Built in sys The module enables us to access the Python Objects used or maintained by the interpreter , These include signs 、 edition 、 The maximum size of an integer 、 Available modules 、hook route 、 The standard error / Input / Output position , And the command line parameters that call the interpreter . such as , We might want to parse command line arguments at run time . such as , Vulnerability scanner : What if we want to pass in the file name of a text file as a command parameter ?sys.argv The list contains all the command line parameters . first sys.argv[0] In the element is Python Script name , The remaining parameters in the list record all subsequent command line parameters . If we just pass an extra parameter ,sys.argv There should be two elements in the , That is to say sys.argv The length of the list is 2.
import sys
if len(sys.argv) == 2:
filename = sys.argv[1]
print(f"[+] Reading Vulnerabilities From: {
filename}" )
Run this code , We see that the code successfully parses the command line arguments , As shown in the figure below :
Built in OS The module provides a wealth of applications for Mac、NT or Posix Functions of the operating system . This module allows programs to interact independently with the operating system environment 、 file system 、 User database and permissions interact . In the example above , Put a text file name (vuln-banners.txt) Pass in as a parameter , First check whether the file exists 、 Whether the current user has permission to read the file , It may be valuable . If any of these conditions are not met , It is helpful to display a corresponding error message to the user . The sample code is as follows :
import os, sys
if len(sys.argv) == 2: # Pass only one file name parameter
filename = sys.argv[1] # Get the file name , And assign it to filename
if not os.path.isfile(filename): # Judge whether the file exists
print(f'[-] {
filename} does not exist.')
exit(0)
if not os.access(filename, os.R_OK): # Determine whether the file has access rights
print(f'[-] {
filename} access denied.')
exit(0)
print(f'[+] Reading Vulnerables From: {
filename}')
For validation code , First try to read a file that does not exist , After the script prompts the error message , Create a specific file name and successfully read its contents . Last , Limit authority , The script correctly prompts that access is denied (access-denied)
+] Reading Vulnerablities From: vuln-banners.txt
(base) [email protected]-Air hacker_python % python test.py vuln-banne.txt
[-] vuln-banne.txt does not exist.
(base) [email protected]-Air hacker_python % python test.py vuln-banners.txt
[+] Reading Vulnerables From: vuln-banners.txt
(base) [email protected]-Air hacker_python % python test.py vuln-banners.txt
[-] vuln-banners.txt access denied.
Now the application integrating these two modules , The sample code is as follows :
import socket
import os
import sys
# Define return banner function , Parameter is (ip,port)
def retBanner(ip, port):
try:
socket.setdefaulttimeout(2)
s = socket.socket()
s.connect((ip, port))
banner = s.recv(1024)
return banner
except:
return
# Define test vulnerability functions , Parameter is banner,filename
def checkVulns(banner, filename):
with open(filename, 'r') as f:
for line in f.readlines():
if line.strip('\r\n') in banner:
print(f'[+] Server is vulnerable: {
banner.strip("\n")}')
def main():
if len(sys.argv) == 2:
filename = sys.argv[1]
if not os.path.isfile(filename):
print(f'[-] {
filename} does not exist.')
exit(0)
if not os.access(filename, os.R_OK):
print(f'[-] {
filename} access denied.')
exit(0)
else:
print('[-] Usage: ' + str(sys.argv[0]) + ' <vuln filename>')
exit(0)
portLst = [21, 22, 25, 80, 110, 443]
for i in range(147, 150):
ip = '192.168.31.' + str(i)
for port in portLst:
banner = retBanner((ip, port))
if banner:
print('[+] '+ ip + ': ' + banner)
checkVulns(banner, filename)
if __name__ == '__main__':
main()
