批量扫描端口shell脚本

#!/bin/bash

welcome() {
cat <<EOF
1. 需要用到的命令nmap -p +ip
2. nmap -p80,443  10.0.0.11 |awk  '/report|tcp/{print $0}'
3. 需要用到的循环:while read line 
EOF
}
start1() {
file_dir=/home/gegewu/shell/端口开放.txt
dizhi="地址"
while read line 
do
  echo "开始检测80端口"
  ip=${line% *}
  jiance_port="80"
  check_JG="/home/gegewu/shell/namp检测结果.txt"
  check_open=`echo -e '\x1dclose\x0d' |timeout --signal=9 2 nmap  -sS -Pn -n -T4  -p${jiance_port} ${ip} |awk  '/report|tcp/{print $0}' |awk 'NR==2{print $2}'`
  check_port=`echo -e '\x1dclose\x0d' |timeout --signal=9 2 nmap  -sS -Pn -n -T4  -p${jiance_port} ${ip} |awk  '/report|tcp/{print $0}' |awk 'NR==2{print $1}'`
  echo "ip是:${ip}" 
  echo "检测端口是: ${check_port} 状态是：${check_open} "
  echo "开始检测端口----------------------------------->"
if [ "${check_open}" = "open" ];
then 
#for zznn in ${check_port}
#do 
  echo " ${dizhi} ip  ${ip}的端口${check_port}开放" |column -t
  echo " ${dizhi} ip  ${ip}的端口${check_port}开放" |column -t  >>${check_JG} 2>&1
#else 
#echo " ${dizhi} ip  ${ip}的端口${check_port}关闭或为open之外的其他状态" |column -t >>${check_JG} 2>&1
#done
fi
done<${file_dir}
}
start2() {
while read line 
do
  echo "开始检测443端口是否开放"
  ip=${line% *}
  jiance_port_one="443"
  #echo -e '\x1dclose\x0d' |timeout --signal=9 3 nmap -p80  -sS -Pn -n --open -T4  10.0.0.10 
  check_open_two=`echo -e '\x1dclose\x0d' |timeout --signal=9 2 nmap  -sS -Pn -n  -T4 -p${jiance_port_one} ${ip} |awk  '/report|tcp/{print $0}' |awk 'NR==2{print $2}'`
  check_port_two=`echo -e '\x1dclose\x0d' |timeout --signal=9 2 nmap  -sS -Pn -n  -T4 -p${jiance_port_one} ${ip} |awk  '/report|tcp/{print $0}' |awk 'NR==2{print $1}'`
  echo "ip是:${ip}" 
  echo "检测端口是: ${check_port_two} 状态是: ${check_open_two}"
  echo "开始检测端口--------------------------------->"
if [ "${check_open_two}" = "open" ]
then 
#for zznn in ${check_port} 
#do 
  echo "${dizhi}  ip  ${ip}的端口${check_port_two}开放" |column -t
  echo "${dizhi}  ip  ${ip}的端口${check_port_two}开放" |column -t  >>${check_JG} 2>&1
#else 
#echo "ip:${ip}的端口${check_port_two}关闭或为open之外的其他状态" |column -t >>${check_JG} 2>&1
#done
fi
done<${file_dir}
}
main() {
welcome 
start1
start2
}
main


附带：
  输出子网

#!/bin/bash
check_JG="/home/gegewu/shell/端口开放.txt"
ip_D="10.0.0.134"
for zznn in {1..255}
do
echo  "${ip_D}${zznn}  fuzhudaima" >>${check_JG} 2>&1
#echo  "${ip_D}0  fuzhudaima" >>${check_JG} 2>&1 
done


网址:https://blog.csdn.net/qq_45300786/article/details/120139192

echo -e '\x1dclose\x0d' |timeout --signal=9 2 nmap  -sS -Pn -n  -T4 -p${jiance_port_one} ${ip} |awk  '/report|tcp/{print $0}' |awk 'NR==2{print $2}'


-sS: 使用SYN方式扫描,默认用的是-sT方式,即TCP方式.需要完成完整的三次握手,比较费时,SYN就比较快一些了
-Pn: 禁用PING检测,这样速度快,并且可以防止有些主机无法ping通而被漏掉不扫描
-n:  不解析域名，加快扫描速度
-open: 只输出检测状态为open的端口,即开放的端口；
-T4: 总共有T0-T5,貌似T4比较折中

nmap -sV -p80 10.0.0.10
-sV  参数精确扫描端口有那些服务
---------——--->
-iL: 载入ip段文件,批量扫,不用一条条执行了。
-oX: 结果另存在xxx.xml格式
例子:
   nmap -sS -Pn -n --open -p 389 -T4  -iL 1.txt -oX dd.xml


echo -e '\x1dclose\x0d' |timeout --signal=9 8 nmap -sV -sS -Pn -n --open -T4 111.48.163.122