Python研究:Mongodb未授权批量扫描脚本(多线程)

最近看猪猪侠PPT里有讲MongoDB内置功能找SSRF漏洞,然后今天就写一个扫描Mongodb未授权访问的脚本方便大家批量查找洞子:)

image

#coding=utf-8
import pymongo
import time
import sys
import threading
import Queue

q=Queue.Queue()

class myThread (threading.Thread):
def __init__(self,func,args1,args2):
threading.Thread.__init__(self)
self.func = func
self.args1 = args1
self.args2 = args2
def run(self):
self.func(self.args1, self.args2)

def mongo(q,f):
while True:
if not q.empty():
ip=q.get()
try:
print ip.strip()
conn=pymongo.Connection(ip.strip(),27017)
db = conn.database_names()
if db:
time.sleep(0.1)
f.write(ip.replace("\n","\t")+"Login success"+'\n')
print ip.replace("\n","\t")+"Login success"+'\n'
else:
pass
except:
pass
if __name__ == '__main__':
help_l=u"""
Mongodbscan扫描
用法:Mongodbscan.py -m 100 -u ip.txt url.txt
"""
if len(sys.argv)<2:
print help_l
else:
if len(sys.argv)>2:
if sys.argv[1]=='-m' and sys.argv[3]=='-u':
threads = []
threadList = range(int(sys.argv[2]))
ipc=open(sys.argv[4],"r")
f=open(sys.argv[5],"w")
for ipcc in ipc:
q.put(ipcc)
for i in threadList:
t = myThread(mongo, q, f)
t.setDaemon(True)
threads.append(t)
t.start()
for t in threads:
t.join()