094. 编写一个函数,实现简单的安全扫描工具
编写一个简单的安全扫描工具可以帮助检测一些常见的安全问题,例如弱密码、未打补丁的软件版本、开放的危险端口等。以下是一个简单的 Python 安全扫描工具的实现,它包括以下功能:
- 端口扫描:检测目标主机上开放的端口。
- 弱密码检测:尝试使用常见的弱密码登录某些服务(如 SSH、FTP)。
- 检查常见漏洞:检测目标主机是否运行了已知存在漏洞的服务。
示例代码
import socket
import paramiko
import ftplib
import requests
import concurrent.futures
# 端口扫描
def scan_port(host, port):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(2)
result = sock.connect_ex((host, port))
if result == 0:
print(f"[+] Port {port} on {host} is open.")
return True
else:
return False
except Exception as e:
print(f"Error scanning port {port}: {e}")
return False
finally:
sock.close()
# 弱密码检测(SSH)
def check_ssh_weak_password(host, port=22, username="root", password_list=None):
if password_list is None:
password_list = ["password", "123456", "root", "admin"]
try:
for password in password_list:
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
client.connect(host, port=port, username=username, password=password, timeout=5)
print(f"[+] Weak password found for SSH: {username}:{password}")
return True
except paramiko.AuthenticationException:
pass
finally:
client.close()
print("[-] No weak SSH password found.")
return False
except Exception as e:
print(f"Error checking SSH weak password: {e}")
return False
# 弱密码检测(FTP)
def check_ftp_weak_password(host, port=21, username="anonymous", password_list=None):
if password_list is None:
password_list = ["password", "123456", "ftp", "guest"]
try:
for password in password_list:
ftp = ftplib.FTP()
try:
ftp.connect(host, port, timeout=5)
ftp.login(username, password)
print(f"[+] Weak password found for FTP: {username}:{password}")
return True
except ftplib.error_perm:
pass
finally:
ftp.quit()
print("[-] No weak FTP password found.")
return False
except Exception as e:
print(f"Error checking FTP weak password: {e}")
return False
# 检查常见漏洞
def check_common_vulnerabilities(host):
try:
response = requests.get(f"http://{host}", timeout=5)
if response.status_code == 200:
if "X-Powered-By" in response.headers:
powered_by = response.headers["X-Powered-By"]
print(f"[+] Potential vulnerability: {powered_by}")
else:
print("[-] No common vulnerabilities found.")
else:
print("[-] No response from the web server.")
except requests.exceptions.RequestException as e:
print(f"Error checking common vulnerabilities: {e}")
# 主扫描函数
def security_scan(host):
print(f"Starting security scan on {host}...")
open_ports = []
# 扫描常见端口
common_ports = [21, 22, 23, 25, 80, 443, 3306, 8080]
with concurrent.futures.ThreadPoolExecutor() as executor:
futures = [executor.submit(scan_port, host, port) for port in common_ports]
for future in concurrent.futures.as_completed(futures):
if future.result():
open_ports.append(future.result())
# 检测弱密码
if 22 in open_ports:
check_ssh_weak_password(host)
if 21 in open_ports:
check_ftp_weak_password(host)
# 检查常见漏洞
check_common_vulnerabilities(host)
print("Security scan completed.")
# 示例用法
if __name__ == "__main__":
target_host = input("Enter the target host IP address: ")
security_scan(target_host)
功能说明
端口扫描:
-
使用
socket模块扫描常见的端口(如 21, 22, 23, 25, 80, 443, 3306, 8080)。 -
如果端口开放,将其加入
open_ports列表。
弱密码检测:
-
使用
paramiko模块尝试登录 SSH 服务。 -
使用
ftplib模块尝试登录 FTP 服务。 -
如果发现弱密码,打印相关信息。
检查常见漏洞:发起 HTTP 请求,检查响应头中的 X-Powered-By 字段,可能暴露后端技术栈(如 PHP 版本等)。
使用方法
将上述代码保存为一个 .py 文件。
确保安装了所需的库(paramiko, ftplib, requests),可以通过以下命令安装:
pip install paramiko requests
运行脚本后,输入目标主机的 IP 地址。
注意事项
-
合法性:在扫描目标主机之前,请确保您有权进行扫描,未经授权的扫描可能违反法律法规。
-
性能:端口扫描和弱密码检测可能会对目标主机造成一定的负载,建议在测试环境中使用。
-
扩展性:可以根据需要扩展工具的功能,例如添加更多的漏洞检测、支持更多的服务类型等。
视频讲解
BiliBili: 视睿网络-哔哩哔哩视频 (bilibili.com)