def verify(protocol, ip, port):
url = protocol + '://' + ip + ':' + str(port)
testurl = url + '/login'
print('testing if grafan weak pass vul')
header = {
'User-Agent':
'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36',
'ContentType': 'application/x-www-form-urlencoded; chartset=UTF-8',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'zh-CN,zh;q=0.8',
'Connection': 'close'
}
passdictarr = getpassdict()
psw = passdictarr.get_pass_dict()
psw.append('grafan')
for password in psw:
data = {"user": "******", "email": "", "password": password}
data = parse.urlencode(data).encode('utf-8')
ret = request.Request(url=testurl, data=data, headers=header)
try:
res = urlopen(ret, timeout=3)
if b"Logged in" in res.read():
msg = 'There is grafan unanth vul on url: ' + url + ' .'
print(msg)
number = 'v73'
return True, url, number, msg
else:
pass
except Exception as e:
msg = str(e)
print(msg)
pass
msg = 'There is no grafan unanth vul'
number = 'v0'
return False, url, number, msg
def verify(protocol, ip, port):
url = protocol + '://' + ip + ':' + str(port)
print('testing if JBOSS-WebConsole')
http = httpparse()
passdictarr = getpassdict()
error_i = 0
psw = passdictarr.get_pass_dict()
try:
tm = http.httpreq('GET', protocol, ip, port, '/web-console/')
if re.search('jboss', str(tm[1]), re.I):
if tm[0] == 200:
msg = 'Found JBOSS-WebConsole! in url:' + url + '/web-console/ with no password'
number = 'v7'
print(msg)
return True, url, number, msg
else:
for pass_ in psw:
try:
login_url = url + '/web-console/'
request = urllib.request.Request(login_url)
auth_str_temp = 'admin' + ':' + pass_
auth_str = base64.b64encode(
auth_str_temp.encode(encoding='utf-8'))
request.add_header('Authorization',
'Basic ' + auth_str.decode())
res = urllib.request.urlopen(request, timeout=5)
res_code = res.code
except urllib.error.HTTPError as e:
res_code = e.code
except urllib.error.URLError as e:
error_i += 1
if error_i >= 3:
msg = 'Therer is no JBOSS-WEBConsole weakpass vul in url:' + login_url + '.'
number = 'v0'
return False, url, number, msg
continue
if int(res_code) == 404 or int(res_code) == 502:
msg = 'Therer is no JBOSS-WEBConsole vul in url:' + login_url + '.'
number = 'v0'
return False, url, number, msg
if int(res_code) == 401 or int(res_code) == 403:
continue
if int(res_code) == 200:
msg = 'Found JBOSS-WEBConsole in url:' + url + '/web-console/HtmlAdaptor with password: '******'.'
print(msg)
number = 'v6'
return True, url, number, msg
else:
pass
msg = 'The url:' + url + 'is not jboss'
number = 'v0'
return False, url, number, msg
except Exception as e:
print(e)
msg = str(e)
number = 'v0'
return False, url, number, msg
msg = 'There is no JBOSS-WEBConsole weakpass vul on url'
number = 'v0'
return False, url, number, msg
def verify(protocol,ip,port):
if protocol == '':
url = ip+':'+str(port)
else:
url = protocol+'://'+ip+':'+str(port)
print('testing if mssql weak pass vul')
timeout = 15
user_list = ['sa']
passdictarr = getpassdict()
psw = passdictarr.get_pass_dict()
psw.append('sa')
#psw = random.sample(psw, 4)
for user in user_list:
for pass_ in psw:
try:
pass_ = str(pass_.replace('{user}', user))
result = auth(ip, port, user, pass_, timeout)
if result == True:
msg = 'There is mssql weak pass vul on: %s , with username: %s and password: %s.' %(url,user,pass_)
print(msg)
number = 'v69'
return True,url,number,msg
else:
pass
except Exception as e:
pass
msg = 'Therer is no mysql weakpass vul in url:' +url+'.'
number = 'v0'
return False,url,number,msg
def verify(protocol,ip,port):
host = ip+':'+str(port)
print('testing if ftp unauthorized access vul')
user_list = ['anonymous','admin','ftp','root']
passdictarr = getpassdict()
psw = passdictarr.get_pass_dict()
for user in user_list:
for pass_ in psw:
pass_ = str(pass_.replace('{user}', user))
print("cracking ftp password with: " + user + " and pass : "******"null"
if user == 'ftp' and pass_ == 'ftp':
msg = 'There is anonymous ftp password on url: ' +host+ '.'
number = 'v17'
print(msg)
return True,host,number,msg
else:
msg = 'There is a weak ftp password on url: ' +host+ ' and the username and password is: %s and %s' % (user,pass_)
number = 'v17'
print(msg)
return True,host,number,msg
except Exception as e:
pass
msg = 'There is no weak ftp password on url: ' +host+' .'
number = 'v0'
return False,host,number,msg
def verify(protocol,ip,port):
if protocol == '':
url = ip+':'+str(port)
else:
url = protocol+'://'+ip+':'+str(port)
print('testing if postgresql weak pass vul')
user_list = ['postgres','admin']
passdictarr = getpassdict()
psw = passdictarr.get_pass_dict()
psw.append('postgres')
psw.append('123456')
#psw = random.sample(psw, 4)
timeout = 5
for user in user_list:
for pass_ in psw:
try:
pass_ = str(pass_.replace('{user}', user))
result = auth(ip, int(port), user, pass_, timeout)
if result == 3:
break
if result == True:
msg = 'There is postgresql weak pass vul on: %s , with username: %s and password: %s.' % (
url, user, pass_)
print(msg)
number = 'v115'
return True, url, number, msg
except Exception as e:
print(str(e))
pass
msg = 'Therer is no postgresql weakpass vul in url:' + url + '.'
number = 'v0'
return False, url, number, msg
def verify(protocol,ip,port):
url = protocol+'://'+ip+':'+str(port)
print('testing if weblogic-Console')
http = httpparse()
passdictarr = getpassdict()
psw = passdictarr.get_pass_dict()
try:
tm = http.httpreq('GET', protocol, ip, port, '/console/login/LoginForm.jsp')
if b'j_password' in tm[2] and tm[0] == 200:
for pass_ in psw:
data = 'j_username=weblogic&j_password='******'&j_character_encoding=UTF-8'
data = data.encode(encoding="utf-8")
target_url = url + '/console/j_security_check'
tm = http.httpreq('POST', protocol, ip, port, '/console/j_security_check',data=data)
if re.search(b'console</a>', tm[2],re.I):
msg = 'Find'+ 'WebLogic-Console! with pass ' +pass_+ ' in url:' +protocol+'://'+ip+':'+str(port)+'/'
print(msg)
number = 'v12'
return True,url,number,msg
else:
pass
else:
msg = 'not WebLogic-Console'
number = 'v0'
return False,url,number,msg
except Exception as e:
msg = str(e)
number = 'v0'
return False,url,number,msg
msg = 'There is no WebLogic-Console weak pass vul'
number = 'v0'
return False,url,number,msg
def verify(protocol, ip, port):
path = '/ibm/console/logon.jsp'
url = protocol + '://' + ip + ':' + str(port) + path
print('testing if websphere Console')
http = httpparse()
passdictarr = getpassdict()
ps = passdictarr.get_pass_dict()
ps.append('websphere')
try:
tm = http.httpreq('GET', protocol, ip, port, path)
if re.search('WebSphere', str(tm[2]), re.I):
for psw in ps:
data = 'j_username=admin&j_password='******'&action=%E7%99%BB%E5%BD%95'
npath = '/ibm/console/j_security_check'
try:
data = data.encode('utf-8')
tm = http.httpreq('POST',
protocol,
ip,
port,
path=npath,
data=data)
for item in tm[1]:
if item[0] == 'Content-Type':
res = item[1]
if 'logonError' in res:
pass
else:
nspath = protocol + '://' + ip + ':' + str(
port) + '/ibm/console/'
if nspath == res:
msg = 'Find' + 'Websphere-Console! with pass ' + psw + ' in url:' + protocol + '://' + ip + ':' + str(
port) + npath
print(msg)
number = 'v13'
return True, url, number, msg
else:
pass
else:
pass
else:
pass
except Exception as e:
pass
else:
msg = 'cannot log on websphere console'
number = 'v0'
return False, url, number, msg
else:
msg = 'it is not websphere console'
number = 'v0'
return False, url, number, msg
except Exception as e:
msg = str(e)
number = 'v0'
return False, url, number, msg
def verify(protocol, ip, port):
url = protocol + '://' + ip + ':' + str(port)
print('testing if tomcat weak pass vul')
error_i = 0
flag_list = ['/manager/html/reload', 'Tomcat Web Application Manager']
user_list = ['admin', 'manager', 'tomcat', 'apache', 'root']
passdictarr = getpassdict()
psw = passdictarr.get_pass_dict()
psw.append('tomcat')
psw.append(' ')
for user in user_list:
for pass_ in psw:
try:
pass_ = str(pass_.replace('{user}', user))
login_url = url + '/manager/html'
request = urllib.request.Request(login_url)
auth_str_temp = user + ':' + pass_
auth_str = base64.b64encode(
auth_str_temp.encode(encoding='utf-8'))
request.add_header('Authorization',
'Basic ' + auth_str.decode())
res = urllib.request.urlopen(request, timeout=10)
res_code = res.code
res_html = res.read().decode('utf-8', 'ignore')
except urllib.error.HTTPError as e:
res_code = e.code
try:
res_html = e.read().decode('utf-8', 'ignore')
except Exception:
res_html = ''
except urllib.error.URLError as e:
error_i += 1
if error_i >= 3:
msg = 'Therer is no tomcat weakpass vul in url:' + login_url + '.'
number = 'v0'
return False, url, number, msg
continue
if int(res_code) == 404 or int(res_code) == 502:
msg = 'Therer is no tomcat weakpass vul in url:' + login_url + '.'
number = 'v0'
return False, url, number, msg
if int(res_code) == 401 or int(res_code) == 403:
continue
for flag in flag_list:
if flag in res_html:
msg = 'Found tomcat weakpass vul in url:' + login_url + ' with username and password: '******' and password: '******' .'
print(msg)
number = 'v46'
return True, url, number, msg
else:
pass
msg = 'Therer is no tomcat weakpass vul in url:' + login_url + '.'
number = 'v0'
return False, url, number, msg
def verify(protocol, ip, port):
url = ip + ':' + str(port)
print('testing if smtp weak pass vul')
user_list = ['admin', 'root', 'zte', '10192989']
passdictarr = getpassdict()
psw = passdictarr.get_pass_dict()
if _socket_connect(ip, port):
for username in user_list:
for password in psw:
try:
socket.setdefaulttimeout(5)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, int(port)))
banner = str(s.recv(1024))
emailaddress = '.'.join(ip.split('.')[1:])
if "220" in banner:
s.send(
bytes('HELO mail.' + emailaddress + ' \r\n',
'utf-8'))
helo = str(s.recv(1024))
if "250" in helo:
s.send(bytes('auth login \r\n', 'utf-8'))
authanswer = str(s.recv(1024))
if "334" in authanswer:
s.send(
base64.b64encode(
bytes(username, encoding='utf-8')) +
b'\r\n')
useranswer = str(s.recv(1024))
if "334" in useranswer:
s.send(
base64.b64encode(
bytes(password, encoding='utf-8'))
+ b'\r\n')
passanswer = str(s.recv(1024))
if "235" in passanswer:
msg = 'There is smtp weak pass vul on: %s , with username: %s and password: %s.' % (
url, username, password)
print(msg)
number = 'v204'
return True, url, number, msg
s.close()
except Exception as e:
print(str(e))
pass
else:
msg = 'Therer is no smtp weakpass vul in url:' + url + '.'
number = 'v0'
return False, url, number, msg
msg = 'Therer is no smtp weakpass vul in url:' + url + '.'
number = 'v0'
return False, url, number, msg
def verify(protocol, ip, port):
if protocol == '':
url = ip + ':' + str(port)
else:
url = protocol + '://' + ip + ':' + str(port)
print('testing if mysql weak pass vul')
user_list = ['root']
passdictarr = getpassdict()
psw = passdictarr.get_pass_dict()
psw.append('r00t')
psw.append('root123')
psw.append(' ')
#psw = random.sample(psw, 5)
for user in user_list:
for pass_ in psw:
try:
if pass_ == ' ':
db = pymysql.connect(host=ip,
port=int(port),
user=user,
connect_timeout=10)
else:
db = pymysql.connect(host=ip,
port=int(port),
user=user,
passwd=pass_,
connect_timeout=10)
curs = db.cursor()
curs.close()
db.close()
if pass_ == ' ':
pass_ = 'None'
msg = 'There is mysql weak pass vul on: %s , with username: %s and password: %s.' % (
url, user, pass_)
print(msg)
number = 'v70'
return True, url, number, msg
except Exception as e:
msg = str(e)
print(msg)
pass
msg = 'Therer is no mysql weakpass vul in url:' + url + '.'
number = 'v0'
return False, url, number, msg
def verify(protocol,ip,port):
if protocol == '':
url = ip+':'+str(port)
else:
url = protocol+'://'+ip+':'+str(port)
print('testing if smb weak pass vul')
socket.setdefaulttimeout(15)
passdictarr = getpassdict()
psw = passdictarr.get_pass_dict()
#psw = random.sample(psw, 4)
user_list = ['administrator']
hostname = ip2hostname(ip)
if not hostname:
msg = 'Therer is no smb weakpass vul in url:' +url+'.'
number = 'v0'
return False,url,number,msg
for user in user_list:
for pass_ in psw:
try:
pass_ = str(pass_.replace('{user}', user))
conn = SMBConnection(user,pass_,'vulscan',hostname)
if conn.connect(ip) == True:
print(pass_)
if pass_ == 'anonymous':
msg = 'There is an anonymous sharing, please check whether there is a sensitive file.'
print(msg)
number = 'v64'
conn.close()
return True,url,number,msg
else:
msg = 'There is smb weak pass vul on: %s , with username: %s and password: %s.' %(url,user,pass_)
print(msg)
number = 'v64'
conn.close()
return True,url,number,msg
else:
pass
except Exception as e:
pass
conn.close()
msg = 'Therer is no smb weakpass vul in url:' +url+'.'
number = 'v0'
return False,url,number,msg
def verify(protocol, ip, port):
url = protocol + '://' + ip + ':' + str(port)
warnings.filterwarnings("ignore")
print('testing if hikvision weak password vul')
error_i = 0
flag_list = ['>true</']
user_list = ['admin']
passdictarr = getpassdict()
psw_temp = passdictarr.get_pass_dict()
psw_temp.append('hikvision')
psw_temp.append('12345')
psw = random.sample(psw_temp, 3)
for user in user_list:
for password in psw:
try:
auth_str_temp = user + ':' + password
auth_str = base64.b64encode(
bytes(auth_str_temp, encoding='utf-8'))
vulnurl = url + '/ISAPI/Security/userCheck'
headers = {
"User-Agent":
"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50",
"Authorization": "Basic " + auth_str.decode()
}
req = requests.get(vulnurl,
headers=headers,
timeout=3,
verify=False)
time.sleep(2)
if r"<statusValue>200" in req.text and r"<statusString>OK" in req.text:
msg = 'There is hikvision default password vul on url: ' + url + ' with user : '******' and password : '******' .'
number = 'v109'
return True, url, number, msg
else:
pass
except Exception as e:
msg = str(e)
number = 'v0'
return False, url, number, msg
msg = 'There is no hikvision weak password vul'
number = 'v0'
return False, url, number, msg
def verify(protocol,ip,port):
url = protocol+'://'+ip+':'+str(port)
print('testing if axis2 weak pass vul')
error_i = 0
flag_list = ['Administration Page</title>', 'System Components', '"axis2-admin/upload"','include page="footer.inc">', 'axis2-admin/logout']
user_list = ['axis', 'admin', 'root','zte','ztezte']
passdictarr = getpassdict()
psw = passdictarr.get_pass_dict()
psw.append('axis2')
for user in user_list:
for pass_ in psw:
try:
login_url = url + '/axis2/axis2-admin/login'
PostStr = 'userName=%s&password=%s&submit=+Login+' % (user, pass_)
PostStr = PostStr.encode(encoding="utf-8")
request = urllib.request.Request(login_url, PostStr)
res = urllib.request.urlopen(request, timeout=5)
res_html = res.read().decode('utf-8','ignore')
except urllib.error.HTTPError as e:
msg = str(e)
number = 'v0'
return False,url,number,msg
except urllib.error.URLError as e:
msg = str(e)
error_i += 1
if error_i >= 5:
msg = 'Therer is no axis2 weakpass vul in url:' +login_url+'.'
number = 'v0'
return False,url,number,msg
continue
for flag in flag_list:
if flag in res_html:
msg = 'Found axis2 weakpass vul in url:'+login_url+' with username and password: '******' : '+pass_+'.'
print(msg)
number = 'v68'
return True,url,number,msg
else:
pass
msg = 'Therer is no axis2 weakpass vul in url:' +login_url+'.'
number = 'v0'
return False,url,number,msg
def verify(protocol, ip, port):
url = ip + ':' + str(port)
print('testing if ssh weak pass vul')
user_list = ['root', 'admin', 'ssh']
passdictarr = getpassdict()
psw = passdictarr.get_pass_dict()
psw.append('ssh')
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
for user in user_list:
for pass_ in psw:
try:
pass_ = str(pass_.replace('{user}', user))
print("cracking ssh password with: " + user + " and pass : "******"null"
msg = 'There is ssh weak pass vul on: %s , with username: %s and password: %s.' % (
url, user, pass_)
print(msg)
number = 'v65'
ssh.close()
return True, url, number, msg
except Exception as e:
pass
finally:
ssh.close()
msg = 'Therer is no ssh weakpass vul in url:' + url + '.'
number = 'v0'
return False, url, number, msg
def verify(protocol, ip, port):
host = ip + ':' + str(port)
timeout = 3
print('testing if redis unauth vul')
msg = 'There is no redis unauth vul'
number = 'v0'
passdictarr = getpassdict()
psw = passdictarr.get_pass_dict()
psw.append(' ')
try:
socket.setdefaulttimeout(timeout)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, int(port)))
s.send(b"INFO\r\n")
result = s.recv(1024)
if b"redis_version" in result:
msg = 'There is a redis unauthorized access , password is None'
print(msg)
number = 'v11'
return True, host, number, msg
elif b"Authentication" in result:
for ps in psw:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, int(port)))
s.send("AUTH %s\r\n" % (ps))
result = s.recv(1024)
if b'+OK' in result:
msg = 'There is a redis unauthorized access , password is %s' % ps
print(msg)
number = 'v11'
return True, host, number, msg
else:
pass
except Exception as e:
msg = str(e)
number = 'v0'
return False, host, number, msg
return False, host, number, msg
def verify(protocol,ip,port):
url = protocol+'://'+ip+':'+str(port)
flag_list = [b'src="navigation.php', b'frameborder="0" id="frame_content"', b'id="li_server_type">',
b'class="disableAjax" title=']
user_list = ['root', 'mysql', 'wwwroot', 'admin', 'zte']
error_i = 0
print('testing if phpmyadmin weak pass vul')
http = httpparse()
try:
path = '/'
tm = http.httpreq('GET', protocol, ip, port,path)
if b'input_password' in tm[2] and b'name="token"' in tm[2]:
url = 'http://' + ip + ":" + str(port) + "/index.php"
else:
path = path+"phpmyadmin/"
newtm = http.httpreq('GET', protocol, ip, port,path)
if b'input_password' in newtm[2] and b'name="token"' in newtm[2]:
url = 'http://' + ip + ":" + str(port) + "/phpmyadmin/index.php"
else:
msg = 'It is not phpmyadmin server on url:' +url+'.'
number = 'v0'
return False,url,number,msg
except Exception as e:
pass
passdictarr = getpassdict()
psw = passdictarr.get_pass_dict()
#psw = random.sample(psw, 4)
for user in user_list:
for pass_ in psw:
try:
opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor())
res_html = opener.open(url, timeout=10).read()
res_html = res_html.decode()
token = re.search('name="token" value="(.*?)" />', res_html)
token_hash = urllib.parse.quote(token.group(1))
postdata = "pma_username=%s&pma_password=%s&server=1&target=index.php&lang=zh_CN&collation_connection=utf8_general_ci&token=%s" % (
user, pass_, token_hash)
postdata = postdata.encode(encoding="utf-8")
res = opener.open(url,postdata, timeout=5)
res_html = res.read()
for flag in flag_list:
if flag in res_html:
msg = 'There is phpmyadmin weak pass vul on: %s , with username: %s and password: %s.' %(url,user,pass_)
print(msg)
number = 'v74'
return True,url,number,msg
else:
pass
except urllib.error.URLError as e:
msg = str(e)
error_i += 1
if error_i >= 3:
msg = 'There is no phpmyadmin server on url:' +url+'.'
number = 'v0'
return False,url,number,msg
except Exception as e:
msg = str(e)
msg = 'Therer is no phpmyadmin weakpass vul in url:' +url+'.'
number = 'v0'
return False,url,number,msg