PHP服务端口扫描与网络安全检测 PHP服务端口扫描与网络安全检测网络安全检测是运维工作的一部分。PHP可以通过socket操作实现基本的端口扫描和网络安全检查。今天说说PHP中网络检测的实现。端口扫描用于检测目标主机的开放端口。phpclass PortScanner{private int $timeout;public function __construct(int $timeout 2){$this-timeout $timeout;}public function scan(string $host, array $ports): array{$results [];foreach ($ports as $port) {$start microtime(true);$socket fsockopen($host, $port, $errno, $errstr, $this-timeout);$duration (microtime(true) - $start) * 1000;$results[$port] [open $socket ! false,duration_ms round($duration, 2),service $this-getServiceName($port),];if ($socket) {fclose($socket);}}return $results;}public function scanRange(string $host, int $startPort, int $endPort): array{$ports range($startPort, $endPort);return $this-scan($host, $ports);}public function scanCommon(string $host): array{$commonPorts [21, 22, 23, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995, 1433, 1521, 3306, 3389, 5432, 6379, 8080, 8443, 27017];return $this-scan($host, $commonPorts);}public function scanParallel(string $host, array $ports, int $batchSize 10): array{$results [];$batches array_chunk($ports, $batchSize);foreach ($batches as $batch) {foreach ($batch as $port) {$socket fsockopen($host, $port, $errno, $errstr, $this-timeout);$results[$port] [open $socket ! false,service $this-getServiceName($port),];if ($socket) fclose($socket);}}return $results;}private function getServiceName(int $port): string{$services [21 FTP, 22 SSH, 23 Telnet, 25 SMTP,53 DNS, 80 HTTP, 110 POP3, 143 IMAP,443 HTTPS, 465 SMTPS, 587 SMTP, 993 IMAPS,995 POP3S, 1433 MSSQL, 1521 Oracle,3306 MySQL, 3389 RDP, 5432 PostgreSQL,6379 Redis, 8080 HTTP-Alt, 8443 HTTPS-Alt,27017 MongoDB,];return $services[$port] ?? Unknown;}}$scanner new PortScanner(1);$host 127.0.0.1;$results $scanner-scanCommon($host);$openPorts array_filter($results, fn($r) $r[open]);echo 主机 {$host} 开放的端口:\n;foreach ($openPorts as $port $info) {echo {$port}/{$info[service]} ({$info[duration_ms]}ms)\n;}?SSL证书检查和HTTP安全头检测phpclass SecurityChecker{public function checkSSLCertificate(string $host, int $port 443): array{$context stream_context_create([ssl [capture_peer_cert true]]);$client stream_socket_client(ssl://{$host}:{$port}, $errno, $errstr, 10, STREAM_CLIENT_CONNECT, $context);if (!$client) {return [valid false, error 连接失败: {$errstr}];}$params stream_context_get_params($client);$cert $params[options][ssl][peer_certificate] ?? null;fclose($client);if (!$cert) {return [valid false, error 无法获取证书];}$certInfo openssl_x509_parse($cert);$validFrom $certInfo[validFrom_time_t] ?? 0;$validTo $certInfo[validTo_time_t] ?? 0;$now time();return [valid $now $validFrom $now $validTo,subject $certInfo[subject][CN] ?? Unknown,issuer $certInfo[issuer][CN] ?? Unknown,valid_from date(Y-m-d H:i:s, $validFrom),valid_to date(Y-m-d H:i:s, $validTo),days_remaining floor(($validTo - $now) / 86400),algorithm $certInfo[signatureTypeSN] ?? Unknown,];}public function checkSecurityHeaders(string $url): array{$ch curl_init($url);curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER true,CURLOPT_HEADER true,CURLOPT_NOBODY true,CURLOPT_TIMEOUT 10,CURLOPT_FOLLOWLOCATION true,]);curl_exec($ch);$headers curl_getinfo($ch);curl_close($ch);$requiredHeaders [Strict-Transport-Security HSTS,X-Content-Type-Options 防MIME嗅探,X-Frame-Options 防点击劫持,X-XSS-Protection XSS防护,Content-Security-Policy 内容安全策略,Referrer-Policy 引用策略,Permissions-Policy 权限策略,];$results [];foreach ($requiredHeaders as $header $desc) {$present isset($headers[$header]);$results[$header] [present $present,description $desc,status $present ? ok : missing,];}return $results;}}$checker new SecurityChecker();$sslInfo $checker-checkSSLCertificate(example.com);echo SSL证书: {$sslInfo[subject]}, 剩余{$sslInfo[days_remaining]}天\n;if ($sslInfo[days_remaining] 30) {echo 警告: SSL证书即将过期!\n;}?网络安全的自动化检测可以及时发现安全风险。端口扫描发现对外开放的不必要端口SSL证书检查防止证书过期安全头检测确保Web应用配置正确。这些检测集成到CI/CD流程中可以在问题影响用户之前发现和处理。