import sys
import socket
import getopt
import threading
import subprocess
# 定义全局变量
listen = False
command = False
upload = False
execute = ""
target = ""
port = 0
def usage():
print("Python NetCat\n")
print("Usage: nc.py -t [target_host] -p [target_port]")
print("-l --listen ")
print("-c --command")
print("-h --help")
print("Examples: ")
print("nc.py -t 127.0.0.1 -p 5555 -l -c")
print("nc.py -t 127.0.0.1 -p 5555 ")
sys.exit(0)
def main():
# global关键字(内部作用域想要对外部作用域的变量进行修改)
global listen
global command
global upload
global execute
global target
global port
# 判断是否有接收到外部传参
if not len(sys.argv[1:]):
usage()
try:
opts, args = getopt.getopt(sys.argv[1:], 'hle:t:p:c',
["help", "listen", "execute", "target", "port", "command"])
except getopt.GetoptError as a:
usage()
for o, a in opts:
if o in ('-h', '--help'):
usage()
elif o in ('-l', '--listen'):
listen = True
elif o in ('-e', '--execute'):
execute = a
elif o in ('-t', '--target'):
target = a
elif o in ('-p', '--port'):
port = int(a)
elif o in ('-c', '--command'):
command = True
else:
assert False, "Unhandled Options"
if not listen and len(target) and port > 0:
# 接收命令行中输入的数据
buffer = sys.stdin.readline()
client_sender(buffer)
if listen:
server_loop()
def client_sender(buffer):
# 建立socket连接
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.connect((target, port))
# 发送需要执行的命令参数
client.send(buffer.encode('utf-8'))
# 等待数据回传
while True:
recv_len = 1
response = b""
while recv_len:
# 循环接收命令执行结果
data = client.recv(4096)
recv_len = len(data)
response += data
if recv_len < 4096:
break
print(response.decode('gbk'))
# 循环等待用户输入,并将输入的数据传输给服务端
buffer = sys.stdin.readline()
client.send(buffer.encode('utf-8'))
def server_loop():
global target
if not len(target):
target = "0.0.0.0"
# 启动监听
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server.bind((target, port))
# 设置最大连接数
server.listen(5)
while True:
# 采用多线程的方式接收socket连接
client_socket, addr = server.accept()
client_thread = threading.Thread(target=client_handler, args=(client_socket,))
client_thread.start()
def run_command(command):
# 这里是命令执行模块
# 由于socket传输过来的数据是bytes ,需要我们进行一次转码,在执行命令
command = command.decode('utf-8')
command = command.rstrip()
print("[*] 开始执行命令" + command)
# 对命令进行空值判断
if len(command):
try:
output = subprocess.check_output(command, stderr=subprocess.STDOUT, shell=True)
except:
output = b"[-] Faild to execute command. \r\n"
return output
else:
output = b"[-] Faild to execute command. \r\n"
return output
def client_handler(client_socket):
global execute
global command
if command:
# 接收客户端传输过来的数据,并将数据传递给命令执行模块进行执行
cmd_buffer = client_socket.recv(1024)
output = run_command(cmd_buffer)
client_socket.send(output)
while True:
cmd_buffer = client_socket.recv(1024)
output = run_command(cmd_buffer)
client_socket.send(output)
if __name__ == '__main__':
main()
开启监听
连接目标机
