摘要：因为nmap太慢了，所以简单的用了下masscan，u1s1确实快......

扫描机器

masscan -p22,80,443,445,3389 10.30.0.0/16 --rate=500 -oX scan.xml

注意：局域网环境建议--rate=500或者--rate=1000，不要使用--rate=100000，不然可能会导致网络不稳，使用前可以使用ping命令，根据丢包情况逐渐增加--rate

分离ip段

作用：是将扫描结果scan.xml按照10.30.1.0/24、10.30.2.0/24这样进行划分，然后转换成xls表格。
用法：

python3 结果分析.py -i scan.xml -o scan_result.xls

#coding=utf-8
import os
import sys
import time
import argparse
import xml.dom.minidom
import xlsxwriter
from xlsxwriter import Workbook

def convert_masscan_report(xml_path,xls_path):
    DOMTree = xml.dom.minidom.parse(xml_path) 
    data = DOMTree.documentElement
    nodelist = data.getElementsByTagName('host')
    ip_info = {}
    for node in nodelist:
        scan_endtime = node.getAttribute('endtime')
        scan_endtime = time.strftime('%Y-%m-%d %H:%M:%S',time.localtime(int(scan_endtime)))
        address_node = node.getElementsByTagName('address')
        addrtype = address_node[0].getAttribute('addrtype')
        addr = address_node[0].getAttribute('addr')
        port_node = node.getElementsByTagName('port')
        ip_prefix = addr.split(".")[0]+"."+addr.split(".")[1]+"."+addr.split(".")[2]
        if ip_prefix not in ip_info:
            ip_info[ip_prefix] = {}
        for port in port_node:
            if addr in ip_info[ip_prefix]:
                ip_info[ip_prefix][addr][1] = ip_info[ip_prefix][addr][1] + "," + portid
                continue
            protocol = port.getAttribute('protocol')
            portid = port.getAttribute('portid')
            state_element = port.getElementsByTagName('state')
            state = state_element[0].getAttribute('state')
            reason = state_element[0].getAttribute('reason')
            reason_ttl = state_element[0].getAttribute('reason_ttl')
            print('[+] | %s | %s | %s | %s | %s | %s | %s | %s |' % (addr,portid,state,protocol,addrtype,reason,reason_ttl,scan_endtime))
            scan_info = [addr,portid,state,protocol,addrtype,reason,reason_ttl,scan_endtime]
            ip_info[ip_prefix][addr] = scan_info
        workbook = xlsxwriter.Workbook(xls_path)
        for sheet_name, sheet_value in ip_info.items():
            worksheet = workbook.add_worksheet(sheet_name)
            worksheet.autofilter("A1:H1")  #设置过滤
            worksheet.freeze_panes(1, 0)  #冻结窗格
            worksheet.lastrow = 0
            summary_header = ["addr", "port", "state", "protocol", "addrtype", "reason", "reason_ttl", "scan_endtime"]
            for idx, item in enumerate(summary_header):
                worksheet.write(0, idx, item,workbook.add_format({"bold": True}))
            worksheet.lastrow += 1
            for  addr, addr_info in sheet_value.items():
                        for i in range(0, len(addr_info)):
                            worksheet.write(worksheet.lastrow, i, addr_info[i])
                        worksheet.lastrow += 1 
        workbook.close()
                
if __name__ == '__main__':
    parser = argparse.ArgumentParser()
    parser.add_argument("-i", "--input", metavar="XML", help="path to xml input")
    parser.add_argument("-o", "--output", metavar="XLS", help="path to xlsx output")
    
    if len(sys.argv) == 1:
        sys.argv.append('-h')
        
    args = parser.parse_args()
    
    if args.input:
        xml_path = args.input
    else :
        exit('[*] please use -i set xml path!')
    
    if os.path.lexists(xml_path) == False:
        exit('[*] %s does not exist!',xml_path)
        
    if args.output:
        xls_path = args.output
    else:
        xls_path = 'masscan_report.xls'
    
    convert_masscan_report(xml_path,xls_path)

参考

编写masscan报告转换脚本 | 回忆飘如雪