我已经使用Python一段时间了(比关闭更多),但已经开始使用'Violent Python'。我想修改vuln扫描程序以从端口列表中读取,而不是仅仅使用硬编码列表(此时更多是我自己的理解而不是实用性)。
#!/usr/bin/python
# Use banner list
# Scan popular ports on a range of hosts
import socket
import sys
if len(sys.argv)==3:
filename = sys.argv[1]
print "[+] Reading Vulnerabilities From: "+filename
filename2 = sys.argv[2]
print "[+] Reading Ports From: "+filename2
def retBanner(ip, port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip, port))
banner = s.recv(1024)
return banner
except:
return
def checkVulns(banner):
f = open(filename,'r')
for line in f.readlines():
if line.strip('\n') in banner:
print "[+] Server is vulnerable: "+banner.strip('\n')
def main():
f2 = open(filename2,'r')
for x in range(1,254):
ip = '192.168.140.' + str(x)
for port in f2.readlines():
banner = retBanner(ip, port)
if banner:
print "[+] "+ip+": "+banner
checkVulns(banner)
if __name__ == '__main__':
main()
打印,但没有任何反应:
root@kali:~/programming/python# ./vuln-scanner-3.py vuln_banners.txt portlist.txt
[+] Reading Vulnerabilities From: vuln_banners.txt
[+] Reading Ports From: portlist.txt
在单独的屏幕会话中,我正在运行tcpdump,没有结果(界面正确)
root@kali:~/programming/python# tcpdump -s0 -vvnn -i eth0 net 192.168.140.0 mask 255.255.255.0 and not 192.168.140.1 and port 22
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
有关为什么运行不正常的任何想法?提前谢谢。
答案 0 :(得分:2)
您的错误在这里:
s.connect((ip, port))
看看你提供给它的是什么:
for port in f2.readlines():
您将端口视为字符串!使用前将其转换为int:
s.connect((ip, int(port)))
此外,为您的代码提供建议:
将“if len(sys.argv)== 3:”块移动到“if name ==' main ':”块中。
调试时,您可能需要禁用这些尝试...除了查看错误详情。