def run(self, ipdict, pinglist, threads, file):
if isinstall == False:
printRed(
"[!] 抱歉没有安装paramiko库,所以ssh模块无效,如果你要爆破ssh弱口令,需要安装 paramiko 1.15.2"
)
return
if len(ipdict['ssh']):
print "[*] crack ssh now..."
print "[*] start crack ssh %s" % time.ctime()
starttime = time.time()
pool = Pool(threads)
for ip in ipdict['ssh']:
pool.apply_async(func=self.ssh_l,
args=(str(ip).split(':')[0],
int(str(ip).split(':')[1])))
pool.close()
pool.join()
print "[*] stop ssh serice %s" % time.ctime()
print "[*] crack ssh done,it has Elapsed time:%s " % (time.time() -
starttime)
for i in xrange(len(self.result)):
self.config.write_file(contents=self.result[i], file=file)
def getports(self, user_ports):
if user_ports == '':
self.ports = [
21, 22, 23, 80, 81, 443, 389, 445, 843, 873, 1043, 1099, 1194,
1433, 1434, 1521, 2601, 2604, 3306, 3307, 3128, 3389, 3812,
4440, 4848, 5432, 5900, 5901, 5902, 5903, 6082, 6000, 6379,
7001, 7002, 8080, 8181, 8888, 8090, 8000, 8008, 8009, 8081,
8088, 8089, 9000, 9080, 9043, 9090, 9091, 9200, 9528, 10000,
11211, 10022, 15000, 16000, 22022, 22222, 27017, 28017, 17017,
18017, 11321, 50060
]
else:
try:
if user_ports.find(",") > 0:
for port in user_ports.split(','):
self.ports.append(int(port))
elif user_ports.find("-") > 0:
startport = int(user_ports.split('-')[0])
endport = int(user_ports.split('-')[1])
for i in xrange(startport, endport + 1):
self.ports.append(i)
else:
self.ports.append(int(user_ports))
except:
printRed(
'[!] not a valid ports given. you should put ip like 22,80,1433 or 22-1000'
)
exit()
def get_ips(ip):
"""
获取ip
:param ip:
:return:
"""
ip_list = []
try:
if "-" in ip.split(".")[3]:
start_num = int(ip.split(".")[3].split("-")[0])
end_num = int(ip.split(".")[3].split("-")[1])
for i in range(start_num, end_num):
ip_list.append("%s.%s.%s.%s" %
(ip.split(".")[0], ip.split(".")[1],
ip.split(".")[2], i))
else:
ips = IP(ip)
for i in ips:
ip_list.append(str(i))
return ip_list
except:
printRed(
"[!] not a valid ip given. you should put ip like 192.168.1.0/24, 192.168.0.0/16,192.168.0.1-200"
)
sys.exit(0)
def get_ports(self, user_ports):
"""
获取扫描端口列表
:param user_ports:
:return:
"""
if user_ports == '':
# 文件中读,端口配置
user_ports = open("conf/ports.conf",
"r").read().replace("\r", "").replace("\n", "")
try:
self.ports = user_ports.split(",")
remove_port = []
for p in self.ports:
if str(p).find("-") >= 0:
remove_port.append(str(p))
start = int(p.split("-")[0])
end = int(p.split("-")[1]) + 1
for i in range(start, end):
self.ports.append(i)
else:
pass
for repate in remove_port:
self.ports.remove(repate)
except:
printRed(
'[!] not a valid ports given. you should put ip like 22,80,1433 or 22-1000'
)
sys.exit()
def scan_ports(self):
"""
扫端口及其对应服务类型函数
:return:
"""
while True:
ip, port = self.sp.get()
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# 判断端口的服务类型
service = 'Unknown'
try:
s.connect((ip, int(port)))
except:
self.sp.task_done()
continue
try:
result = s.recv(256)
if not result:
raise Exception
service = self.match_banner(result, self.signs)
except:
for probe in self.probes:
# print probe
try:
s.close()
sd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sd.settimeout(5)
sd.connect((ip, int(port)))
sd.send(probe)
except:
continue
try:
result = sd.recv(256)
service = self.match_banner(result, self.signs)
if service != 'Unknown':
break
except:
continue
if service not in self.ip_dict:
self.ip_dict[service] = []
self.ip_dict[service].append(ip + ':' + str(port))
self.lock.acquire()
printRed("%s opening %s\r\n" % (ip, port))
self.lock.release()
else:
self.ip_dict[service].append(ip + ':' + str(port))
self.lock.acquire()
printRed("%s opening %s\r\n" % (ip, port))
self.lock.release()
self.sp.task_done()
def scanports(self):
while True:
ip,port=self.sp.get()
#print ip,port
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
#判断端口的服务类型
service='Unknown'
try:
s.connect((ip,port))
except:
self.sp.task_done()
continue
try:
result = s.recv(256)
service=self.matchbanner(result,self.signs)
except:
for probe in self.PROBES:
#print probe
try:
s.close()
sd=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sd.settimeout(5)
sd.connect((ip,port))
sd.send(probe)
except:
continue
try:
result=sd.recv(256)
service=self.matchbanner(result,self.signs)
if service!='Unknown':
break
except:
continue
if service not in self.ipdict:
self.ipdict[service]=[]
self.ipdict[service].append(ip+':'+str(port))
self.lock.acquire()
printRed("%s opening %s\r\n" %(ip,port))
self.lock.release()
else:
self.ipdict[service].append(ip+':'+str(port))
self.lock.acquire()
printRed("%s opening %s\r\n" %(ip,port))
self.lock.release()
self.sp.task_done()
def getips(self,ip):
iplist=[]
try:
if "-" in ip.split(".")[3]:
startnum=int(ip.split(".")[3].split("-")[0])
endnum=int(ip.split(".")[3].split("-")[1])
for i in range(startnum,endnum):
iplist.append("%s.%s.%s.%s" %(ip.split(".")[0],ip.split(".")[1],ip.split(".")[2],i))
else:
ips=IP(ip)
for i in ips:
iplist.append(str(i))
return iplist
except:
printRed("[!] not a valid ip given. you should put ip like 192.168.1.0/24, 192.168.0.0/16,192.168.0.1-200")
exit()
def getports(self,user_ports):
if user_ports=='':
self.ports=[21,22,23,80,81,443,389,445,843,873,1043,1099,1194,1433,1434,1521,2601,2604,3306,3307,3128,3389,3812,4440,4848,5432,5900,5901,5902,5903,6082,6000,6379,7001,7002,8080,8181,8888,8090,8000,8008,8009,8081,8088,8089,9000,9080,9043,9090,9091,9200,9528,10000,11211,10022,15000,16000,22022,22222,27017,28017,17017,18017,11321,50060]
else:
try:
if user_ports.find(",")>0:
for port in user_ports.split(','):
self.ports.append(int(port))
elif user_ports.find("-")>0:
startport=int(user_ports.split('-')[0])
endport=int(user_ports.split('-')[1])
for i in xrange(startport,endport+1):
self.ports.append(i)
else:
self.ports.append(int(user_ports))
except :
printRed('[!] not a valid ports given. you should put ip like 22,80,1433 or 22-1000')
exit()
def pinger(self):
while True:
ip=self.q.get()
if platform.system()=='Linux':
p=Popen(['ping','-c 2',ip],stdout=PIPE)
m = re.search('(\d)\sreceived', p.stdout.read())
try:
if m.group(1)!='0':
self.pinglist.append(ip)
self.lock.acquire()
printRed("%s is live!!\r\n" % ip)
self.lock.release()
except:pass
if platform.system()=='Darwin':
import commands
p=commands.getstatusoutput("ping -c 2 "+ip)
m = re.findall('ttl', p[1])
try:
if m:
self.pinglist.append(ip)
self.lock.acquire()
printRed("%s is live!!\r\n" % ip)
self.lock.release()
except:pass
if platform.system()=='Windows':
p=Popen('ping -n 2 ' + ip, stdout=PIPE)
m = re.findall('TTL', p.stdout.read())
if m:
self.pinglist.append(ip)
self.lock.acquire()
printRed("%s is live!!\r\n" % ip)
self.lock.release()
self.q.task_done()
def pinger(self):
"""
多线程继续ping扫描
ping 扫描
:return:
"""
while True:
ip = self.q.get()
if platform.system() == 'Linux':
p = Popen(['ping', '-c 2', ip], stdout=PIPE)
m = re.search('(\d)\sreceived', p.stdout.read())
try:
if m.group(1) != '0':
self.ping_list.append(ip)
self.lock.acquire()
printRed("%s is live!!\r\n" % ip)
self.lock.release()
except:
pass
if platform.system() == 'Darwin':
import commands
p = commands.getstatusoutput("ping -c 2 " + ip)
m = re.findall('ttl', p[1])
try:
if m:
self.ping_list.append(ip)
self.lock.acquire()
printRed("%s is live!!\r\n" % ip)
self.lock.release()
except:
pass
if platform.system() == 'Windows':
p = Popen('ping -n 2 ' + ip, stdout=PIPE)
m = re.findall('TTL', p.stdout.read())
if m:
self.ping_list.append(ip)
self.lock.acquire()
printRed("%s is live!!\r\n" % ip)
self.lock.release()
self.q.task_done()
