代码说明 写这个脚本的时候是为了可以自动批量上传webshell样本到后台的样本库中,方便后面的其他处理工作。
涉及知识点
poster模块
http代理
http auth认证
在把脚本放上博客之前就把涉及到后台的敏感url、表单、认证、代理做了模糊处理,防止信息泄露造成不必要的麻烦~
因为我自己在写的时候参考了部分网上代码,调试发现是错误的。所以把坑填平之后的代码放到博客来给有需要的朋友参考,少走弯路,欢迎交流。
调试错误例子:1 2 3 4 5 6 7 8 9 1. File "G:\myenv\Anaconda2\lib\urllib2.py", line 1136, in do_request_ 'Content-length', '%d' % len(data)) AttributeError: multipart_yielder instance has no attribute '__len__' 2. File "G:\myenv\Anaconda2\lib\ntpath.py", line 115, in splitdrive if len(p) > 1: TypeError: object of type 'file' has no len()
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 import urllib2import osimport sysimport posterfrom poster.encode import multipart_encode, MultipartParam reload(sys) sys.setdefaultencoding = 'utf-8' class QT_Webfile : def __init__ (self) : self.backurl = 'http://destination.com/xxoo/upload' self.loginHeaders = { 'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit' + '/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36' , 'Authorization' : 'Basic ZnVjayB1IG5vdGhpbmc=' , 'Cookie' : 'qt_random_auth=abcddddddddddddd' } def postFileRequest (self, name, filename) : additionalParams = { 'wbs_test[des]' : name, 'wbs_test[xx]' : 123 , 'wbs_test[active]' : 1 } items = [] for name, value in additionalParams.items(): items.append(MultipartParam(name, value)) items.append(MultipartParam.from_file("sample_file" , filename)) items.append(MultipartParam('wbs_test[id]' , '' )) datagen, headers = multipart_encode(items) header_new = [] for name, value in self.loginHeaders.items(): header_new.append((name, value)) for name, value in headers.items(): header_new.append((name, value)) opener = poster.streaminghttp.register_openers() proxy_handler = urllib2.ProxyHandler({'http' :'114.113.112.111:2233' }) opener.add_handler(proxy_handler) urllib2.install_opener(opener) wbs_req = urllib2.Request(self.backurl, datagen, dict(header_new)) wbs_rep = opener.open(wbs_req) print wbs_rep.read() def traverse_path (self) : """func travel path""" for root, dirs, files in os.walk("." , topdown=True ): for name in files: print name self.postFileRequest(name, os.path.join(root, name)) def main () : """main fuc""" Ss_Upload = QT_Webfile() Ss_Upload.traverse_path() if __name__ == '__main__' : main()
参考链接
玩Python之HTTP代理
http://www.cnblogs.com/jackyspy/p/6027385.html
poster模块MultipartParam
https://atlee.ca/software/poster/poster.encode.html#poster.encode.MultipartParam
Python中使用POST方式上传文件
http://zqpythonic.qiniucdn.com/data/20120615190732/index.html