-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdiscover.py
107 lines (97 loc) · 2.7 KB
/
discover.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import pika, time, thread
#########################################
## ##
## amqp / rabbitmq channel discovery ##
## ##
## brute forces amqp channels ##
## for those times ##
## you forget your channels ;) ##
## ##
## now with exchange support! ##
## ##
#########################################
host = '192.168.1.102'
wordfile = 'english.txt'
threads = 10
exchangemode = True
forceExQuiet = True
## Set exchangemode to true to brute force exchanges instead of queues
## brute forcing exchanges is noisy for speed by default, it attempts to send a blank message to the exchange
## set forceExQuiet to true to use the quiet mode at a reduced speed
## quiet mode will attempt to bind a queue to the exchange
## This code was written quickly out of neccesity for a single server
## It is messy, and its not guarenteed to work on all setups
## Enjoy!
def setup():
global tc
global wordlist
global good
wordlist = []
good = []
tc = 0
f = open(wordfile, 'r')
for line in f:
wordlist.append(line.replace('\r\n','').strip())
f.close()
def callback(ch, method, properties, body):
print " [x] Received msg! : %r" % (body,)
def loop():
global tc
global wordlist
global threads
trying = True
on = 0
while trying and on < len(wordlist):
try:
pw = wordlist[on]
thread.start_new_thread(trial, (pw,))
tc += 1
while tc > threads:
time.sleep(0.1)
except:
trying = False
on += 1
print good
def trial(pw):
try:
global tc
global host
global exchangemode
global forceExQuiet
print 'trying: ' + pw
connection = pika.BlockingConnection(pika.ConnectionParameters(host))
channel = connection.channel()
try:
if exchangemode == True:
if forceExQuiet == True:
result = channel.queue_declare(exclusive=True)
queue_name = result.method.queue
channel.queue_bind(exchange=pw, queue=queue_name)
channel.queue_unbind(exchange=pw, queue=queue_name)
else:
channel.basic_publish(exchange=pw, routing_key='stat', body='')
result = channel.queue_declare(exclusive=True)
else:
channel.basic_consume(callback, queue=pw, no_ack=True)
print 'YES! ' + pw
try:
f = open('discovered.' + str(time.time()) + '.txt', 'w')
f.write(host + ':' + pw)
f.close()
except:
pass
global good
good.append(pw)
except:
pass
except:
pass
tc -= 1
def main():
setup()
loop()
print 'waiting 15 sec for threads to clear'
time.sleep(15) ##crude way to give threads a sec / timeout to die, usefull for short wordlists
global good
print good
main()