Create a gist now

Instantly share code, notes, and snippets.

A script to flood a phisher's database with fake usernames and passwords. For great justice.
import requests
import random
target = "http://mtgox.com.bz/login.php"
wordlist_file = "wordlist"
wordlist = open(wordlist_file, "r").readlines()
wordlist_len = len(wordlist)
while True:
username = ""
for i in range(0, random.randint(1,2)):
rand = random.randint(0, wordlist_len - 1)
username += wordlist[rand]
password = ""
for i in range(0, random.randint(1,2)):
rand = random.randint(0, wordlist_len - 1)
upper_rand = random.randint(0,4)
if (not upper_rand):
password += wordlist[rand].upper()
password += str(random.randint(0,2000))
else: password += wordlist[rand]
username = username.replace("\n","").replace("'","")
password = password.replace("\n","")
payload = {'login120' : username, 'password' : password}
# Launch payload
requests.post(target, payload)
print (payload)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment