RabbitMQ の弱くパスワードをチェックするツール

Hydra ツールはRabbitMQのチェックがサポートできないので、自分でRabbitMQのAPIを参照して、書きました。

import sys,getopt,pika,optparse

#
#author shao
#
def connection(ip, port, username,password):
    credentials = pika.PlainCredentials(username, password)
    parameters = pika.ConnectionParameters(ip, port, '/', credentials)

    try:
        connection = pika.BlockingConnection(parameters)
        channel = connection.channel()
        connection.close()
        print("configuration! got password["+  password +"]")
        sys.exit(0)
    except:
        print("error password. ---------- [ " + password + " ] ")
#channel.basic_publish(exchange='', routing_key='plugin_data', body='http://10.10.10.6:8000/test.lua')

def loopWordlist(ip,port, username,passwordFile):
    try:
        file = open(passwordFile, mode="r", buffering=256, encoding="UTF-8");
        words = file.readlines()
        for word in words:
            word = word.strip('\n')
            connection(ip, port, username, str(word))
    except getopt.GetoptError:
        sys.exit(-1)

def main(argv):
    usage = "python %prog -i <target ip> -p <target port> -u <target user> -f <password path>"
    parser = optparse.OptionParser(usage)
    parser.add_option('-i', '--ip', dest='ip', type='string', help='ip')
    parser.add_option('-p', '--port', dest='port', type='string', help='port')
    parser.add_option('-u', '--user', dest='user', type='string', help='default:[admin]', default='admin')
    parser.add_option('-f', '--password-file', dest='passwordFile', type='string')
    options, args = parser.parse_args()
    ip = options.ip
    port = options.port
    username = options.user
    passwordFile = options.passwordFile
    loopWordlist(ip,port, username,passwordFile)

if __name__ == "__main__":
    main(sys.argv[:1])