def test_host(host,user,passwd):
"""Test the basic auth in host given using usr and pass given. """
try:
Log.info("["+host+"] Checking %s/%s" %(user,passwd))
passman = urllib2.HTTPPasswordMgrWithDefaultRealm()
passman.add_password(None, host, user, passwd)
authhandler = urllib2.HTTPBasicAuthHandler(passman)
opener = urllib2.build_opener(authhandler)
urllib2.install_opener(opener)
source = urllib2.urlopen(host, timeout=5)
if len(str(source)) > 0:
# Some devices show an html page after a number of tries to avoid bruteforce. We discard those.
html = str(source.read())
if html.find('HTTP 401') > 0:
Log.warn("["+host+"] HTTP 401 found in html. Possibly false positive. Omitting from output")
return -1
# Access granted using admin/admin
Log.success("Access granted with "+user+"/"+passwd+" to "+host)
outputLock.acquire()
output.writelines("<tr><td><a href="+host+" target=\"_blank\">"+host+"</a></td><td>"+user+"</td><td>"+passwd+"</td></tr>")
outputLock.release()
return -1 # return -1 to stop looking in a host when we have access to.
return 0
except Exception, e:
Log.err("["+host+"] Error: %s" % e)
return 0
def process_ips(threadID, q):
while not exitFlag:
queueLock.acquire()
if not workQueue.empty():
ip = q.get()
queueLock.release()
host = "http://"+ip
Log.info("Thread %s Checking %s" % (threadID, host))
try:
source = urllib2.urlopen(host, timeout=1).read()
except Exception, e:
if str(e).find('401') > 0:
check_basic_auth(host)
except KeyboardInterrupt:
sys.exit()
#!/usr/bin/env python3
#-*- coding: utf-8 -*-
from lib import Log
from lib import A
from lib import B
if __name__ == "__main__":
logger = Log(file=__file__, cla=__name__).logger
logger.info("from main function")
a = A()
b = B()
def run(self):
Log.info("Starting Thread %d" % self.threadID)
process_ips(self.threadID, self.q)
Log.info("Exiting Thread %d" % self.threadID)
