def pinger():
global lock
while True:
global pinglist
ip = q.get()
if platform.system() == 'Linux':
p = Popen(['ping', '-c 2', ip], stdout=PIPE)
m = re.search('(\d)\sreceived', p.stdout.read())
try:
if m.group(1) != '0':
pinglist.append(ip)
lock.acquire()
printRed("%s is live!!\r\n" % ip)
lock.release()
except:
pass
if platform.system() == 'Windows':
p = Popen('ping -n 2 ' + ip, stdout=PIPE)
m = re.findall('TTL', p.stdout.read())
if m:
pinglist.append(ip)
lock.acquire()
printRed("%s is live!!\r\n" % ip)
lock.release()
q.task_done()
def pinger():
global lock
while True:
global pinglist
ip=q.get()
if platform.system()=='Linux':
p=Popen(['ping','-c 2',ip],stdout=PIPE)
m = re.search('(\d)\sreceived', p.stdout.read())
try:
if m.group(1)!='0':
pinglist.append(ip)
lock.acquire()
printRed("%s is live!!\r\n" % ip)
lock.release()
except:pass
if platform.system()=='Windows':
p=Popen('ping -n 2 ' + ip, stdout=PIPE)
m = re.findall('TTL', p.stdout.read())
if m:
pinglist.append(ip)
lock.acquire()
printRed("%s is live!!\r\n" % ip)
lock.release()
q.task_done()
def mysql():
while True:
ip,port=sp.get()
flag=0
usernames=file2list('mysql_user.txt')
passwords=file2list('mysql_pass.txt')
for username in usernames:
#test mysql is allow connect
try:
db=MySQLdb.connect(ip,username,password,port=port)
except Exception, e:
#print e
if e[0]==1130:
lock.acquire()
printRed("%s not allow to connect\r\n" %(ip))
lock.release()
break
if mysql_connect(ip,username,username,port)==1:
lock.acquire()
printGreen("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,username))
result.append("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,username))
lock.release()
break
if mysql_connect(ip,username,username+'123',port)==1:
lock.acquire()
printGreen("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,username+'123'))
result.append("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,username+'123'))
lock.release()
break
if mysql_connect(ip,username,username+'123456',port)==1:
lock.acquire()
printGreen("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,username+'123456'))
result.append("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,username+'123456'))
lock.release()
break
if mysql_connect(ip,username,'',port)==1:
lock.acquire()
printGreen("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,''))
result.append("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,''))
lock.release()
break
for password in passwords:
if mysql_connect(ip,username,password,port)==1:
lock.acquire()
printGreen("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
result.append("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
lock.release()
flag=1
break
if flag==1:
flag=0
break
sp.task_done()
def getips(ip):
try:
iplist=[]
ips=IP(ip)
for i in ips:
iplist.append(str(i))
return iplist
except:
printRed("[!] not a valid ip given. you should put ip like 192.168.1.0/24, 192.168.0.0/16")
exit()
def getips(ip):
try:
iplist=[]
ips=IP(ip)
for i in ips:
iplist.append(str(i))
return iplist
except:
printRed("[!] not a valid ip given. you should put ip like 192.168.1.0/24, 192.168.0.0/16")
exit()
def file2list(filename):
try:
list=[]
d=open(filename,'r')
data=d.readline().strip('\r\n')
while(data):
list.append(data)
data=d.readline().strip('\r\n')
except Exception,e:
if e[0]==2:
printRed("not such file:%s\r\n" %filename)
def file2list(filename):
try:
list = []
d = open(filename, 'r')
data = d.readline().strip('\r\n')
while (data):
list.append(data)
data = d.readline().strip('\r\n')
except Exception, e:
if e[0] == 2:
lock.acquire()
printRed("not such file:%s\r\n" % filename)
lock.release()
def mysql_connect(ip,username,password,port):
crack =0
try:
db=MySQLdb.connect(ip,username,password,port=port)
if db:
crack=1
except Exception, e:
if e[0]==1129:
lock.acquire()
printRed("%s has too many connect \r\n" %(ip))
lock.release()
if e[0]==1045:
lock.acquire()
print "%s mysql's %s:%s login fail " %(ip,username,password)
lock.release()
def getports(user_ports):
if user_posts == '':
ports = [
21, 22, 23, 80, 81, 443, 389, 445, 873, 1043, 1433, 1434, 1521,
2601, 2604, 3306, 3307, 3128, 3389, 4440, 4848, 5432, 5900, 5901,
5902, 5903, 6082, 6379, 7001, 7002, 8080, 8888, 8090, 8000, 8081,
8088, 8089, 9000, 9080, 9043, 9090, 9091, 9200, 11211, 22022,
22222, 27017, 28017, 50060
]
#21 -- ftp
#22 -- ssh
#23 --telnet
#389-ldap
#875--rsync
#2601,2604---zebra ---路由器
#3128 ----squid
#4440 rundeck---web
#4848 GlassFish--web
#6082 varnish
#6379 redic
#7001,7002 weblogic
#9000--fcgi --- fcig php执行
#9200--elasticsearch ---代码执行
#9043 --websphere
#11211 memcache --直接访问端口
#50060 hadoop--web
else:
try:
ports = []
if user_posts.find(",") > 0:
for port in user_posts.split(','):
ports.append(int(port))
elif user_posts.find("-") > 0:
startport = int(user_posts.split('-')[0])
endport = int(user_posts.split('-')[1])
for i in xrange(startport, endport + 1):
ports.append(i)
else:
ports.append(int(user_posts))
except:
printRed(
'[!] not a valid ports given. you should put ip like 22,80,1433 or 22-1000'
)
exit()
return ports
def scanports():
global signs, lock
while True:
ip, port = sp.get()
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
#定义超时时间 5秒
s.settimeout(5)
#判断端口的服务类型
service = 'Unknown'
try:
s.connect((ip, port))
except:
sp.task_done()
continue
try:
result = s.recv(256)
service = matchbanner(result, signs)
except:
for probe in PROBES:
try:
s.close()
sd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sd.settimeout(5)
sd.connect((ip, port))
sd.send(probe)
except:
continue
try:
result = sd.recv(256)
service = matchbanner(result, signs)
if service != 'Unknown':
break
except:
continue
if service not in ipdict:
ipdict[service] = []
ipdict[service].append(ip + ':' + str(port))
lock.acquire()
printRed("%s opening %s\r\n" % (ip, port))
lock.release()
else:
ipdict[service].append(ip + ':' + str(port))
lock.acquire()
printRed("%s opening %s\r\n" % (ip, port))
lock.release()
sp.task_done()
def scanports():
global signs,lock
while True:
ip,port=sp.get()
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
#定义超时时间 5秒
s.settimeout(5)
#判断端口的服务类型
service='Unknown'
try:
s.connect((ip,port))
except:
sp.task_done()
continue
try:
result = s.recv(256)
service=matchbanner(result,signs)
except:
for probe in PROBES:
try:
s.close()
sd=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sd.settimeout(5)
sd.connect((ip,port))
sd.send(probe)
except:
continue
try:
result=sd.recv(256)
service=matchbanner(result,signs)
if service!='Unknown':
break
except:
continue
if service not in ipdict:
ipdict[service]=[]
ipdict[service].append(ip+':'+str(port))
lock.acquire()
printRed("%s opening %s\r\n" %(ip,port))
lock.release()
else:
ipdict[service].append(ip+':'+str(port))
lock.acquire()
printRed("%s opening %s\r\n" %(ip,port))
lock.release()
sp.task_done()
def mysql_connect(ip, username, password, port):
crack = 0
try:
db = MySQLdb.connect(ip, username, password, port=port)
if db:
crack = 1
db.close()
except Exception, e:
if e[0] == 1129:
lock.acquire()
printRed("%s has too many connect \r\n" % (ip))
lock.release()
if e[0] == 1045:
lock.acquire()
print "%s mysql's %s:%s login fail " % (ip, username, password)
lock.release()
return crack
pass
def getips(ip):
if ip:
if re.findall('^\d+\.\d+\.\d+\.(.*)$', ip):
ips = []
ip_pre = ""
try:
for pre in ip.split('.')[0:3]:
ip_pre = ip_pre + pre + '.'
start=int(ip.split('.')[3].split('-')[0])
end=int(ip.split('.')[3].split('-')[1])
for i in range(start, end):
ips.append(ip_pre + str(i))
return ips
except:
printRed("[!] not a valid ip given. you should put ip like 192.168.1.1-253")
exit()
else:
printRed("[!] not a valid ip given. you should put ip like 192.168.1.1-253")
exit()
def getports(user_ports):
if user_posts=='':
ports=[21,22,23,80,81,443,389,445,873,1043,1433,1434,1521,2601,2604,3306,3307,3128,3389,4440,4848,5432,5900,5901,5902,5903,6082,6379,7001,7002,8080,8888,8090,8000,8081,8088,8089,9000,9080,9043,9090,9091,9200,11211,22022,22222,27017,28017,50060]
#21 -- ftp
#22 -- ssh
#23 --telnet
#389-ldap
#875--rsync
#2601,2604---zebra ---路由器
#3128 ----squid
#4440 rundeck---web
#4848 GlassFish--web
#6082 varnish
#6379 redic
#7001,7002 weblogic
#9000--fcgi --- fcig php执行
#9200--elasticsearch ---代码执行
#9043 --websphere
#11211 memcache --直接访问端口
#50060 hadoop--web
else:
try:
ports=[]
if user_posts.find(",")>0:
for port in user_posts.split(','):
ports.append(int(port))
elif user_posts.find("-")>0:
startport=int(user_posts.split('-')[0])
endport=int(user_posts.split('-')[1])
for i in xrange(startport,endport+1):
ports.append(i)
else:
ports.append(int(user_posts))
except :
printRed('[!] not a valid ports given. you should put ip like 22,80,1433 or 22-1000')
exit()
return ports
def __DoJob():
"""
函数主程序,主要对命令行参数进行判断并执行相关命令.
"""
# global OutUrls
OutUrls = []
for key in ArgsDict:
if Search_All_Status or type(ArgsDict['search_all']) is int: # ArgsDict['search_all'] and
SearchStr = ArgsDict['dork'][0]
SearchPages = ArgsDict['search_all']
print "[+]Use all search options."
printPink("[+]Search Keyword: %s,Search Pages: %s.(None is all)" %(SearchStr, str(SearchPages)))
for Searcher in __SearchersList:
printPink("\n[!]Searching at:%s" % str(Searcher))
Searcher = __SearchersList[Searcher](SearchStr,SearchPages)
Searcher.GetUrls()
OutUrls.extend(Searcher.Urls)
break
elif ArgsDict['search_all'] is None:
printRed("[-]--search-all cannot use with other search options.\n")
break
elif not (ArgsDict['search_all'] is None) and ArgsDict[key] is not False and key not in ['regex', 'search_all', 'dork','logfile']:
SearchPages = ArgsDict[key]
SearchStr = ArgsDict['dork'][0]
if SearchPages:
printPink("[+]Options:%s,Page's amounts: %d." % (key, SearchPages))
else:
printPink("[+]Options:%s,Page's amounts: all." %key)
Searcher = __SearchersList[key](SearchStr,SearchPages)
Searcher.GetUrls()
OutUrls.extend(Searcher.Urls)
elif not Search_All_Status and Search_None_Status: # not ArgsDict['search_all']
printRed('[-]Please specify a search term,or use --search-all to search with all search options.\n')
break
return OutUrls
def getips(ip):
if ip:
if re.findall('^\d+\.\d+\.\d+\.(.*)$', ip):
ips = []
ip_pre = ""
try:
for pre in ip.split('.')[0:3]:
ip_pre = ip_pre + pre + '.'
start = int(ip.split('.')[3].split('-')[0])
end = int(ip.split('.')[3].split('-')[1])
for i in range(start, end):
ips.append(ip_pre + str(i))
return ips
except:
printRed(
"[!] not a valid ip given. you should put ip like 192.168.1.1-253"
)
exit()
else:
printRed(
"[!] not a valid ip given. you should put ip like 192.168.1.1-253"
)
exit()
except Exception,e:
print e
pass
try:
#多线程 检测 tomcat 弱口令
result['http-tomcat']=tomcat_main(ipdict,threads)
for i in xrange(len(result['http-tomcat'])):
write_file(contents=result['http-tomcat'][i],file=file)
except Exception,e:
print e
pass
try:
#多线程 检测 web
result['web']=web_main(ipdict,threads)
for i in xrange(len(result['web'])):
write_file(contents=result['web'][i],file=file)
except Exception,e:
print e
pass
printRed("[*] all has done at %s\r\n" % time.ctime())
printRed("[*] all has done,it has Elapsed time:%s \r\n" % (time.time()-friststarttime))
printRed("I have put all you want into %s" % file)
def mysql():
while True:
ip, port = sp.get()
flag = 0
usernames = file2list('mysql_user.txt')
passwords = file2list('mysql_pass.txt')
for username in usernames:
#test mysql is allow connect
try:
db = MySQLdb.connect(ip, username, password, port=port)
except Exception, e:
#print e
if e[0] == 1130:
lock.acquire()
printRed("%s not allow to connect\r\n" % (ip))
lock.release()
break
if mysql_connect(ip, username, username, port) == 1:
lock.acquire()
printGreen(
"%s mysql at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, username))
result.append(
"%s mysql at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, username))
lock.release()
break
if mysql_connect(ip, username, username + '123', port) == 1:
lock.acquire()
printGreen(
"%s mysql at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, username + '123'))
result.append(
"%s mysql at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, username + '123'))
lock.release()
break
if mysql_connect(ip, username, username + '123456', port) == 1:
lock.acquire()
printGreen(
"%s mysql at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, username + '123456'))
result.append(
"%s mysql at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, username + '123456'))
lock.release()
break
if mysql_connect(ip, username, '', port) == 1:
lock.acquire()
printGreen(
"%s mysql at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, ''))
result.append(
"%s mysql at %s has weaken password!!-------%s:%s\r\n" %
(ip, port, username, ''))
lock.release()
break
for password in passwords:
if mysql_connect(ip, username, password, port) == 1:
lock.acquire()
printGreen(
"%s mysql at %s has weaken password!!-------%s:%s\r\n"
% (ip, port, username, password))
result.append(
"%s mysql at %s has weaken password!!-------%s:%s\r\n"
% (ip, port, username, password))
lock.release()
flag = 1
break
if flag == 1:
flag = 0
break
sp.task_done()
except Exception,e:
print e
pass
try:
#多线程 检测 tomcat 弱口令
result['http-tomcat']=tomcat_main(ipdict,threads)
for i in xrange(len(result['http-tomcat'])):
write_file(contents=result['http-tomcat'][i],file=file)
except Exception,e:
print e
pass
try:
#多线程 检测 web
result['web']=web_main(ipdict,threads)
for i in xrange(len(result['web'])):
write_file(contents=result['web'][i],file=file)
except Exception,e:
print e
pass
printRed("[*] all has done at %s\r\n" % time.ctime())
printRed("[*] all has done,it has Elapsed time:%s \r\n" % (time.time()-friststarttime))
printRed("I have put all you want into %s" % file)