构造思路:
1.socket 连接获取 Banner --> 2.与存在漏洞的 Banner 集合进行对比
中间细节:
1.需要判断用户所给参数是否存在且是否有读权限
2.需要判断 Banner 是否存在,处理异常
学习 os sys socket 各个模块的基本使用
直接上代码:
#!/usr/bin/python3`
#-*- coding:utf-8 -*-`
import socket
import os
import sys
# 获取 Banner信息
def retBanner(ip, port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip,port))
banner = s.recv(1024)
return banner
except:
return
# 与漏洞 Banner 对比
def checkVulns(banner, filename):
f = open(filename, 'r')
for line in f.readline():
if line.strip('\n') in banner:
print('[+] Server is vulnerable:'+banner.strip('\n'))
def main():
if len(sys.argv) == 2:
filename = sys.argv[1]
if not os.path.isfile(filename):
print('[-] '+filename+' does not exist.')
exit(0)
if not os.access(filename,os.R_OK):
print('[-] '+filename+' access denied.')
exit(0)
else:
print('[-]'+' Usage: '+str(sys.argv[0])+' <vuln filename >')
exit(0)
portList = [21,22,25,80,110,443,135]
for x in range(125, 127):
ip = '192.168.67.' +str(x)
for port in portList:
banner = retBanner(ip, port)
if banner:
print('[+] '+ip+': '+checkVulns(banner,filename))
# 程序入口
if __name__ == '__main__':
main()