我已經用Python開啓和關閉了一段時間(比開啓的時間更長),但已經開始使用「暴力Python」。我想修改漏洞掃描器從端口列表中讀取,而不僅僅是使用硬編碼列表(更多的是爲了我自己的理解,而不是實用性)。修改後的「暴力Python」端口掃描器 - 打印但不運行
#!/usr/bin/python
# Use banner list
# Scan popular ports on a range of hosts
import socket
import sys
if len(sys.argv)==3:
filename = sys.argv[1]
print "[+] Reading Vulnerabilities From: "+filename
filename2 = sys.argv[2]
print "[+] Reading Ports From: "+filename2
def retBanner(ip, port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip, port))
banner = s.recv(1024)
return banner
except:
return
def checkVulns(banner):
f = open(filename,'r')
for line in f.readlines():
if line.strip('\n') in banner:
print "[+] Server is vulnerable: "+banner.strip('\n')
def main():
f2 = open(filename2,'r')
for x in range(1,254):
ip = '192.168.140.' + str(x)
for port in f2.readlines():
banner = retBanner(ip, port)
if banner:
print "[+] "+ip+": "+banner
checkVulns(banner)
if __name__ == '__main__':
main()
此印,但什麼也沒有發生:
[email protected]:~/programming/python# ./vuln-scanner-3.py vuln_banners.txt portlist.txt
[+] Reading Vulnerabilities From: vuln_banners.txt
[+] Reading Ports From: portlist.txt
在一個單獨的屏幕會話,我運行tcpdump的,但沒有任何結果(該接口是正確的)
[email protected]:~/programming/python# tcpdump -s0 -vvnn -i eth0 net 192.168.140.0 mask 255.255.255.0 and not 192.168.140.1 and port 22
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
任何想法爲什麼這不正常運行?提前致謝。
我會懷疑你的'tcpdump'表達,除非你只關心端口22 –
@ D.Shawley SSH是我的端口列表,以及「弱勢服務」(即OpenSSH的),所以我應該在最少看到流量。 'root @ kali:〜/ programming/python#tcpdump -s0 -vvnn -i eth0 net 192.168.140.0 mask 255.255.255.0而不是192.168.140.1 tcpdump:監聽eth0,鏈路類型EN10MB(以太網),捕獲大小65535字節 '這是一個運行無端口22 – Mrdrjnkee