分类 Python 下的文章

利用Python开发Fuzz漏洞插件


#-*- coding:utf-8 -*-
#code by Mosuan
#2016.09.30
import urlparse
import urllib
import sys

def GetUrl(url, payload):
    urllist = urlparse.urlparse(url)
    if urllist.query != '':
        #生成没有参数的原url
        url_host = "%s://%s%s?" % (urllist.scheme,urllist.netloc,urllist.path)
        #将参数和值变成字典键值对 keep_blank_values=True的时候不会忽略掉value为空
        url_query = dict(urlparse.parse_qsl(urllist.query,keep_blank_values=True))
        for x in payload:
            for key in url_query:
                url_query[key] = x['payload']
                url_query_arr = urllib.unquote(urllib.urlencode(url_query))
                url_file_include = url_host+url_query_arr
                #最后在这里判断漏洞是否存在
                print url_file_include
                #再次将参数变成原始数据,避免数据污染
                url_query = dict(urlparse.parse_qsl(urllist.query,keep_blank_values=True))
    else:
        print u'没有参数跑个卵蛋'

'''
type == 跟正则匹配,如header,就是取header来判断是否存在漏洞
payload == 顾名思义
content == 最后存在漏洞输出的,如存在xxxx
reg == 正则判断漏洞是否存在
'''
payload = [
    {
        "type":"content",
        "payload":"../../../../../../../etc/passwd",
        "content":u"文件包含",
        "reg":r""
    },
    {
        "type":"content",
        "payload":"C:\\Windows\\System32\\drivers\\etc\\hosts",
        "content":u"文件包含",
        "reg":r""
    }
]

if __name__ in "__main__":
    if len(sys.argv) >= 2:
        url = sys.argv[1]
        GetUrl(url, payload)

效果图:
xxx.png


python使用pymysql+conf配置文件连接mysql


因为跨平台需要,我mac的mysql端口不是3306,所以读取conf文件的时候需要在里面设置端口
比如这样的
[db]
db_user = root
db_pass = root
db_database = mscan
db_port = 3306
db_host = 127.0.0.1
1.png

然而在连接mysql的时候提示端口不能是字符串,我跑print type看了下是...

2.png

int(port)就可以了

3.png

代码如下

#-*- coding:utf-8 -*-
#code by Mosuan
#Email:934817794@qq.com
import ConfigParser
import pymysql

#生成config对象用于读取db.conf文件
conf = ConfigParser.ConfigParser()
#读取文件
conf.read('./db.conf')
db_host = conf.get('db','db_host')
db_user = conf.get('db','db_user')
db_pass = conf.get('db','db_pass')
db_port = conf.get('db','db_port')
db_database = conf.get('db','db_database')

def query():
    conn = pymysql.connect(host=db_host,port=int(db_port),user=db_user,passwd=db_pass,db=db_database,charset='utf8')
    cur = conn.cursor()
    print cur

query()


tornado实现http代理


#!/bin/env python
#-*- coding:utf-8 -*-
#code by Mosuan
#Email: 934817794@qq.com
import tornado.httpserver
import tornado.ioloop
import tornado.options
import tornado.web
from tornado import gen
import tornado.httpclient
import tornado.concurrent
import tornado.ioloop
import tornado.autoreload
import time
from tornado.options import define, options

#代理端口
define("port", default=8000, help="run on the given port", type=int)
#设置DEBUG模式
settings = {'debug' : True}
define("debug",default=True,help="Debug",type=bool)
class SleepHandler(tornado.web.RequestHandler):
    @tornado.web.asynchronous
    def post(self):
        return self.get()
        
    @tornado.web.asynchronous
    def get(self):

        def handle_request(response):
            '''
            回调发包返回页面内容
            '''
            if response.error:
                print "Error:", response.error
            else:
                self.write(response.body)
                self.finish()

        body = self.request.body
        #不一定是POST请求的
        if not body:
            body = None

        #发包
        raq = tornado.httpclient.HTTPRequest(
            url=self.request.uri,
            method=self.request.method,
            body=body,
            headers=self.request.headers,
            follow_redirects=False,
            allow_nonstandard_methods=True)
        #回调
        tornado.httpclient.AsyncHTTPClient().fetch(raq,handle_request)


if __name__ == "__main__":
    tornado.options.parse_command_line()
    app = tornado.web.Application(handlers=[
            (r".*", SleepHandler)
            ],debug=True)
    http_server = tornado.httpserver.HTTPServer(app)
    http_server.listen(options.port)
    tornado.ioloop.IOLoop.instance().start()


Mac下安装python的MySQL模块一些"坑"


一开始用pip安装的,出现如下错误
1.jpg

没有mysql_config文件....忽然想起来我以前弄的环境变量是软连接
2.jpg

改成真实目录...其实这里可以修改下来回来的mysql库里面的site.cfg文件,把路径改成你电脑的真实路径就可以了。如:mysql_config = /Applications/MAMP/Library/bin/mysql_config 【2017.01.09更新,如下图】

site.png

运行过后又报错了...
3.jpg

因为我装的是MAMP集成包所以没有Mysql头文件

唉,心累
先安装brew
ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go)"

然后
brew install mysql-connector-c
4.jpg

还是去下载安装包比较靠谱...
最后
sudo python setup.py install

5.jpg

说明安装成功了
6.jpg


[Python小工具]简单的C段探测Title+Server


以前写的,一直丢在硬盘没用...以后有空再优化,先挖个坑给自己。

bug很多,以后有空统一优化,有问题私聊我。

用法 python xx.py --url xx.xx.x.x

效果图如下...

呵呵呵.png

#-*- coding:utf-8 -*-
import re
import requests
import sys
#隐蔽https请求报错
requests.packages.urllib3.disable_warnings()

def c(ip):
    '''
    生成c段以及请求c段
    '''
    reg = r'\d{1,3}\.\d{1,3}\.\d{1,3}\.'
    a = re.findall(reg,ip) 
    
    ip_list = []
    #生成c段ip
    for i in range(1,256):
        ip_list.append(a[0]+repr(i))
    
    headers = {
        'User-Agent':'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36'
    }
    
    for i in ip_list:
        try:
            response = requests.get('http://'+i,verify=False,headers=headers,timeout=5)
            titles(i,response)
        except Exception,e:
            print ' 【IP】:http://'+i+'     请求失败'
def titles(i,response):
    '''
    处理输出信息
    '''
    reg = r'<title>(.*?)</title>'
    title = re.findall(reg,response.content.lower())
    if(response.headers['server'] != ''):
        server = response.headers['server']
    else:
        server = 'Null'
    print ' 【IP】:http://'+i,
    if(len(title) != 0):
        print '    Server:'+server,
        print '  Title:',
        
        try:
            print title[0].decode('utf-8')
        except Exception,e:
            print title[0].decode('gbk')
    else:
        print '    Server:'+server




if(len(sys.argv) < 3):
    sys.exit('参数有误,正确格式为:scan.py --url xx.xx.xx.xx')
else:
    ip = sys.argv[2]
reg = r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'
ip_get = re.findall(reg,ip)
if(len(ip_get) == 0):
    sys.exit('IP有误,正确格式为:scan.py --url xx.xx.xx.xx')
else:
    c(ip_get[0])