port based weak password detection tool

Posted by santillano at 2020-04-15

A weak password detection tool based on port is built by hand, which is written in Python, and can be used to detect weak password of common service port in penetration test. The following services are currently supported:

System weak password: FTP, SSH, Telnet, IPC$

Database weak password: mssql, mysql, postgre, mongodb

Middleware weak password: phpMyAdmin, Tomcat, Weblogic


Command line, compatible with OSX / Linux / Windows / Python 2.7

Built in weak password dictionary and support external import and execution

Support multi-threaded, thread adjustable

Support middleware weak password scanning

Basic use

1. Address format

-h: Specify the IP address, which supports the following formats:

Support single IP, such as - H -- SSH  -h  --ssh

支持多upip, 如  -h --ssh  //201-205  5ip  -h, --ssh  //201,205 2upip  -h  --ssh     //201-205  5个ip  -h,  --ssh     //201、205 2个ip

Network segment address, such as - H -- SSH / / identify the end of 24 network segment -h  --ssh                // 识别24结束的网段

Text import, such as - H 1.txt -- SSH / / import 1.txt, one IP address per line -h  1.txt  --ssh                //导入1.txt,每行一个ip地址

2. Supported weak password types

System weak password: FTP, SSH, Telnet, IPC $database weak password: mssql, mysql, PostgreSQL, mongodb middleware weak password: phpMyAdmin, Tomcat, Weblogic

Specify MySQL for weak password detection: iscan.exe - H -- MySQL

iscan.exe -h  --mysql

3. Import dictionary for guessing

ISCAN has built-in common weak passwords by default, and can also import dictionaries from outside for guessing -h -u user.txt -s pwd.txt  --ssh -h -u user.txt -s pwd.txt  --ssh

-u: Specify user dictionary - P: specify password dictionary

4. You can specify the port and set the number of threads

ISCAN supports specified ports and multithreading

For example: -h -p 2222 -t 20 --ssh -h -p 2222 -t 20 --ssh

Scan SSH weak password at port 2222 with 20 threads

-p: Specify port - t: set the number of threads

5. Logging

Generate result.log in this directory to record the scanning results

IPC $detection:

Mongodb detection:

PS: the tool written two years ago, which was last updated in March 2017, has been forgotten in the corner. I've been organizing my previous blog recently, and I've picked up the code again.

The code is aggressive, to prevent malicious use, it will not be released. The code implementation is very simple. If you have time, you are going to write a series: "hand to hand teach you to create your own weak password scanning tool".


About Me

A network security enthusiast has a paranoid pursuit of technology. Committed to sharing original high-quality dry goods, including but not limited to: penetration testing, WAF bypass, code audit, security operation and maintenance.