def test_host(host,user,passwd):
"""Test the basic auth in host given using usr and pass given. """
try:
Log.info("["+host+"] Checking %s/%s" %(user,passwd))
passman = urllib2.HTTPPasswordMgrWithDefaultRealm()
passman.add_password(None, host, user, passwd)
authhandler = urllib2.HTTPBasicAuthHandler(passman)
opener = urllib2.build_opener(authhandler)
urllib2.install_opener(opener)
source = urllib2.urlopen(host, timeout=5)
if len(str(source)) > 0:
# Some devices show an html page after a number of tries to avoid bruteforce. We discard those.
html = str(source.read())
if html.find('HTTP 401') > 0:
Log.warn("["+host+"] HTTP 401 found in html. Possibly false positive. Omitting from output")
return -1
# Access granted using admin/admin
Log.success("Access granted with "+user+"/"+passwd+" to "+host)
outputLock.acquire()
output.writelines("<tr><td><a href="+host+" target=\"_blank\">"+host+"</a></td><td>"+user+"</td><td>"+passwd+"</td></tr>")
outputLock.release()
return -1 # return -1 to stop looking in a host when we have access to.
return 0
except Exception, e:
Log.err("["+host+"] Error: %s" % e)
return 0
# Wait for all trheads to complete
for t in threads:
t.join()
# End html log and close the file
aux = open(RFOOTER,"r")
outputLock.acquire()
output.writelines("</table>")
output.writelines("<br><br><div>Report generated by HttpAuthCrack v"+version+" on "+datetime.datetime.now().strftime("%Y/%m/%d %H:%M")+"</div>")
output.writelines(aux.read())
outputLock.release()
aux.close()
output.close()
except KeyboardInterrupt, e:
Log.warn("Terminating all Threads due to Keyboard Interrupt...")
outputLock.acquire()
output.writelines("<h2>Execution stoped by user!!!</h2>")
outputLock.release()
exitFlag = 1
# End html log and close the file
aux = open(RFOOTER,"r")
outputLock.acquire()
output.writelines(aux.read())
outputLock.release()
aux.close()
output.close()
print "Exiting Main Thread"
