def mysq1(ip, port):
try:
d = open('conf/mysql.conf', 'r')
data = d.readline().strip('\r\n')
while (data):
username = data.split(':')[0]
password = data.split(':')[1]
flag = mysql_connect(ip, username, password, port)
if flag == 2:
break
if flag == 1:
lock.acquire()
printGreen(
"%s mysql at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, password))
result.append(
"%s mysql at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, password))
lock.release()
break
data = d.readline().strip('\r\n')
except Exception, e:
print e
pass
def rsync_creak(ip,port):
try:
d=open('conf/rsync.conf','r')
data=d.readline().strip('\r\n')
while(data):
username=data.split(':')[0]
password=data.split(':')[1]
flag=rsync_connect(ip,username,password,port)
if flag==3:
lock.acquire()
printRed("fail!!bacaues can't find any module\r\n")
lock.release()
break
if flag==2:
lock.acquire()
printRed("fail!!bacaues modulename is error\r\n")
lock.release()
break
if flag==1:
lock.acquire()
printGreen("%s rsync at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
result.append("%s rsync at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
lock.release()
break
else:
lock.acquire()
print "%s rsync service 's %s:%s login fail " %(ip,username,password)
lock.release()
data=d.readline().strip('\r\n')
except Exception,e:
print e
def vnc_l(self, ip, port):
try:
for data in self.lines:
flag = self.vnc_connect(ip=ip, port=port, password=data)
if flag == 2:
self.lock.acquire()
print "%s vnc at %s not allow connect now because of too many security failure" % (
ip, port)
self.lock.release()
break
if flag == 1:
self.lock.acquire()
printGreen(
"%s vnc at %s has weaken password!!-----%s\r\n" %
(ip, port, data))
self.result.append(
"%s vnc at %s has weaken password!!-----%s\r\n" %
(ip, port, data))
self.lock.release()
break
else:
self.lock.acquire()
print "login %s vnc service with %s fail " % (ip, data)
self.lock.release()
except Exception, e:
pass
def vnc_l(ip,port):
try:
d=open('conf/vnc.conf','r')
data=d.readline().strip('\r\n')
while(data):
flag=vnc_connect(ip=ip,port=port,password=data)
if flag==2:
lock.acquire()
print "%s vnc at %s not allow connect now because of too many security failure" %(ip,port)
lock.release()
break
if flag==1:
lock.acquire()
printGreen("%s vnc at %s has weaken password!!-----%s\r\n" %(ip,port,data))
result.append("%s vnc at %s has weaken password!!-----%s\r\n" %(ip,port,data))
lock.release()
break
else:
lock.acquire()
print "login %s vnc service with %s fail " %(ip,data)
lock.release()
data=d.readline().strip('\r\n')
except Exception,e:
print e
pass
def tomcat_connect(ip,port,username,password):
try:
url='http://'+ip+':'+str(port)
url_get=url+'/manager/html'
creak=0
r=requests.get(url_get,timeout=8)
if r.status_code==401:
header={}
login_pass=username+':'+password
header['Authorization']='Basic '+base64.encodestring(login_pass)
r=requests.get(url_get,headers=header,timeout=8)
if r.status_code==200:
result.append("%s tomcat service at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
lock.acquire()
printGreen("%s tomcat service at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
lock.release()
creak=1
else:
lock.acquire()
print "%s tomcat service 's %s:%s login fail " %(ip,username,password)
lock.release()
else:
lock.acquire()
print 'not find tomcat login page!'
lock.release()
creak=2
except Exception,e:
print e
pass
def weblogin(self, url, ip, port, username, password):
try:
creak = 0
header = {}
login_pass = username + ':' + password
header['Authorization'] = 'Basic ' + base64.encodestring(
login_pass)
#header base64.encodestring 会多加一个回车号
header['Authorization'] = header['Authorization'].replace("\n", "")
r = requests.get(url, headers=header, timeout=8)
if r.status_code == 200:
self.result.append(
"%s service at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, password))
self.lock.acquire()
printGreen(
"%s service at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, password))
self.lock.release()
creak = 1
else:
self.lock.acquire()
print "%s service 's %s:%s login fail " % (ip, username,
password)
self.lock.release()
except Exception, e:
pass
def vnc_l(ip, port):
try:
d = open('conf/vnc.conf', 'r')
data = d.readline().strip('\r\n')
while (data):
flag = vnc_connect(ip=ip, port=port, password=data)
if flag == 2:
lock.acquire()
print "%s vnc at %s not allow connect now because of too many security failure" % (
ip, port)
lock.release()
break
if flag == 1:
lock.acquire()
printGreen("%s vnc at %s has weaken password!!-----%s\r\n" %
(ip, port, data))
result.append(
"%s vnc at %s has weaken password!!-----%s\r\n" %
(ip, port, data))
lock.release()
break
else:
lock.acquire()
print "login %s vnc service with %s fail " % (ip, data)
lock.release()
data = d.readline().strip('\r\n')
except Exception, e:
print e
pass
def postgreS(ip, port):
try:
d = open('conf/postgres.conf', 'r')
data = d.readline().strip('\r\n')
while (data):
username = data.split(':')[0]
password = data.split(':')[1]
flag = postgres_connect(ip, username, password, port)
time.sleep(0.1)
if flag == 3:
break
if flag == 1:
lock.acquire()
printGreen(
"%s postgres at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, password))
result.append(
"%s postgres at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, password))
lock.release()
break
data = d.readline().strip('\r\n')
except Exception, e:
print e
pass
def rsync_connect(self,ip,port):
creak=0
try:
ver=self.get_ver(ip)# get rsync moudle
fp = socket.create_connection((ip, port), timeout=8)
fp.recv(99)
fp.sendall(ver.strip('\r\n')+'\n')
time.sleep(3)
fp.sendall('\n')
resp = fp.recv(99)
modules = []
for line in resp.split('\n'):
#print line
modulename = line[:line.find(' ')]
if modulename:
if modulename !='@RSYNCD:':
self.lock.acquire()
printGreen("%s rsync at %s find a module:%s\r\n" %(ip,port,modulename))
self.result.append("%s rsync at %s find a module:%s\r\n" %(ip,port,modulename))
#print "find %s module in %s at %s" %(modulename,ip,port)
self.lock.release()
modules.append(modulename)
except Exception,e:
print e
pass
def ldap_creak(self, ip, port):
try:
for data in self.lines:
username = data.split(':')[0]
password = data.split(':')[1]
flag = self.ldap_connect(ip, username, password, port)
if flag == 2:
self.lock.acquire()
printGreen("%s ldap at %s can't connect\r\n" % (ip, port))
self.lock.release()
break
if flag == 1:
self.lock.acquire()
printGreen(
"%s ldap at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, password))
self.result.append(
"%s ldap at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, password))
self.lock.release()
break
else:
self.lock.acquire()
print "%s ldap service 's %s:%s login fail " % (
ip, username, password)
self.lock.release()
except Exception, e:
pass
def ldap_creak(ip,port):
try:
d=open('conf/ldapd.conf','r')
data=d.readline().strip('\r\n')
while(data):
username=data.split(':')[0]
password=data.split(':')[1]
flag=ldap_connect(ip,username,password,port)
if flag==2:
lock.acquire()
printGreen("%s ldap at %s can't connect\r\n" %(ip,port))
lock.release()
break
if flag==1:
lock.acquire()
printGreen("%s ldap at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
result.append("%s ldap at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
lock.release()
break
else:
lock.acquire()
print "%s ldap service 's %s:%s login fail " %(ip,username,password)
lock.release()
data=d.readline().strip('\r\n')
except Exception,e:
print e
pass
def rsync_connect(self, ip, port):
creak = 0
try:
ver = self.get_ver(ip) # get rsync moudle
fp = socket.create_connection((ip, port), timeout=8)
fp.recv(99)
fp.sendall(ver.strip('\r\n') + '\n')
time.sleep(3)
fp.sendall('\n')
resp = fp.recv(99)
modules = []
for line in resp.split('\n'):
#print line
modulename = line[:line.find(' ')]
if modulename:
if modulename != '@RSYNCD:':
self.lock.acquire()
printGreen("%s rsync at %s find a module:%s\r\n" %
(ip, port, modulename))
self.result.append(
"%s rsync at %s find a module:%s\r\n" %
(ip, port, modulename))
#print "find %s module in %s at %s" %(modulename,ip,port)
self.lock.release()
modules.append(modulename)
except Exception, e:
print e
pass
def rsync_creak(self,ip,port):
try:
for data in self.lines:
username=data.split(':')[0]
password=data.split(':')[1]
flag=self.rsync_connect(ip,username,password,port)
if flag==3:
self.lock.acquire()
printRed("fail!!bacaues can't find any module\r\n")
self.lock.release()
break
if flag==2:
self.lock.acquire()
printRed("fail!!bacaues modulename is error\r\n")
self.lock.release()
break
if flag==1:
self.lock.acquire()
printGreen("%s rsync at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.result.append("%s rsync at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.lock.release()
break
else:
self.lock.acquire()
print "%s rsync service 's %s:%s login fail " %(ip,username,password)
self.lock.release()
except Exception,e:
print e
def check(ip, port):
try:
current = MS08_067(ip)
msg = current.run()
if msg == 'VULNERABLE':
lock.acquire()
printGreen("%s has ms_08_067 VULNERABLE\r\n" % ip)
lock.release()
result.append("%s has ms_08_067 VULNERABLE\r\n" % ip)
else:
print '%s ms_08_067 is not VULNERABLE' % ip
except Exception, e:
pass
def redisexp(self):
while True:
ip,port=self.sp.get()
try:
r=redis.Redis(host=ip,port=port,db=0,socket_timeout=8)
r.dbsize()
self.lock.acquire()
printGreen('%s redis service at %s allow login Anonymous login!!\r\n' %(ip,port))
self.result.append('%s redis service at %s allow login Anonymous login!!\r\n' %(ip,port))
self.lock.release()
except Exception,e:
pass
self.sp.task_done()
def smb_l(self,ip,port):
try:
for data in self.lines:
username=data.split(':')[0]
password=data.split(':')[1]
if self.smb_connect(ip,username,password)==1:
self.lock.acquire()
printGreen("%s smb at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.result.append("%s smb at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.lock.release()
break
except Exception,e:
pass
def check(ip,port):
try:
current = MS08_067(ip)
msg=current.run()
if msg=='VULNERABLE':
lock.acquire()
printGreen("%s has ms_08_067 VULNERABLE\r\n" %ip)
lock.release()
result.append("%s has ms_08_067 VULNERABLE\r\n" %ip)
else:
print '%s ms_08_067 is not VULNERABLE' %ip
except Exception,e:
pass
def webmain(self,ip,port):
#iis_put vlun scann
try:
url='http://'+ip+':'+str(port)+'/'+str(time.time())+'.txt'
r = requests.put(url,data='hi~',timeout=10)
if r.status_code==201:
self.lock.acquire()
printGreen('%s has iis_put vlun at %s\r\n' %(ip,port))
self.lock.release()
self.result.append('%s has iis_put vlun at %s\r\n' %(ip,port))
except Exception,e:
#print e
pass
def ftp_l(self,ip,port):
try:
for data in self.lines:
username=data.split(':')[0]
password=data.split(':')[1]
if self.ftp_connect(ip,username,password,port)==1:
self.lock.acquire()
printGreen("%s ftp at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.result.append("%s ftp at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.lock.release()
break
except Exception,e:
pass
def iis_put_scanner(ip, port):
#iis_put vlun scann
try:
url = 'http://' + ip + ':' + str(port) + '/' + str(
time.time()) + '.txt'
r = requests.put(url, data='hi~', timeout=10)
if r.status_code == 201:
lock.acquire()
printGreen('%s has iis_put vlun at %s\r\n' % (ip, port))
lock.release()
result.append('%s has iis_put vlun at %s\r\n' % (ip, port))
except Exception, e:
print e
pass
def redisexp():
while True:
ip,port=sp.get()
try:
r=redis.Redis(host=ip,port=port,db=0,socket_timeout=8)
r.dbsize()
lock.acquire()
printGreen('%s redis service at %s allow login Anonymous login!!\r\n' %(ip,port))
result.append('%s redis service at %s allow login Anonymous login!!\r\n' %(ip,port))
lock.release()
except Exception,e:
print e
pass
sp.task_done()
def mssq1(self,ip,port):
try:
for data in self.lines:
username=data.split(':')[0]
password=data.split(':')[1]
flag=mssql_connect(ip,username,password,port)
if flag==2:
break
if flag==1:
self.lock.acquire()
printGreen("%s mssql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.result.append("%s mssql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.lock.release()
break
except Exception,e:
pass
def snmp_l(self,ip,port):
try:
for data in self.lines:
flag=self.snmp_connect(ip,key=data)
if flag==1:
self.lock.acquire()
printGreen("%s snmp has weaken password!!-----%s\r\n" %(ip,data))
self.result.append("%s snmp has weaken password!!-----%s\r\n" %(ip,data))
self.lock.release()
break
else:
self.lock.acquire()
print "test %s snmp's scan fail" %(ip)
self.lock.release()
except Exception,e:
pass
def mssq1(self,ip,port):
try:
for data in self.lines:
username=data.split(':')[0]
password=data.split(':')[1]
flag=self.mssql_connect(ip,username,password,port)
if flag==2:
break
if flag==1:
self.lock.acquire()
printGreen("%s mssql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.result.append("%s mssql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.lock.release()
break
except Exception,e:
pass
def ftp_l(ip,port):
try:
d=open('conf/ftp.conf','r')
data=d.readline().strip('\r\n')
while(data):
username=data.split(':')[0]
password=data.split(':')[1]
if ftp_connect(ip,username,password,port)==1:
lock.acquire()
printGreen("%s ftp at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
result.append("%s ftp at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
lock.release()
break
data=d.readline().strip('\r\n')
except Exception,e:
print e
pass
def smb_l(ip,port):
try:
d=open('conf/smb.conf','r')
data=d.readline().strip('\r\n')
while(data):
username=data.split(':')[0]
password=data.split(':')[1]
if smb_connect(ip,username,password)==1:
lock.acquire()
printGreen("%s smb at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
result.append("%s smb at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
lock.release()
break
data=d.readline().strip('\r\n')
except Exception,e:
print e
pass
def pop3_Connection(ip,username,password,port):
try:
pp = poplib.POP3(ip)
#pp.set_debuglevel(1)
pp.user(username)
pp.pass_(password)
(mailCount,size) = pp.stat()
pp.quit()
if mailCount:
lock.acquire()
printGreen("%s pop3 at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
result.append("%s pop3 at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
lock.release()
except Exception,e:
#print e
lock.acquire()
print "%s pop3 service 's %s:%s login fail " %(ip,username,password)
lock.release()
pass
def pop3_Connection(ip,username,password,port):
try:
pp = poplib.POP3(ip)
#pp.set_debuglevel(1)
pp.user(username)
pp.pass_(password)
(mailCount,size) = pp.stat()
pp.quit()
if mailCount:
lock.acquire()
printGreen("%s pop3 at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
result.append("%s pop3 at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
lock.release()
except Exception,e:
print e
lock.acquire()
print "%s pop3 service 's %s:%s login fail " %(ip,username,password)
lock.release()
pass
def snmp_l(self, ip, port):
try:
for data in self.lines:
flag = self.snmp_connect(ip, key=data)
if flag == 1:
self.lock.acquire()
printGreen("%s snmp has weaken password!!-----%s\r\n" %
(ip, data))
self.result.append(
"%s snmp has weaken password!!-----%s\r\n" %
(ip, data))
self.lock.release()
break
else:
self.lock.acquire()
print "test %s snmp's scan fail" % (ip)
self.lock.release()
except Exception, e:
pass
def snmp_l(ip,port):
try:
d=open('conf/snmp.conf','r')
data=d.readline().strip('\r\n')
while(data):
flag=snmp_connect(ip,key=data)
if flag==1:
lock.acquire()
printGreen("%s snmp has weaken password!!-----%s\r\n" %(ip,data))
result.append("%s snmp has weaken password!!-----%s\r\n" %(ip,data))
lock.release()
break
else:
lock.acquire()
print "test %s snmp's scan fail" %(ip)
lock.release()
data=d.readline().strip('\r\n')
except Exception,e:
print e
pass
def mongoDB(ip, port):
try:
d = open("conf/mongodb.conf", "r")
data = d.readline().strip("\r\n")
while data:
username = data.split(":")[0]
password = data.split(":")[1]
flag = mongoDB_connect(ip, username, password, port)
if flag in [1, 4]:
break
if flag == 2:
lock.acquire()
printGreen("%s mongoDB at %s has weaken password!!-------%s:%s\r\n" % (ip, port, username, password))
result.append("%s mongoDB at %s has weaken password!!-------%s:%s\r\n" % (ip, port, username, password))
lock.release()
break
data = d.readline().strip("\r\n")
except Exception, e:
print e
pass
def weblogin(self,url,ip,port,username,password):
try:
creak=0
header={}
login_pass=username+':'+password
header['Authorization']='Basic '+base64.encodestring(login_pass)
#header base64.encodestring 会多加一个回车号
header['Authorization']=header['Authorization'].replace("\n","")
r=requests.get(url,headers=header,timeout=8)
if r.status_code==200:
self.result.append("%s service at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.lock.acquire()
printGreen("%s service at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.lock.release()
creak=1
else:
self.lock.acquire()
print "%s service 's %s:%s login fail " %(ip,username,password)
self.lock.release()
except Exception,e:
pass
def vnc_l(self,ip,port):
try:
for data in self.lines:
flag=self.vnc_connect(ip=ip,port=port,password=data)
if flag==2:
self.lock.acquire()
print "%s vnc at %s not allow connect now because of too many security failure" %(ip,port)
self.lock.release()
break
if flag==1:
self.lock.acquire()
printGreen("%s vnc at %s has weaken password!!-----%s\r\n" %(ip,port,data))
self.result.append("%s vnc at %s has weaken password!!-----%s\r\n" %(ip,port,data))
self.lock.release()
break
else:
self.lock.acquire()
print "login %s vnc service with %s fail " %(ip,data)
self.lock.release()
except Exception,e:
pass
def postgreS(ip,port):
try:
d=open('conf/postgres.conf','r')
data=d.readline().strip('\r\n')
while(data):
username=data.split(':')[0]
password=data.split(':')[1]
flag=postgres_connect(ip,username,password,port)
time.sleep(0.1)
if flag==3:
break
if flag==1:
lock.acquire()
printGreen("%s postgres at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
result.append("%s postgres at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
lock.release()
break
data=d.readline().strip('\r\n')
except Exception,e:
print e
pass
def ldap_creak(self,ip,port):
try:
for data in self.lines:
username=data.split(':')[0]
password=data.split(':')[1]
flag=self.ldap_connect(ip,username,password,port)
if flag==2:
self.lock.acquire()
printGreen("%s ldap at %s can't connect\r\n" %(ip,port))
self.lock.release()
break
if flag==1:
self.lock.acquire()
printGreen("%s ldap at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.result.append("%s ldap at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.lock.release()
break
else:
self.lock.acquire()
print "%s ldap service 's %s:%s login fail " %(ip,username,password)
self.lock.release()
except Exception,e:
pass
def rsync_creak(self, ip, port):
try:
for data in self.lines:
username = data.split(':')[0]
password = data.split(':')[1]
flag = self.rsync_connect(ip, username, password, port)
if flag == 3:
self.lock.acquire()
printRed("fail!!bacaues can't find any module\r\n")
self.lock.release()
break
if flag == 2:
self.lock.acquire()
printRed("fail!!bacaues modulename is error\r\n")
self.lock.release()
break
if flag == 1:
self.lock.acquire()
printGreen(
"%s rsync at %s has weaken password!!-------%s:%s\r\n"
% (ip, port, username, password))
self.result.append(
"%s rsync at %s has weaken password!!-------%s:%s\r\n"
% (ip, port, username, password))
self.lock.release()
break
else:
self.lock.acquire()
print "%s rsync service 's %s:%s login fail " % (
ip, username, password)
self.lock.release()
except Exception, e:
print e
result.append('\n')
except Exception,e:
print e
pass
#sturt2 test
try:
for l in url200:
if l.find('.action')>0:
re2=RunTests(l)
if re2 == 1:
lock.acquire()
printGreen('%s has sturt2 vlun\r\n' %l)
lock.release()
result.append('%s has sturt2 vlun\r\n' %l)
break
except Exception,e:
print e
pass
#破壳 test
try:
for l in url200:
if l.find('.cgi')>0:
r=poke_test(l)
if r==1:
lock.acquire()
result.append('%s is exist\r' % url)
r.close()
data = d.readline().strip('\r\n')
result.append('\n')
except Exception, e:
print e
pass
#sturt2 test
try:
for l in url200:
if l.find('.action') > 0:
re2 = RunTests(l)
if re2 == 1:
lock.acquire()
printGreen('%s has sturt2 vlun\r\n' % l)
lock.release()
result.append('%s has sturt2 vlun\r\n' % l)
break
except Exception, e:
print e
pass
#破壳 test
try:
for l in url200:
if l.find('.cgi') > 0:
r = poke_test(l)
if r == 1:
lock.acquire()
printGreen('%s has poke vlun\r\n' % l)
