通过编写一个简单的漏洞扫描程序学习Python基本语句

Posted 2020-06-18

    今天开始读《Python绝技：运用Python成为顶级黑客》一书，第一章用一个小例子来讲解Python的基本语法和语句。主要学习的内容有：1. 安装第三方库。2. 变量、字符串、列表、词典。3. 网络的编程。4. 条件选择语句和for循环。5. 异常处理。6. 函数。7. 文件输入/输出。8. sys模块和os模块。把最后的代码贴在这里，做个记录。

import socket
import os
import sys

port = 21
banner = "FreeFloat FTP Server"

portList = [21,22,80,110]
portOpen = True

services = {‘ftp‘:21, ‘ssh‘:22, ‘smtp‘:25, ‘http‘:80}

def retBanner(ip,port):
    try:
        socket.setdefaulttimeout(2)
        s = socket.socket()
        s.connect((ip,port)) 
        banner = s.recv(1024)
        return banner
    except:
        return
    
def checkVulns(banner,filename):
    f = open(filename,‘r‘)
    for line in f.readlines():
        if line.strip(‘\n‘) in banner:
            print ‘[+] Server is vulnerable: ‘ + banner.strip(‘\n‘)


def main():
    if len(sys.argv) == 2:
        filename = sys.argv[1]
        if not os.path.isfile(filename):
            print ‘[-] ‘ +filename + ‘ does not exist.‘
            exit(0)
        if not os.access(filename, os.R_OK):
            print ‘[-] ‘ +filename + ‘ access denied.‘
            exit(0)
    else:
        print ‘[-] Usage: ‘ + str(sys.argv[0]) + ‘ <vuln filename>‘
        exit(0)
    
    portList = [21,22,25,80,110,443]
    for x in range(147,150):
        ip = ‘192.168.95.‘ + str(x)
        for port in portList:
            banner = retBanner(ip,port)
            if banner:
                print ‘[+] ‘ + ip + ‘: ‘ + banner
                checkVulns(banner, filename)
        
if __name__ == ‘__main__‘:
    main()