Python通用弱口令检测
用法类似这样:python /Users/xiaoyu/Desktop/login/weakpwd.py /Users/xiaoyu/Desktop/login/login.txt#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sys, socket
# 关键字
Keyword_user = ['user','name']
Keyword_pass = ['pass','pwd']
# 帐号密码
username = ['admin','test']
password = ['admin','test','123456']
def login(http_data, host, port):
# 发送post包尝试登陆, 返回完整http内容以及http头和http内容
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((str(host),int(port)))
s.sendall(http_data)
http_content = ''
while True:
buf = s.recv(1024)
http_content += buf
if not len(buf):
break
http_split = http_content.split('\r\n\r\n')
http_header, http_body = http_split[0], ''.join(http_split[1:])
http_header_list = http_header.split('\r\n')
status_code = http_header_list[0].split(' ')[1]
for header_line in http_header_list:
if header_line.split(':')[0].strip() == 'Content-Length':
content_lenth = header_line.split(':')[1].strip()
return status_code, content_lenth, http_header, http_body
s.close()
# 获取http数据路径
path = sys.argv[1]
# 转换格式为socket格式并获取host,port
login_data = open(path)
http_data = ''
for line in login_data:
if line.find('Host') == 0:
host = line.split(':')[1].strip()
try:
port = line.split(':')[2].strip()
except:
port = 80
if line.find('Content-Length') != 0:
http_data = http_data + line.strip() + '\r\n'
else:
http_data = http_data + 'Content-Length: *content_lenth*\r\n'
# 分割data的参数
data = http_data.split('\r\n\r\n')
parameter = data[1].strip().split('&')
# 是否匹配到账号密码的data参数
flag = 0
for i in range(len(parameter)):
for ukey in Keyword_user:
# 判断参数是否包含user关键字
if ukey in parameter[i].lower():
flag = 1
para_key = parameter[i].split('=')[0]
parameter[i] = para_key + '=*user-name*'
break
for pkey in Keyword_pass:
# 判断参数是否包含pass关键字
if pkey in parameter[i].lower():
flag = 1
para_key = parameter[i].split('=')[0]
parameter[i] = para_key + '=*pass-word*'
mark_body = '&'.join(parameter)
# def brute_force_attacks():
if bool(flag):
# 错误登陆尝试
test_inject_body1 = mark_body.replace('*user-name*','0a').replace('*pass-word*','0a')
test_inject_body2 = mark_body.replace('*user-name*','0000000aaa').replace('*pass-word*','0000000aaa')
test_data1 = data[0].replace('*content_lenth*',str(len(test_inject_body1))) + '\r\n\r\n' + test_inject_body1
test_data2 = data[0].replace('*content_lenth*',str(len(test_inject_body2))) + '\r\n\r\n' + test_inject_body2
test_login_info1 = login(test_data1, host, port)
test_login_info2 = login(test_data2, host, port)
# 采用跳转判断
redirect_flag = 0
# 采用长度判断
lenth_flag = 0
# 采用cookie判断
cookie_flag = 0
# 判断是否采用 跳转,长度,cookie,关键字 判断成功登陆
if str(test_login_info1[0])[0] != 3:
redirect_flag = 1
if int(test_login_info1[1]) == int(test_login_info2[1]):
fail_lenth = int(test_login_info1[1])
lenth_flag = 1
if 'Set-Cookie' not in test_login_info1[2]:
cookie_flag = 1
# 弱口令尝试
for usr in username:
for pwd in password:
inject_body = mark_body.replace('*user-name*',usr).replace('*pass-word*',pwd)
post_body_lenth = len(inject_body)
send_data = data[0].replace('*content_lenth*',str(post_body_lenth)) + '\r\n\r\n' + inject_body
login_info = login(send_data, host, port)
if bool(redirect_flag):
if str(login_info[0])[0] == 3:
print 'success! username:{usr} password:{pwd}'.format(usr=usr, pwd=pwd)
break
if bool(lenth_flag):
if int(login_info[1]) != int(fail_lenth):
print 'success! username:{usr} password:{pwd}'.format(usr=usr, pwd=pwd)
break
if bool(cookie_flag):
if 'Set-Cookie' in login_info[2]:
print 'success! username:{usr} password:{pwd}'.format(usr=usr, pwd=pwd)
break
# 跳转,长度,cookie均不能作为判断方式时采用关键字判断登陆是否成功
if redirect_flag == 0 and lenth_flag == 0 and cookie_flag == 0:
if 'logout' in login_info[3]:
print 'success! username:{usr} password:{pwd}'.format(usr=usr, pwd=pwd)
break
标签: 弱口令
你是衣冠楚楚的人 而我只是一个打满补丁的猴子
-
小博客一个,没必要伤害她
热门文章
存档
标签
最新评论
- yz
想想你喜欢什么,想做什么,找好一个自己的... - 小屿
@Jahan:testfun1024#p... - Jahan
Hello dear Xia0 i a... - brave
@万:你的手机应该是anroid7.0以... - jhsy
新版的cookie机制应该又变了. 而且... - 小屿
@janto:无兴趣 - janto
新版的这些好像不起作用了,deviceI... - hunk
正在研究,可否发一份新源码?todz$1... - miffy
请问可以加个好友咨询下吗? - vegetableChicken
@Snkrs:我也遇到和你一样的问题了,...
发表评论: