批量扫描并上报所有服务器已信任的authorized_keys
https://www.cnblogs.com/iAmSoScArEd/p/18140656 - 我超怕的
code
from flask import Flask, request
import csv
app = Flask(__name__)
@app.route('/', methods=['POST'])
def receive_data():
data = request.data.decode('utf-8')
rows = data.split(':::')
with open('output.csv', 'a', newline='',encoding="utf-8-sig") as file:
writer = csv.writer(file)
#writer.writerow(['ip', '用户名', 'public_key'])
user = ""
for row in rows:
row = row.strip()
if not row:
continue
if '|||' in row:
_, *public_keys, _ = row.split('|||')
for public_key in public_keys:
writer.writerow([request.remote_addr, user, public_key])
else:
user = row
return 'Data received and saved to output.csv'
@app.route('/download_bash',methods=['GET'])
def download_bash():
bash_str = '''#!/bin/bash
# 修改远程HTTP服务器URL
remote_server_url="http://127.0.0.1:5000/"
user_list=$(cut -d: -f1 /etc/passwd)
output_file="/tmp/ssh_public_keys.txt"
> ${output_file}
for user in ${user_list}; do
home_dir=$(eval echo ~${user})
known_hosts_file="${home_dir}/.ssh/authorized_keys"
if [ -f "${known_hosts_file}" ]; then
echo ${user}
echo ":::${user}:::" >> ${output_file}
while IFS= read -r line; do
if [[ ! "${line}" =~ ^\s*(#|$) ]]; then
public_key=$(echo "${line}")
echo ${public_key}
echo "|||${public_key}|||" >> ${output_file}
fi
done < "${known_hosts_file}"
echo >> ${output_file}
fi
done
curl -X POST -H "Content-Type: text/plain" --data-binary "@${output_file}" ${remote_server_url}
rm ${output_file}
'''
return bash_str
if __name__ == '__main__':
app.run(host='0.0.0.0', port=5000)
How to use
1、部署代码并运行,并给出地址,如:10.100.100.1:5000
2、修改代码remote_server_url="http://127.0.0.1:5000/" 为上步骤的地址
3、在需要扫描的机器上执行 curl http://10.100.100.1:5000/download_bash | sudo bash即可
俗人昭昭,我独昏昏。俗人察察,我独闷闷。
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· .NET10 - 预览版1新功能体验(一)