import sys
import getopt
import socket
def get_target():
opts, args = getopt.getopt(sys.argv[1:], '-i:-p:-h')
# print(opts)
for opt_name, opt_value in opts:
if opt_name == '-h':
print('[*]This is help information [*]
'
'[*]-i + vulnerable-ip [*]
'
'[*]-p + vulnerable-port [*]
'
'[*]Example:python3 -i 127.0.0.1 -p 6379[*]
')
if opt_name in ('-i', ):
ip = opt_value
if opt_name in ('-p', ):
port = opt_value
return ip, port
def passwd_dict():
passwd = ['redis@123', 'Redis@123', 'Passw0rd', '123456']
return passwd
def main(ip, port, passwd):
print("[*]Redis Unauthorized and Weak Password Detection [*]
"
"[*]By: Zh1z3ven [*]
"
"[*]Blog: https://www.cnblogs.com/Zh1z3ven/ [*]
")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, int(port)))
send_data = 'INFO
'
s.send(send_data.encode())
res = s.recv(1024)
response = bytes.decode(res)
# print(response)
if 'redis_version' in response:
result = '[!]Vulnerable {0}:{1} 存在未授权访问 [!]'.format(ip, port)
print(result)
return result
elif 'NOAUTH' in response:
for item in passwd:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, int(port)))
send_data = 'AUTH {0}
'.format(item)
s.send(send_data.encode())
res = s.recv(1024)
response = bytes.decode(res)
# print(response)
if '+OK' in response:
result = '[!]Vulnerable: {0}:{1} 存在弱口令{2} [!]'.format(ip, port, item)
print(result)
return result
else:
result = '[*] 不存在未授权及弱口令 [*]'
print(result)
return result
if __name__ == '__main__':
ip, port = get_target()
passwd = passwd_dict()
main(ip, port, passwd)
ps:简单记录下,欢迎各位大佬师傅表哥们评论指正缺点~