• ms17-010漏洞扫描工具

    说明:

    1、先利用masscan进行445端口探测

    2、利用巡风的脚本对开放445端口的IP进行ms17-010漏洞扫描。

    3、使用方法:Python2运行后,按提示输入单个IP或者IP网段。

    # coding=utf-8
    """
    @author:Eleven
    created on:2018年10月12日
    """
    import socket
    import binascii
    import os


    def port_scan():
        ip = raw_input("请输入要进行端口扫描的IP或IP段。
输入格式如:192.168.0.1,192.168.0.0/16:
")
        os.system("%s -p445 %s  -oL port_scan_result.txt"%(masscan_path,ip))
        with open("port_scan_result.txt", 'r') as f:
            for line in f:
                ret = line.split()
                f1 = open("ip_list.txt", 'a+')
                try:
                    f1.write(ret[3])
                    f1.write('
')
                except:
                    pass
                f1.close()
        f.close()

    def check(ip, port, timeout):
        negotiate_protocol_request = binascii.unhexlify(
            "00000054ff534d42720000000018012800000000000000000000000000002f4b0000c55e003100024c414e4d414e312e3000024c4d312e325830303200024e54204c414e4d414e20312e3000024e54204c4d20302e313200")
        session_setup_request = binascii.unhexlify(
            "00000063ff534d42730000000018012000000000000000000000000000002f4b0000c55e0dff000000dfff02000100000000000000000000000000400000002600002e0057696e646f7773203230303020323139350057696e646f7773203230303020352e3000")
        try:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.settimeout(timeout)
            s.connect((ip, port))
            s.send(negotiate_protocol_request)
            s.recv(1024)
            s.send(session_setup_request)
            data = s.recv(1024)
            user_id = data[32:34]
            tree_connect_andx_request = "000000%xff534d42750000000018012000000000000000000000000000002f4b%sc55e04ff000000000001001a00005c5c%s5c49504324003f3f3f3f3f00" % ((58 + len(ip)), user_id.encode('hex'), ip.encode('hex'))
            s.send(binascii.unhexlify(tree_connect_andx_request))
            data = s.recv(1024)
            allid = data[28:36]
            payload = "0000004aff534d422500000000180128000000000000000000000000%s1000000000ffffffff0000000000000000000000004a0000004a0002002300000007005c504950455c00" % allid.encode('hex')
            s.send(binascii.unhexlify(payload))
            data = s.recv(1024)
            s.close()
            if "x05x02x00xc0" in data:
                return "%s存在ms7-010远程溢出漏洞!!!"%ip
            s.close()
        except:
            return "%s漏洞检查过程中存在异常!!!"%ip


    if __name__ == '__main__':
        masscan_path='/root/masscan/bin/masscan'    # 定义masscan路径
        print '-------masscan开始扫描445端口!!!--------------'
        port_scan()
        print '-------开始ms17-010漏洞扫描!!!--------------'
        port = 445  # 定义需要扫描的端口号,默认445
        timeout = 5  # 定义扫描过期时间,默认5s

        with open('ip_list.txt','r') as f1:
            for ip in f1:
                ip=ip.strip()
                scan_result=check(ip,port,timeout)
                f2=open('ms17-010_scan_result.txt','a+')
                if scan_result==None:
                    pass
                else:
                    f2.write(scan_result)
                    f2.write('
')
                f2.close()
        f1.close()
        print('-------扫描完毕!!!--------------')
  • 相关阅读:
    JQuery中的id选择器含有特殊字符时,不能选中dom元素
    解决Mac下MySQL登录问题
    Mac 安装mysql
    禁止chrome浏览器自动填充表单的解决方案
    Eclipse 编译错误 Access restriction: The type 'JPEGCodec' is not API (restriction on required library 'C:Program FilesJavajre7lib t.jar')
    羊皮纸月亮计划
    ActionSupport.getText()方法
    linux入门经验之谈
    tomcat设置默认启动项
    网页设置下载apk
  • 原文地址:https://www.cnblogs.com/Eleven-Liu/p/9779464.html
Copyright © 2020-2023  润新知