python---pexpect的ssh模拟ssh登陆

python—pexpect的ssh使用

使用的pexpect模拟kali linux客户端ssh登陆另外一台kali linux服务器
1、前提两台kali linux 机器，
kali linux 客户端 192.168.100.139
kali linux 服务器 192.168.100.140

2、使用客户端192.168.100.139 ssh能够登陆进去192.168.100.140

root@kali:~# 
root@kali:~# ifconfig#本机客户端
eth0      Link encap:Ethernet  HWaddr 00:0c:29:ad:34:08  
          inet addr:192.168.100.139  Bcast:192.168.100.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fead:3408/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2025172 errors:0 dropped:1370 overruns:0 frame:0
          TX packets:220482 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:292858397 (279.2 MiB)  TX bytes:21145429 (20.1 MiB)
          Interrupt:19 Base address:0x2000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:3287 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3287 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:216736 (211.6 KiB)  TX bytes:216736 (211.6 KiB)

root@kali:~# 
root@kali:~# ssh root@192.168.100.140
The authenticity of host '192.168.100.140 (192.168.100.140)' can't be established.
ECDSA key fingerprint is 2c:10:cc:7b:9d:37:ef:25:1b:90:aa:36:18:fb:96:29.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.140' (ECDSA) to the list of known hosts.
root@192.168.100.140's password: 

The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Dec 25 14:27:13 2017 from 192.168.100.139
root@kali:~# 
root@kali:~# ifconfig#成功登陆服务器192.168.100.140
eth0      Link encap:Ethernet  HWaddr 00:0c:29:11:91:7b  
          inet addr:192.168.100.140  Bcast:192.168.100.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe11:917b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4629 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1717 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1362999 (1.2 MiB)  TX bytes:257298 (251.2 KiB)
          Interrupt:19 Base address:0x2000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:116 errors:0 dropped:0 overruns:0 frame:0
          TX packets:116 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:6960 (6.7 KiB)  TX bytes:6960 (6.7 KiB)

root@kali:~# 
root@kali:~# exit
登出
Connection to 192.168.100.140 closed.
root@kali:~# 

3、使用pexpect模块模拟ssh登陆

root@kali:~# cd /root/python/anquangongji/
root@kali:~/python/anquangongji# pwd
/root/python/anquangongji
root@kali:~/python/anquangongji# ls
checkfile.py      dictionary.txt   passwordunix.txt        scanerftpbanner.py  vulnbanners.txt
crarkpassword.py  openfiletest.py  pexpectshhnocommand.py  scanmultports.py    vulnftpbanner.txt



root@kali:~/python/anquangongji# cat pexpectshhnocommand.py 
#!/usr/bin/python  
#coding=utf-8  
import pexpect  

#SSH连接成功时的命令行交互窗口中前面的提示字符的集合  
PROMPT = ['# ','>>> ','> ','\$ ']  

def send_command(child,cmd):  
    #发送一条命令  
    child.sendline(cmd)  

    #期望有命令行提示字符出现  
    child.expect(PROMPT)  

    #将之前的内容都输出  
    print child.before  

def connect(user,host,password):  
        #表示主机已使用一个新的公钥的消息  
    ssh_newkey = 'Are you sure you want to continue connecting'  
        connStr = 'ssh ' + user + '@' + host  

        #为ssh命令生成一个spawn类的对象  
        child = pexpect.spawn(connStr)  

        #期望有ssh_newkey字符、提示输入密码的字符出现，否则超时  
        ret = child.expect([pexpect.TIMEOUT,ssh_newkey,'[P|p]assword: '])  

        #匹配到超时TIMEOUT  
        if ret == 0:  
            print '[-] Error Connecting'  
            return  

        #匹配到ssh_newkey  
        if ret == 1:  
            #发送yes回应ssh_newkey并期望提示输入密码的字符出现  
            child.sendline('yes')  
            ret = child.expect([pexpect.TIMEOUT,'[P|p]assword: '])  

        #匹配到超时TIMEOUT  
        if ret == 0:  
            print '[-] Error Connecting'  
            return  

        #发送mima  
        child.sendline(password) 
        child.expect(PROMPT)
        return child

def main():
    host='192.168.100.140'  
        user='root'
        password='173605852'
        child=connect(user,host,password)
        send_command(child,'ls -la')

if __name__ == '__main__':
    main()

root@kali:~/python/anquangongji# 

4、运行情况

root@kali:~/python/anquangongji# 
root@kali:~/python/anquangongji# python pexpectshhnocommand.py 
ls -la
总用量 1528
drwxrwxr-x 23 root root   4096 12月 25 12:28 .
drwxr-xr-x 23 root root   4096  5月  3  2017 ..
-rw-r--r--  1 root root     94  3月 23  2017 a.t
-rw-------  1 root root  31208 12月 25 14:45 .bash_history
-rw-rw-r--  1 root root   3391  2月  5  2015 .bashrc
drwx------  9 root root   4096 12月 25 12:28 .cache
drwx------ 12 root root   4096  3月 21  2017 .config
drwx------  3 root root   4096  6月 23  2015 .dbus
drwxr-xr-x  8 root root   4096  8月 23 09:13 Desktop
drwx------  3 root root   4096  6月 21  2017 Downloads
-rw-r--r--  1 root root    183  3月 23  2017 find.py
-rw-r--r--  1 root root    204  3月 23  2017 findxsl.py
drwx------  3 root root   4096 12月 25 12:28 .gconf
drwx------  4 root root   4096  6月 23  2015 .gnome2
drwxr-xr-x  2 root root   4096  6月 23  2015 .gstreamer-0.10
drwx------  2 root root   4096  6月 23  2015 .gvfs
-rw-------  1 root root   7440 12月 25 12:28 .ICEauthority
drwxr-xr-x  3 root root   4096  1月 14  2016 .ipython
drwxr-xr-x  3 root root   4096  1月 14  2016 .java
drwxr-xr-x  3 root root   4096  6月 23  2015 .local
drwx------  3 root root   4096  6月 23  2015 .mission-control
drwx------  4 root root   4096  6月 23  2015 .mozilla
drwxr-xr-x  8 root root   4096  5月  3  2017 .msf4
-rw-r--r--  1 root root 992808  2月 15  2017 mysql-connector-java-5.1.41-bin.jar
-rw-r--r--  1 root root     60  3月 23  2017 new.txt
drwxr-xr-x  2 root root   4096  1月 14  2016 .pip
drwx------  2 root root   4096  6月  1  2016 .presage
-rw-r--r--  1 root root    140  2月  5  2015 .profile
drwx------  2 root root   4096 12月 25 12:28 .pulse
-rw-------  1 root root    256  6月 23  2015 .pulse-cookie
drwxr-xr-x  6 root root   4096  9月 18 16:08 python
-rwxrw-rw-  1 root root 221070 12月 12  2016 rizhi.xlsx
-rw-------  1 root root   1024  2月  6  2015 .rnd
-rwxrw-rw-  1 root root   1640  1月 14  2017 showNumType.py
drwx------  2 root root   4096  5月 22  2017 .ssh
-rw-r--r--  1 root root     14  3月 23  2017 test.tx
-rwxrw-rw-  1 root root   1640  1月 14  2017 test.txt
drwx------  4 root root   4096  6月  1  2016 .thumbnails
-rw-------  1 root root  20577  9月 21 16:57 .viminfo
-rw-------  1 root root   7803 12月 25 14:33 .xsession-errors
-rw-------  1 root root 128211  9月 24 14:43 .xsession-errors.old
root@kali:~
root@kali:~/python/anquangongji# 

参考：
http://blog.csdn.net/SKI_12/article/details/72972238?locationNum=2&fps=1