import sys
import socket
import getopt
import threading
import subprocess

# 定义全局变量
listen = False
command = False
upload = False
execute = ""
target = ""
port = 0


def usage():
    print("Python NetCat\n")
    print("Usage: nc.py -t [target_host] -p [target_port]")
    print("-l --listen ")
    print("-c --command")
    print("-h --help")
    print("Examples: ")
    print("nc.py -t 127.0.0.1 -p 5555 -l -c")
    print("nc.py -t 127.0.0.1 -p 5555 ")
    sys.exit(0)


def main():
    # global关键字(内部作用域想要对外部作用域的变量进行修改)
    global listen
    global command
    global upload
    global execute
    global target
    global port
    # 判断是否有接收到外部传参
    if not len(sys.argv[1:]):
        usage()
    try:
        opts, args = getopt.getopt(sys.argv[1:], 'hle:t:p:c',
                                   ["help", "listen", "execute", "target", "port", "command"])
    except getopt.GetoptError as a:
        usage()

    for o, a in opts:
        if o in ('-h', '--help'):
            usage()
        elif o in ('-l', '--listen'):
            listen = True
        elif o in ('-e', '--execute'):
            execute = a
        elif o in ('-t', '--target'):
            target = a
        elif o in ('-p', '--port'):
            port = int(a)
        elif o in ('-c', '--command'):
            command = True
        else:
            assert False, "Unhandled Options"

    if not listen and len(target) and port > 0:
        # 接收命令行中输入的数据
        buffer = sys.stdin.readline()
        client_sender(buffer)
    if listen:
        server_loop()


def client_sender(buffer):
    # 建立socket连接
    client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    client.connect((target, port))
    # 发送需要执行的命令参数
    client.send(buffer.encode('utf-8'))
    # 等待数据回传
    while True:
        recv_len = 1
        response = b""
        while recv_len:
            # 循环接收命令执行结果
            data = client.recv(4096)
            recv_len = len(data)
            response += data
            if recv_len < 4096:
                break
        print(response.decode('gbk'))
        # 循环等待用户输入，并将输入的数据传输给服务端
        buffer = sys.stdin.readline()
        client.send(buffer.encode('utf-8'))


def server_loop():
    global target
    if not len(target):
        target = "0.0.0.0"
    # 启动监听
    server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    server.bind((target, port))
    # 设置最大连接数
    server.listen(5)
    while True:
        # 采用多线程的方式接收socket连接
        client_socket, addr = server.accept()
        client_thread = threading.Thread(target=client_handler, args=(client_socket,))
        client_thread.start()


def run_command(command):
    # 这里是命令执行模块
    # 由于socket传输过来的数据是bytes ,需要我们进行一次转码,在执行命令
    command = command.decode('utf-8')
    command = command.rstrip()
    print("[*] 开始执行命令" + command)
    # 对命令进行空值判断
    if len(command):
        try:
            output = subprocess.check_output(command, stderr=subprocess.STDOUT, shell=True)
        except:
            output = b"[-] Faild to execute command. \r\n"
        return output
    else:
        output = b"[-] Faild to execute command. \r\n"
        return output


def client_handler(client_socket):
    global execute
    global command
    if command:
        # 接收客户端传输过来的数据，并将数据传递给命令执行模块进行执行
        cmd_buffer = client_socket.recv(1024)
        output = run_command(cmd_buffer)
        client_socket.send(output)
        while True:
            cmd_buffer = client_socket.recv(1024)
            output = run_command(cmd_buffer)
            client_socket.send(output)


if __name__ == '__main__':
    main()

开启监听

连接目标机