【Python】HackBack(获取暴力破解服务器密码的IP来源)
2017-12-29 22:12
633 查看
1、前言
又在0x00sec上翻到好东东。https://0x00sec.org/t/python-hackback-updated/882
帖子里的脚本会得到那些暴力服务器密码失败的IP和用户名,并且使用shodan api做一个溯源定位。
#!/usr/bin/python3.4 import re import urllib.request import json log_path = "/var/log/auth.log" hosts = [] key = "{YOUR_API_KEY}" #GET FAILED PASSWORD ATTEMPT def get_host(test): for line in text.split('\n'): if line.find("Failed password for invalid ") != -1: if get_ip(line) not in hosts: hosts.append(get_ip(line)) return hosts #GET USERNAME def get_username(line): username_word = line.split("Failed password for invalid user ") username = (username_word[1]).split(" ") return username[0] #LOCATE IP WITH GEOIP def geoip(host): response = urllib.request.urlopen("http://freegeoip.net/json/"+host) geoip = response.read().decode("utf-8") geoip = json.loads(geoip) print("\n[+] Tracking ip {}".format(geoip['ip'])) print("-------------------------------") print('\tCountry : {}\n\ttimezone : {}\n\tlatitude : {}\n\tlongitude : {}'.format(geoip['country_name'],geoip['time_zone'],geoip['latitude'],geoip['longitude'])) def passive_recon(host,key): url = "https://api.shodan.io/shodan/host/{}?key={}&minify=true".format(host,key) try: response = urllib.request.urlopen(url) result = response.read().decode('utf-8') result = json.loads(result) print("[+] Passive Recon using shodan.io") print("-------------------------------") print("\tPort : {}\n\tOrganisation {}".format(result['ports'],result['org'])) for x in range(len(result['ports'])): print("Banner {}".format(result['data'][x]['data'])) except: print("[+] Passive Recon using shodan.io") print("-------------------------------") print("\tCan't retrieve information") pass if __name__ == "__main__": with open(log_path, 'rt') as log: text = log.read() get_host(text) for host in hosts: geoip(host) passive_recon(host,key)
2、脚本实现的功能
def get_host(test): for line in text.split('\n'): if line.find("Failed password for invalid ") != -1: if get_ip(line) not in hosts: hosts.append(get_ip(line)) return hosts def get_username(line): username_word = line.split("Failed password for invalid user ") username = (username_word[1]).split(" ") return username[0]
这些函数将从auth.log文件中获取测试服务器密码的ip和用户名
使用freegeoip.net来获取ip位置(但是也可以使用shodan.io api),函数只是将json输出解析为一个美化后的文本输出。
def geoip(host): response = urllib.request.urlopen("http://freegeoip.net/json/"+host) geoip = response.read().decode("utf-8") geoip = json.loads(geoip) print("\n[+] Tracking ip {}".format(geoip['ip'])) print("-------------------------------") print('\tCountry : {}\n\ttimezone : {}\n\tlatitude : {}\n\tlongitude : {}'.format(geoip['country_name'],geoip['time_zone'],geoip['latitude'],geoip['longitude']))
与shodan进行关联的脚本函数如下:
def passive_recon(host,key): url = "https://api.shodan.io/shodan/host/{}?key={}&minify=true".format(host,key) try: response = urllib.request.urlopen(url) result = response.read().decode('utf-8') result = json.loads(result) print("[+] Passive Recon using shodan.io") print("-------------------------------") print("\tPort : {}\n\tOrganisation {}".format(result['ports'],result['org'])) for x in range(len(result['ports'])): print("Banner {}".format(result['data'][x]['data'])) #If we don't get a 200 response code print 'Can't retrive information except: print("[+] Passive Recon using shodan.io") print("-------------------------------") print("\tCan't retrieve information") pass
要获取关于黑客的信息,只需要运行:
./hackBack.py
相关文章推荐
- python 暴力破解密码脚本
- Python实现获取域名所用服务器的真实IP
- Python实现在线暴力破解邮箱账号密码功能示例【测试可用】
- python暴力破解zip密码文件
- python编写暴力破解FTP密码小工具
- python+pxssh+ssh用户密码暴力破解
- Python实现获取域名所用服务器的真实IP
- Windows Server 2016 服务器总是有暴力破解密码导致的审核失败
- python编写暴力破解FTP密码小工具
- Python 暴力破解武汉大学图书馆密码程序
- Python之FTP服务器暴力破解(注入木马)
- [小技巧] Python 脚本暴力破解 HC2600 机顶盒管理密码
- 【python密码学编程】7.暴力破解凯撒加密法
- 忘记ftp密码使用python ftplib库暴力破解密码的方法示例
- Python暴力破解zip密码
- python3暴力破解某高校学生教务处账号密码
- Python脚本暴力破解栅栏密码
- 用 python 暴力破解同事密码(HTTP)
- Denyhosts 防止暴力破解服务器密码-1
- 暴力破解FTP服务器用户名密码