批量检测开放了6379端口(Redis服务)的主机,是否存在未授权访问漏洞
1.先使用上一篇博客的脚本执行结果,保存为ip.txt,文件中存入了调用ZoomEye的官方api搜索的开放了6379端口的ip地址。(6379为默认的Redis服务)
https://blog.csdn.net/jexsen/article/details/115247912
2.执行本脚本,有三种检测方式:
通过执行脚本的-u参数,做了一个逻辑判断,如果-u ip.txt 则批量检测txt中的ip,如果 -u ip则检测单个ip主机,如果 -u 103.25.126.237-255 则检测c段的ip。
执行命令:
第一种方式为加载ip.txt文本批量检测是否存在Redis未授权访问漏洞。
python redis_unauthorized_access.py -u ip.txt -p 6379 -s Redis
第二种方式为检测单个ip是否在Redis未授权访问漏洞。
python redis_unauthorized_access.py -u 196.21.83.203 -p 6379 -s Redis
第三种方式为检测一个ip段里的主机是否在Redis未授权访问漏洞。
python redis_unauthorized_access.py -u 196.21.83.203-207 -p 6379 -s Redis
# -*- coding:utf-8 -*-
import socket
import sys
import getopt
from zoomeye_test import *
# banner信息
# ['196.31.63.210:6379', '196.21.83.203:6379', '45.60.228.37:6379', '121.5.230.102:6379', '35.194.110.251:6379', '103.25.126.237:6379', '114.67.120.216:6379', '103.47.208.44:6379', '106.15.109.65:6379', '170.106.153.75:6379', '107.154.132.173:6379', '47.99.243.149:6379', '62.77.154.214:6379', '114.55.108.87:6379', '103.28.250.209:6379', '78.39.227.16:6379', '78.46.242.32:6379', '78.47.42.51:6379', '78.47.89.33:6379', '78.47.48.68:6379']
# 196.21.83.203:6379 这台电脑是success
# 打印横幅广告
ip_list = []
def banner():
print(
'''
.d8888P d8888b. d88888P .d888b. dP dP
88' `88 d8' Y8' `88 88 88
88baaa. aaad8' d8' `8bad88 .d8888b. 88d888b. .d8888b. .d8888b. 88 .dP
88` `88 `88 d8' `88 88' `"" 88' `88 88ooood8 88' `"" 88888"
8b. .d8 .88 d8' d. .88 88. ... 88 88 88. ... 88. ... 88 `8b.
`Y888P' d88888P d8' `8888P `88888P' dP dP `88888P' `88888P' dP `YP
'''
)
# 人工启动脚本输入参数的规则
def usage():
print('-h: --help 帮助;')
print('-p: --port 端口;')
print('-u: --url 域名;')
print('-f: --file 文件;')
print('-s: --type Redis;')
sys.exit()
# 未授权函数检测,传入url和端口
def redis_unauthored(url, port):
# 建立一个空列表
result = []
# 建立socket对象
s = socket.socket()
# 攻击语句
payload = "\x2a\x31\x0d\x0a\x24\x34\x0d\x0a\x69\x6e\x66\x6f\x0d\x0a"
# 设置socket的默认超时时间
socket.setdefaulttimeout(10)
for ip in url:
try:
# 尝试连接ip和端口
s.connect((ip, int(port))