def test_host(host,user,passwd): """Test the basic auth in host given using usr and pass given. """ try: Log.info("["+host+"] Checking %s/%s" %(user,passwd)) passman = urllib2.HTTPPasswordMgrWithDefaultRealm() passman.add_password(None, host, user, passwd) authhandler = urllib2.HTTPBasicAuthHandler(passman) opener = urllib2.build_opener(authhandler) urllib2.install_opener(opener) source = urllib2.urlopen(host, timeout=5) if len(str(source)) > 0: # Some devices show an html page after a number of tries to avoid bruteforce. We discard those. html = str(source.read()) if html.find('HTTP 401') > 0: Log.warn("["+host+"] HTTP 401 found in html. Possibly false positive. Omitting from output") return -1 # Access granted using admin/admin Log.success("Access granted with "+user+"/"+passwd+" to "+host) outputLock.acquire() output.writelines("<tr><td><a href="+host+" target=\"_blank\">"+host+"</a></td><td>"+user+"</td><td>"+passwd+"</td></tr>") outputLock.release() return -1 # return -1 to stop looking in a host when we have access to. return 0 except Exception, e: Log.err("["+host+"] Error: %s" % e) return 0
def process_ips(threadID, q): while not exitFlag: queueLock.acquire() if not workQueue.empty(): ip = q.get() queueLock.release() host = "http://"+ip Log.info("Thread %s Checking %s" % (threadID, host)) try: source = urllib2.urlopen(host, timeout=1).read() except Exception, e: if str(e).find('401') > 0: check_basic_auth(host) except KeyboardInterrupt: sys.exit()
#!/usr/bin/env python3 #-*- coding: utf-8 -*- from lib import Log from lib import A from lib import B if __name__ == "__main__": logger = Log(file=__file__, cla=__name__).logger logger.info("from main function") a = A() b = B()
def run(self): Log.info("Starting Thread %d" % self.threadID) process_ips(self.threadID, self.q) Log.info("Exiting Thread %d" % self.threadID)