def run(self, ipdict, pinglist, threads, file): if isinstall == False: printRed( "[!] 抱歉没有安装paramiko库,所以ssh模块无效,如果你要爆破ssh弱口令,需要安装 paramiko 1.15.2" ) return if len(ipdict['ssh']): print "[*] crack ssh now..." print "[*] start crack ssh %s" % time.ctime() starttime = time.time() pool = Pool(threads) for ip in ipdict['ssh']: pool.apply_async(func=self.ssh_l, args=(str(ip).split(':')[0], int(str(ip).split(':')[1]))) pool.close() pool.join() print "[*] stop ssh serice %s" % time.ctime() print "[*] crack ssh done,it has Elapsed time:%s " % (time.time() - starttime) for i in xrange(len(self.result)): self.config.write_file(contents=self.result[i], file=file)
def getports(self, user_ports): if user_ports == '': self.ports = [ 21, 22, 23, 80, 81, 443, 389, 445, 843, 873, 1043, 1099, 1194, 1433, 1434, 1521, 2601, 2604, 3306, 3307, 3128, 3389, 3812, 4440, 4848, 5432, 5900, 5901, 5902, 5903, 6082, 6000, 6379, 7001, 7002, 8080, 8181, 8888, 8090, 8000, 8008, 8009, 8081, 8088, 8089, 9000, 9080, 9043, 9090, 9091, 9200, 9528, 10000, 11211, 10022, 15000, 16000, 22022, 22222, 27017, 28017, 17017, 18017, 11321, 50060 ] else: try: if user_ports.find(",") > 0: for port in user_ports.split(','): self.ports.append(int(port)) elif user_ports.find("-") > 0: startport = int(user_ports.split('-')[0]) endport = int(user_ports.split('-')[1]) for i in xrange(startport, endport + 1): self.ports.append(i) else: self.ports.append(int(user_ports)) except: printRed( '[!] not a valid ports given. you should put ip like 22,80,1433 or 22-1000' ) exit()
def get_ips(ip): """ 获取ip :param ip: :return: """ ip_list = [] try: if "-" in ip.split(".")[3]: start_num = int(ip.split(".")[3].split("-")[0]) end_num = int(ip.split(".")[3].split("-")[1]) for i in range(start_num, end_num): ip_list.append("%s.%s.%s.%s" % (ip.split(".")[0], ip.split(".")[1], ip.split(".")[2], i)) else: ips = IP(ip) for i in ips: ip_list.append(str(i)) return ip_list except: printRed( "[!] not a valid ip given. you should put ip like 192.168.1.0/24, 192.168.0.0/16,192.168.0.1-200" ) sys.exit(0)
def get_ports(self, user_ports): """ 获取扫描端口列表 :param user_ports: :return: """ if user_ports == '': # 文件中读,端口配置 user_ports = open("conf/ports.conf", "r").read().replace("\r", "").replace("\n", "") try: self.ports = user_ports.split(",") remove_port = [] for p in self.ports: if str(p).find("-") >= 0: remove_port.append(str(p)) start = int(p.split("-")[0]) end = int(p.split("-")[1]) + 1 for i in range(start, end): self.ports.append(i) else: pass for repate in remove_port: self.ports.remove(repate) except: printRed( '[!] not a valid ports given. you should put ip like 22,80,1433 or 22-1000' ) sys.exit()
def scan_ports(self): """ 扫端口及其对应服务类型函数 :return: """ while True: ip, port = self.sp.get() s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # 判断端口的服务类型 service = 'Unknown' try: s.connect((ip, int(port))) except: self.sp.task_done() continue try: result = s.recv(256) if not result: raise Exception service = self.match_banner(result, self.signs) except: for probe in self.probes: # print probe try: s.close() sd = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sd.settimeout(5) sd.connect((ip, int(port))) sd.send(probe) except: continue try: result = sd.recv(256) service = self.match_banner(result, self.signs) if service != 'Unknown': break except: continue if service not in self.ip_dict: self.ip_dict[service] = [] self.ip_dict[service].append(ip + ':' + str(port)) self.lock.acquire() printRed("%s opening %s\r\n" % (ip, port)) self.lock.release() else: self.ip_dict[service].append(ip + ':' + str(port)) self.lock.acquire() printRed("%s opening %s\r\n" % (ip, port)) self.lock.release() self.sp.task_done()
def scanports(self): while True: ip,port=self.sp.get() #print ip,port s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) #判断端口的服务类型 service='Unknown' try: s.connect((ip,port)) except: self.sp.task_done() continue try: result = s.recv(256) service=self.matchbanner(result,self.signs) except: for probe in self.PROBES: #print probe try: s.close() sd=socket.socket(socket.AF_INET, socket.SOCK_STREAM) sd.settimeout(5) sd.connect((ip,port)) sd.send(probe) except: continue try: result=sd.recv(256) service=self.matchbanner(result,self.signs) if service!='Unknown': break except: continue if service not in self.ipdict: self.ipdict[service]=[] self.ipdict[service].append(ip+':'+str(port)) self.lock.acquire() printRed("%s opening %s\r\n" %(ip,port)) self.lock.release() else: self.ipdict[service].append(ip+':'+str(port)) self.lock.acquire() printRed("%s opening %s\r\n" %(ip,port)) self.lock.release() self.sp.task_done()
def getips(self,ip): iplist=[] try: if "-" in ip.split(".")[3]: startnum=int(ip.split(".")[3].split("-")[0]) endnum=int(ip.split(".")[3].split("-")[1]) for i in range(startnum,endnum): iplist.append("%s.%s.%s.%s" %(ip.split(".")[0],ip.split(".")[1],ip.split(".")[2],i)) else: ips=IP(ip) for i in ips: iplist.append(str(i)) return iplist except: printRed("[!] not a valid ip given. you should put ip like 192.168.1.0/24, 192.168.0.0/16,192.168.0.1-200") exit()
def getports(self,user_ports): if user_ports=='': self.ports=[21,22,23,80,81,443,389,445,843,873,1043,1099,1194,1433,1434,1521,2601,2604,3306,3307,3128,3389,3812,4440,4848,5432,5900,5901,5902,5903,6082,6000,6379,7001,7002,8080,8181,8888,8090,8000,8008,8009,8081,8088,8089,9000,9080,9043,9090,9091,9200,9528,10000,11211,10022,15000,16000,22022,22222,27017,28017,17017,18017,11321,50060] else: try: if user_ports.find(",")>0: for port in user_ports.split(','): self.ports.append(int(port)) elif user_ports.find("-")>0: startport=int(user_ports.split('-')[0]) endport=int(user_ports.split('-')[1]) for i in xrange(startport,endport+1): self.ports.append(i) else: self.ports.append(int(user_ports)) except : printRed('[!] not a valid ports given. you should put ip like 22,80,1433 or 22-1000') exit()
def pinger(self): while True: ip=self.q.get() if platform.system()=='Linux': p=Popen(['ping','-c 2',ip],stdout=PIPE) m = re.search('(\d)\sreceived', p.stdout.read()) try: if m.group(1)!='0': self.pinglist.append(ip) self.lock.acquire() printRed("%s is live!!\r\n" % ip) self.lock.release() except:pass if platform.system()=='Darwin': import commands p=commands.getstatusoutput("ping -c 2 "+ip) m = re.findall('ttl', p[1]) try: if m: self.pinglist.append(ip) self.lock.acquire() printRed("%s is live!!\r\n" % ip) self.lock.release() except:pass if platform.system()=='Windows': p=Popen('ping -n 2 ' + ip, stdout=PIPE) m = re.findall('TTL', p.stdout.read()) if m: self.pinglist.append(ip) self.lock.acquire() printRed("%s is live!!\r\n" % ip) self.lock.release() self.q.task_done()
def pinger(self): """ 多线程继续ping扫描 ping 扫描 :return: """ while True: ip = self.q.get() if platform.system() == 'Linux': p = Popen(['ping', '-c 2', ip], stdout=PIPE) m = re.search('(\d)\sreceived', p.stdout.read()) try: if m.group(1) != '0': self.ping_list.append(ip) self.lock.acquire() printRed("%s is live!!\r\n" % ip) self.lock.release() except: pass if platform.system() == 'Darwin': import commands p = commands.getstatusoutput("ping -c 2 " + ip) m = re.findall('ttl', p[1]) try: if m: self.ping_list.append(ip) self.lock.acquire() printRed("%s is live!!\r\n" % ip) self.lock.release() except: pass if platform.system() == 'Windows': p = Popen('ping -n 2 ' + ip, stdout=PIPE) m = re.findall('TTL', p.stdout.read()) if m: self.ping_list.append(ip) self.lock.acquire() printRed("%s is live!!\r\n" % ip) self.lock.release() self.q.task_done()