简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > Database > Redis > body text

How to write a python3 Redis unauthorized detection script

WBOY
Release: 2023-05-29 23:55:04
forward
1542 people have browsed it

import sys
import getopt
import socket


def get_target():

    opts, args = getopt.getopt(sys.argv[1:], '-i:-p:-h')
    # print(opts)
    for opt_name, opt_value in opts:
        if opt_name == '-h':
            print('[*]This is help information            [*]n'
                  '[*]-i + vulnerable-ip                  [*]n'
                  '[*]-p + vulnerable-port                [*]n'
                  '[*]Example:python3 -i 127.0.0.1 -p 6379[*]n')

        if opt_name in ('-i', ):
            ip = opt_value

        if opt_name in ('-p', ):
            port = opt_value

    return ip, port

def passwd_dict():
    passwd = ['redis@123', 'Redis@123', 'Passw0rd', '123456']
    return passwd

def main(ip, port, passwd):
    print("[*]Redis Unauthorized and Weak Password Detection  [*]n"
          "[*]By: Zh1z3ven                                    [*]n"
          "[*]Blog: https://www.cnblogs.com/Zh1z3ven/         [*]n")
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((ip, int(port)))
    send_data = 'INFOrn'
    s.send(send_data.encode())
    res = s.recv(1024)
    response = bytes.decode(res)
    # print(response)
    if 'redis_version' in response:
        result = '[!]Vulnerable {0}:{1} 存在未授权访问  [!]'.format(ip, port)
        print(result)
        return result

    elif 'NOAUTH' in response:
        for item in passwd:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.connect((ip, int(port)))
            send_data = 'AUTH {0}rn'.format(item)
            s.send(send_data.encode())
            res = s.recv(1024)
            response = bytes.decode(res)
            # print(response)

            if '+OK' in response:
                result = '[!]Vulnerable: {0}:{1} 存在弱口令{2} [!]'.format(ip, port, item)
                print(result)
                return result
            else:
                result = '[*] 不存在未授权及弱口令 [*]'
                print(result)
                return result


if __name__ == '__main__':

    ip, port = get_target()
    passwd = passwd_dict()
    main(ip, port, passwd)
Copy after login

The above is the detailed content of How to write a python3 Redis unauthorized detection script. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
python redis
source:yisu.com
Previous article:What are the Lua script implementation methods and application scenarios in Redis? Next article:Redis5 BloomFilter installation under mac and how to use it with python
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
Python/MySQL cannot persist integer data correctly No code is required here. I want to save a very long number because I'm making a game and ...
From 2024-04-04 19:09:44
0
1
367
Using selenium want to click and define URL in class I need another tip today. I'm trying to build Python/Selenium code and the idea is to clic...
From 2024-04-04 14:14:44
0
1
3492
Selenium + Python - inspect image via execute_script I need to verify that an image is displayed on the page using selenium in python. For exam...
From 2024-04-03 09:32:15
0
1
375
How to keep the first X rows and delete table rows I have a big table with millions of records in MySQLincident_archive, I want to sort the r...
From 2024-04-01 18:32:54
0
1
347
How to scrape specific Google Weather text using BeautifulSoup? How to find the course text "New York City, USA" in Python using BeautifulSoup? ...
From 2024-04-01 14:06:14
0
1
308
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!