目录
注:本文章用于博主搜集python脚本,对于可以运行的脚本进行汇总和结果展示,大部分代码来源于网络,侵删。
爬取免费HTTP及HTTPS代理
#!/usr/bin/env python3
# coding:utf-8
# date:2019/04/17
# 免费代理爬取
from gevent import monkey
monkey.patch_all()
import gevent
import requests
from bs4 import BeautifulSoup
headers = {
'User-Agent': 'Mozilla/8.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36'
}
class GetProxy:
def __init__(self):
self.ip_https_list_tmp = set()
self.ip_http_list_tmp = set()
self.ip_https_list = set() # 筛选之后的https代理
self.ip_http_list = set() # 筛选之后的http的代理
def get(self):
self._xicidaili(5)
gevent.joinall([gevent.spawn(self._check) for i in range(0, 100)])
def _xicidaili(self, pages=5):
# 西刺免费代理IP https://www.xicidaili.com
for page in range(0, pages):
url = "https://www.xicidaili.com/nt/{}".format(page)
r = requests.get(url, headers=headers)
soup = BeautifulSoup(r.text, 'lxml')
trs = soup.find_all('tr')
for i in range(1, len(trs)):
tr = trs[i]
tds = tr.find_all("td")
ip_item = tds[5].text.lower() + "://" + tds[1].text + ":" + tds[2].text
if ip_item[:5] == "https":
self.ip_https_list_tmp.add(ip_item)
elif ip_item[:4] == "http":
self.ip_http_list_tmp.add(ip_item)
def _check(self):
# 用百度验证https代理
while len(self.ip_https_list_tmp) > 0:
ip_for_test = self.ip_https_list_tmp.pop()
proxies = {
'https': ip_for_test
}
try:
response = requests.get('https://www.baidu.com', headers=headers, proxies=proxies, timeout=3)
if response.status_code == 200:
self.ip_https_list.add(ip_for_test)
except:
continue
# 验证http代理
while len(self.ip_http_list_tmp) > 0:
ip_for_test = self.ip_http_list_tmp.pop()
proxies = {
'http': ip_for_test
}
try:
response = requests.get('http://httpbin.org/ip', headers=headers, proxies=proxies, timeout=3)
if response.status_code == 200:
self.ip_http_list.add(ip_for_test)
except:
continue
if __name__ == "__main__":
Proxy = GetProxy()
Proxy.get()
print("https代理:")
print(Proxy.ip_https_list)
print("http代理:")
print(Proxy.ip_http_list)
![](https://i-blog.csdnimg.cn/blog_migrate/b77c068670ed4f84b6d4db2152b08214.png)
地址段IP发现
import ipaddress
import multiprocessing
import random
from scapy.layers.inet import IP, ICMP
from scapy.sendrecv import sr1
DIP = "121.17.123.1/24"
BNUM = 20
TNUM = 64
def getBytes(num):
res = ''.join(random.sample('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567', num))
return bytes(res, encoding='utf-8')
def ping(ip):
pkt = IP(dst=ip) / ICMP() / getBytes(BNUM)
res = sr1(pkt, timeout=5, verbose=False)
if res:
return True, ip
else:
return False, ip
def getIpList(ip):
temp = ipaddress.ip_network(ip, False).hosts()
ipList = []
for i in temp:
ipList.append(str(i))
return ipList
def ipScan(ip, num):
ipList = getIpList(ip)
pool = multiprocessing.Pool(processes=int(TNUM))
result = pool.map(ping, ipList)
pool.close()
pool.join()
for res, ip in result:
if res:
print(ip)
if __name__ == "__main__":
ipScan(DIP, TNUM)
![](https://i-blog.csdnimg.cn/blog_migrate/f4df3c036b4a21ccb206bfdcde11eb3e.png)
这个脚本自己写的,还不会写参数,只好弄全局变量了,地址是我随便敲的,各位看官不要一直ping人家,换一个地址段试试。
Ping命令
"""
--coding:utf-8--
@File: Ping.py
@Author:frank yu
@DateTime: 2020.12.13 10:35
@Contact: frankyu112058@gmail.com
@Description:Implement of Ping
"""
import random
import socket
import struct
import time
def checksum(msg):
"""
:param msg:icmp message(bytes)
:return:checksum(bytes)
"""
check_sum = 0
n = len(msg)
def carry_around_add(a, b):
c = a + b
return (c & 0xffff) + (c >> 16)
for i in range(0, n, 2):
w = msg[i] + (msg[i + 1] << 8)
check_sum = carry_around_add(check_sum, w)
res = ~check_sum & 0xffff
res = res >> 8 | (res << 8 & 0xff00)
return res
def icmp_packet(sequence_number):
"""
:param sequence_number:
:return: binary of icmp packet
"""
icmp_type = 8 # ICMP Echo Request
icmp_code = 0 # zero
icmp_checksum = 0 # set to zero first
icmp_Identifier = 1 # Identifier
icmp_Sequence_number = sequence_number
icmp_Data = b'abcdefghijklmnopqrstuvwabcdefghi' # data
icmp_message = struct.pack('>2B3H32s', icmp_type, icmp_code, icmp_checksum, icmp_Identifier, icmp_Sequence_number,
icmp_Data)
icmp_checksum = checksum(icmp_message)
icmp_message = struct.pack('>2B3H32s', icmp_type, icmp_code, icmp_checksum, icmp_Identifier, icmp_Sequence_number,
icmp_Data)
return icmp_message
def icmp_request(dst_addr, pkt, timeout=2):
"""
send icmp packet and return socket for listening
:param timeout: timeout
:param dst_addr: ip of destination address
:param pkt: packet of icmp
:return: socket of icmp,time
"""
icmp_socket = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
icmp_socket.settimeout(timeout)
icmp_socket.sendto(pkt, (dst_addr, 80))
send_time = time.time()
return icmp_socket, send_time
def icmp_reply(icmp_socket, send_time, sequence_num):
"""
monitor the icmp socket and return how much time spent if receives reply msg
:param icmp_socket:socket which sent icmp msg before
:param send_time: time when send icmp request
:param sequence_num:sequence num
:return:time and TTL/-1,-1
"""
try:
recv_pkt, addr = icmp_socket.recvfrom(1024)
# print(recv_pkt)
recv_time = time.time()
icmpHeader = recv_pkt[20:28]
type, _, _, _, sequence = struct.unpack(">2B3H", icmpHeader)
if type == 0 and sequence == sequence_num:
return recv_time - send_time, recv_pkt[8]
except socket.timeout:
return -1, -1
def ping(host):
"""
:param host:domain name or ip addr
:return: None
"""
Sequence_number = random.randint(0, 10 ** 4)
# 若为ip,不变;若为域名,转为ip
try:
dst_addr = socket.gethostbyname(host)
except socket.gaierror:
print(f'something wrong, please check your input.')
exit(0)
miss, short, long, alltime = 0, 10 ** 9, 0, []
print(f"正在 Ping {host} [{dst_addr}] 具有 32 字节的数据:")
for i in range(0, 4):
# 构造icmp数据包
icmp_pkt = icmp_packet(Sequence_number + i)
# print(icmp_pkt)
# 发送并记录时间
icmp_socket, send_time = icmp_request(dst_addr, icmp_pkt)
# 接收并计算时间差
times, TTL = icmp_reply(icmp_socket, send_time, Sequence_number + i)
if times >= 0:
print(f"来自 {dst_addr} 的回复: 字节=32 时间={int(times * 1000)}ms TTL={TTL}")
if short > times:
short = times
if long < times:
long = times
alltime.append(times * 1000)
time.sleep(1)
else:
print("请求超时。")
miss += 1
print()
print(f'{dst_addr} 的 Ping 统计信息:\n'
f' 数据包: 已发送 = 4,已接收 = {4 - miss},丢失 = {miss} ({int(miss / 4 * 100)}% 丢失),')
if miss < 4:
print('往返行程的估计时间(以毫秒为单位):\n'
f' 最短 = {int(short * 1000)}ms,最长 = {int(long * 1000)}ms,平均 = {int(sum(alltime) / (4 - miss))}ms')
return None
if __name__ == '__main__':
host = input('please input domain name or ip addr:')
ping(host)
学习了ICMP协议之后,写的上面这个脚本。 可以实现简单的Ping命令。
端口扫描
# /usr/bin/env python3
# _*_ coding:utf-8 _*_
# auther: saucerman
# project: https://github.com/saucer-man/penetration-script
"""
基于python-nmap的端口扫描器
pip install python-nmap
"""
import sys
import time
from colorama import init, Fore, Back, Style
import getopt
# 颜色定义
init(autoreset=True)
class Colored(object):
def red(self, s):
return Fore.RED + s + Fore.RESET
def blue(self, s):
return Fore.BLUE + s + Fore.RESET
def yellow(self, s):
return Fore.YELLOW + s + Fore.RESET
color = Colored()
try:
import nmap
except:
print("FATAL: Module nmap missing (python-nmap)")
sys.exit(1)
# 使用说明
def usage():
print(color.blue('Usage: port scanner'))
print(color.blue('\t-h/--host:\tpoint the target to scan'))
print(color.blue('\t-p/--port:\tpoint the port to scan(not nessesary)'))
print(color.blue('Examples:'))
print(color.blue('\tpython port_scanner.py -h 10.10.10.1'))
print(color.blue('\tpython port_scanner.py -h 10.10.10.1 -p 80,443,8080'))
print(color.blue('\tpython port_scanner.py -h 10.10.10.1 -p 1-1024'))
print(color.blue('\nSEE THE MAN PAGE (https://github.com/saucer-man/saucer-frame) FOR MORE OPTIONS AND EXAMPLES'))
sys.exit(0)
# 扫描
def scanner(host, ports):
nm = nmap.PortScanner()
try:
print('Scanner report for %s\n' % host)
if len(ports) == 0:
result = nm.scan(host)
else:
result = nm.scan(host, ports)
if result['nmap']['scanstats']['uphosts'] == '0':
print(color.red('Host seems down'))
else:
print('Host is up')
print("{:<7}\t{:<7}\t{:<7}\t{:<7}".format('PORT', 'STATE', 'SERVICE', 'VERSION'))
for k, v in result['scan'][host]['tcp'].items():
if v['state'] == 'open':
print(color.yellow("{:<7}\t{:<7}\t{:<7}\t{:<7}".format(str(k), v['state'], v['name'],
v['product'] + v['version'])))
else:
print(color.yellow("{:<7}\t{:<7}".format(str(k), v['state'])))
except Exception as e:
print(color.red("unhandled Option"))
usage()
def main():
start = time.time()
# 解析命令行
if not len(sys.argv[1:]):
usage()
try:
opts, args = getopt.getopt(sys.argv[1:], "h:p:",
["host=", "port="])
except:
print(color.red("unhandled Option"))
usage()
ports = ''
for o, a in opts:
if o == "-h" or o == "--host":
host = a
elif o == "-p" or o == "--port":
ports = a
print("Starting port scanner...")
scanner(host, ports)
end = time.time()
print('\n\nScanner down with %0.6f seconds.' % (end - start))
if "__main__" == __name__:
main()
![](https://i-blog.csdnimg.cn/blog_migrate/fb5645067f1f59849b3304e764b3ed1c.png)
右侧是我使用nmap进行的扫描。
Burpsuite抓包转字典
"""
--coding:utf-8--
@File: pak_dict.py
@Author:frank yu
@DateTime: 2020.10.13 9:53
@Contact: frankyu112058@gmail.com
@Description:
"""
# pak = 'dvwa_midium_error.txt'
pak = 'dvwa_midium_blind.txt'
def pak2dict(pak):
"""
:param pak:burpsuite抓的包
:return: 字典格式的数据
"""
with open(pak, 'r', encoding='utf-8') as f:
cons = f.readlines()
line = 0
headers = {}
payloads = {}
flag = False
for row in cons:
row = row[:-1]
# print(row)
line += 1
if line == 1:
continue
else:
if row == "":
flag = True
continue
# 保存headers
if not flag:
# print(row.split(':'))
# exit(0)
key, value = row.split(':', maxsplit=1)
headers[key] = value
else:
datas = row.split('&')
# print(datas)
for data in datas:
# print(data)
# exit(0)
key, value = data.split('=')
payloads[key] = value
print('headers={')
for k, v in headers.items():
print("'", k, "'", ':', "'", v[1:], "',", sep='')
print('}')
print('payloads=', payloads)
if __name__ == "__main__":
pak2dict(pak)
dvwa_midium_blind.txt
POST /dvwa/vulnerabilities/sqli_blind/ HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 18 Origin: http://127.0.0.1 Connection: close Referer: http://127.0.0.1/dvwa/vulnerabilities/sqli_blind/ Cookie: security=medium; csrftoken=7Gjcd9xR7MgIk7A7e0yks1RDppbErY9WYTFXpjxyYSzOPkEsscYH4xMZAfGzKuBy; PHPSESSID=dl44r7ov1c3khuv4k3587vgsk2 Upgrade-Insecure-Requests: 1 id=1&Submit=Submit
运行结果:
![](https://i-blog.csdnimg.cn/blog_migrate/3e1ad43c02b517aadfa45ea62cae8215.png)
更多内容查看:网络安全-自学笔记
有问题请下方评论,转载请注明出处,并附有原文链接,谢谢!如有侵权,请及时联系。