Return to Answer

Python has a style guide - you're compliant for the most part, but e.g.

You should put a blank line between each group of imports.

import os
import re
import sys
import MySQLdb
import phpass

Python also has a standard for docstrings - they should be between the def and the first line inside the function, e.g.:

def display_output(errors, insecure):
 """Display errors and insecure passwords."""
 ...

You should also put your authorship information in a slightly different form, see e.g. http://stackoverflow.com/q/1523427/3001761.

You should use the "context manager" with for e.g. file handling, which makes the scope of the open file clearer and removes the need to explicitly close it:

with open('passwords.txt') as f:
 passwords = f.readlines()
return passwords

MySQLdb may also support this usage, removing the need for the over-long try.

An empty sequence (e.g. [], '') evaluates False-y, so you can write:

if errors:

rather than

if len(errors):

You can use unpacking to simplify:

for u in users:
 username = u[0]
 password_hash = u[1]

to:

for username, password_hash in users:

I would probably shorten e.g.:

check = wp_hasher.check_password(p, password_hash)
if check:

to:

if wp_hasher.check_password(p, password_hash):

which removes the need for the temporary name.

found = 0

This is never used, and should be removed.

It is typical to add a guard to your script, so that you can later import functionality from it without running anything:

if __name__ == "__main__":
 find_wp_dbs()

Python has a style guide - you're compliant for the most part, but e.g.

You should put a blank line between each group of imports.

import os
import re
import sys
import MySQLdb
import phpass

Python also has a standard for docstrings - they should be between the def and the first line inside the function, e.g.:

def display_output(errors, insecure):
 """Display errors and insecure passwords."""
 ...

You should also put your authorship information in a slightly different form, see e.g. https://stackoverflow.com/q/1523427/3001761.

You should use the "context manager" with for e.g. file handling, which makes the scope of the open file clearer and removes the need to explicitly close it:

with open('passwords.txt') as f:
 passwords = f.readlines()
return passwords

MySQLdb may also support this usage, removing the need for the over-long try.

An empty sequence (e.g. [], '') evaluates False-y, so you can write:

if errors:

rather than

if len(errors):

You can use unpacking to simplify:

for u in users:
 username = u[0]
 password_hash = u[1]

to:

for username, password_hash in users:

I would probably shorten e.g.:

check = wp_hasher.check_password(p, password_hash)
if check:

to:

if wp_hasher.check_password(p, password_hash):

which removes the need for the temporary name.

found = 0

This is never used, and should be removed.

It is typical to add a guard to your script, so that you can later import functionality from it without running anything:

if __name__ == "__main__":
 find_wp_dbs()

Python has a style guide - you're compliant for the most part, but e.g.

You should put a blank line between each group of imports.

import os
import re
import sys
import phpass
import MySQLdb

Python also has a standard for docstrings - they should be between the def and the first line inside the function, e.g.:

def display_output(errors, insecure):
 """Display errors and insecure passwords."""
 ...

You should also put your authorship information in a slightly different form, see e.g. http://stackoverflow.com/q/1523427/3001761.

You should use the "context manager" with for e.g. file handling, which makes the scope of the open file clearer and removes the need to explicitly close it:

with open('passwords.txt') as f:
 passwords = f.readlines()
return passwords

MySQLdb may also support this usage, removing the need for the over-long try.

An empty sequence (e.g. [], '') evaluates False-y, so you can write:

if errors:

rather than

if len(errors):

You can use unpacking to simplify:

for u in users:
 username = u[0]
 password_hash = u[1]

to:

for username, password_hash in users:

I would probably shorten e.g.:

check = wp_hasher.check_password(p, password_hash)
if check:

to:

if wp_hasher.check_password(p, password_hash):

which removes the need for the temporary name.

found = 0

This is never used, and should be removed.

It is typical to add a guard to your script, so that you can later import functionality from it without running anything:

if __name__ == "__main__":
 find_wp_dbs()

Python has a style guide - you're compliant for the most part, but e.g.

You should put a blank line between each group of imports.

import os
import re
import sys
import MySQLdb
import phpass

Python also has a standard for docstrings - they should be between the def and the first line inside the function, e.g.:

def display_output(errors, insecure):
 """Display errors and insecure passwords."""
 ...

You should also put your authorship information in a slightly different form, see e.g. http://stackoverflow.com/q/1523427/3001761.

You should use the "context manager" with for e.g. file handling, which makes the scope of the open file clearer and removes the need to explicitly close it:

with open('passwords.txt') as f:
 passwords = f.readlines()
return passwords

MySQLdb may also support this usage, removing the need for the over-long try.

An empty sequence (e.g. [], '') evaluates False-y, so you can write:

if errors:

rather than

if len(errors):

You can use unpacking to simplify:

for u in users:
 username = u[0]
 password_hash = u[1]

to:

for username, password_hash in users:

I would probably shorten e.g.:

check = wp_hasher.check_password(p, password_hash)
if check:

to:

if wp_hasher.check_password(p, password_hash):

which removes the need for the temporary name.

found = 0

This is never used, and should be removed.

It is typical to add a guard to your script, so that you can later import functionality from it without running anything:

if __name__ == "__main__":
 find_wp_dbs()