Python調用nmap掃描網段主機信息生成xml

#!/usr/bin/env python
# -*- coding: utf_8 -*-
# Date: 2015年10月23日
# Author:蔚藍行
# 博客 http://www.cnblogs.com/duanv/

from IPy import IP
import threading
import nmap
import time
import sys
import subprocess
from xml.dom import minidom

def usage():
    print 'The script requires root privileges!'
    print 'example:python scan.py 192.168.0.1/24'

#生成xml文件的模板函數
def addResult(newresult):
    global doc
    global scan_result

    ip = doc.createElement("ip")
    ip.setAttribute("address", newresult["address"])

    osclass = doc.createElement("osclass")
    osclass.appendChild(doc.createTextNode(newresult["osclass"]))
    ip.appendChild(osclass)

    port = doc.createElement("port")
    
    tcp = doc.createElement("tcp")
    tcp.appendChild(doc.createTextNode(newresult["tcp"]))
    port.appendChild(tcp)
    
    udp = doc.createElement("udp")
    udp.appendChild(doc.createTextNode(newresult["udp"]))
    port.appendChild(udp)
    
    ip.appendChild(port)
    scan_result.appendChild(ip)

#掃描函數，調用nmap庫
def ip_scan(ip):
    global nm
    #這里調用系統ping命令來判斷主機存活
    p = subprocess.Popen("ping -c 1 -t 1 "+ip,stdin = subprocess.PIPE, stdout = subprocess.PIPE, stderr = subprocess.PIPE, shell = True)    
    out = p.stdout.read()
    #如過沒有100%丟包則主機存活，對是否丟包的判斷是抓取系統回顯內容，測試用的是‘MAC OS X’系統，抓取內容為‘100.0% packet loss’
    if '100.0% packet loss' not in out:
        try:
            #調用nmap掃描主機操作系統，同時進行SYN掃描和UDP掃描探測開放的端口
            nm.scan(ip,arguments='-O -sS -sU -F')
            sr={'address':ip,'osclass':str(nm[ip]['osclass'])[1:-1],'tcp':str(nm[ip].all_tcp())[1:-1],'udp':str(nm[ip].all_udp())[1:-1]}
            addResult(sr)
        except:
            pass

#循環，遍歷未掃描的IP
def loop():
    global mutex
    global ipx
    
    while 1:
        #線程鎖，掃描一個IP就將IPX列表中的該IP移除
        mutex.acquire()
        #如果列表中沒有IP，則跳出循環結束該線程
        if len(ipx)<=0:
            mutex.release()
            break
        ip=ipx[0]
        ipx.remove(ipx[0])
        mutex.release()
        #調用掃描函數
        ip_scan(str(ip))

#創建線程的函數，默認創建40個
def creat_threads():
    threads=[]
    for i in range(40):
        threads.append(threading.Thread(target=loop,))
    for t in threads:
        t.start()
    for t in threads:
        t.join()
  
        
def start():
    #mutex:線程鎖
    global mutex
    #ipx:存儲要掃描的IP地址段列表
    global ipx
    #nm:nmap模塊掃描對象
    global nm
    #doc:xml文檔對象
    global doc
    #scan_result:xml文檔的根元素
    global scan_result
    
    if '-h' == sys.argv[1]:
        usage()
        exit()
    else:
        #獲取命令行輸入的要掃描的IP段
        ip=sys.argv[1]
        #xml文檔一些對象的初始化
        doc = minidom.Document()
        doc.appendChild(doc.createComment("scan_result xml."))
        scan_result = doc.createElement("scan_result")
        doc.appendChild(scan_result)
        
        #初始化參數
        ipx=[]
        nm=nmap.PortScanner()
        mutex=threading.Lock()

        #調用IPy模塊的IP函數，將IP地址段的每個IP存入列表
        ipp=IP(ip, make_net=True)
        for x in ipp:
            ipx.append(x)
        #去掉首尾代表子網和全部主機的IP
        ipx=ipx[1:-1]
        
        print("please wait...")
        #計算時間
        time_start=time.time()
        #創建線程
        creat_threads()

        time_end=time.time()
        t=time_end-time_start
        print '*'*48
        print '\nTime:'+str(t)+'s'
        print 'Scan results have been saved to scan_result.xml.\n'
        print '*'*48
        
        #xml文件操作
        f = file("scan_result.xml","w")
        f.write(doc.toprettyxml(indent = "\t", newl = "\n", encoding = "utf-8"))
        f.close()

if __name__=='__main__':
    start()