├── .gitignore ├── README.md ├── requirements.txt └── unauthorized-check.py /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | pip-wheel-metadata/ 24 | share/python-wheels/ 25 | *.egg-info/ 26 | .installed.cfg 27 | *.egg 28 | MANIFEST 29 | 30 | # PyInstaller 31 | # Usually these files are written by a python script from a template 32 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 33 | *.manifest 34 | *.spec 35 | 36 | # Installer logs 37 | pip-log.txt 38 | pip-delete-this-directory.txt 39 | 40 | # Unit test / coverage reports 41 | htmlcov/ 42 | .tox/ 43 | .nox/ 44 | .coverage 45 | .coverage.* 46 | .cache 47 | nosetests.xml 48 | coverage.xml 49 | *.cover 50 | *.py,cover 51 | .hypothesis/ 52 | .pytest_cache/ 53 | 54 | # Translations 55 | *.mo 56 | *.pot 57 | 58 | # Django stuff: 59 | *.log 60 | local_settings.py 61 | db.sqlite3 62 | db.sqlite3-journal 63 | 64 | # Flask stuff: 65 | instance/ 66 | .webassets-cache 67 | 68 | # Scrapy stuff: 69 | .scrapy 70 | 71 | # Sphinx documentation 72 | docs/_build/ 73 | 74 | # PyBuilder 75 | target/ 76 | 77 | # Jupyter Notebook 78 | .ipynb_checkpoints 79 | 80 | # IPython 81 | profile_default/ 82 | ipython_config.py 83 | 84 | # pyenv 85 | .python-version 86 | 87 | # pipenv 88 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 89 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 90 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 91 | # install all needed dependencies. 92 | #Pipfile.lock 93 | 94 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow 95 | __pypackages__/ 96 | 97 | # Celery stuff 98 | celerybeat-schedule 99 | celerybeat.pid 100 | 101 | # SageMath parsed files 102 | *.sage.py 103 | 104 | # Environments 105 | .env 106 | .venv 107 | env/ 108 | venv/ 109 | ENV/ 110 | env.bak/ 111 | venv.bak/ 112 | 113 | # Spyder project settings 114 | .spyderproject 115 | .spyproject 116 | 117 | # Rope project settings 118 | .ropeproject 119 | 120 | # mkdocs documentation 121 | /site 122 | 123 | # mypy 124 | .mypy_cache/ 125 | .dmypy.json 126 | dmypy.json 127 | 128 | # Pyre type checker 129 | .pyre/ 130 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## upgrade by timwhite 2 | 3 | 添加多个服务非默认端口检测(来自fofa/zoomeye) 4 | 5 | # unauthorized-check 6 | 7 | 扫描以下常见未授权访问 8 | 9 | ``` 10 | redis、mongodb、memcached、elasticsearch、zookeeper、ftp、CouchDB、docker、Hadoop 11 | ``` 12 | 13 | 安装 14 | 15 | ``` 16 | pip3 install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/ 17 | ``` 18 | 19 | 使用说明 20 | 21 | ``` 22 | python3 unauthorized-check.py url.txt 23 | ``` 24 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | pymongo -------------------------------------------------------------------------------- /unauthorized-check.py: -------------------------------------------------------------------------------- 1 | # coding=utf-8 2 | import socket 3 | import pymongo 4 | import requests 5 | import ftplib 6 | from tqdm import tqdm 7 | import sys 8 | from concurrent.futures import ThreadPoolExecutor 9 | import logging 10 | logging.captureWarnings(True) 11 | 12 | 13 | def redis(ip): 14 | try: 15 | socket.setdefaulttimeout(5) 16 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 17 | s.connect((ip, 6379)) 18 | s.send(bytes("INFO\r\n", 'UTF-8')) 19 | result = s.recv(1024).decode() 20 | if "redis_version" in result: 21 | print(ip + ":6379 redis未授权") 22 | s.close() 23 | except Exception as e: 24 | pass 25 | try: 26 | socket.setdefaulttimeout(5) 27 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 28 | s.connect((ip, 7001)) 29 | s.send(bytes("INFO\r\n", 'UTF-8')) 30 | result = s.recv(1024).decode() 31 | if "redis_version" in result: 32 | print(ip + ":7001 redis未授权") 33 | s.close() 34 | except Exception as e: 35 | pass 36 | try: 37 | socket.setdefaulttimeout(5) 38 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 39 | s.connect((ip, 7002)) 40 | s.send(bytes("INFO\r\n", 'UTF-8')) 41 | result = s.recv(1024).decode() 42 | if "redis_version" in result: 43 | print(ip + ":7002 redis未授权") 44 | s.close() 45 | except Exception as e: 46 | pass 47 | try: 48 | socket.setdefaulttimeout(5) 49 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 50 | s.connect((ip, 7000)) 51 | s.send(bytes("INFO\r\n", 'UTF-8')) 52 | result = s.recv(1024).decode() 53 | if "redis_version" in result: 54 | print(ip + ":7000 redis未授权") 55 | s.close() 56 | except Exception as e: 57 | pass 58 | try: 59 | socket.setdefaulttimeout(5) 60 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 61 | s.connect((ip, 32768)) 62 | s.send(bytes("INFO\r\n", 'UTF-8')) 63 | result = s.recv(1024).decode() 64 | if "redis_version" in result: 65 | print(ip + ":32768 redis未授权") 66 | s.close() 67 | except Exception as e: 68 | pass 69 | try: 70 | socket.setdefaulttimeout(5) 71 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 72 | s.connect((ip, 7777)) 73 | s.send(bytes("INFO\r\n", 'UTF-8')) 74 | result = s.recv(1024).decode() 75 | if "redis_version" in result: 76 | print(ip + ":7777 redis未授权") 77 | s.close() 78 | except Exception as e: 79 | pass 80 | try: 81 | socket.setdefaulttimeout(5) 82 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 83 | s.connect((ip, 6969)) 84 | s.send(bytes("INFO\r\n", 'UTF-8')) 85 | result = s.recv(1024).decode() 86 | if "redis_version" in result: 87 | print(ip + ":6969 redis未授权") 88 | s.close() 89 | except Exception as e: 90 | pass 91 | try: 92 | socket.setdefaulttimeout(5) 93 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 94 | s.connect((ip, 6699)) 95 | s.send(bytes("INFO\r\n", 'UTF-8')) 96 | result = s.recv(1024).decode() 97 | if "redis_version" in result: 98 | print(ip + ":6699 redis未授权") 99 | s.close() 100 | except Exception as e: 101 | pass 102 | try: 103 | socket.setdefaulttimeout(5) 104 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 105 | s.connect((ip, 10000)) 106 | s.send(bytes("INFO\r\n", 'UTF-8')) 107 | result = s.recv(1024).decode() 108 | if "redis_version" in result: 109 | print(ip + ":10000 redis未授权") 110 | s.close() 111 | except Exception as e: 112 | pass 113 | try: 114 | socket.setdefaulttimeout(5) 115 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 116 | s.connect((ip, 6779)) 117 | s.send(bytes("INFO\r\n", 'UTF-8')) 118 | result = s.recv(1024).decode() 119 | if "redis_version" in result: 120 | print(ip + ":6779 redis未授权") 121 | s.close() 122 | except Exception as e: 123 | pass 124 | finally: 125 | bar.update(1) 126 | 127 | def mongodb(ip): 128 | try: 129 | conn = pymongo.MongoClient(ip, 27017, socketTimeoutMS=4000) 130 | dbname = conn.list_database_names() 131 | print(ip + ":27017 mongodb未授权") 132 | conn.close() 133 | except Exception as e: 134 | pass 135 | try: 136 | conn = pymongo.MongoClient(ip, 28017, socketTimeoutMS=4000) 137 | dbname = conn.list_database_names() 138 | print(ip + ":28017 mongodb未授权") 139 | conn.close() 140 | except Exception as e: 141 | pass 142 | finally: 143 | bar.update(1) 144 | 145 | def memcached(ip): 146 | try: 147 | socket.setdefaulttimeout(5) 148 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 149 | s.connect((ip, 11211)) 150 | s.send(bytes('stats\r\n', 'UTF-8')) 151 | if 'version' in s.recv(1024).decode(): 152 | print(ip + ":11211 memcached未授权") 153 | s.close() 154 | except Exception as e: 155 | pass 156 | finally: 157 | bar.update(1) 158 | 159 | def elasticsearch(ip): 160 | try: 161 | url = 'http://' + ip + ':9200/_cat' 162 | r = requests.get(url, timeout=5) 163 | if '/_cat/master' in r.content.decode(): 164 | print(ip + ":9200 elasticsearch未授权") 165 | except Exception as e: 166 | pass 167 | finally: 168 | bar.update(1) 169 | 170 | def zookeeper(ip): 171 | try: 172 | socket.setdefaulttimeout(5) 173 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 174 | s.connect((ip, 2181)) 175 | s.send(bytes('envi', 'UTF-8')) 176 | data = s.recv(1024).decode() 177 | s.close() 178 | if 'Environment' in data: 179 | print(ip + ":2181 zookeeper未授权") 180 | except: 181 | pass 182 | finally: 183 | bar.update(1) 184 | 185 | def ftp(ip): 186 | try: 187 | ftp = ftplib.FTP.connect(ip,21,timeout=5) 188 | ftp.login('anonymous', 'Aa@12345678') 189 | print(ip + ":21 FTP未授权") 190 | except Exception as e: 191 | pass 192 | finally: 193 | bar.update(1) 194 | 195 | def CouchDB(ip): 196 | try: 197 | url = 'http://' + ip + ':5984'+'/_utils/' 198 | r = requests.get(url, timeout=5) 199 | if 'couchdb-logo' in r.content.decode(): 200 | print(ip + ":5984 CouchDB未授权") 201 | except Exception as e: 202 | pass 203 | try: 204 | url = 'https://' + ip +'/_utils/' 205 | r = requests.get(url, timeout=5,verify = False) 206 | if 'couchdb-logo' in r.content.decode(): 207 | print(ip + ":443 CouchDB未授权") 208 | except Exception as e: 209 | pass 210 | try: 211 | url = 'http://' + ip + ':5986'+'/_utils/' 212 | r = requests.get(url, timeout=5) 213 | if 'couchdb-logo' in r.content.decode(): 214 | print(ip + ":5986 CouchDB未授权") 215 | except Exception as e: 216 | pass 217 | try: 218 | url = 'http://' + ip +'/_utils/' 219 | r = requests.get(url, timeout=5) 220 | if 'couchdb-logo' in r.content.decode(): 221 | print(ip + ":80 CouchDB未授权") 222 | except Exception as e: 223 | pass 224 | finally: 225 | bar.update(1) 226 | 227 | def docker(ip): 228 | try: 229 | url = 'http://' + ip + ':2375'+'/version' 230 | r = requests.get(url, timeout=5) 231 | if 'ApiVersion' in r.content.decode(): 232 | print(ip + ":2375 docker api未授权") 233 | except Exception as e: 234 | pass 235 | finally: 236 | bar.update(1) 237 | 238 | def Hadoop(ip): 239 | try: 240 | url = 'http://' + ip + ':50070'+'/dfshealth.html' 241 | r = requests.get(url, timeout=5) 242 | if 'hadoop.css' in r.content.decode(): 243 | print(ip + ":50070 Hadoop未授权") 244 | except Exception as e: 245 | pass 246 | try: 247 | url = 'http://' + ip + ':50090'+'/dfshealth.html' 248 | r = requests.get(url, timeout=5) 249 | if 'hadoop.css' in r.content.decode(): 250 | print(ip + ":50090 Hadoop未授权") 251 | except Exception as e: 252 | pass 253 | try: 254 | url = 'http://' + ip + ':9870'+'/dfshealth.html' 255 | r = requests.get(url, timeout=5) 256 | if 'hadoop.css' in r.content.decode(): 257 | print(ip + ":9870 Hadoop未授权") 258 | except Exception as e: 259 | pass 260 | try: 261 | url = 'http://' + ip + ':50075'+'/dfshealth.html' 262 | r = requests.get(url, timeout=5) 263 | if 'hadoop.css' in r.content.decode(): 264 | print(ip + ":50075 Hadoop未授权") 265 | except Exception as e: 266 | pass 267 | try: 268 | url = 'http://' + ip + ':50030'+'/dfshealth.html' 269 | r = requests.get(url, timeout=5) 270 | if 'hadoop.css' in r.content.decode(): 271 | print(ip + ":50030 Hadoop未授权") 272 | except Exception as e: 273 | pass 274 | finally: 275 | bar.update(1) 276 | 277 | if __name__ == '__main__': 278 | if len(sys.argv) == 1: 279 | print("Usage:python3 unauthorized-check.py url.txt") 280 | file = sys.argv[1] 281 | with open(file, "r", encoding='UTF-8') as f: 282 | line = [i for i in f.readlines()] 283 | bar = tqdm(total=len(line)*9) 284 | with ThreadPoolExecutor(600) as pool: 285 | for target in line: 286 | target=target.strip() 287 | pool.submit(redis, target) 288 | pool.submit(Hadoop, target) 289 | pool.submit(docker, target) 290 | pool.submit(CouchDB, target) 291 | pool.submit(ftp, target) 292 | pool.submit(zookeeper, target) 293 | pool.submit(elasticsearch, target) 294 | pool.submit(memcached, target) 295 | pool.submit(mongodb, target) 296 | --------------------------------------------------------------------------------