node.js - 我可以快速扫描我的本地网络以查找特定的开放端口吗？

Question

我想知道是否有办法通过我的本地网络的 IP 范围扫描特定数量的开放端口。

本质上，我正在寻找在nodejs不知道其 IP 地址的情况下找到特定类型的客户端。在这种情况下，RFID 阅读器在端口 14150 上进行侦听。

我希望此扫描快速，因此我不希望每个 IP 地址之间的超时时间过长。它们都应该很快发生，对于多达 255 个客户端的整个本地 IP 范围（不包括我自己的 IP），最多可能在几秒钟内发生。

我编写的代码可以满足我的要求，但速度非常慢……我想看看如何通过快速连接并在 20 毫秒内无法与给定 IP 建立连接时退出来加快速度。我想捕获一个数组中的实际连接，然后我可以将其用于其他目的。

var net = require('net'); // Required to create socket connections

var ip = 254; //IP address to start with on a C class network

function checkConnect () {
  ip--;
  var thisIP = '192.168.1.' + ip; //concatenate to a real IP address

  var S = new net.Socket();
  S.connect(80, thisIP);

  if(ip > 0) { checkConnect(); }

  S.on('connect', function () { console.log('port 80 found on ' + thisIP); });
  S.on('error', function () { console.log('no such port on ' + thisIP); });
  S.end();
}

checkConnect();

Answer 1

我已经为你做了https://github.com/eviltik/evilscan。（今天刚刚发布v0.0.3）

安装：

npm install -g evilscan

用法（端口列表+端口范围）：

root@debian:~# evilscan --target=192.168.0.0/24 --port=21-446,5900 --concurrency=100 --progress
192.168.0.3:5900|open
192.168.0.26:53|open
192.168.0.26:111|open
192.168.0.26:81|open
192.168.0.26:23|open
Scanned 192.168.0.253:446 (100%)

提示：

对于非常快速的扫描，您可以使用“并发”参数，超过 1000，但您必须先更新 linux 的 ulimit 参数：

ulimit -u unlimited

希望这有帮助。

Answer 2

以前的答案都没有真正满足我的需要。我找到了一个重量更轻的替代品。有了这个解决方案，我很快就得到了我的解决方案。我的下一个升级将是根据当前子网指定一系列主机。我想我会想把它限制在前 254 个客户端，这样就不会矫枉过正。这是代码：

//LLRP DEVICE SCANNER
var net    = require('net'), Socket = net.Socket;

var checkPort = function(port, host, callback) {
    var socket = new Socket(), status = null;

    // Socket connection established, port is open
    socket.on('connect', function() {status = 'open';socket.end();});
    socket.setTimeout(1500);// If no response, assume port is not listening
    socket.on('timeout', function() {status = 'closed';socket.destroy();});
    socket.on('error', function(exception) {status = 'closed';});
    socket.on('close', function(exception) {callback(null, status,host,port);});

    socket.connect(port, host);
}

var LAN = '192.168.1'; //Local area network to scan (this is rough)
var LLRP = 5084; //globally recognized LLRP port for RFID readers

//scan over a range of IP addresses and execute a function each time the LLRP port is shown to be open.
for(var i=1; i <=255; i++){
    checkPort(LLRP, LAN+'.'+i, function(error, status, host, port){
        if(status == "open"){
            console.log("Reader found: ", host, port, status);
        }
    });
}

Answer 3

您可以使用 arp 命令获取首先处于活动状态的设备列表。跳出框框思考 ;) 您不必盲目地扫描所有设备。

var child = require("child_process"); 
var async = require("async"); 
var net = require("net"); 
var os = require("os"); 

function scan(port, cb){
    var hosts = {}; 
    var result = []; 
    async.series([
        function scan(next, c){
            if(c == 1){
                next(); return; 
            }
            // scan twice because arp sometimes does not list all hosts on first time
            child.exec("arp -n | awk '{print $1}' | tail -n+2", function(err, res){
                if(err) cb(err); 
                else {
                    var list = res.split("\n").filter(function(x){return x !== "";}); 
                    list.map(function(x){
                        hosts[x] = x; 
                    }); 
                }
                scan(next, 1); 
            }); 
        },
        function(next){
            // if you want to scan local addresses as well 
            var ifs = os.networkInterfaces(); 
            Object.keys(ifs).map(function(x){
                hosts[((ifs[x][0])||{}).address] = true; 
            }); 
            // do the scan
            async.each(Object.keys(hosts), function(x, next){
                var s = new net.Socket(); 
                s.setTimeout(1500, function(){s.destroy(); next();}); 
                s.on("error", function(){
                    s.destroy(); 
                    next(); 
                }); 
                s.connect(port, x, function(){
                    result.push(x); 
                    s.destroy(); 
                    next(); 
                }); 
            }, function(){
                next();
            });
        }
    ], function(){
        cb(null, result); 
    }); 
} 

scan(80, function(err, hosts){
    if(err){
        console.error(err); 
    } else {
        console.log("Found hosts: "+hosts);
    } 
}); 

您也可以使用 arp-scan 实用程序，它更可靠。但是 arp-scan 需要 root 权限才能工作，所以最好只使用 arp。它几乎可以在每个 linux 机器上使用。

Answer 4

而不是仅仅发布链接（链接可能会在某一时刻失效），我将从网站发布教程代码：

var net = require('net');

// the machine to scan
var host = 'localhost';
// starting from port number
var start = 1;
// to port number
var end = 10000;
// sockets should timeout asap to ensure no resources are wasted
// but too low a timeout value increases the likelyhood of missing open sockets, so be careful
var timeout = 2000;

// the port scanning loop 
while (start <= end) {

    // it is always good to give meaningful names to your variables
    // since the context is changing, we use `port` to refer to current port to scan 
    var port = start;

    // we create an anonynous function, pass the current port, and operate on it
    // the reason we encapsulate the socket creation process is because we want to preseve the value of `port` for the callbacks 
    (function(port) {
        // console.log('CHECK: ' + port);
        var s = new net.Socket();

        s.setTimeout(timeout, function() { s.destroy(); });
        s.connect(port, host, function() {
            console.log('OPEN: ' + port);
            // we don't destroy the socket cos we want to listen to data event
            // the socket will self-destruct in 2 secs cos of the timeout we set, so no worries
        });

        // if any data is written to the client on connection, show it
        s.on('data', function(data) {
            console.log(port +': '+ data);
            s.destroy();
        });

        s.on('error', function(e) {
            // silently catch all errors - assume the port is closed
            s.destroy();
        });
    })(port);

    start++;
}