Hathi

SQL主机扫描器和字典攻击工具。附带有脚本（filter_pass.py），可以根据密码强度过滤一系列密码列表。

安装

使用PyPI安装Postgres驱动程序

pip install hathi

对于可选的MSSQL支持，安装

pip install "hathi[mssql]"

对于可选的MySQL支持，安装

pip install "hathi[mysql]"

使用

usage: hathi [-h] [--username USERNAME [USERNAME ...]] [--range RANGE [RANGE ...]] [--usernames FILE] [--passwords FILE] [--hostname HOSTNAME]
                   [--json] [--mssql] [--postgres] [--mysql] [--multiple]
                   [host ...]

Port scan and dictionary attack PostgreSQL, MSSQL and MySQL servers.

positional arguments:
  host                  host to scan

optional arguments:
  -h, --help            show this help message and exit
  --username USERNAME [USERNAME ...]
                        specific username
  --range RANGE [RANGE ...]
                        CIDR range, e.g. 192.168.1.0/24
  --usernames FILE      Path to plaintext username list file
  --passwords FILE      Path to plaintext password list file
  --hostname HOSTNAME   an @hostname to append to the usernames
  --json                Output in JSON
  --mssql               Force scanning hosts as MSSQL
  --postgres            Force scanning hosts as Postgres
  --mysql               Force scanning hosts as Mysql
  --multiple            Seek multiple username/password pairs on a single host
  --database DATABASE   try a specific database name
  --no-ssl              Disable TLS/SSL connections

使用类似这个或这个的单词列表生成器来创建更有效的密码列表。