python---pexpect的ssh模拟ssh登陆

python—pexpect的ssh使用

使用的pexpect模拟kali linux客户端ssh登陆另外一台kali linux服务器

1、前提两台kali linux 机器，

kali linux 客户端 192.168.100.139

kali linux 服务器 192.168.100.140

2、使用客户端192.168.100.139 ssh能够登陆进去192.168.100.140

root@kali:~#
root@kali:~# ifconfig#本机客户端
eth0      Link encap:Ethernet  HWaddr 00:0c:29:ad:34:08
inet addr:192.168.100.139  Bcast:192.168.100.255  Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fead:3408/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:2025172 errors:0 dropped:1370 overruns:0 frame:0
TX packets:220482 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:292858397 (279.2 MiB)  TX bytes:21145429 (20.1 MiB)
Interrupt:19 Base address:0x2000

lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:65536  Metric:1
RX packets:3287 errors:0 dropped:0 overruns:0 frame:0
TX packets:3287 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:216736 (211.6 KiB)  TX bytes:216736 (211.6 KiB)

root@kali:~#
root@kali:~# ssh root@192.168.100.140
The authenticity of host '192.168.100.140 (192.168.100.140)' can't be established.
ECDSA key fingerprint is 2c:10:cc:7b:9d:37:ef:25:1b:90:aa:36:18:fb:96:29.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.140' (ECDSA) to the list of known hosts.
root@192.168.100.140's password:

The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Dec 25 14:27:13 2017 from 192.168.100.139
root@kali:~#
root@kali:~# ifconfig#成功登陆服务器192.168.100.140
eth0      Link encap:Ethernet  HWaddr 00:0c:29:11:91:7b
inet addr:192.168.100.140  Bcast:192.168.100.255  Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe11:917b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:4629 errors:0 dropped:0 overruns:0 frame:0
TX packets:1717 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1362999 (1.2 MiB)  TX bytes:257298 (251.2 KiB)
Interrupt:19 Base address:0x2000

lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:65536  Metric:1
RX packets:116 errors:0 dropped:0 overruns:0 frame:0
TX packets:116 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6960 (6.7 KiB)  TX bytes:6960 (6.7 KiB)

root@kali:~#
root@kali:~# exit
登出
Connection to 192.168.100.140 closed.
root@kali:~#

3、使用pexpect模块模拟ssh登陆

root@kali:~# cd /root/python/anquangongji/
root@kali:~/python/anquangongji# pwd
/root/python/anquangongji
root@kali:~/python/anquangongji# ls
checkfile.py      dictionary.txt   passwordunix.txt        scanerftpbanner.py  vulnbanners.txt
crarkpassword.py  openfiletest.py  pexpectshhnocommand.py  scanmultports.py    vulnftpbanner.txt

root@kali:~/python/anquangongji# cat pexpectshhnocommand.py
#!/usr/bin/python
#coding=utf-8
import pexpect

#SSH连接成功时的命令行交互窗口中前面的提示字符的集合
PROMPT = ['# ','>>> ','> ','\$ ']

def send_command(child,cmd):
#发送一条命令
child.sendline(cmd)

#期望有命令行提示字符出现
child.expect(PROMPT)

#将之前的内容都输出
print child.before

def connect(user,host,password):
#表示主机已使用一个新的公钥的消息
ssh_newkey = 'Are you sure you want to continue connecting'
connStr = 'ssh ' + user + '@' + host

#为ssh命令生成一个spawn类的对象
child = pexpect.spawn(connStr)

#期望有ssh_newkey字符、提示输入密码的字符出现，否则超时
ret = child.expect([pexpect.TIMEOUT,ssh_newkey,'[P|p]assword: '])

#匹配到超时TIMEOUT
if ret == 0:
print '[-] Error Connecting'
return

#匹配到ssh_newkey
if ret == 1:
#发送yes回应ssh_newkey并期望提示输入密码的字符出现
child.sendline('yes')
ret = child.expect([pexpect.TIMEOUT,'[P|p]assword: '])

#匹配到超时TIMEOUT
if ret == 0:
print '[-] Error Connecting'
return

#发送mima
child.sendline(password)
child.expect(PROMPT)
return child

def main():
host='192.168.100.140'
user='root'
password='173605852'
child=connect(user,host,password)
send_command(child,'ls -la')

if __name__ == '__main__':
main()

root@kali:~/python/anquangongji#

4、运行情况

root@kali:~/python/anquangongji#
root@kali:~/python/anquangongji# python pexpectshhnocommand.py
ls -la
总用量 1528
drwxrwxr-x 23 root root   4096 12月 25 12:28 .
drwxr-xr-x 23 root root   4096  5月  3  2017 ..
-rw-r--r--  1 root root     94  3月 23  2017 a.t
-rw-------  1 root root  31208 12月 25 14:45 .bash_history
-rw-rw-r--  1 root root   3391  2月  5  2015 .bashrc
drwx------  9 root root   4096 12月 25 12:28 .cache
drwx------ 12 root root   4096  3月 21  2017 .config
drwx------  3 root root   4096  6月 23  2015 .dbus
drwxr-xr-x  8 root root   4096  8月 23 09:13 Desktop
drwx------  3 root root   4096  6月 21  2017 Downloads
-rw-r--r--  1 root root    183  3月 23  2017 find.py
-rw-r--r--  1 root root    204  3月 23  2017 findxsl.py
drwx------  3 root root   4096 12月 25 12:28 .gconf
drwx------  4 root root   4096  6月 23  2015 .gnome2
drwxr-xr-x  2 root root   4096  6月 23  2015 .gstreamer-0.10
drwx------  2 root root   4096  6月 23  2015 .gvfs
-rw-------  1 root root   7440 12月 25 12:28 .ICEauthority
drwxr-xr-x  3 root root   4096  1月 14  2016 .ipython
drwxr-xr-x  3 root root   4096  1月 14  2016 .java
drwxr-xr-x  3 root root   4096  6月 23  2015 .local
drwx------  3 root root   4096  6月 23  2015 .mission-control
drwx------  4 root root   4096  6月 23  2015 .mozilla
drwxr-xr-x  8 root root   4096  5月  3  2017 .msf4
-rw-r--r--  1 root root 992808  2月 15  2017 mysql-connector-java-5.1.41-bin.jar
-rw-r--r--  1 root root     60  3月 23  2017 new.txt
drwxr-xr-x  2 root root   4096  1月 14  2016 .pip
drwx------  2 root root   4096  6月  1  2016 .presage
-rw-r--r--  1 root root    140  2月  5  2015 .profile
drwx------  2 root root   4096 12月 25 12:28 .pulse
-rw-------  1 root root    256  6月 23  2015 .pulse-cookie
drwxr-xr-x  6 root root   4096  9月 18 16:08 python
-rwxrw-rw-  1 root root 221070 12月 12  2016 rizhi.xlsx
-rw-------  1 root root   1024  2月  6  2015 .rnd
-rwxrw-rw-  1 root root   1640  1月 14  2017 showNumType.py
drwx------  2 root root   4096  5月 22  2017 .ssh
-rw-r--r--  1 root root     14  3月 23  2017 test.tx
-rwxrw-rw-  1 root root   1640  1月 14  2017 test.txt
drwx------  4 root root   4096  6月  1  2016 .thumbnails
-rw-------  1 root root  20577  9月 21 16:57 .viminfo
-rw-------  1 root root   7803 12月 25 14:33 .xsession-errors
-rw-------  1 root root 128211  9月 24 14:43 .xsession-errors.old
root@kali:~
root@kali:~/python/anquangongji#

参考：

http://blog.csdn.net/SKI_12/article/details/72972238?locationNum=2&fps=1