C#学习-内网多线程gettitle
C#学习-内网多线程gettitle
2020年5月30日更新:
修复了HTTPS证书功能,对于ex和服务端的response返回404也可以识别到了,整体由try控制防止报错弹框。
速度大约是有线连接/外网100m 单端口b段扫描 10-20分钟左右。
2020年5月28日更新:
增加了自定义端口功能、自定义线程(在各位大哥的鞭挞下总算吃下这个多线程了,C# thread带参传好难),之前的多线程利用的sleep控制的,被大哥喷,没用join被大哥喷,现在总算都用上了,控制的速度变化明显。测试图
win10 .net 4
win7 .net 2
使用:
gettitle.exe 192.168.1/192.168 80,8080,8181,8000 100.net 4.0
http://myblogimages.oss-cn-beijing.aliyuncs.com/gettitle4.exe
.net 2.0
http://myblogimages.oss-cn-beijing.aliyuncs.com/gettitle2.exe
顺便加入了文件写入,扫描结果放到C:\users\public\scan.txt下了。
也方便在cs下用execute-assembly去执行查看结果。
win10
win7
之前几个项目都遇到内网需要扫描title,linux下又timoutsocks.py,windows下pyinstall编译太大了,最近正好在学习C#,就用C#写了一个,参考了几个其他扫描工具的思路。效果还不错。
using System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.IO;
using System.Text.RegularExpressions;
using System.Threading;
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
namespace gettitle
{
class Program
{
static void Main(string[] args)
{
try
{
string a = args[0];
string ports = args[1];
int threads = int.Parse(args[2]);
//string ports = "80,8181";
string[] port = ports.Split(new char[] { ',' });
//for (int z = 0; z < port.Length; z++)
//{
//string a = "192.168.2";
Regex rgx = new Regex(@"^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){2}$");
//Console.WriteLine(startIp);
if (rgx.IsMatch(a)) //匹配正确IP (123.123.123为true/123.123为 false)
{
Console.WriteLine("start sacn");
for (int i = 1; i <= 255; i++)
{
//string hosts = "192.168.2";
string hosts = a;
hosts = hosts + "." + i;
Thread[] sp = new Thread[threads];
int thread = threads - 1;
sp[thread] = new Thread(() => URL_manage(hosts, port));
sp[thread].Start();
sp[thread].Join(10000 / threads);
}
}
else
{
Console.WriteLine("start sacn");
for (int j = 0; j <= 255; j++)
{
for (int i = 1; i <= 255; i++)
{
string hosts = a;
hosts = hosts + "." + j + "." + i;
Thread thread = new Thread(() => URL_manage(hosts, port));
Thread[] sp = new Thread[threads];
int threada = threads - 1;
sp[threada] = new Thread(() => URL_manage(hosts, port));
sp[threada].Start();
sp[threada].Join(10000 / threads);
}
}
}
}
catch
{
Console.WriteLine("Uesg: gettitle.exe 192.168.1/192.168 80,8000,8080,7001 10");
}
}
public static void URL_manage(string hosts, string[] ports)
{
try
{
foreach (string port in ports)
{
if (port == "443")
{
string host = "https://" + hosts + "/";
if (headscan(host))
{
Gettitle(host);
//Console.WriteLine(host);
}
}
else
{
string host = "http://" + hosts + ":" + port + "/";
if (headscan(host))
{
Gettitle(host);
}
}
}
}
catch
{
}
}
public static bool CheckValidationResult(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors)
{ // 总是接受
return true;
}
public static bool headscan(string url)
{
try
{
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(CheckValidationResult);
var req = (HttpWebRequest)WebRequest.CreateDefault(new Uri(url));
req.Method = "HEAD";
req.Timeout = 5000;
var res = (HttpWebResponse)req.GetResponse();
if (res.StatusCode == HttpStatusCode.OK || res.StatusCode == HttpStatusCode.Forbidden || res.StatusCode == HttpStatusCode.Redirect || res.StatusCode == HttpStatusCode.MovedPermanently || res.StatusCode == HttpStatusCode.BadGateway)
{
//Console.WriteLine(url);
return true;
}
}
catch (WebException ex)
{
HttpWebResponse webResponse = (HttpWebResponse)ex.Response;
if(ex.Response == null || webResponse.StatusCode == HttpStatusCode.RequestTimeout)
{
return false;
}
else
{
if (webResponse.StatusCode == HttpStatusCode.NotFound )
{
//Console.WriteLine(ex);
//Console.WriteLine(url+ "1");
return true;
}
else
{
//Console.WriteLine(ex);
//Console.WriteLine(url + "2");
return false;
}
}
}
return false;
}
public static void Gettitle(string input)
{
string httpUrl = input;
string charSet = "utf-8";//utf-8
try
{
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(CheckValidationResult);
WebRequest oRequest = WebRequest.Create(httpUrl);
oRequest.Timeout = 5000; //5s
WebResponse oResponse = oRequest.GetResponse();
StreamReader oReader = new StreamReader(oResponse.GetResponseStream(), Encoding.GetEncoding(charSet));
string html = oReader.ReadToEnd();
Match m1 = Regex.Match(html, "<title>(.*)</title>");
using (System.IO.StreamWriter file = new System.IO.StreamWriter(@"C:\users\public\scan.txt", true))
{
file.WriteLine("open: " + input + " ------" + m1.Groups[1].Value);// 直接追加文件末尾,换行
}
Console.WriteLine("open: " + input + " ------" + m1.Groups[1].Value);
}
catch (WebException ex)
{
HttpWebResponse webResponse = (HttpWebResponse)ex.Response;
if (ex.Response == null || webResponse.StatusCode == HttpStatusCode.RequestTimeout)
{
}
else
{
if (webResponse.StatusCode == HttpStatusCode.NotFound)
{
using (System.IO.StreamWriter file = new System.IO.StreamWriter(@"C:\users\public\scan.txt", true))
{
file.WriteLine("open: " + input + " ------404");// 直接追加文件末尾,换行
}
Console.WriteLine("open: " + input + " ------404");
}
}
}
}
}
}