我如何开始制作我自己的简单的基于 UNIX 的网络扫描仪?

How could I start making my own simple UNIX-based network scanner?

我正在使用 Linux 进行安全和渗透测试。我经常使用 nmapwireshark,但我想自己制作一个网络扫描仪来了解它们的工作原理。

我希望它扫描整个网络,而不是扫描一个目标的端口,但是我不知道从哪里开始。

基于命令行的人会使用什么 programming/scripting 语言 网络扫描仪以及在制作过程中我应该从哪里开始?

尝试 python + scapy

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.

http://networkinterfaze.com/scapy-examples/(没查过,可能有点过时)的几个样例来感受一下它的威力:

正在从 Ubuntu 向 Windows 发送 ping 数据包 7

ip = IP() # Creates an IP header
ip.src = '192.168.1.25' # Source address in the IP header is configured with IP address of ubuntu.
ip.dst = '192.168.1.100' # Destination address in the IP header is configured with the IP address of Windows 7.
icmp = ICMP() # Creates an ICMP header
icmp.type = 8 # Type value inserted in ICMP header as 8 for ping crafting
icmp.code = 0 # Code value inserted in ICMP header as 0 for ping crafting.
send(ip/icmp) # Sending ping packet.

使用随机源地址

从Ubuntu上的Scapy创建到Windows7上端口80的TCP SYN
cp = TCP() # Creates a TCP header
tcp.dport = 80 # Configures the destination port in the TCP header with port 80.
tcp.flags = ’S’ # Configure the flag in the TCP header with the SYN bit.
ip = IP() # Creates an IP header
ip.src = '192.168.1.25' # Source address in the IP header is configured with IP address of ubuntu.
ip.dst = '192.168.1.100' # Destination address in the IP header is configured with the IP address of Windows 7.
send(ip/tcp) # Sending tcp packet.