def mysql_main(ipdict,threads):
printPink("crack mysql now...")
print "[*] start crack mysql %s" % time.ctime()
starttime=time.time()
global sp
sp=Queue()
global lock
lock = threading.Lock()
global result
result=[]
for i in xrange(threads):
t = Thread(target=mysql)
t.setDaemon(True)
t.start()
for ip in ipdict['mysql']:
sp.put((str(ip).split(':')[0],int(str(ip).split(':')[1])))
sp.join()
print "[*] stop crack mysql %s" % time.ctime()
print "[*] crack mysql done,it has Elapsed time:%s " % (time.time()-starttime)
return result
def telnet_main(ipdict, threads):
if len(ipdict['telnet']) != 0:
printPink("crack telnet now...")
print "[*] start crack telnet %s" % time.ctime()
starttime = time.time()
global sp
sp = Queue()
global lock
crack = 0
lock = threading.Lock()
global result
result = []
for i in xrange(threads):
t = Thread(target=telnet)
t.setDaemon(True)
t.start()
for ip in ipdict['telnet']:
sp.put((str(ip).split(':')[0], str(ip).split(':')[1]))
sp.join()
print "[*] stop crack telnet %s" % time.ctime()
print "[*] crack telnet done,it has Elapsed time:%s " % (time.time() -
starttime)
return result
def smb_main(ipdict, threads):
printPink("crack smb now...")
print "[*] start crack smb serice %s" % time.ctime()
starttime = time.time()
global sp
sp = Queue()
global lock
lock = threading.Lock()
global result
result = []
for i in xrange(threads):
t = Thread(target=smb)
t.setDaemon(True)
t.start()
for ip in ipdict['smb']:
sp.put((str(ip).split(':')[0], int(str(ip).split(':')[1])))
sp.join()
print "[*] stop smb serice %s" % time.ctime()
print "[*] crack smb done,it has Elapsed time:%s " % (time.time() -
starttime)
return result
def telnet():
while True:
ip,port=sp.get()
flag=0
try:
#弱口令爆破
for username in usernames:
if telnet_test_login(ip,username,username,port)==1:
break
if telnet_test_login(ip,username+'123',username,port)==1:
break
if telnet_test_login(ip,username+'123456',username,port)==1:
break
for password in passwords:
tn = telnetlib.Telnet(ip,port=port,timeout=5)
tn.read_until("login: "******"\r")
#等一会再 接受数据
time.sleep(4)
msg=tn.read_some()
tn.close()
if msg.strip()=='':
lock.acquire()
print "%s telnet's %s:%s login fail " %(ip,username,password)
lock.release()
#判断msg是不是login fail 或者error
if re.search("(.*?)fail",msg,re.I):
lock.acquire()
print "%s telnet's %s:%s login fail " %(ip,username,password)
lock.release()
else:
if re.search("(.*?)incorrect",msg,re.I):
lock.acquire()
print "%s telnet's %s:%s login fail " %(ip,username,password)
lock.release()
else:
lock.acquire()
printGreen("%s telnet has weaken password!!-------%s:%s\r\n" %(ip,username,password))
result.append("%s telnet has weaken password!!-------%s:%s\r\n" %(ip,username,password))
lock.release()
flag=1
break
if flag == 1:
flag=0
break
except Exception,e:
printPink(e)
sp.task_done()
def telnet_main(ipdict,threads):
if len(ipdict['telnet'])!=0:
printPink("crack telnet now...")
print "[*] start crack telnet %s" % time.ctime()
starttime=time.time()
global sp
sp=Queue()
global lock
crack=0
lock = threading.Lock()
global result
result=[]
for i in xrange(threads):
t = Thread(target=telnet)
t.setDaemon(True)
t.start()
for ip in ipdict['telnet']:
sp.put((str(ip).split(':')[0],str(ip).split(':')[1]))
sp.join()
print "[*] stop crack telnet %s" % time.ctime()
print "[*] crack telnet done,it has Elapsed time:%s " % (time.time()-starttime)
return result
def __DoJob():
"""
函数主程序,主要对命令行参数进行判断并执行相关命令.
"""
# global OutUrls
OutUrls = []
for key in ArgsDict:
if Search_All_Status or type(ArgsDict['search_all']) is int: # ArgsDict['search_all'] and
SearchStr = ArgsDict['dork'][0]
SearchPages = ArgsDict['search_all']
print "[+]Use all search options."
printPink("[+]Search Keyword: %s,Search Pages: %s.(None is all)" %(SearchStr, str(SearchPages)))
for Searcher in __SearchersList:
printPink("\n[!]Searching at:%s" % str(Searcher))
Searcher = __SearchersList[Searcher](SearchStr,SearchPages)
Searcher.GetUrls()
OutUrls.extend(Searcher.Urls)
break
elif ArgsDict['search_all'] is None:
printRed("[-]--search-all cannot use with other search options.\n")
break
elif not (ArgsDict['search_all'] is None) and ArgsDict[key] is not False and key not in ['regex', 'search_all', 'dork','logfile']:
SearchPages = ArgsDict[key]
SearchStr = ArgsDict['dork'][0]
if SearchPages:
printPink("[+]Options:%s,Page's amounts: %d." % (key, SearchPages))
else:
printPink("[+]Options:%s,Page's amounts: all." %key)
Searcher = __SearchersList[key](SearchStr,SearchPages)
Searcher.GetUrls()
OutUrls.extend(Searcher.Urls)
elif not Search_All_Status and Search_None_Status: # not ArgsDict['search_all']
printRed('[-]Please specify a search term,or use --search-all to search with all search options.\n')
break
return OutUrls
def telnet():
while True:
ip, port = sp.get()
flag = 0
try:
#弱口令爆破
for username in usernames:
if telnet_test_login(ip, username, username, port) == 1:
break
if telnet_test_login(ip, username + '123', username,
port) == 1:
break
if telnet_test_login(ip, username + '123456', username,
port) == 1:
break
for password in passwords:
tn = telnetlib.Telnet(ip, port=port, timeout=5)
tn.read_until("login: "******"\r")
#等一会再 接受数据
time.sleep(4)
msg = tn.read_some()
tn.close()
if msg.strip() == '':
lock.acquire()
print "%s telnet's %s:%s login fail " % (ip, username,
password)
lock.release()
#判断msg是不是login fail 或者error
if re.search("(.*?)fail", msg, re.I):
lock.acquire()
print "%s telnet's %s:%s login fail " % (ip, username,
password)
lock.release()
else:
if re.search("(.*?)incorrect", msg, re.I):
lock.acquire()
print "%s telnet's %s:%s login fail " % (
ip, username, password)
lock.release()
else:
lock.acquire()
printGreen(
"%s telnet has weaken password!!-------%s:%s\r\n"
% (ip, username, password))
result.append(
"%s telnet has weaken password!!-------%s:%s\r\n"
% (ip, username, password))
lock.release()
flag = 1
break
if flag == 1:
flag = 0
break
except Exception, e:
printPink(e)
sp.task_done()
if SearchPages:
printPink("[+]Options:%s,Page's amounts: %d." % (key, SearchPages))
else:
printPink("[+]Options:%s,Page's amounts: all." %key)
Searcher = __SearchersList[key](SearchStr,SearchPages)
Searcher.GetUrls()
OutUrls.extend(Searcher.Urls)
elif not Search_All_Status and Search_None_Status: # not ArgsDict['search_all']
printRed('[-]Please specify a search term,or use --search-all to search with all search options.\n')
break
return OutUrls
if __name__ == '__main__':
print "\n\n[!]Start at time: %s\n\n" % time.ctime()
StartTime = time.time()
OutUrls = __DoJob()
LogFilePath = ArgsDict['logfile']
if ArgsDict['regex']:
Regex = ArgsDict['regex'][0]
else:
Regex = False
if OutUrls:
printPink(u"\n\n[!]最终获取到了%d条链接." % len(OutUrls))
OutUrls = list(set(OutUrls))
printPink(u"[!]去重后得到了%d条链接.\n" % len(OutUrls))
SaveLog(OutUrls,LogFilePath,Regex)
print "\n\n[!]Done at time:",time.ctime()
print u"[!]总共耗时%d秒." % int(time.time() - StartTime)