实现简单探测:使用socket模块,connect()方法建立与指定IP和端口的网络连接;revc(1024)方法将读取套接字中接下来的1024B数据
import socket
import sys
socket.setdefaulttimeout(2)
s=socket.socket()
s.connect(('192.168.1.1',21))
ans=s.recv(1024)
print(ans)
通过函数实现:通过def()关键字定义,示例中定义扫描FTP banner信息的函数
import socket
def retBanner(ip,port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip,port))
banner = s.recv(1024)
return banner
except:
return
def checkVulns(banner):
if 'vsFTPd' in banner:
print '[+] vsFTPd is vulnerable.'
elif 'FreeFloat Ftp Server' in banner:
print '[+] FreeFloat Ftp Server is vulnerable.'
else:
print '[-] FTP Server is not vulnerable.'
return
def main():
ips = ['10.10.10.128','10.10.10.160']
port = 21
banner1 = retBanner(ips[0],port)
if banner1:
print '[+] ' + ips[0] + ": " + banner1.strip('\n')
checkVulns(banner1)
banner2 = retBanner(ips[1],port)
if banner2:
print '[+] ' + ips[1] + ": " + banner2.strip('\n')
checkVulns(banner2)
if __name__ == '__main__':
main()
迭代实现:迭代探测
import socket
def retBanner(ip,port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip,port))
banner = s.recv(1024)
return banner
except:
return
def checkVulns(banner):
if 'vsFTPd' in banner:
print '[+] vsFTPd is vulnerable.'
elif 'FreeFloat Ftp Server' in banner:
print '[+] FreeFloat Ftp Server is vulnerable.'
else:
print '[-] FTP Server is not vulnerable.'
return
def main():
portList = [21,22,25,80,110,443]
ip = '10.10.10.128'
for port in portList:
banner = retBanner(ip,port)
if banner:
print '[+] ' + ip + ':' + str(port) + '--' + banner
if port == 21:
checkVulns(banner)
if __name__ == '__main__':
main()
OS模块: os.path.isfile()检查该文件是否存在 os.access()判断当前用户是否有权限读取该文件
import sys
import os
if len(sys.argv) == 2:
filename = sys.argv[1]
if not os.path.isfile(filename):
print '[-] ' + filename + ' does not exit.'
exit(0)
if not os.access(filename,os.R_OK):
print '[-] ' + filename + ' access denied.'
exit(0)
print '[+] Reading From: ' + filename
整合上面的代码
import socket
import sys
import os
def retBanner(ip,port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip,port))
banner = s.recv(1024)
return banner
except:
return
def checkVulns(banner,filename):
f = open(filename, 'r')
for line in f.readlines():
if line.strip('\n') in banner:
print '[+] Server is vulnerable: ' + banner.strip('\n')
def main():
if len(sys.argv) == 2:
filename = sys.argv[1]
if not os.path.isfile(filename):
print '[-] ' + filename + ' does not exit.'
exit(0)
if not os.access(filename,os.R_OK):
print '[-] ' + filename + ' access denied.'
exit(0)
print '[+] Reading From: ' + filename
else:
print '[-] Usage: ' + str(sys.argv[0]) + ' <vuln filename>'
exit(0)
portList = [21,22,25,80,110,443]
ip = '10.10.10.128'
for port in portList:
banner = retBanner(ip,port)
if banner:
print '[+] ' + ip + ':' + str(port) + '--' + banner
if port == 21:
checkVulns(banner,filename)
if __name__ == '__main__':
main()
Unix口令破解机: 这段代码通过分别读取两个文件,一个为加密口令文件,另一个为用于猜测的字典文件。在testPass()函数中读取字典文件,并通过crypt.crypt()进行加密,其中需要一个明文密码以及两个字节的盐,然后再用加密后的信息和加密口令进行比较查看是否相等即可。
#!/usr/bin/python
#coding=utf-8
import crypt
def testPass(cryptPass):
salt = cryptPass[0:2]
dictFile = open('dictionary.txt','r')
for word in dictFile.readlines():
word = word.strip('\n')
cryptWord = crypt.crypt(word,salt)
if cryptWord == cryptPass:
print '[+] Found Password: ' + word + "\n"
return
print '[-] Password not Found.\n'
return
def main():
passFile = open('passwords.txt')
for line in passFile.readlines():
if ":" in line:
user = line.split(':')[0]
cryptPass = line.split(':')[1].strip(' ')
print '[*] Cracking Password For : ' + user
testPass(cryptPass)
if __name__ == '__main__':
main()
Zip文件口令破解机: 主要使用zipfile库的extractall()方法,其中pwd参数指定密码
import zipfile
import optparse
from threading import Thread
def extractFile(zFile,password):
try:
zFile.extractall(pwd=password)
print '[+] Fonud Password : ' + password + '\n'
except:
pass
def main():
parser = optparse.OptionParser("[*] Usage: ./unzip.py -f <zipfile> -d <dictionary>")
parser.add_option('-f',dest='zname',type='string',help='specify zip file')
parser.add_option('-d',dest='dname',type='string',help='specify dictionary file')
(options,args) = parser.parse_args()
if (options.zname == None) | (options.dname == None):
print parser.usage
exit(0)
zFile = zipfile.ZipFile(options.zname)
passFile = open(options.dname)
for line in passFile.readlines():
line = line.strip('\n')
t = Thread(target=extractFile,args=(zFile,line))
t.start()
if __name__ == '__main__':
main()