A weak password detection tool based on port is built by hand, which is written in Python, and can be used to detect weak password of common service port in penetration test. The following services are currently supported:

System weak password: FTP, SSH, Telnet, IPC$

Database weak password: mssql, mysql, postgre, mongodb

Middleware weak password: phpMyAdmin, Tomcat, Weblogic

Characteristic

• Command line, compatible with OSX / Linux / Windows / Python 2.7

Command line, compatible with OSX / Linux / Windows / Python 2.7

• Built in weak password dictionary and support external import and execution

Built in weak password dictionary and support external import and execution

• Support multi-threaded, thread adjustable

Support multi-threaded, thread adjustable

• Support middleware weak password scanning

Support middleware weak password scanning

Basic use

1. Address format

-h: Specify the IP address, which supports the following formats:

Support single IP, such as iscan.py - H 10.9.10.201 -- SSH

iscan.py  -h 10.9.10.201  --ssh

支持多upip, 如  iscan.py  -h  10.9.10.201-10.9.10.205 --ssh  //201-205  5ip iscan.py  -h  10.9.10.201,10.9.10.205 --ssh  //201,205 2upip

iscan.py  -h  10.9.10.201-10.9.10.205  --ssh     //201-205  5个ip iscan.py  -h  10.9.10.201,10.9.10.205  --ssh     //201、205 2个ip

Network segment address, such as iscan.py - H 10.9.10.0/24 -- SSH / / identify the end of 24 network segment

iscan.py -h  10.9.10.0/24  --ssh                // 识别24结束的网段

Text import, such as iscan.py - H 1.txt -- SSH / / import 1.txt, one IP address per line

iscan.py -h  1.txt  --ssh                //导入1.txt，每行一个ip地址

2. Supported weak password types

System weak password: FTP, SSH, Telnet, IPC $database weak password: mssql, mysql, PostgreSQL, mongodb middleware weak password: phpMyAdmin, Tomcat, Weblogic

Specify MySQL for weak password detection: iscan.exe - H 10.9.10.201 -- MySQL

iscan.exe -h  10.9.10.201  --mysql

3. Import dictionary for guessing

ISCAN has built-in common weak passwords by default, and can also import dictionaries from outside for guessing

iscan.py -h 10.9.10.201 -u user.txt -s pwd.txt  --ssh

iscan.py -h 10.9.10.201 -u user.txt -s pwd.txt  --ssh

-u: Specify user dictionary - P: specify password dictionary

4. You can specify the port and set the number of threads

ISCAN supports specified ports and multithreading

For example:

iscan.py -h 10.9.10.201 -p 2222 -t 20 --ssh

iscan.py -h 10.9.10.201 -p 2222 -t 20 --ssh

Scan SSH weak password at port 2222 with 20 threads

-p: Specify port - t: set the number of threads

5. Logging

Generate result.log in this directory to record the scanning results

IPC $detection:

Mongodb detection:

PS: the tool written two years ago, which was last updated in March 2017, has been forgotten in the corner. I've been organizing my previous blog recently, and I've picked up the code again.

The code is aggressive, to prevent malicious use, it will not be released. The code implementation is very simple. If you have time, you are going to write a series: "hand to hand teach you to create your own weak password scanning tool".

Bypass

About Me

A network security enthusiast has a paranoid pursuit of technology. Committed to sharing original high-quality dry goods, including but not limited to: penetration testing, WAF bypass, code audit, security operation and maintenance.