本文共 1721 字，大约阅读时间需要 5 分钟。

主动信息收集[1]{

Netdiscover: 专用于二层发现; 可用于无线和交换网络环境; 主动和被动探测; 主动: netdiscover -i wlan0 -r 1.1.1.0/24 netdiscover -i wlan0 -r $(ifconfig wlan0 | awk ‘/.?inet [\d].*?/{print $2}’ | awk -F “.” ‘{$4=0;print $0}’ | awk ‘{gsub(" “,”.",$0);printf $0}END{print “/24”}’) netdiscover -l iplist.txt 被动 ( 不主动发包,等待网络中其他主机发送 arp 包 ): netdiscover -p

Scapy:	作为 Python 库进行调用;	也可作为单独的工具使用;	抓包,分析,创建,修改,注入网络流量;apt-get install python-gnuplotscapy	ARP().display()	arp = ARP()	arp.display()	#构建arp包	sr1(arp)	sr1(ARP(pdst="192.168.31.1"),timeout=0.1,verbose=0)

}

python 扫描的多线程版本：

#!/usr/bin/python3import osimport logginglogging.getLogger("scapy.runtime").setLevel(logging.ERROR)from scapy.all import *import threadingimport queue as Queueclass myThread(threading.Thread):    def __init__(self,name,q):        threading.Thread.__init__(self)        self.name = name        self.q = q    def run(self):        print("[*] Strating " + self.name)        while True:            try:                arping(self.name, self.q)            except Exception as err:                break        print("[*] Exiting " + self.name)if len(sys.argv) != 2:    print("[-] EXAMPLE: ./name 192.168.31.")    sys.exit()ip = str(sys.argv[1])def arping(threadName, q):    addr = q.get(timeout=1)    ans = sr1(ARP(pdst=ip + str(addr)), timeout = 0.1, verbose = 0)    if ans == None:        pass    else:        print(ip + str(addr))threadList = []for abcdefg in range(16):    threadList.append(str("Thread-"+ str(abcdefg)))workQueue = Queue.Queue(255)threads = []for tName in threadList:    thread = myThread(tName, workQueue)    thread.start()    threads.append(thread)for iju in range(1,255):    workQueue.put(str(iju))for t in threads:    t.join()print("[*] Exiting.....")

转载地址：http://rpphn.baihongyu.com/