{"id":26282044,"url":"https://github.com/chainreactors/zombie","last_synced_at":"2025-05-07T07:34:10.370Z","repository":{"id":226382559,"uuid":"490945155","full_name":"chainreactors/zombie","owner":"chainreactors","description":"a weak weak pass tool","archived":false,"fork":false,"pushed_at":"2024-05-28T17:03:49.000Z","size":23198,"stargazers_count":61,"open_issues_count":3,"forks_count":4,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-05-29T08:12:32.360Z","etag":null,"topics":["redteam","security","security-tools"],"latest_commit_sha":null,"homepage":"https://chainreactors.github.io/wiki/zombie/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chainreactors.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-05-11T03:36:10.000Z","updated_at":"2024-05-30T20:22:51.857Z","dependencies_parsed_at":"2024-03-07T10:20:24.843Z","dependency_job_id":"7a5cb5df-0dcf-4364-a10e-2b96f7ecf74a","html_url":"https://github.com/chainreactors/zombie","commit_stats":null,"previous_names":["chainreactors/zombie"],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainreactors%2Fzombie","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainreactors%2Fzombie/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainreactors%2Fzombie/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainreactors%2Fzombie/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chainreactors","download_url":"https://codeload.github.com/chainreactors/zombie/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252834018,"owners_count":21811296,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["redteam","security","security-tools"],"created_at":"2025-03-14T16:19:39.453Z","updated_at":"2025-05-07T07:34:10.360Z","avatar_url":"https://github.com/chainreactors.png","language":"Go","readme":"# Zombie \n\n一个轻量级的服务口令爆破工具, 继承了hydra的命令行设计, hashcat的字典生成, 以及红队向的功能设计. \n\nblog posts:\n\n- https://chainreactors.github.io/wiki/blog/2024/06/07/zombie-introduce/\n\n\n## QuickStart\n\n完整文档位于: https://chainreactors.github.io/wiki/zombie/\n\n参考了hydra的命令行设计, 小写为命令行输出, 大写为文件输入, 留空为使用默认值.\n\n使用默认字典爆破ssh的root用户口令\n\n`zombie -i 1.1.1.1 -u root -s ssh`\n\n使用指定的密码批量喷洒ssh口令\n\n`zombie -I targets.txt -u root -p password -s ssh`\n\ntargets.txt\n```\n1.1.1.1\n2.2.2.2\n3.3.3.3\n...\n```\n\n从文件中自动解析输入\n\n`zombie -I targets.txt`\n\ntargets.txt:\n```\nmysql://user:pass@1.1.1.1:3307  # 指定了用户与密码以及端口, 尝试登录mysql\nssh://user@2.2.2.2              # 自动解析ssh默认端口22, 使用默认密码爆破指定user的ssh\nmssql://3.3.3.3:1433            # 未指定user与pass, 自动选用默认的用户与密码字典\n```\n\n使用已知的所有用户与密码,  进行笛卡尔积的方式对服务进行最大可能的爆破.\n\n`zombie -I targets.txt -U user.txt -P pass.txt`\n\ntargets.txt:\n```\nmysql://1.1.1.1\nssh://2.2.2.2\nmssql://3.3.3.3\n```\n\n从gogo结果开始扫描\n\n`zombie --gogo 1.dat`\n\n从json开始扫描\n\n`zombie -j 1.json`\n\n\n简单配置自定义密码生成器\n\n`zombie -l 1.txt -p admin --weakpass`\n\n将会根据admin关键字生成常见的密码组合, 以admin为例， 将会生成以下密码\n\n\u003cdetails\u003e\n  \u003csummary\u003e--weakpass 生成的密码\u003c/summary\u003e\n\n```\nadmin\nAdmin\nADMIN\naDMIN\nadmin1\nadmin2\nadmin3\nadmin4\nadmin5\nadmin6\nadmin7\nadmin8\nadmin9\nadmin0\nadmin123\nadmin1234\nadmin12345\nadmin123456\nadmin2018\nadmin2019\nadmin2020\nadmin2021\nadmin2022\nadmin01\nadmin02\nadmin03\nadmin04\nadmin05\nadmin06\nadmin07\nadmin08\nadmin09\nadmin10\nadmin11\nadmin12\nadmin13\nadmin14\nadmin15\nadmin16\nadmin17\nadmin18\nadmin19\nadmin20\nadmin21\nadmin22\nadmin23\nadmin24\nadmin25\nadmin26\nadmin27\nadmin28\nadmin29\nadmin30\nadmin31\nadmin!\nadmin@\nadmin#\nadmin$\nadmin!@\nadmin!@#\nadmin!@#$\nadmin123!\nadmin!123\nadmin1@\nadmin2018!\nadmin2019!\nadmin2020!\nadmin2021!\nadmin2022!\nadmin!2018\nadmin!2019\nadmin!2020\nadmin!2021\nadmin!2022\nadmin2018!@#\nadmin2019!@#\nadmin2020!@#\nadmin2021!@#\nadmin2022!@#\nadmin01!\nadmin02!\nadmin03!\nadmin04!\nadmin05!\nadmin06!\nadmin07!\nadmin08!\nadmin09!\nadmin10!\nadmin11!\nadmin12!\nadmin13!\nadmin14!\nadmin15!\nadmin16!\nadmin17!\nadmin18!\nadmin19!\nadmin20!\nadmin21!\nadmin22!\nadmin23!\nadmin24!\nadmin25!\nadmin26!\nadmin27!\nadmin28!\nadmin29!\nadmin30!\nadmin31!\nAdmin1\nAdmin2\nAdmin3\nAdmin4\nAdmin5\nAdmin6\nAdmin7\nAdmin8\nAdmin9\nAdmin0\nAdmin123\nAdmin1234\nAdmin12345\nAdmin123456\nAdmin2018\nAdmin2019\nAdmin2020\nAdmin2021\nAdmin2022\nAdmin!\nAdmin@\nAdmin#\nAdmin$\nAdmin!@\nAdmin!@#\nAdmin!@#$\nAdmin123!\nAdmin!123\nAdmin1@\nAdmin2018!\nAdmin2019!\nAdmin2020!\nAdmin2021!\nAdmin2022!\nAdmin!2018\nAdmin!2019\nAdmin!2020\nAdmin!2021\nAdmin!2022\nAdmin2018!@#\nAdmin2019!@#\nAdmin2020!@#\nAdmin2021!@#\nAdmin2022!@#\nAdmin01!\nAdmin02!\nAdmin03!\nAdmin04!\nAdmin05!\nAdmin06!\nAdmin07!\nAdmin08!\nAdmin09!\nAdmin10!\nAdmin11!\nAdmin12!\nAdmin13!\nAdmin14!\nAdmin15!\nAdmin16!\nAdmin17!\nAdmin18!\nAdmin19!\nAdmin20!\nAdmin21!\nAdmin22!\nAdmin23!\nAdmin24!\nAdmin25!\nAdmin26!\nAdmin27!\nAdmin28!\nAdmin29!\nAdmin30!\nAdmin31!\nAdmin01\nAdmin02\nAdmin03\nAdmin04\nAdmin05\nAdmin06\nAdmin07\nAdmin08\nAdmin09\nAdmin10\nAdmin11\nAdmin12\nAdmin13\nAdmin14\nAdmin15\nAdmin16\nAdmin17\nAdmin18\nAdmin19\nAdmin20\nAdmin21\nAdmin22\nAdmin23\nAdmin24\nAdmin25\nAdmin26\nAdmin27\nAdmin28\nAdmin29\nAdmin30\nAdmin31\n```\n\n\u003c/details\u003e\n\n\n`--weakpass` 的规则位于 https://github.com/chainreactors/templates/blob/master/zombie/rule/weakpass.rule , 欢迎提供新规则\n\n\n### TODO\n\n- [ ] 支持基本信息收集\n- [ ] 支持基本的后利用(希望能像cme一样)\n- [ ] [支持更多协议](https://github.com/chainreactors/zombie/issues/19) \n- [x] 支持neutron引擎, 允许通过模板配置插件\n- [ ] 新增密码策略限制的功能, 减少爆破次数\n- [ ] 新增爆破限制的功能, 防止被封禁\n\n## Make\n\n```bash\n# download\ngit clone --recurse-submodules https://github.com/chainreactors/zombie\ncd zombie\n\n# sync dependency\ngo mod tidy   \n\n# generate template.go\ngo generate  \n\n# build \ngo build .\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainreactors%2Fzombie","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchainreactors%2Fzombie","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainreactors%2Fzombie/lists"}