         // Wait for connection. Create net.Conn on connection established.
  45.         conn, err := listener.Accept()
  46.         log.Println("Received connection")
  47.         if err != nil {
  48.             log.Fatalln("Unable to accept connection")
  49.         }
  50.         // Handle the connection. Using goroutine for concurrency.
  51.         go echo(conn) // go关键字执行非阻塞
  52.     }
  53. }

这里的Conn

  1. type netFD struct {
  2.     pfd poll.FD
  4.     // immutable until Close
  5.     family      int
  6.     sotype      int
  7.     isConnected bool // handshake completed or use of association with peer
  8.     net         string
  9.     laddr       Addr
  10.     raddr       Addr
  11. }

Conn也实现了Read和Write函数。
image.png

bufio

  1. func echo(conn net.Conn) {
  2.     defer conn.Close()
  4.     reader := bufio.NewReader(conn)
  5.     s, err := reader.ReadString('\n') // 指定读取到回车停止
  6.     if err != nil {
  7.         log.Fatalln("Unable to read data")
  8.     }
  9.     log.Printf("Read %d bytes: %s", len(s), s)
  11.     log.Println("Writing data")
  12.     writer := bufio.NewWriter(conn)
  13.     if _, err := writer.WriteString(s); err != nil {
  14.         log.Fatalln("Unable to write data")
  15.     }
  16.     writer.Flush()
  17. }

注意的是

  • bufio.NewReader
  • reader.ReadString
  • bufio.NewWriter
  • writer.WriteString

    再次简化

    1. func echo(conn net.Conn) {
    2.   defer conn.Close()
    3.   // Copy data from io.Reader to io.Writer via io.Copy().
    4.   if _, err := io.Copy(conn, conn); err != nil {
    5.       log.Fatalln("Unable to read/write data")
    6.   }
    7. }
    没错使用io.Copy,上面已经说过了,Conn实现了Read和Write方法,那么就可以直接传入io.Copy函数,由io.Copy函数自动调用Read和Write方法。

    实现一个端口转发

    ```go package main

import ( “flag” “fmt” “io” “log” “net” “os” )

var ( lp int r string rp int )

func main() { Init() listener,err := net.Listen(“tcp”,fmt.Sprintf(“:%d”,lp)) if err != nil{ log.Fatal(“bind lport error !”) return } log.Printf(“start listen on 0.0.0.0:%d … “,lp) for { conn,err := listener.Accept() if err !=nil{ log.Fatal(“receive conn error !”) } log.Printf(“receive connection from %s\n”,conn.RemoteAddr()) go handler(conn) } }

func Init() { flag.IntVar(&lp,”l”,4444,”listen localhost port”) flag.StringVar(&r,”r”,””,”remote host”) flag.IntVar(&rp,”p”,80,”remote port”) flag.Parse() if r ==””{ flag.Usage() os.Exit(0) } }

func handler(conn net.Conn) { defer conn.Close() dstconn,err :=net.Dial(“tcp”,fmt.Sprintf(“%s:%d”,r,rp)) if err != nil{ log.Fatal(“bind port error ! “) return } log.Printf(“handling data …”) go func() { if ,err = io.Copy(dstconn,conn);err!=nil{ log.Fatalln(“connect error !”) } log.Printf(“>>> %s:%d\n”,r,rp) }() ,err = io.Copy(conn,dstconn) if err != nil{ log.Fatal(“proxy error ! “) } log.Printf(“<<< %s:%d\n”,r,rp)

}

  1. 这里的精髓就是5762行需要用go关键字进行异步执行,否则数据就有去无回。<br />![image.png](https://cdn.nlark.com/yuque/0/2020/png/436678/1598864464129-f5ef97ee-c0ac-4d5c-9a32-b443caf16285.png#align=left&display=inline&height=166&margin=%5Bobject%20Object%5D&name=image.png&originHeight=166&originWidth=882&size=29565&status=done&style=none&width=882)
  2. <a name="bNWGO"></a>
  3. ### netcatexec
  4. ```go
  5. package main
  7. import (
  8.     "fmt"
  9.     "io"
  10.     "net"
  11.     "os"
  12.     "os/exec"
  13. )
  15. var (
  16.     lp int
  17.     r string
  18.     rp int
  19. )
  23. func main() {
  24.     if len(os.Args) != 2{
  25.         fmt.Println("netcatexec 8080")
  26.         os.Exit(0)
  27.     }
  28.     port := os.Args[1]
  29.     listener,err := net.Listen("tcp",fmt.Sprintf(":%s",port))
  30.     if err!=nil{
  31.         fmt.Printf("bind port %d error\n",port)
  32.     }
  33.     for{
  34.         conn,err := listener.Accept()
  35.         if err != nil {
  36.             fmt.Println("accept error !")
  37.         }
  38.         handler(conn)
  39.     }
  43. }
  47. func handler(conn net.Conn) {
  48.     defer conn.Close()
  50.     cmd := exec.Command("/bin/sh","-i")
  51.     rp,wp := io.Pipe()
  52.     cmd.Stdin = conn
  53.     cmd.Stdout = wp
  54.     go io.Copy(conn,rp)
  55.     cmd.Run()
  57. }

image.png