def pinger():
    global lock

    while True:
        global pinglist
        ip = q.get()
        if platform.system() == 'Linux':
            p = Popen(['ping', '-c 2', ip], stdout=PIPE)
            m = re.search('(\d)\sreceived', p.stdout.read())
            try:
                if m.group(1) != '0':
                    pinglist.append(ip)
                    lock.acquire()
                    printRed("%s is live!!\r\n" % ip)
                    lock.release()
            except:
                pass

        if platform.system() == 'Windows':
            p = Popen('ping -n 2 ' + ip, stdout=PIPE)
            m = re.findall('TTL', p.stdout.read())
            if m:
                pinglist.append(ip)
                lock.acquire()
                printRed("%s is live!!\r\n" % ip)
                lock.release()
        q.task_done()
def pinger():
    global lock

    while True:
        global pinglist
        ip=q.get()
        if platform.system()=='Linux':
            p=Popen(['ping','-c 2',ip],stdout=PIPE)
            m = re.search('(\d)\sreceived', p.stdout.read())
            try:
                if m.group(1)!='0':
                    pinglist.append(ip)
                    lock.acquire()
                    printRed("%s is live!!\r\n" % ip)
                    lock.release()
            except:pass

        if platform.system()=='Windows':
            p=Popen('ping -n 2 ' + ip, stdout=PIPE)
            m = re.findall('TTL', p.stdout.read())
            if m:
                pinglist.append(ip)
                lock.acquire()
                printRed("%s is live!!\r\n" % ip)
                lock.release()
        q.task_done()
Exemple #3
0
def mysql():
    while True:
        ip,port=sp.get()
        flag=0
        usernames=file2list('mysql_user.txt')
        passwords=file2list('mysql_pass.txt')
        for username in usernames:
            #test mysql is allow connect
            try:
                db=MySQLdb.connect(ip,username,password,port=port)
            except Exception, e:
                #print e
                if e[0]==1130:
                    lock.acquire()
                    printRed("%s not allow to connect\r\n" %(ip))
                    lock.release()
                    break

            if mysql_connect(ip,username,username,port)==1:
                lock.acquire()
                printGreen("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,username))
                result.append("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,username))
                lock.release()
                break

            if mysql_connect(ip,username,username+'123',port)==1:
                lock.acquire()
                printGreen("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,username+'123'))
                result.append("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,username+'123'))
                lock.release()
                break

            if mysql_connect(ip,username,username+'123456',port)==1:
                lock.acquire()
                printGreen("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,username+'123456'))
                result.append("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,username+'123456'))
                lock.release()
                break
            if mysql_connect(ip,username,'',port)==1:
                lock.acquire()
                printGreen("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,''))
                result.append("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,''))
                lock.release()
                break

            for password in passwords:
                if mysql_connect(ip,username,password,port)==1:
                    lock.acquire()
                    printGreen("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
                    result.append("%s mysql at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
                    lock.release()
                    flag=1
                    break

            if flag==1:
                flag=0
                break

        sp.task_done()
def getips(ip):
        try:
            iplist=[]
            ips=IP(ip)
            for i in ips:
                iplist.append(str(i))
            return iplist
        except:
            printRed("[!] not a valid ip given. you should put ip like 192.168.1.0/24, 192.168.0.0/16")
            exit()
def getips(ip):
        try:
            iplist=[]
            ips=IP(ip)
            for i in ips:
                iplist.append(str(i))
            return iplist
        except:
            printRed("[!] not a valid ip given. you should put ip like 192.168.1.0/24, 192.168.0.0/16")
            exit()
Exemple #6
0
def file2list(filename):
    try:
        list=[]
        d=open(filename,'r')
        data=d.readline().strip('\r\n')
        while(data):
            list.append(data)
            data=d.readline().strip('\r\n')
    except Exception,e:
        if e[0]==2:
            printRed("not such file:%s\r\n" %filename)
Exemple #7
0
def file2list(filename):
    try:
        list = []
        d = open(filename, 'r')
        data = d.readline().strip('\r\n')
        while (data):
            list.append(data)
            data = d.readline().strip('\r\n')
    except Exception, e:
        if e[0] == 2:
            lock.acquire()
            printRed("not such file:%s\r\n" % filename)
            lock.release()
Exemple #8
0
def mysql_connect(ip,username,password,port):
    crack =0
    try:
        db=MySQLdb.connect(ip,username,password,port=port)
        if db:
            crack=1
    except Exception, e:
        if e[0]==1129:
            lock.acquire()
            printRed("%s has too many connect \r\n" %(ip))
            lock.release()
        if e[0]==1045:
            lock.acquire()
            print "%s mysql's %s:%s login fail " %(ip,username,password)
            lock.release()
def getports(user_ports):
    if user_posts == '':
        ports = [
            21, 22, 23, 80, 81, 443, 389, 445, 873, 1043, 1433, 1434, 1521,
            2601, 2604, 3306, 3307, 3128, 3389, 4440, 4848, 5432, 5900, 5901,
            5902, 5903, 6082, 6379, 7001, 7002, 8080, 8888, 8090, 8000, 8081,
            8088, 8089, 9000, 9080, 9043, 9090, 9091, 9200, 11211, 22022,
            22222, 27017, 28017, 50060
        ]
        #21 -- ftp
        #22 -- ssh
        #23 --telnet
        #389-ldap
        #875--rsync
        #2601,2604---zebra ---路由器
        #3128 ----squid
        #4440 rundeck---web
        #4848 GlassFish--web
        #6082  varnish
        #6379 redic
        #7001,7002  weblogic
        #9000--fcgi --- fcig php执行
        #9200--elasticsearch ---代码执行
        #9043 --websphere
        #11211  memcache  --直接访问端口
        #50060 hadoop--web

    else:
        try:
            ports = []
            if user_posts.find(",") > 0:
                for port in user_posts.split(','):
                    ports.append(int(port))

            elif user_posts.find("-") > 0:
                startport = int(user_posts.split('-')[0])
                endport = int(user_posts.split('-')[1])
                for i in xrange(startport, endport + 1):
                    ports.append(i)
            else:
                ports.append(int(user_posts))

        except:
            printRed(
                '[!] not a valid ports given. you should put ip like 22,80,1433 or 22-1000'
            )
            exit()
    return ports
Exemple #10
0
def scanports():
    global signs, lock
    while True:
        ip, port = sp.get()
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        #定义超时时间 5秒
        s.settimeout(5)
        #判断端口的服务类型
        service = 'Unknown'
        try:
            s.connect((ip, port))
        except:
            sp.task_done()
            continue

        try:
            result = s.recv(256)
            service = matchbanner(result, signs)
        except:
            for probe in PROBES:
                try:
                    s.close()
                    sd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                    sd.settimeout(5)
                    sd.connect((ip, port))
                    sd.send(probe)
                except:
                    continue
                try:
                    result = sd.recv(256)
                    service = matchbanner(result, signs)
                    if service != 'Unknown':
                        break
                except:
                    continue
        if service not in ipdict:
            ipdict[service] = []
            ipdict[service].append(ip + ':' + str(port))
            lock.acquire()
            printRed("%s opening %s\r\n" % (ip, port))
            lock.release()
        else:
            ipdict[service].append(ip + ':' + str(port))
            lock.acquire()
            printRed("%s opening %s\r\n" % (ip, port))
            lock.release()

        sp.task_done()
def scanports():
    global signs,lock
    while True:
        ip,port=sp.get()
        s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
        #定义超时时间 5秒
        s.settimeout(5)
        #判断端口的服务类型
        service='Unknown'
        try:
            s.connect((ip,port))
        except:
            sp.task_done()
            continue

        try:
            result = s.recv(256)
            service=matchbanner(result,signs)
        except:
            for probe in PROBES:
                try:
                    s.close()
                    sd=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                    sd.settimeout(5)
                    sd.connect((ip,port))
                    sd.send(probe)
                except:
                    continue
                try:
                    result=sd.recv(256)
                    service=matchbanner(result,signs)
                    if service!='Unknown':
                        break
                except:
                    continue
        if service not in ipdict:
            ipdict[service]=[]
            ipdict[service].append(ip+':'+str(port))
            lock.acquire()
            printRed("%s opening %s\r\n" %(ip,port))
            lock.release()
        else:
            ipdict[service].append(ip+':'+str(port))
            lock.acquire()
            printRed("%s opening %s\r\n" %(ip,port))
            lock.release()

        sp.task_done()
Exemple #12
0
def mysql_connect(ip, username, password, port):
    crack = 0
    try:
        db = MySQLdb.connect(ip, username, password, port=port)
        if db:
            crack = 1
        db.close()
    except Exception, e:
        if e[0] == 1129:
            lock.acquire()
            printRed("%s has too many connect \r\n" % (ip))
            lock.release()
        if e[0] == 1045:
            lock.acquire()
            print "%s mysql's %s:%s login fail " % (ip, username, password)
            lock.release()
        return crack
        pass
def getips(ip):
    if ip:
        if re.findall('^\d+\.\d+\.\d+\.(.*)$', ip):
                ips = []
                ip_pre = ""
                try:
                    for pre in ip.split('.')[0:3]:
                        ip_pre = ip_pre + pre + '.'
                    start=int(ip.split('.')[3].split('-')[0])
                    end=int(ip.split('.')[3].split('-')[1])
                    for i in range(start, end):
                        ips.append(ip_pre + str(i))
                    return ips
                except:
                    printRed("[!] not a valid ip given. you should put ip like 192.168.1.1-253")
                    exit()
        else:
            printRed("[!] not a valid ip given. you should put ip like 192.168.1.1-253")
            exit()
def getports(user_ports):
    if user_posts=='':
        ports=[21,22,23,80,81,443,389,445,873,1043,1433,1434,1521,2601,2604,3306,3307,3128,3389,4440,4848,5432,5900,5901,5902,5903,6082,6379,7001,7002,8080,8888,8090,8000,8081,8088,8089,9000,9080,9043,9090,9091,9200,11211,22022,22222,27017,28017,50060]
        #21 -- ftp
        #22 -- ssh
        #23 --telnet
        #389-ldap
        #875--rsync
        #2601,2604---zebra ---路由器
        #3128 ----squid
        #4440 rundeck---web
        #4848 GlassFish--web
        #6082  varnish
        #6379 redic
        #7001,7002  weblogic
        #9000--fcgi --- fcig php执行
        #9200--elasticsearch ---代码执行
        #9043 --websphere
        #11211  memcache  --直接访问端口
        #50060 hadoop--web


    else:
        try:
            ports=[]
            if user_posts.find(",")>0:
                for port in user_posts.split(','):
                    ports.append(int(port))

            elif user_posts.find("-")>0:
                startport=int(user_posts.split('-')[0])
                endport=int(user_posts.split('-')[1])
                for i in xrange(startport,endport+1):
                    ports.append(i)
            else:
                ports.append(int(user_posts))


        except :
            printRed('[!] not a valid ports given. you should put ip like 22,80,1433 or 22-1000')
            exit()
    return ports
Exemple #15
0
def __DoJob():
    """
函数主程序,主要对命令行参数进行判断并执行相关命令.

    """
#    global OutUrls
    OutUrls = []
    for key in ArgsDict:
        if Search_All_Status or type(ArgsDict['search_all']) is int:  # ArgsDict['search_all'] and
            SearchStr = ArgsDict['dork'][0]
            SearchPages = ArgsDict['search_all']
            print "[+]Use all search options."
            printPink("[+]Search Keyword: %s,Search Pages: %s.(None is all)" %(SearchStr, str(SearchPages)))
            for Searcher in __SearchersList:
                printPink("\n[!]Searching at:%s" % str(Searcher))
                Searcher = __SearchersList[Searcher](SearchStr,SearchPages)
                Searcher.GetUrls()
                OutUrls.extend(Searcher.Urls)
            break

        elif ArgsDict['search_all'] is None:
            printRed("[-]--search-all cannot use with other search options.\n")
            break

        elif not (ArgsDict['search_all'] is None) and ArgsDict[key] is not False and key not in ['regex', 'search_all', 'dork','logfile']:
            SearchPages = ArgsDict[key]
            SearchStr = ArgsDict['dork'][0]
            if SearchPages:
                printPink("[+]Options:%s,Page's amounts: %d." % (key, SearchPages))
            else:
                printPink("[+]Options:%s,Page's amounts: all." %key)
            Searcher = __SearchersList[key](SearchStr,SearchPages)
            Searcher.GetUrls()
            OutUrls.extend(Searcher.Urls)

        elif not Search_All_Status and Search_None_Status: # not ArgsDict['search_all']
            printRed('[-]Please specify a search term,or use --search-all to search with all search options.\n')
            break
    return OutUrls
Exemple #16
0
def getips(ip):
    if ip:
        if re.findall('^\d+\.\d+\.\d+\.(.*)$', ip):
            ips = []
            ip_pre = ""
            try:
                for pre in ip.split('.')[0:3]:
                    ip_pre = ip_pre + pre + '.'
                start = int(ip.split('.')[3].split('-')[0])
                end = int(ip.split('.')[3].split('-')[1])
                for i in range(start, end):
                    ips.append(ip_pre + str(i))
                return ips
            except:
                printRed(
                    "[!] not a valid ip given. you should put ip like 192.168.1.1-253"
                )
                exit()
        else:
            printRed(
                "[!] not a valid ip given. you should put ip like 192.168.1.1-253"
            )
            exit()
            except Exception,e:
                print e
                pass
                
            try:
            #多线程 检测 tomcat 弱口令
                result['http-tomcat']=tomcat_main(ipdict,threads)
                for i in xrange(len(result['http-tomcat'])):
                    write_file(contents=result['http-tomcat'][i],file=file)
            except Exception,e:
                print e
                pass

            try:
                #多线程 检测 web
                result['web']=web_main(ipdict,threads)
                for i in xrange(len(result['web'])):
                    write_file(contents=result['web'][i],file=file)
            except Exception,e:
                print e
                pass






    printRed("[*] all has done at %s\r\n" % time.ctime())
    printRed("[*] all has done,it has Elapsed time:%s \r\n" % (time.time()-friststarttime))
    printRed("I have put all you want into %s" % file)
Exemple #18
0
def mysql():
    while True:
        ip, port = sp.get()
        flag = 0
        usernames = file2list('mysql_user.txt')
        passwords = file2list('mysql_pass.txt')
        for username in usernames:
            #test mysql is allow connect
            try:
                db = MySQLdb.connect(ip, username, password, port=port)
            except Exception, e:
                #print e
                if e[0] == 1130:
                    lock.acquire()
                    printRed("%s not allow to connect\r\n" % (ip))
                    lock.release()
                    break

            if mysql_connect(ip, username, username, port) == 1:
                lock.acquire()
                printGreen(
                    "%s mysql at %s has weaken password!!-------%s:%s\r\n" %
                    (ip, port, username, username))
                result.append(
                    "%s mysql at %s has weaken password!!-------%s:%s\r\n" %
                    (ip, port, username, username))
                lock.release()
                break

            if mysql_connect(ip, username, username + '123', port) == 1:
                lock.acquire()
                printGreen(
                    "%s mysql at %s has weaken password!!-------%s:%s\r\n" %
                    (ip, port, username, username + '123'))
                result.append(
                    "%s mysql at %s has weaken password!!-------%s:%s\r\n" %
                    (ip, port, username, username + '123'))
                lock.release()
                break

            if mysql_connect(ip, username, username + '123456', port) == 1:
                lock.acquire()
                printGreen(
                    "%s mysql at %s has weaken password!!-------%s:%s\r\n" %
                    (ip, port, username, username + '123456'))
                result.append(
                    "%s mysql at %s has weaken password!!-------%s:%s\r\n" %
                    (ip, port, username, username + '123456'))
                lock.release()
                break
            if mysql_connect(ip, username, '', port) == 1:
                lock.acquire()
                printGreen(
                    "%s mysql at %s has weaken password!!-------%s:%s\r\n" %
                    (ip, port, username, ''))
                result.append(
                    "%s mysql at %s has weaken password!!-------%s:%s\r\n" %
                    (ip, port, username, ''))
                lock.release()
                break

            for password in passwords:
                if mysql_connect(ip, username, password, port) == 1:
                    lock.acquire()
                    printGreen(
                        "%s mysql at %s has weaken password!!-------%s:%s\r\n"
                        % (ip, port, username, password))
                    result.append(
                        "%s mysql at %s has weaken password!!-------%s:%s\r\n"
                        % (ip, port, username, password))
                    lock.release()
                    flag = 1
                    break

            if flag == 1:
                flag = 0
                break

        sp.task_done()
            except Exception,e:
                print e
                pass
                
            try:
            #多线程 检测 tomcat 弱口令
                result['http-tomcat']=tomcat_main(ipdict,threads)
                for i in xrange(len(result['http-tomcat'])):
                    write_file(contents=result['http-tomcat'][i],file=file)
            except Exception,e:
                print e
                pass

            try:
                #多线程 检测 web
                result['web']=web_main(ipdict,threads)
                for i in xrange(len(result['web'])):
                    write_file(contents=result['web'][i],file=file)
            except Exception,e:
                print e
                pass






    printRed("[*] all has done at %s\r\n" % time.ctime())
    printRed("[*] all has done,it has Elapsed time:%s \r\n" % (time.time()-friststarttime))
    printRed("I have put all you want into %s" % file)