使用python脚本发送HTTP请求
获取包中的内容
import requests
rep=requests.get("http://111.200.241.244:62607").text
print(rep)
发送请求,params中的内容表示GET请求,data表示POST请求
import requests
rep=requests.post("http://111.200.241.244:62607",params={"a":"1"},data={"b":"2"}).text
print(rep)
#获取HTTP状态码
import requests
url = "https://httpbin.org/get"
r = requests.get(url)
print(r.status_code)
#没有参数传递的GET请求
import requests
url = "https://www.baidu.com"
r = requests.get(url=url)
print(r.url)
print(r.status_code)
#有参数传递的GET请求
import requests
url = "http://127.0.0.1/index.php"
payload={'username':'admin','password':'admin','submit':'登录'}
r = requests.get(url,params=payload)
result = r.content
if str(result).find('succ'):
print("admin:admin"+'successful')
#但是实际情况下,一般都是通过读取字典文件来获取用户名和密码
#有参数传递的POST请求
import requests
url = "http://127.0.0.1/index.php"
data = {'username':'admin', 'password':'admin', 'submit':'登录'}
r = requests.post(url, data=data)
print(r.status_code)
if r.text.find('succ'):
print('admin:admin' + 'successful')
#自定义请求头
import requests
url = "http://127.0.0.1/index.php"
headers = {"User-Agent":"HAHA"}
r1 = requests.get(url)
print(r1.request.headers)
r = requests.get(url, headers=headers)
print(r.request.headers)
#获取响应状态码
import requests
url = "http://127.0.0.1/index.php"
r = requests.get(url)
print(r.status_code)
#获取响应文本
import requests
url = "http://127.0.0.1/index.php"
r = requests.get(url)
print(r.status_code)
print(r.text)#返回源代码
print("*"*100)
print(r.content)#返回二进制数据
#获取请求头和响应头
import requests
url = "http://127.0.0.1/index.php"
r = requests.get(url)
print(r.headers)#获取请求头
print(r.request.headers)#获取响应头
#获取请求url
import requests
url = "http://127.0.0.1/index.php"
r = requests.get(url, params={"username":"小明", "password":"123"})
print(r.url)
#获取Cookie
import requests
url = "https://www.baidu.com"
r = requests.get(url)
print(r.cookies)
#HTTP代理和BP截断
import requests
url = "https://www.baidu.com"
#kali的ip:192.168.1.101
proxies = {'http':'http://192.168.100.9:8080', 'https':'https://192.168.100.9:8080'}
r = requests.get(url, proxies=proxies, verify=False)
#verify=False不进行证书合法性的验证
print(r.status_code)
#HTTP会话编程(携带Cookie的会话)
import requests
url = "https://www.baidu.com"
s = requests.Session()
r = s.get(url)
print(r.cookies)
print(r.request.headers)
r1 = s.get(url)
print(r1.request.headers)
#Python目录扫描工具
f = open("demo1.txt", "r")
for line in f.readlines():
print(line.strip())
f.close()
f = open("demo1.txt", "r")
line1=f.readline()
print(line1.strip())
f = open("demo1.txt", "r")
line1=f.read(3)
print(line1.strip())
f.close()
with open("demo1.txt", "r") as f:
for line in f.readlines():
print(line.strip())
#HTTP GET请求
import requests
url = "http://127.0.0.1/"
with open("dir.txt", "r") as f:
for line in f.readlines():
line = line.strip()
r = requests.get(url+line)
if r.status_code == 200:
print("url:"+r.url+" exist")
#参数优化
import requests
url = sys.argv[1]
with open("dir.txt", "r") as f:
for line in f.readlines():
line = line.strip()
r = requests.get(url+line)
if r.status_code == 200:
print("url:"+r.url+" exist")
import requests
import sys
url = sys.argv[1]
dic = sys.argv[2]
with open(dic, "r") as f:
for line in f.readlines():
line = line.strip()
r = requests.get(url+line)
if r.status_code == 200:
print("url:"+r.url+" exist")
#文件读写的补充
import requests
f1 = open("dir.txt", "w")
f1.write('brute')#会写入内容,并覆盖原来的内容
f1.close()
f2 = open("dir.txt")
for line in f2.readlines():
print(line.strip())
f2.close()
import requests
f1 = open("dir.txt", "a")
f1.write('brute1')#会写入内容,但不会覆盖原来的内容
f1.close()
f2 = open("dir.txt")
for line in f2.readlines():
print(line.strip())
f2.close()
#自定义User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
import requests
url = "https://www.baidu.com"
headers = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0'}#可以设置多个User-Agent
r = requests.get(url,headers=headers)
print(r.request.headers)
#Python IIS PUT漏洞探测工具
import requests
url = "http://192.168.0.107"
r = requests.options(url)
# print(r.headers)
# print(r.headers["Allow"])
# print(r.headers["Public"])
result = r.headers['Public']
# print(type(result))
if result.find("PUT") and result.find("MOVE"):
print(result)
print("exist IIS put vul")
else:
print("not exist")
#获取HTTP服务器信息
import requests
url = "http://192.168.0.107"
r = requests.get(url)
print(r.headers)
print("服务器中间件为:"+r.headers['Server'])
print("服务器脚本语言为:"+r.headers['X-Powered-By'])
#Python漏洞检测工具
import requests
url = "http://192.168.0.107"
r = requests.get(url)
# print(r.headers)
# print(r.headers['Server'])
remote_server = r.headers['Server']
print(remote_server)
print(type(remote_server))
if remote_server.find("IIS/7.5") or remote_server("IIS/8.0"):
payload = {}
r1 = requests.get(url,headers=headers)
print(r1.requests.headers)
print(r1.content)
if str(r1.content).find("Requested Range Not Satisfiable"):
print(url+"exist vuln ms15-034")
else:
print(url+"not exist vuln ms15-034")
#开始探测
else:
print("Server not a iis 7.5 or iis 8.0")
#站点地图的构建
用BP的spider进行爬取
#optparse模块
from email import parser
from email.parser import Parser
import optparse
parser = optparse.OptionParser()#初始化
parser.usage = "command_args.py -u user_file"
parser.add_option("-u", "--user_file", help="read username from file", action="store", type="string", metavar="FILE", dest="username_file")
(option, args)=parser.parse_args()
print(options.username_file)
#Web密码破解命令行读取模板编写(username password url threads)
from email import parser
from email.parser import Parser
import optparse
from yaml import parse
parser = optparse.OptionParser()
parser.usage = "web_brute_command.py -s url -u user_file -p -pass_file -t num"
parser.add_option("-s", "--site", dest="website", help="website to test", action="store", type="string", metavar="URL")
parser.add_option("-u", "--userfile", dest="userfile", help="username from file", action="store", type="string", metavar="USERFILE")
parser.add_option("-p", "--passfile", dest="passfile", help="password from file", action="store", type="string", metavar="PASSFILE")
parser.add_option("-t", "--threads", dest="threads", help="number of threads", actions="store", type="int", metavar="THREADS")
(option, args)=parser.parse_args()
print(options.website)
print(options.userfile)
print(options.passfile)
print(options.threads)
#Python SQL注入探测工具编写