import sys
import getopt
import socket
def get_target():
opts, args = getopt.getopt(sys.argv[1:], '-i:-p:-h')
# print(opts)
for opt_name, opt_value in opts:
if opt_name == '-h':
print('[*]This is help information [*]n'
'[*]-i + vulnerable-ip [*]n'
'[*]-p + vulnerable-port [*]n'
'[*]Example:python3 -i 127.0.0.1 -p 6379[*]n')
if opt_name in ('-i', ):
ip = opt_value
if opt_name in ('-p', ):
port = opt_value
return ip, port
def passwd_dict():
passwd = ['redis@123', 'Redis@123', 'Passw0rd', '123456']
return passwd
def main(ip, port, passwd):
print("[*]Redis Unauthorized and Weak Password Detection [*]n"
"[*]By: Zh1z3ven [*]n"
"[*]Blog: https://www.cnblogs.com/Zh1z3ven/ [*]n")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, int(port)))
send_data = 'INFOrn'
s.send(send_data.encode())
res = s.recv(1024)
response = bytes.decode(res)
# print(response)
if 'redis_version' in response:
result = '[!]Vulnerable {0}:{1} 存在未授权访问 [!]'.format(ip, port)
print(result)
return result
elif 'NOAUTH' in response:
for item in passwd:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((ip, int(port)))
send_data = 'AUTH {0}rn'.format(item)
s.send(send_data.encode())
res = s.recv(1024)
response = bytes.decode(res)
# print(response)
if '+OK' in response:
result = '[!]Vulnerable: {0}:{1} 存在弱口令{2} [!]'.format(ip, port, item)
print(result)
return result
else:
result = '[*] 不存在未授权及弱口令 [*]'
print(result)
return result
if __name__ == '__main__':
ip, port = get_target()
passwd = passwd_dict()
main(ip, port, passwd)以上就是python3 Redis未授权检测脚本怎么写的详细内容,更多请关注php中文网其它相关文章!
python怎么学习?python怎么入门?python在哪学?python怎么学才快?不用担心,这里为大家提供了python速学教程(入门到精通),有需要的小伙伴保存下载就能学习啦!
广告![ThinkPHP5快速开发企业站点[全程实录]](https://img.php.cn/upload/course/000/000/068/6253d918a3ce7278.png)
收藏
收藏
Copyright 2014-2025 https://www.php.cn/ All Rights Reserved | php.cn | 湘ICP备2023035733号
455
