├── readme.txt ├── redis.png └── redis_check_defaultPORT.py /readme.txt: -------------------------------------------------------------------------------- 1 | pyhton redis_check_defaultPORT.py url.txt 20 2 | 3 | 指定一个url.txt ,指定线程20 4 | 5 | 工具里面的默认参数可以修改,比如密码字典,默认的端口字典 6 | 7 | 内网渗透可用 8 | -------------------------------------------------------------------------------- /redis.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JYanger/redis-unauthorized-check/4e2ea286d00faabb447c937733b85215dd6f4726/redis.png -------------------------------------------------------------------------------- /redis_check_defaultPORT.py: -------------------------------------------------------------------------------- 1 | # _*_ coding:utf-8 _*_ 2 | #! /usr/bin/env python 3 | # changed by Jyanger 4 | import socket 5 | import random 6 | import sys 7 | import threading,Queue,time 8 | 9 | PASSWORD_DIC=['redis','root','oracle','password','p@aaw0rd','abc123!','123456','admin','12345678','666666','88888888','1234567890','888888'] 10 | socket.setdefaulttimeout(1) #socket超时设置 11 | ports = ['6379','6380','6377','6389','6369'] 12 | 13 | class MyThread(threading.Thread): 14 | def __init__(self,queue): 15 | threading.Thread.__init__(self) 16 | self.queue = queue 17 | def run(self): 18 | while True: # 除非确认队列中已经无任务,否则时刻保持线程在运行 19 | try: 20 | ip = self.queue.get(block=False) # 如果队列空了,直接结束线程。根据具体场景不同可能不合理,可以修改 21 | check(ip,) 22 | except Exception as e: 23 | break 24 | 25 | def check(ip): 26 | for port in ports: 27 | try: 28 | socket.setdefaulttimeout(1) 29 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 30 | s.connect((ip, int(port))) 31 | s.send("INFO\r\n") 32 | result = s.recv(1024) 33 | if "redis_version" in result: 34 | time.sleep(random.random()) 35 | print "[+] {} {} unauthorized ".format(ip,port) 36 | 37 | elif "Authentication" in result: 38 | for pass_ in PASSWORD_DIC: 39 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 40 | s.connect((ip, int(port))) 41 | s.send("AUTH %s\r\n" %(pass_)) 42 | result = s.recv(1024) 43 | if '+OK' in result: 44 | time.sleep(random.random()) 45 | print "[+] {} {} week_password: {} ".format(ip,port,pass_) 46 | 47 | 48 | except Exception as e: 49 | pass 50 | 51 | def run(ipaddress,Thread_count): #此处设置线程数 52 | threads = [] 53 | number = 0 54 | queue = Queue.Queue() 55 | file = open(ipaddress,'r') 56 | for url in file.readlines(): 57 | url=url.replace('\n','') 58 | url=url.replace('\r','') 59 | queue.put(url) 60 | number = number+1 #统计url总数 61 | file.close() 62 | for i in range(Thread_count): 63 | threads.append(MyThread(queue)) 64 | #print u"[+]------------------------------------total ip "+ str(number)+u"------------------------------------------" 65 | for t in threads: 66 | try: 67 | t.start() 68 | except Exception as e: 69 | print e 70 | continue 71 | for t in threads: 72 | try: 73 | t.join() 74 | except Exception as e: 75 | print e 76 | continue 77 | if __name__ == '__main__': 78 | 79 | if len(sys.argv)!=3: 80 | print u"usage: pyhton redis_check_defaultPORT.py ip.txt(扫描地址) threads(线程)" 81 | else: 82 | print "[*]------------------------------------------------------------------------------------------------" 83 | print "[*]-----------------------start redis unauthorized check start------------------------------------" 84 | print "[*]---------------| ipaddress |-----------| port |--------------| type/pass |--------------" 85 | run(sys.argv[1],int(sys.argv[2])) 86 | print "[*]cherk all ip end, goodbye!" 87 | --------------------------------------------------------------------------------