8个不稳定版本 (3个破坏性更新)
| 0.4.3 | 2022年12月26日 |
|---|---|
| 0.4.2 | 2022年7月14日 |
| 0.4.0 | 2022年6月13日 |
| 0.3.0 | 2022年6月8日 |
| 0.1.0 | 2022年5月24日 |
#1735 in 网络编程
每月1,534次下载
70KB
1K SLoC
快速网络扫描CLI
Rust命令行工具,用于快速异步网络主机扫描。
注意:为了使用此工具,您可能需要增加允许的最大打开文件数。例如。
ulimit -n 10000
注意:对于ping扫描模式,您需要root或其他适当的权限(即CAP_NET_RAW)。
请在crates.io上的CLI工具上查看。
获取qsc
克隆仓库并使用以下命令构建qsc
git clone https://github.com/0xor0ne/qscan
cd qscan
cargo build --release -p qsc
# Install (optional)
cargo install --path qsc
如果未安装,qsc可执行文件可以在./target/release/qsc中找到。
或者,您可以从crates.io进行安装
cargo install qsc
用法
使用-h选项打印帮助信息
>>> qsc -h
qsc 0.4.0
0xor0ne
Quick async network scanner CLI
USAGE:
qsc [OPTIONS] --targets <TARGETS> --ports <PORTS>
OPTIONS:
--batch <BATCH>
Parallel scan [default: 5000]
-h, --help
Print help information
--json <JSON>
Path to file whre to save results in json format
--mode <MODE>
Scan mode:
- 0: TCP connect;
- 1: ping (--ports is ognored);
- 2: ping and then TCP connect using as targets the nodes that replied to the ping;
[default: 0]
--ping-interval <PING_INTERVAL>
Inteval in ms between pings for a single target. [default: 1000]
--ping-tries <PING_TRIES>
Number of maximum retries for each target (ping scan) [default: 1]
--ports <PORTS>
Comma separate list of ports (or port ranges) to scan for each target. E.g., '80',
'22,443', '1-1024,8080'
--printlevel <PRINTLEVEL>
Console output mode:
- 0: suppress console output;
- 1: print ip:port for open ports at the end of the scan;
- 2: print ip:port:<OPEN|CLOSE> at the end of the scan;
- 3: print ip:port for open ports as soon as they are found;
- 4: print ip:port:<OPEN:CLOSE> as soon as the scan for a
target ends;
[default: 3]
--targets <TARGETS>
Comma separated list of targets to scan. A target can be an IP, a set of IPs in CIDR
notation, a domain name or a path to a file containing one of the previous for each
line. E.g., '8.8.8.8', '192.168.1.0/24', 'www.google.com,/tmp/ips.txt'
--tcp-tries <TCP_TRIES>
Number of maximum retries for each target:port pair (TCP Connect scan) [default: 1]
--timeout <TIMEOUT>
Timeout in ms. If the timeout expires the port is considered close [default: 1500]
-V, --version
Print version information
以下是一些用法示例
# Single target, multiple ports
qsc --targets "8.8.8.8" --ports "1-1000"
# Scan local lan (assuming 192.168.1.0/24) for SSH default port. In this case we
# are reducing the timeout to 500ms.
qsc --targets "192.168.1.0/24" --ports "22" --timeout 500
# Use a domain name as target
qsc --targets "www.google.com" --ports "80,443"
# Use a file as target, the file must contain a target (IP, cidr or domain name)
# for each line
qsc --targets "/tmp/ips.txt" --ports "1-1024"
# Print all the ports with OPEN/CLOSE indication and save results in json
# format in file /tmp/res.json
qsc --targets "8.8.8.8" --ports 80,443,111 --tcp-tries 1 --json /tmp/xxx.json --printlevel 4
# Ping scan: 3 re-tries, 1s timeout, 1s interval between pings. Print UP/DOWN info
sudo qsc --targets "8.8.8.8,1.2.3.4" --ports "" --mode 1 --ping-tries 3 --timeout 1000 --ping-interval 1000 --printlevel 4
# Ping+TCP connect scan (assuming 192.168.1.0/24 is your local network)
# Scan ports 22, 80 and 443 for all targets that answer to ping
# Also, save results in json format in /tmp/res.json
sudo qsc --targets "192.168.1.0/24" --ports "22,80,443" --mode 2 --ping-tries 1 --timeout 1000 --ping-interval 1000 --printlevel 4 --json /tmp/res.json
Docker镜像
可以构建并使用配置为运行qsc的Docker镜像。
假设您的机器上已安装Docker并配置为无需sudo运行(如果没有,请参阅此处和此处),然后构建镜像
./qsc/scripts/docker_build.sh
然后您可以使用0xor0ne/qscan Docker镜像来运行扫描器
docker run --rm -it 0xor0ne/qscan --targets "8.8.8.8" --ports "1-1024"
同样可以使用辅助脚本完成此操作
./qsc/scripts/docker_run_scan.sh --targets "8.8.8.8" --ports "1-1024"
来自hub.docker.com的Docker镜像
或者,您可以从hub.docker.com下载并运行预编译的镜像
docker run --rm 0xor0ne/qscan:latest --targets "8.8.8.8" --ports "1-1024"
相关项目
依赖关系
~22–36MB
~653K SLoC