Redis未授权漏洞检测工具

2022-08-10 14:50:28

Redis未授权检测小工具

#!/usr/bin/python3

# -*- coding: utf-8 -*-

"""

@Author: r0cky

@Time: 2019/9/2-17:35

"""

import socket

import sys

passwds = ['redis','root','oracle','password','p@ssw0rd','abc123!','123456','admin','abc123']

def check(ip, port, timeout):

    try:

        socket.setdefaulttimeout(timeout)

        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        print u"[INFO] connecting " + ip + u":" + port

        s.connect((ip, int(port)))

        print u"[INFO] connected "+ip+u":"+port+u" hacking..."

        s.send("INFO\r\n")

        result = s.recv(1024)

        if "redis_version" in result:

            return u"[HACKED] 未授权访问"

        elif "Authentication" in result:

            for passwd in passwds:

                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

                s.connect((ip, int(port)))

                s.send("AUTH %s\r\n" %(passwd))

                # print u"[HACKING] hacking to passwd --> "+passwd

                result = s.recv(1024)

                if 'OK' in result:

                    return u"[HACKED] 存在弱口令,密码:%s" % (passwd)

        s.close()

    except Exception, e:

        if len(e.message) != 0:

            print u"[ERROR] "+e.message

        return u"[INFO] 目标Redis服务,暂不存在未授权和弱口令漏洞!"

if __name__ == '__main__':

    ip=sys.argv[1]

    # default Port

    port="6379"

    if len(sys.argv) >= 3:

        port=sys.argv[2]

    result = check(ip,port, timeout=10)

    print result

    if "HACKED" in result:

        print u"[END] Start your hacking journey !!!"

使用方法

python27 redis_scan.py [目标IP] [指定端口](可以不写)

不写指定端口默认为 6379 端口

Redis未授权漏洞检测工具

上一篇:Ubuntu VPN PPTP 连接要选上这个啊


下一篇:redis未授权漏洞和主从复制rce漏洞利用