Shulou(Shulou.com)05/31 Report--

This article will explain in detail how to use iscan, a port-based weak password detection tool. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

Iscan: a weak password detection tool based on port

A port-based weak password detection tool is built, which is written in python, which can be used to detect weak passwords in common service ports in penetration testing. The following services are currently supported:

System weak passwords: ftp, ssh, telnet, ipc$

Database weak passwords: mssql, mysql, postgre, mongodb

Weak passwords of middleware: phpmyadmin, tomcat, weblogic

Characteristics

Command line, compatible with OSX/LINUX/WINDOWS/Python 2.7

Built-in weak password dictionary and support for external import execution

Support for multithreading and thread controllability

Support for middleware weak password scanning

Basic use of 1, address format

-h: specify the ip address. The ip address supports the following format:

Support a single ip, such as iscan.py-h 10.9.10.201-- ssh

Multiple ip are supported, such as iscan.py-h 10.9.10.201-10.9.10.205-ssh / / 2012.205 5 ip iscan.py-h 10.9.10.2011.10.9.10.2011.10.9.10.205-ssh / / 201,2052 ip

The address of the network segment, such as iscan.py-h 10.9.10.Universe 24-- ssh / / identify the network segment ending with 24

Text import, such as iscan.py-h 1.txt-- ssh / / Import 1.txt, one ip address per line

2. Types of weak passwords supported

System weak passwords: ftp, ssh, telnet, ipc$ database weak passwords: mssql, mysql, postgresql, mongodb middleware weak passwords: phpmyadmin, tomcat, weblogic

Specify mysql for weak password detection: iscan.exe-h 10.9.10.201-- mysql

3. Import the dictionary to guess

Iscan has built-in common weak passwords by default, and you can also import dictionaries from outside to guess.

Iscan.py-h 10.9.10.201-u user.txt-s pwd.txt-- ssh

-u: specify user dictionary-p: specify password dictionary

4. You can specify the port and set the number of threads

Iscan supports designated ports and multithreading

For example:

Iscan.py-h 10.9.10.201-p 2222-t 20-- ssh

Specify port 2222 to scan the ssh weak password with 20 threads

-p: specify port-t: set the number of threads

5. Log recording

Generate result.log log record scan results in this directory

Test screenshot

Ipc$ detection:

Mongodb detection:

This is the end of the article on "how to use the port-based weak password detection tool iscan". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.