轉載自:
手把手教你打造自己的弱口令掃描工具(系統弱口令篇)
還可參考:https://blog.csdn.net/weixin_34162629/article/details/89362425
前言
在滲透測試過程中,弱口令檢測是必要的一個環節,選擇一個好用的弱口令掃描工具,尤為重要。
類似的弱口令檢測工具如:Hydra、Hscan、X-Scan,很多時候滿足不了自己的需求。
通過Python打造自己的弱口令掃描工具,集成在一起的Python腳本,在實戰應用中,更切合實際。
FTP模塊
FTP一般分為兩種情況,匿名訪問和弱口令,分別編寫:
import ftplib
def ftp_anonymous(ip,port):
try:
ftp = ftplib.FTP()
ftp.connect(ip,port,2)
ftp.login()
ftp.quit()
print '[+] FTP login for anonymous'
except:
print '[-] checking for FTP anonymous fail'
def ftp_login(ip,port,user,pwd):
try:
ftp = ftplib.FTP()
ftp.connect(ip,port,2)
ftp.login(user,pwd)
ftp.quit()
print '[+] FTP weak password: '+user,pwd
except:
print '[-] checking for '+user,pwd+' fail'
SSH模塊
import paramiko
def ssh_login(ip,port,user,pwd):
try:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(ip,port,user,pwd,timeout=5)
print '[+] SSH weak password: '+user,pwd
ssh.close()
except:
print '[-] checking for '+user,pwd+' fail'
Telnet模塊
import telnetlib
def telnet(ip,port=23):
try:
tn = telnetlib.Telnet(ip,timeout=5)
tn.set_debuglevel(0)
tn.read_until("login: ")
tn.write(user + '\r\n')
tn.read_until("assword: ")
tn.write(pwd + '\r\n')
result = tn.read_some()
result = result+tn.read_some()
if result.find('Login Fail')>0 or result.find('incorrect')>0:
print "[-] Checking for "+user,pwd+" fail"
else:
print "[+] Success login for "+user,pwd
tn.close()
except:
print '[-] Something Error'+username,password+" fail"
ipc$模塊
from impacket import smb
def smb_login(ip,port,user,pwd):
try:
client = smb.SMB('*SMBSERVER',ip)
client.login(user,pwd)
flag ='[+] IPC$ weak password: '+user,pwd
except:
print '[-] checking for '+user,pwd+' fail'