scapy模块
ARP/IP/ICMP/TCP方法
import scapy
from scapy.layers.inet import IP, TCP
from scapy.layers.l2 import ARP
from scapy.sendrecv import sr1
from scapy.all import *
scapy发送方法:
send(ICMP IP TCP) #只管发
sendp(Ether) #只管发 --交换机
sr1(ICMP IP TCP) #发送并接收回复
srp(Ether) #发送并接收回复 -- 交换机
D:train\>scapy.exe
>>> ARP().display() 或 ARP().show()
###[ ARP ]###
hwtype = Ethernet (10Mb) # 硬件类型 0x1,链路层
ptype = IPv4 # 协议类型 0x800,网络层
hwlen = 6 # 硬件地址长度 mac
plen = 4 # 协议地址长度
op = who-has
hwsrc = 00:0c:29:3a:3c:3b # 源mac地址
psrc = 192.168.0.106 # 源IP地址
hwdst = 00:00:00:00:00:00 # 目的mac
pdst = 0.0.0.0 # 目的IP
pkg = ARP(psrc='192.168.0.103', pdst='192.168.0.1')
reply = sr1(pkg, timeout=2秒, verbose=False)
print(reply[ARP].psrc) # 即192.168.0.1
>>> ICMP().display()
###[ ICMP ]###
type = echo-request
code = 0
chksum = None
id = 0x0 #标识不同ping进程
seq = 0x0
unused = ''
>>> IP().display()
###[ IP ]###
version = 4 # ipv4
ihl = None # 头部长度
tos = 0x0 # 服务,流量标记
len = None # 总长度
id = 1 # 标识
flags = # 是否分片数据传输
frag = 0 # 每个分片距离头部的偏移
ttl = 64 # 生存时间
proto = hopopt # 传输控制协议
chksum = None # 头部校验和
src = 127.0.0.1 # 源地址
dst = 127.0.0.1 # 目的地址
reply = sr1(IP(dst="192.168.1.1")/ICMP(),timeout=1) # 实例
>>> TCP().display()
###[ TCP ]###
sport = ftp_data # 源端口
dport = http # 目的端口
seq = 0 # 32位序号
ack = 0 # 32位确认序号
dataofs = None # 头部长度
reserved = 0 # 保留6位
flags = S # 标志类型: SYN,ACK,FIN,RST,PSH,URG
window = 8192 # 窗口大小
chksum = None # 16位校验和
urgptr = 0 # 优先指针
options = '' # 选项
pkg = IP(psrc='192.168.0.103', pdst='192.168.0.1')/TCP(flags="S",dport=80)
reply = sr1(pkg,timeout=1)
print(reply[TCP].flags)
requests模块
import requests
# 发送GET请求
resp = requests.get('http://example.com/')
resp.encoding = 'utf-8' # 设置编码格式
print(resp.text) # 打印响应正文
# 发送POST请求
data = {'username':'admin', 'password':'admin123', 'verifycode':'0000'}
resp = requests.post(url='http://example.com/user/login', data=data)
print(resp.text)
print(resp.headers) # 打印响应头
if resp.text == 'login-pass': # 对响应进行判断
print("登录成功")
else:
print("登录失败")
# 登录成功后获取响应的Cookie,用于在后续请求中使用
cookie = resp.cookies
# 下载图片
resp = requests.get('http://www.example.com/img/banner.jpg')
with open('./banner.jpg', mode='wb') as file:
file.write(resp.content)
# 文件上传
file = {'batchfile': open('E:/Other/Test.xls', 'rb')}
data = {'batchname': 'GB20211009'}
resp = requests.post(url='http://example.com/goods/upload', data=data, files=file, cookies=cookie)
print(resp.text)
# 第二种维持Session的用法(推荐)
session = requests.session()
data = {'username':'admin', 'password':'admin123', 'verifycode':'0000'}
resp = session.post(url='http://example.com/user/login', data=data)
file = {'batchfile': open('E:/Other/Test.xls', 'rb')}
data = {'batchname': 'GB20211007'}
resp = session.post(url='http://example.com/goods/upload', data=data, files=file)
print(resp.text)
print(type(resp.text))
# 利用Python直接处理JSON
import json
list = json.loads(resp.text) # 将字符串反序列化成List+Dict的Python对象
print(list)
print(type(list))
print(list[1]['goodsname']) # 输出字典的某个值
# 处理HTTPS请求
resp = requests.get('https://www.example.com', verify=False) # 忽略证书
print(resp.text)