/**************************************
/* 作者:半斤八兩
/* 博客:http://cnblogs.com/bjblcracked
/* 日期:2014-05-05 17:44
/**************************************
只是感興趣,沒有其他目的。失誤之處敬請諸位大俠賜教!
今天看到這個貼子作者尋問3389掃描的問題.
http://bbs.pediy.com/showthread.php?t=187377
想起來以前剛接觸的電腦不久的時候,也是經常掃3389,
不過那時候還沒有啥工具,我是寫了個bat腳本,直接調用mstsc來掃描的. 
那個速度,慢的,是可想而知的...
正好今天就試着寫了一個.(重溫一下以前的"歡樂"時光) 
1 CRITICAL_SECTION g_tagSection = {0}; 2 3 DWORD g_dwIp = 0; 4 SOCKADDR_IN sPortAddr = {0}; 5 6 // 是否查看超時IP 7 DWORD g_dwViewAllIP = 0; 8 9 // 開放3389端口的IP個數 10 DWORD g_dwOpenPortIPNumber = 0; 11 12 void InitSocket() 13 { 14 WORD wVersionRequested; 15 WSADATA wsaData; 16 int err; 17 18 wVersionRequested = MAKEWORD( 2, 2 ); 19 20 err = WSAStartup( wVersionRequested, &wsaData ); 21 if ( err != 0 ) { 22 return; 23 } 24 25 if ( LOBYTE( wsaData.wVersion ) != 2 || 26 HIBYTE( wsaData.wVersion ) != 2 ) { 27 WSACleanup(); 28 return; 29 } 30 } 31 32 33 34 35 DWORD IsTest(SOCKET sPort, SOCKADDR_IN sPortAddr) 36 { 37 int flag = 1; 38 struct timeval timeout; 39 fd_set r; 40 int ret; 41 int error; 42 int len = sizeof(int); 43 int err = 0; 44 45 46 err = connect(sPort, (SOCKADDR*)&sPortAddr, sizeof(sPortAddr)); 47 48 if (SOCKET_ERROR == err) 49 { 50 FD_ZERO(&r); 51 FD_SET(sPort, &r); 52 53 timeout.tv_sec = 1; 54 timeout.tv_usec = 0; 55 56 ret = select(0, 0, &r, 0, &timeout); 57 58 if (ret > 0) 59 { 60 getsockopt(sPort, SOL_SOCKET, SO_ERROR, (PCHAR)&error, &len); 61 62 if(error == 0) 63 { 64 65 printf("IP: [%s]\tOpen Port 3389\r\n", inet_ntoa(sPortAddr.sin_addr)); 66 g_dwOpenPortIPNumber++; 67 68 ret = TRUE; 69 } 70 else 71 { 72 puts("time close port 3389"); 73 ret = FALSE; 74 } 75 } 76 else 77 { 78 ret = FALSE; 79 } 80 } 81 else 82 { 83 puts("close port 3389"); 84 ret = TRUE; 85 } 86 87 88 if (!ret) 89 { 90 if(g_dwViewAllIP) 91 printf("IP: [%s]\t\t連接超時!!!\r\n", inet_ntoa(sPortAddr.sin_addr)); 92 } 93 94 return TRUE; 95 } 96 97 98 void IsChildProc(VOID*) 99 { 100 EnterCriticalSection(&g_tagSection); 101 102 SOCKET sPort = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); 103 104 DWORD arp = 1; 105 if (ioctlsocket(sPort, FIONBIO, &arp) != 0) 106 { 107 closesocket(sPort); 108 return; 109 } 110 111 112 if(g_dwIp >= 0xff000000) 113 { 114 Sleep(2000); 115 puts("---------------------------------------------------------------"); 116 printf("\r\n\r\n\t\t\t總共掃到 [%d] 個主機開放端口! :)\r\n\r\n\r\n", g_dwOpenPortIPNumber); 117 system("pause"); 118 exit(0); 119 return; 120 } 121 122 g_dwIp += 0x01000000; 123 in_addr inaddr; 124 inaddr. s_addr = g_dwIp; 125 sPortAddr.sin_addr = inaddr; 126 127 LeaveCriticalSection(&g_tagSection); 128 129 IsTest(sPort, sPortAddr); 130 131 closesocket(sPort); 132 } 133 134 void IsFoundOpenPortProc(VOID*) 135 { 136 while(TRUE) 137 { 138 HANDLE Thread = (HANDLE)_beginthread(IsChildProc, 0, NULL); 139 140 Sleep(100); 141 } 142 } 143 144 int main(int argc, char* argv[]) 145 { 146 system("color 0a & title 3389微探針 By 半斤八兩 & cls"); 147 148 InitSocket(); 149 150 puts("-------------------------------------------------"); 151 puts("- 3389 微探針 -"); 152 puts("- -"); 153 puts("- 快速掃描3389端口 -_=|| -"); 154 puts("- -"); 155 puts("- By 半斤八兩 -"); 156 puts("- -"); 157 puts("- 2014.05.05 -"); 158 puts("-------------------------------------------------"); 159 160 puts("請輸入1個IP, 格式如下: 192.168.5.0"); 161 BYTE szIp[MAXBYTE] = {0}; 162 scanf("%s", szIp); 163 puts("您是否想查看所有IP?(包括超時IP), 輸入0只顯示開放3389的IP. 輸入1顯示所有IP"); 164 scanf("%d", &g_dwViewAllIP); 165 166 SYSTEM_INFO tagSystemInfo = {0}; 167 GetSystemInfo(&tagSystemInfo); 168 169 InitializeCriticalSection(&g_tagSection); 170 171 g_dwIp = inet_addr((PCHAR)szIp); 172 173 // sPortAddr.sin_addr.S_un.S_addr = inet_addr("115.22.143.1"); // 3389 測試 174 sPortAddr.sin_family = AF_INET; 175 sPortAddr.sin_port = htons(3389); 176 177 for (int i = 0; i < (int)tagSystemInfo.dwNumberOfProcessors * 20; ++i) 178 { 179 _beginthread(IsFoundOpenPortProc, 0, NULL); 180 } 181 182 Sleep(INFINITE); 183 184 DeleteCriticalSection(&g_tagSection); 185 186 187 return 0; 188 }
Bin和Code下載地址: