2018-11-10 15:30:29 +08:00
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
|
import redis
|
|
|
|
|
|
import re
|
|
|
|
|
|
|
|
|
|
|
|
'''
|
|
|
|
|
|
Usage:
|
|
|
|
|
|
moon.py -u redis http://127.0.0.1:6379
|
|
|
|
|
|
redis未授权访问漏洞
|
|
|
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
|
|
def attack(URL):
|
|
|
|
|
|
print('[+]开始检测-Redis未授权访问漏洞。[+]')
|
|
|
|
|
|
#print(re.findall('//(.*?):',URL)[0])#获取IP
|
|
|
|
|
|
#print(re.findall(':(\w*?)$',URL)[0])#获取端口
|
|
|
|
|
|
try:
|
|
|
|
|
|
r = redis.StrictRedis(host=re.findall('//(.*?):',URL)[0], port=re.findall(':(\w*?)$',URL)[0], db=0)
|
|
|
|
|
|
print('获取连接成功。客户列表为:'+str(r.client_list()))
|
|
|
|
|
|
except IndexError:
|
2018-11-23 17:53:46 +08:00
|
|
|
|
try:
|
|
|
|
|
|
r = redis.StrictRedis(host=re.findall('(.*?):', URL)[0], port=re.findall(':(\w*?)$', URL)[0], db=0)
|
|
|
|
|
|
print('获取连接成功。客户列表为:' + str(r.client_list()))
|
|
|
|
|
|
except redis.exceptions.ResponseError:
|
|
|
|
|
|
print('[-]访问受限:NOAUTH Authentication required')
|
2018-11-10 15:30:29 +08:00
|
|
|
|
except redis.exceptions.ConnectionError:
|
|
|
|
|
|
print('获取连接失败。')
|
2018-11-23 17:53:46 +08:00
|
|
|
|
|
2018-11-10 15:30:29 +08:00
|
|
|
|
print('[+]检测结束-Redis未授权访问漏洞。[+]')
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
|
|
attack()
|
|
|
|
|
|
|
|
|
|
|
|
|
