route print有的时候没有任何显示,内网存活其实是下一步攻击的关键。

搜罗搜罗,弄出一个python ping命令探测。但是总感觉有点不对劲。说不出来,求路过大佬指点。

PING1.py

功能

randomIP生成20000条ip进行内网ip筛选,perfectIP遍历所有的内网IP地址,采用携程的方式,但是出了点小状况,会失控会跑死,还在改进中。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# coding:utf-8
from random import sample
from multiprocessing import Process
import gevent
from gevent import monkey
from tasks_teach import verbose_ping
monkey.patch_all()
def randomIP():
a = []
for i in range(0, 20000):
numbers = sample(range(1, 255), 4)
if numbers[0] == 10:
randomR = '.'.join(str(_) for _ in numbers)
a.append(randomR)
if numbers[0] == 172 and numbers[1]>=16 and numbers[1]<=31:
randomR = '.'.join(str(_) for _ in numbers)
a.append(randomR)
if numbers[0] == 192 and numbers[1] == 168:
randomR = '.'.join(str(_) for _ in numbers)
a.append(randomR)
else:
pass
return a
def predictIP():
for i in ('10.', '172.', '192.168.'):
if i in ('10.', '172.'):
numbers = sample(range(1, 255), 3)
IP = i + '.'.join(str(_) for _ in numbers)
print(IP)
else:
numbers = sample(range(1, 255), 2)
IP = i + '.'.join(str(_) for _ in numbers)
print(IP)
def perfectIP():
bb = []
for i in ('10', '172', '192.168'):
if i == '10':
for b in range(0, 255):
for c in range(0, 255):
for d in (1, 254, 255):
seq = (i, b, c, d)
bb.append('.'.join(str(_) for _ in seq))
if i == '172':
for b in range(16,31):
for c in range(0,255):
if i == '192.168':
for c in range(0, 255):
for d in (1, 254, 255):
seq = (i, c, d)
bb.append('.'.join(str(_) for _ in seq))
return bb
def doping(ip):
verbose_ping(ip, 2, 1)
def process_start(ips):
tasks = []
for ip in ips:
tasks.append(gevent.spawn(doping, ip))
gevent.joinall(tasks)
def tasks_start(ips, flag=100):
ip_list = []
i = 0
for ip in ips:
i += 1
ip_list.append(ip)
if i == flag:
p = Process(target=process_start, args=(ip_list,))
p.start()
ip_list = []
i = 0
if len(ip_list) != 0:
p = Process(target=process_start, args=(ip_list,))
p.start()
if __name__ == '__main__':
tasks_start(perfectIP())

PING2.py

python构造icmp包探测存活

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
import os, sys, socket, struct, select, time
ICMP_ECHO_REQUEST = 8
def checksum(source_string):
sum = 0
countTo = (len(source_string)/2)*2
count = 0
while count<countTo:
thisVal = ord(source_string[count + 1])*256 + ord(source_string[count])
sum = sum + thisVal
sum = sum & 0xffffffff
count = count + 2
if countTo<len(source_string):
sum = sum + ord(source_string[len(source_string) - 1])
sum = sum & 0xffffffff
sum = (sum >> 16) + (sum & 0xffff)
sum = sum + (sum >> 16)
answer = ~sum
answer = answer & 0xffff
answer = answer >> 8 | (answer << 8 & 0xff00)
return answer
def receive_one_ping(my_socket, ID, timeout):
timeLeft = timeout
while True:
startedSelect = time.time()
whatReady = select.select([my_socket], [], [], timeLeft)
howLongInSelect = (time.time() - startedSelect)
if whatReady[0] == []: # Timeout
return
timeReceived = time.time()
recPacket, addr = my_socket.recvfrom(1024)
icmpHeader = recPacket[20:28]
type, code, checksum, packetID, sequence = struct.unpack(
"bbHHh", icmpHeader
)
if packetID == ID:
bytesInDouble = struct.calcsize("d")
timeSent = struct.unpack("d", recPacket[28:28 + bytesInDouble])[0]
return timeReceived - timeSent
timeLeft = timeLeft - howLongInSelect
if timeLeft <= 0:
return
def send_one_ping(my_socket, dest_addr, ID):
dest_addr = socket.gethostbyname(dest_addr)
my_checksum = 0
header = struct.pack("bbHHh", ICMP_ECHO_REQUEST, 0, my_checksum, ID, 1)
bytesInDouble = struct.calcsize("d")
data = (192 - bytesInDouble) * "Q"
data = struct.pack("d", time.time()) + data
my_checksum = checksum(header + data)
header = struct.pack("bbHHh", ICMP_ECHO_REQUEST, 0, socket.htons(my_checksum), ID, 1)
packet = header + data
my_socket.sendto(packet, (dest_addr, 1))
def do_one(dest_addr, timeout):
icmp = socket.getprotobyname("icmp")
try:
my_socket = socket.socket(socket.AF_INET, socket.SOCK_RAW, icmp)
except socket.error, (errno, msg):
if errno == 1:
msg = msg + (
" - Note that ICMP messages can only be sent from processes"
" running as root."
)
raise socket.error(msg)
raise
my_ID = os.getpid() & 0xFFFF
send_one_ping(my_socket, dest_addr, my_ID)
delay = receive_one_ping(my_socket, my_ID, timeout)
my_socket.close()
return delay
def verbose_ping(dest_addr, timeout = 2, count = 100):
for i in xrange(count):
print "ping %s...\n" % dest_addr,
try:
delay = do_one(dest_addr, timeout)
except socket.gaierror, e:
print "failed. (socket error: '%s')" % e[1]
break
if delay == None:
print "failed. (timeout within %ssec.)" % timeout
else:
delay = delay * 1000
print "get ping in %0.4fms" % delay
# if __name__ == '__main__':
# verbose_ping("www.aasdasdasdasdad.com",2,1)

總結

先这样发了….跑死和性能不知道怎么再优化..有大佬指点下吗?之后再来进行修改吧。哪天抽空弄个评论区,有大佬指点的话联系qq2874385505,不胜感激。

留言

2018-03-03

本文总阅读量
⬆︎TOP