htpwdScan HTTP弱口令扫描器(python)

脚本还在不断完善,目前已经可以通过批量导入代理来突破IP限制,密码可hash: MD5、SHA1。

可以通过设定重试条件来解决不稳定主机和ngix指向不同后端的问题(即便4次请求只有一次能正确访问到后台,程序也能破解出账号)。

正在添加对HTTP Basic认证的支持,会考虑加入简单验证码识别。也会考虑做一个GUI工具。啊,有点跑偏了

弱口令破解是我最常用的攻击方式之一。 这种攻击方法对用户量庞大、没有做IP请求限制、没有做密码安全规则、错误提示过于详细的系统,几乎是通杀的。

上周,利用一点时间,我把以前写的暴力破解脚本片段,整理成了一个通用的HTTP暴力破解工具。感谢组里的同事,小松、亮哥对我工作的支持呐。

鉴于是初步实现,肯定有很多不足。 我是想到什么就加进去,所以思路可能有点乱。

optional arguments:
  -h, --help            show this help message and exit
  -f REQUESTFILE        Load HTTP request from file
  -https                Set -https only when load request from file and
                        HTTPS was enabled
  -u REQUESTURL         Explicitly Set request URL, e.g.
                        -u="http://www.test.com/login.php"
  -m METHOD             Set -m=GET only when -u was set and request method
                        is GET,default is POST
  -d Param=DictFilePath [Param=DictFilePath ...]
                        set dict file for each parameter,
                        support hash functions like md5, md5_16, sha1. e.g.
                        -d user=users.dic pass=md5(pass.dic)
  -no302                302 redirect insensitive, default is sensitive
  -err ERR [ERR ...]    String indicates fail in response text, e.g.
                        -err "user not exist" "password wrong"
  -suc SUC [SUC ...]    String indicates success in response text, e.g.
                        -suc "welcome," "admin"
  -herr HERR            String indicates fail in response headers
  -hsuc HSUC            String indicates success in response headers
  -proxy Server:Port    Set HTTP proxies, e.g.
                        -proxy=127.0.0.1:8000,8.8.8.8:8000
  -proxylist ProxyListFile
                        Load HTTP proxies from file, one proxy per line, e.g.
                        -proxylist=proxys.txt
  -fip                  Spoof source IP
  -t THREADS            50 threads by default
  -o OUTPUT             Output file, defaut is Cracked_Pass.txt
  -rtxt RetryText       Retry when it appears in response text,
                        e.g. -rtxt="IP blocked"
  -rntxt RetryNoText    Retry when it does not appear in response text,
                        e.g. -rntxt=""
  -rheader RetryHeader  Retry when it appears in response headers,
                        e.g. -rheader="Set-Cookie:"
  -rnheader RetryNoHeader
                        Retry when it didn't appear in response headers,
                        e.g. -rheader="Content-Length:"
  -sleep SECONDS        Sleep some time after each request,
                        avoid IP blocked by web server
  -debug                Send a request and check
                        response headers and response text
  -nov                  Do not print verbose info, only print the cracked ones
  -v                    show program's version number and exit

获取脚本: https://github.com/lijiejie/htpwdScan

基本用法稍后单独写一篇日志说明。  自己写的小工具,若有自己用着才顺手,自然是不好的。。。

《htpwdScan HTTP弱口令扫描器(python)》上有19条评论

  1. 为啥载入代理文件失败呢,直接指定代理也不行,要破的是一个https的vpn提示这个 Error occured while handling request: readline() takes exactly 1 argument (2 given)Error occured while handling request: readline() takes exactly 1 argument (2 given)Error occured while handling request: readline() takes exactly 1 argument (2 given)Error occured while handling request: readline() takes exactly 1 argument (2 given)Task done on # Wed Mar 04 17:22:43 2015 #! All threads exit

  2. 脚本缺少一个功能,当使用数据库撞库测试时。正常的表单提交password字段一般是md5加密的,而如果数据库中匹配的password字段是明文的话则无法实现撞库测试。大哥你看看啥时候能不能增加这个功能上去?

  3. 小白一枚,下载下来,运行,提示这个:
    d:\>python htpwdScan.py -h
    File “htpwdScan.py”, line 44
    print Fore.MAGENTA + s if color_red else Fore.RESET + s
    ^
    SyntaxError: Missing parentheses in call to ‘print’

    请问大神啥情况?
    版本:
    Python 3.6.0 (v3.6.0:41df79263a11, Dec 23 2016, 07:18:10) [MSC v.1900 32 bit (Intel)] on win32

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注