使用 Python 實現實用小工具

實現簡單探測：使用socket模塊，connect()方法建立與指定IP和端口的網絡連接；revc(1024)方法將讀取套接字中接下來的1024B數據

mport socket
import sys

socket.setdefaulttimeout(2)
s=socket.socket()
s.connect(('192.168.1.1',21))
ans=s.recv(1024)
print(ans)

通過函數實現：通過def()關鍵字定義，示例中定義掃描FTP banner信息的函數：

#!/usr/bin/python
#coding=utf-8
import socket

def retBanner(ip,port):
    try:
        socket.setdefaulttimeout(2)
        s = socket.socket()
        s.connect((ip,port))
        banner = s.recv(1024)
        return banner
    except:
        return

def checkVulns(banner):
    if 'vsFTPd' in banner:
        print '[+] vsFTPd is vulnerable.'
    elif 'FreeFloat Ftp Server' in banner:
        print '[+] FreeFloat Ftp Server is vulnerable.'
    else:
        print '[-] FTP Server is not vulnerable.'
    return

def main():
    ips = ['10.10.10.128','10.10.10.160']
    port = 21
    banner1 = retBanner(ips[0],port)
    if banner1:
        print '[+] ' + ips[0] + ": " + banner1.strip('\n')
        checkVulns(banner1)
    banner2 = retBanner(ips[1],port)
    if banner2:
        print '[+] ' + ips[1] + ": " + banner2.strip('\n')
        checkVulns(banner2)

if __name__ == '__main__':
    main()

迭代實現：迭代探測

#!/usr/bin/python
#coding=utf-8
import socket

def retBanner(ip,port):
    try:
        socket.setdefaulttimeout(2)
        s = socket.socket()
        s.connect((ip,port))
        banner = s.recv(1024)
        return banner
    except:
        return

def checkVulns(banner):
    if 'vsFTPd' in banner:
        print '[+] vsFTPd is vulnerable.'
    elif 'FreeFloat Ftp Server' in banner:
        print '[+] FreeFloat Ftp Server is vulnerable.'
    else:
        print '[-] FTP Server is not vulnerable.'
    return

def main():
    portList = [21,22,25,80,110,443]
    ip = '10.10.10.128'
    for port in portList:
        banner = retBanner(ip,port)
        if banner:
            print '[+] ' + ip + ':' + str(port) + '--' + banner
            if port == 21:
                checkVulns(banner)

if __name__ == '__main__':
    main()

OS模塊： os.path.isfile()檢查該文件是否存在  os.access()判斷當前用戶是否有權限讀取該文件

#!/usr/bin/python
#coding=utf-8
import sys
import os
if len(sys.argv) == 2:
    filename = sys.argv[1]
    if not os.path.isfile(filename):
        print '[-] ' + filename + ' does not exit.'
        exit(0)
    if not os.access(filename,os.R_OK):
        print '[-] ' + filename + ' access denied.'
        exit(0)
    print '[+] Reading From: ' + filename

整合上面的代碼

#!/usr/bin/python
#coding=utf-8
import socket
import sys
import os

def retBanner(ip,port):
    try:
        socket.setdefaulttimeout(2)
        s = socket.socket()
        s.connect((ip,port))
        banner = s.recv(1024)
        return banner
    except:
        return

def checkVulns(banner,filename):
    f = open(filename, 'r')
    for line in f.readlines():
        if line.strip('\n') in banner:
            print '[+] Server is vulnerable: ' + banner.strip('\n')

def main():

    if len(sys.argv) == 2:

        filename = sys.argv[1]
        if not os.path.isfile(filename):
            print '[-] ' + filename + ' does not exit.'
            exit(0)

        if not os.access(filename,os.R_OK):
            print '[-] ' + filename + ' access denied.'
            exit(0)

        print '[+] Reading From: ' + filename
    else:
        print '[-] Usage: ' + str(sys.argv[0]) + ' <vuln filename>'
        exit(0)

    portList = [21,22,25,80,110,443]
    ip = '10.10.10.128'
    for port in portList:
        banner = retBanner(ip,port)
        if banner:
            print '[+] ' + ip + ':' + str(port) + '--' + banner
            if port == 21:
                checkVulns(banner,filename)

if __name__ == '__main__':
    main()

第一個程序：Unix口令破解機

這段代碼通過分別讀取兩個文件，一個為加密口令文件，另一個為用於猜測的字典文件。在testPass()函數中讀取字典文件，並通過crypt.crypt()進行加密，其中需要一個明文密碼以及兩個字節的鹽，然后再用加密后的信息和加密口令進行比較查看是否相等即可。

#!/usr/bin/python
#coding=utf-8
import crypt

def testPass(cryptPass):
    salt = cryptPass[0:2]

    dictFile = open('dictionary.txt','r')

    for word in dictFile.readlines():
        word = word.strip('\n')
        cryptWord = crypt.crypt(word,salt)
        if cryptWord == cryptPass:
            print '[+] Found Password: ' + word + "\n"
            return
    print '[-] Password not Found.\n'
    return

def main():
    passFile = open('passwords.txt')
    for line in passFile.readlines():
        if ":" in line:
            user = line.split(':')[0]
            cryptPass = line.split(':')[1].strip(' ')
            print '[*] Cracking Password For : ' + user
            testPass(cryptPass)

if __name__ == '__main__':
    main()

第二個程序：一個Zip文件口令破解機

主要使用zipfile庫的extractall()方法，其中pwd參數指定密碼

#!/usr/bin/python
#coding=utf-8
import zipfile
import optparse
from threading import Thread

def extractFile(zFile,password):
    try:
        zFile.extractall(pwd=password)
        print '[+] Fonud Password : ' + password + '\n'
    except:
        pass

def main():

    parser = optparse.OptionParser("[*] Usage: ./unzip.py -f <zipfile> -d <dictionary>")
    parser.add_option('-f',dest='zname',type='string',help='specify zip file')
    parser.add_option('-d',dest='dname',type='string',help='specify dictionary file')
    (options,args) = parser.parse_args()
    if (options.zname == None) | (options.dname == None):
        print parser.usage
        exit(0)

    zFile = zipfile.ZipFile(options.zname)
    passFile = open(options.dname)
    for line in passFile.readlines():
        line = line.strip('\n')
        t = Thread(target=extractFile,args=(zFile,line))
        t.start()

if __name__ == '__main__':
    main()