def mysq1(ip, port): try: d = open('conf/mysql.conf', 'r') data = d.readline().strip('\r\n') while (data): username = data.split(':')[0] password = data.split(':')[1] flag = mysql_connect(ip, username, password, port) if flag == 2: break if flag == 1: lock.acquire() printGreen( "%s mysql at %s has weaken password!!-------%s:%s\r\n" % (ip, port, username, password)) result.append( "%s mysql at %s has weaken password!!-------%s:%s\r\n" % (ip, port, username, password)) lock.release() break data = d.readline().strip('\r\n') except Exception, e: print e pass
def rsync_creak(ip,port): try: d=open('conf/rsync.conf','r') data=d.readline().strip('\r\n') while(data): username=data.split(':')[0] password=data.split(':')[1] flag=rsync_connect(ip,username,password,port) if flag==3: lock.acquire() printRed("fail!!bacaues can't find any module\r\n") lock.release() break if flag==2: lock.acquire() printRed("fail!!bacaues modulename is error\r\n") lock.release() break if flag==1: lock.acquire() printGreen("%s rsync at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) result.append("%s rsync at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) lock.release() break else: lock.acquire() print "%s rsync service 's %s:%s login fail " %(ip,username,password) lock.release() data=d.readline().strip('\r\n') except Exception,e: print e
def vnc_l(self, ip, port): try: for data in self.lines: flag = self.vnc_connect(ip=ip, port=port, password=data) if flag == 2: self.lock.acquire() print "%s vnc at %s not allow connect now because of too many security failure" % ( ip, port) self.lock.release() break if flag == 1: self.lock.acquire() printGreen( "%s vnc at %s has weaken password!!-----%s\r\n" % (ip, port, data)) self.result.append( "%s vnc at %s has weaken password!!-----%s\r\n" % (ip, port, data)) self.lock.release() break else: self.lock.acquire() print "login %s vnc service with %s fail " % (ip, data) self.lock.release() except Exception, e: pass
def vnc_l(ip,port): try: d=open('conf/vnc.conf','r') data=d.readline().strip('\r\n') while(data): flag=vnc_connect(ip=ip,port=port,password=data) if flag==2: lock.acquire() print "%s vnc at %s not allow connect now because of too many security failure" %(ip,port) lock.release() break if flag==1: lock.acquire() printGreen("%s vnc at %s has weaken password!!-----%s\r\n" %(ip,port,data)) result.append("%s vnc at %s has weaken password!!-----%s\r\n" %(ip,port,data)) lock.release() break else: lock.acquire() print "login %s vnc service with %s fail " %(ip,data) lock.release() data=d.readline().strip('\r\n') except Exception,e: print e pass
def tomcat_connect(ip,port,username,password): try: url='http://'+ip+':'+str(port) url_get=url+'/manager/html' creak=0 r=requests.get(url_get,timeout=8) if r.status_code==401: header={} login_pass=username+':'+password header['Authorization']='Basic '+base64.encodestring(login_pass) r=requests.get(url_get,headers=header,timeout=8) if r.status_code==200: result.append("%s tomcat service at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) lock.acquire() printGreen("%s tomcat service at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) lock.release() creak=1 else: lock.acquire() print "%s tomcat service 's %s:%s login fail " %(ip,username,password) lock.release() else: lock.acquire() print 'not find tomcat login page!' lock.release() creak=2 except Exception,e: print e pass
def weblogin(self, url, ip, port, username, password): try: creak = 0 header = {} login_pass = username + ':' + password header['Authorization'] = 'Basic ' + base64.encodestring( login_pass) #header base64.encodestring 会多加一个回车号 header['Authorization'] = header['Authorization'].replace("\n", "") r = requests.get(url, headers=header, timeout=8) if r.status_code == 200: self.result.append( "%s service at %s has weaken password!!-------%s:%s\r\n" % (ip, port, username, password)) self.lock.acquire() printGreen( "%s service at %s has weaken password!!-------%s:%s\r\n" % (ip, port, username, password)) self.lock.release() creak = 1 else: self.lock.acquire() print "%s service 's %s:%s login fail " % (ip, username, password) self.lock.release() except Exception, e: pass
def vnc_l(ip, port): try: d = open('conf/vnc.conf', 'r') data = d.readline().strip('\r\n') while (data): flag = vnc_connect(ip=ip, port=port, password=data) if flag == 2: lock.acquire() print "%s vnc at %s not allow connect now because of too many security failure" % ( ip, port) lock.release() break if flag == 1: lock.acquire() printGreen("%s vnc at %s has weaken password!!-----%s\r\n" % (ip, port, data)) result.append( "%s vnc at %s has weaken password!!-----%s\r\n" % (ip, port, data)) lock.release() break else: lock.acquire() print "login %s vnc service with %s fail " % (ip, data) lock.release() data = d.readline().strip('\r\n') except Exception, e: print e pass
def postgreS(ip, port): try: d = open('conf/postgres.conf', 'r') data = d.readline().strip('\r\n') while (data): username = data.split(':')[0] password = data.split(':')[1] flag = postgres_connect(ip, username, password, port) time.sleep(0.1) if flag == 3: break if flag == 1: lock.acquire() printGreen( "%s postgres at %s has weaken password!!-------%s:%s\r\n" % (ip, port, username, password)) result.append( "%s postgres at %s has weaken password!!-------%s:%s\r\n" % (ip, port, username, password)) lock.release() break data = d.readline().strip('\r\n') except Exception, e: print e pass
def rsync_connect(self,ip,port): creak=0 try: ver=self.get_ver(ip)# get rsync moudle fp = socket.create_connection((ip, port), timeout=8) fp.recv(99) fp.sendall(ver.strip('\r\n')+'\n') time.sleep(3) fp.sendall('\n') resp = fp.recv(99) modules = [] for line in resp.split('\n'): #print line modulename = line[:line.find(' ')] if modulename: if modulename !='@RSYNCD:': self.lock.acquire() printGreen("%s rsync at %s find a module:%s\r\n" %(ip,port,modulename)) self.result.append("%s rsync at %s find a module:%s\r\n" %(ip,port,modulename)) #print "find %s module in %s at %s" %(modulename,ip,port) self.lock.release() modules.append(modulename) except Exception,e: print e pass
def ldap_creak(self, ip, port): try: for data in self.lines: username = data.split(':')[0] password = data.split(':')[1] flag = self.ldap_connect(ip, username, password, port) if flag == 2: self.lock.acquire() printGreen("%s ldap at %s can't connect\r\n" % (ip, port)) self.lock.release() break if flag == 1: self.lock.acquire() printGreen( "%s ldap at %s has weaken password!!-------%s:%s\r\n" % (ip, port, username, password)) self.result.append( "%s ldap at %s has weaken password!!-------%s:%s\r\n" % (ip, port, username, password)) self.lock.release() break else: self.lock.acquire() print "%s ldap service 's %s:%s login fail " % ( ip, username, password) self.lock.release() except Exception, e: pass
def ldap_creak(ip,port): try: d=open('conf/ldapd.conf','r') data=d.readline().strip('\r\n') while(data): username=data.split(':')[0] password=data.split(':')[1] flag=ldap_connect(ip,username,password,port) if flag==2: lock.acquire() printGreen("%s ldap at %s can't connect\r\n" %(ip,port)) lock.release() break if flag==1: lock.acquire() printGreen("%s ldap at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) result.append("%s ldap at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) lock.release() break else: lock.acquire() print "%s ldap service 's %s:%s login fail " %(ip,username,password) lock.release() data=d.readline().strip('\r\n') except Exception,e: print e pass
def rsync_connect(self, ip, port): creak = 0 try: ver = self.get_ver(ip) # get rsync moudle fp = socket.create_connection((ip, port), timeout=8) fp.recv(99) fp.sendall(ver.strip('\r\n') + '\n') time.sleep(3) fp.sendall('\n') resp = fp.recv(99) modules = [] for line in resp.split('\n'): #print line modulename = line[:line.find(' ')] if modulename: if modulename != '@RSYNCD:': self.lock.acquire() printGreen("%s rsync at %s find a module:%s\r\n" % (ip, port, modulename)) self.result.append( "%s rsync at %s find a module:%s\r\n" % (ip, port, modulename)) #print "find %s module in %s at %s" %(modulename,ip,port) self.lock.release() modules.append(modulename) except Exception, e: print e pass
def rsync_creak(self,ip,port): try: for data in self.lines: username=data.split(':')[0] password=data.split(':')[1] flag=self.rsync_connect(ip,username,password,port) if flag==3: self.lock.acquire() printRed("fail!!bacaues can't find any module\r\n") self.lock.release() break if flag==2: self.lock.acquire() printRed("fail!!bacaues modulename is error\r\n") self.lock.release() break if flag==1: self.lock.acquire() printGreen("%s rsync at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) self.result.append("%s rsync at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) self.lock.release() break else: self.lock.acquire() print "%s rsync service 's %s:%s login fail " %(ip,username,password) self.lock.release() except Exception,e: print e
def check(ip, port): try: current = MS08_067(ip) msg = current.run() if msg == 'VULNERABLE': lock.acquire() printGreen("%s has ms_08_067 VULNERABLE\r\n" % ip) lock.release() result.append("%s has ms_08_067 VULNERABLE\r\n" % ip) else: print '%s ms_08_067 is not VULNERABLE' % ip except Exception, e: pass
def redisexp(self): while True: ip,port=self.sp.get() try: r=redis.Redis(host=ip,port=port,db=0,socket_timeout=8) r.dbsize() self.lock.acquire() printGreen('%s redis service at %s allow login Anonymous login!!\r\n' %(ip,port)) self.result.append('%s redis service at %s allow login Anonymous login!!\r\n' %(ip,port)) self.lock.release() except Exception,e: pass self.sp.task_done()
def smb_l(self,ip,port): try: for data in self.lines: username=data.split(':')[0] password=data.split(':')[1] if self.smb_connect(ip,username,password)==1: self.lock.acquire() printGreen("%s smb at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) self.result.append("%s smb at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) self.lock.release() break except Exception,e: pass
def check(ip,port): try: current = MS08_067(ip) msg=current.run() if msg=='VULNERABLE': lock.acquire() printGreen("%s has ms_08_067 VULNERABLE\r\n" %ip) lock.release() result.append("%s has ms_08_067 VULNERABLE\r\n" %ip) else: print '%s ms_08_067 is not VULNERABLE' %ip except Exception,e: pass
def webmain(self,ip,port): #iis_put vlun scann try: url='http://'+ip+':'+str(port)+'/'+str(time.time())+'.txt' r = requests.put(url,data='hi~',timeout=10) if r.status_code==201: self.lock.acquire() printGreen('%s has iis_put vlun at %s\r\n' %(ip,port)) self.lock.release() self.result.append('%s has iis_put vlun at %s\r\n' %(ip,port)) except Exception,e: #print e pass
def ftp_l(self,ip,port): try: for data in self.lines: username=data.split(':')[0] password=data.split(':')[1] if self.ftp_connect(ip,username,password,port)==1: self.lock.acquire() printGreen("%s ftp at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) self.result.append("%s ftp at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) self.lock.release() break except Exception,e: pass
def iis_put_scanner(ip, port): #iis_put vlun scann try: url = 'http://' + ip + ':' + str(port) + '/' + str( time.time()) + '.txt' r = requests.put(url, data='hi~', timeout=10) if r.status_code == 201: lock.acquire() printGreen('%s has iis_put vlun at %s\r\n' % (ip, port)) lock.release() result.append('%s has iis_put vlun at %s\r\n' % (ip, port)) except Exception, e: print e pass
def redisexp(): while True: ip,port=sp.get() try: r=redis.Redis(host=ip,port=port,db=0,socket_timeout=8) r.dbsize() lock.acquire() printGreen('%s redis service at %s allow login Anonymous login!!\r\n' %(ip,port)) result.append('%s redis service at %s allow login Anonymous login!!\r\n' %(ip,port)) lock.release() except Exception,e: print e pass sp.task_done()
def mssq1(self,ip,port): try: for data in self.lines: username=data.split(':')[0] password=data.split(':')[1] flag=mssql_connect(ip,username,password,port) if flag==2: break if flag==1: self.lock.acquire() printGreen("%s mssql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) self.result.append("%s mssql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) self.lock.release() break except Exception,e: pass
def snmp_l(self,ip,port): try: for data in self.lines: flag=self.snmp_connect(ip,key=data) if flag==1: self.lock.acquire() printGreen("%s snmp has weaken password!!-----%s\r\n" %(ip,data)) self.result.append("%s snmp has weaken password!!-----%s\r\n" %(ip,data)) self.lock.release() break else: self.lock.acquire() print "test %s snmp's scan fail" %(ip) self.lock.release() except Exception,e: pass
def mssq1(self,ip,port): try: for data in self.lines: username=data.split(':')[0] password=data.split(':')[1] flag=self.mssql_connect(ip,username,password,port) if flag==2: break if flag==1: self.lock.acquire() printGreen("%s mssql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) self.result.append("%s mssql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) self.lock.release() break except Exception,e: pass
def ftp_l(ip,port): try: d=open('conf/ftp.conf','r') data=d.readline().strip('\r\n') while(data): username=data.split(':')[0] password=data.split(':')[1] if ftp_connect(ip,username,password,port)==1: lock.acquire() printGreen("%s ftp at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) result.append("%s ftp at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) lock.release() break data=d.readline().strip('\r\n') except Exception,e: print e pass
def smb_l(ip,port): try: d=open('conf/smb.conf','r') data=d.readline().strip('\r\n') while(data): username=data.split(':')[0] password=data.split(':')[1] if smb_connect(ip,username,password)==1: lock.acquire() printGreen("%s smb at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) result.append("%s smb at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) lock.release() break data=d.readline().strip('\r\n') except Exception,e: print e pass
def pop3_Connection(ip,username,password,port): try: pp = poplib.POP3(ip) #pp.set_debuglevel(1) pp.user(username) pp.pass_(password) (mailCount,size) = pp.stat() pp.quit() if mailCount: lock.acquire() printGreen("%s pop3 at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) result.append("%s pop3 at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) lock.release() except Exception,e: #print e lock.acquire() print "%s pop3 service 's %s:%s login fail " %(ip,username,password) lock.release() pass
def pop3_Connection(ip,username,password,port): try: pp = poplib.POP3(ip) #pp.set_debuglevel(1) pp.user(username) pp.pass_(password) (mailCount,size) = pp.stat() pp.quit() if mailCount: lock.acquire() printGreen("%s pop3 at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) result.append("%s pop3 at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) lock.release() except Exception,e: print e lock.acquire() print "%s pop3 service 's %s:%s login fail " %(ip,username,password) lock.release() pass
def snmp_l(self, ip, port): try: for data in self.lines: flag = self.snmp_connect(ip, key=data) if flag == 1: self.lock.acquire() printGreen("%s snmp has weaken password!!-----%s\r\n" % (ip, data)) self.result.append( "%s snmp has weaken password!!-----%s\r\n" % (ip, data)) self.lock.release() break else: self.lock.acquire() print "test %s snmp's scan fail" % (ip) self.lock.release() except Exception, e: pass
def snmp_l(ip,port): try: d=open('conf/snmp.conf','r') data=d.readline().strip('\r\n') while(data): flag=snmp_connect(ip,key=data) if flag==1: lock.acquire() printGreen("%s snmp has weaken password!!-----%s\r\n" %(ip,data)) result.append("%s snmp has weaken password!!-----%s\r\n" %(ip,data)) lock.release() break else: lock.acquire() print "test %s snmp's scan fail" %(ip) lock.release() data=d.readline().strip('\r\n') except Exception,e: print e pass
def mongoDB(ip, port): try: d = open("conf/mongodb.conf", "r") data = d.readline().strip("\r\n") while data: username = data.split(":")[0] password = data.split(":")[1] flag = mongoDB_connect(ip, username, password, port) if flag in [1, 4]: break if flag == 2: lock.acquire() printGreen("%s mongoDB at %s has weaken password!!-------%s:%s\r\n" % (ip, port, username, password)) result.append("%s mongoDB at %s has weaken password!!-------%s:%s\r\n" % (ip, port, username, password)) lock.release() break data = d.readline().strip("\r\n") except Exception, e: print e pass
def weblogin(self,url,ip,port,username,password): try: creak=0 header={} login_pass=username+':'+password header['Authorization']='Basic '+base64.encodestring(login_pass) #header base64.encodestring 会多加一个回车号 header['Authorization']=header['Authorization'].replace("\n","") r=requests.get(url,headers=header,timeout=8) if r.status_code==200: self.result.append("%s service at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) self.lock.acquire() printGreen("%s service at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) self.lock.release() creak=1 else: self.lock.acquire() print "%s service 's %s:%s login fail " %(ip,username,password) self.lock.release() except Exception,e: pass
def vnc_l(self,ip,port): try: for data in self.lines: flag=self.vnc_connect(ip=ip,port=port,password=data) if flag==2: self.lock.acquire() print "%s vnc at %s not allow connect now because of too many security failure" %(ip,port) self.lock.release() break if flag==1: self.lock.acquire() printGreen("%s vnc at %s has weaken password!!-----%s\r\n" %(ip,port,data)) self.result.append("%s vnc at %s has weaken password!!-----%s\r\n" %(ip,port,data)) self.lock.release() break else: self.lock.acquire() print "login %s vnc service with %s fail " %(ip,data) self.lock.release() except Exception,e: pass
def postgreS(ip,port): try: d=open('conf/postgres.conf','r') data=d.readline().strip('\r\n') while(data): username=data.split(':')[0] password=data.split(':')[1] flag=postgres_connect(ip,username,password,port) time.sleep(0.1) if flag==3: break if flag==1: lock.acquire() printGreen("%s postgres at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) result.append("%s postgres at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) lock.release() break data=d.readline().strip('\r\n') except Exception,e: print e pass
def ldap_creak(self,ip,port): try: for data in self.lines: username=data.split(':')[0] password=data.split(':')[1] flag=self.ldap_connect(ip,username,password,port) if flag==2: self.lock.acquire() printGreen("%s ldap at %s can't connect\r\n" %(ip,port)) self.lock.release() break if flag==1: self.lock.acquire() printGreen("%s ldap at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) self.result.append("%s ldap at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password)) self.lock.release() break else: self.lock.acquire() print "%s ldap service 's %s:%s login fail " %(ip,username,password) self.lock.release() except Exception,e: pass
def rsync_creak(self, ip, port): try: for data in self.lines: username = data.split(':')[0] password = data.split(':')[1] flag = self.rsync_connect(ip, username, password, port) if flag == 3: self.lock.acquire() printRed("fail!!bacaues can't find any module\r\n") self.lock.release() break if flag == 2: self.lock.acquire() printRed("fail!!bacaues modulename is error\r\n") self.lock.release() break if flag == 1: self.lock.acquire() printGreen( "%s rsync at %s has weaken password!!-------%s:%s\r\n" % (ip, port, username, password)) self.result.append( "%s rsync at %s has weaken password!!-------%s:%s\r\n" % (ip, port, username, password)) self.lock.release() break else: self.lock.acquire() print "%s rsync service 's %s:%s login fail " % ( ip, username, password) self.lock.release() except Exception, e: print e
result.append('\n') except Exception,e: print e pass #sturt2 test try: for l in url200: if l.find('.action')>0: re2=RunTests(l) if re2 == 1: lock.acquire() printGreen('%s has sturt2 vlun\r\n' %l) lock.release() result.append('%s has sturt2 vlun\r\n' %l) break except Exception,e: print e pass #破壳 test try: for l in url200: if l.find('.cgi')>0: r=poke_test(l) if r==1: lock.acquire()
result.append('%s is exist\r' % url) r.close() data = d.readline().strip('\r\n') result.append('\n') except Exception, e: print e pass #sturt2 test try: for l in url200: if l.find('.action') > 0: re2 = RunTests(l) if re2 == 1: lock.acquire() printGreen('%s has sturt2 vlun\r\n' % l) lock.release() result.append('%s has sturt2 vlun\r\n' % l) break except Exception, e: print e pass #破壳 test try: for l in url200: if l.find('.cgi') > 0: r = poke_test(l) if r == 1: lock.acquire() printGreen('%s has poke vlun\r\n' % l)